Posts tagged "Data Breach"
Data Breach Expert Alert: The restaurant chain P.F. Chang’s China Bistro has reported a security breach that may have led to the theft of customer data from credit and debit cards used at 33 restaurants. In addition to stolen card numbers, the intruder may have gotten names and expiration dates as well. The breach took place between October 19th of 2013 and June 11th of 2014 and supposedly has affected 33 locations.
If P.F. Changs follows in the footsteps of the recent Target breach, you can expect an expanding number of stores and customers affected over the coming days. It seems that the data breach playbook suggests that companies initially under-report the severity of the security lapse in order to keep customer shock and defection to a minimum. Once the news cycle has worn out the topic (generally 3-5 days), the breached company generally issues news on additional stores affected, customer data lost, increases in the actual data affected, etc. Let’s hope P.F. Chang’s does a better job of communicating damage the first time.
It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
Universities perfect learning environment for data security
Higher Ed Organizations are among the highest risk groups to become victims of identity theft and data breach. Because students are relative “beginners” when it comes to personal finances, because university environments are predicated on trust and credibility, and because of the recent progress towards a mobile-centric, social-networking-dominated campus, higher education’s digital footprint is constantly exposed to manipulation.
“The most engaging speaker I’ve ever heard – period.” Debbie Bumpous, NSU Chief Information Technology Officer speaking about John Sileo
“John Sileo was the secret sauce in launching our cyber security awareness program” – University of Massachusetts Director of IT
Identity Theft: involves the misuse of another individual’s personal identifiable information for fraudulent purposes.
- Identity theft is the fastest-growing crime in the U.S., affecting 1 in 20 consumers.
Medical Identity Theft: occurs when someone uses an individual’s name and personal identity to fraudulently receive medical services, prescription drugs or goods, including attempts to commit fraudulent billing.
- Medical identity theft affected 2 million people in the U.S. in 2011.
Data Breach: a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual. Data Breaches may involve:
- Credit card numbers
- Personally identifiable information
- Protected health information
- Social Security Number
- Trade secrets
- Intellectual property
Who/What’s at Stake?
An identity is stolen every 3 seconds!
- 5 million Americans were victims of identity theft in 2003.
I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands. And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train. Why? Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.
Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage. If it can happen to the big boys, it can happen to you. If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:
Online reputation services have a special responsibility to keep clients safe. How can you protect yourself when the very company you rely on is breached?
Would you trust a site with your personal information after it suffered a breach? What if that site’s sole purpose is to protect your reputation?
helps its members maintain a reputable online profile, but the site’s own profile was damaged by a recent data breach that led to the exposure of customer information. Although no Social Security numbers or financial information was lost, names, email addresses, and physical addresses were exposed. It’s been reported that some dates of birth, phone numbers, and occupational information were also lost. A “small minority” of customer accounts had hashed and salted passwords stolen.
Hashing’ passwords is the process of using algorithms to change customers’ passwords to a unique data string. The ‘salt’ adds more characters to produce a unique data fingerprint. The company has notified all customers of the breach and reset passwords to protect them. But Reputation.com
is not alone in being hacked recently. LivingSocial, a daily-deal website, was breached, affecting 50 million customers.
Maintaining our online reputation is important to us and the internet, social media and mobile technology are great tools that give us a competitive advantage. However, we cannot ever take our online privacy
for granted. Three tips to keep you ahead of identity theft are:
- Use a password protection program that makes it easy to use highly-encrypted passwords
Do you use the discount site LivingSocial? If so, your email and password could now be a little more “social” than you wanted thanks to a new data breach that occurred on April 26.
A data breach has punctured LivingSocial and resulted in the exposure of the personal information of at least 50 million users. The leaked information includes names, birthdays and email addresses – very useful pieces of data if you’re an identity thief trying to figure out a way to get into someone’s profile or make a profit selling that same information. But what makes this attack even more devastating is that hackers were also able to get a hold of encrypted passwords. Even though the passwords were encrypted through processes called hashing and salting, it likely will not take hackers long to figure out the original passwords.
Identity theft prevention is not a one-time solution. You must accumulate layers of privacy and security over time. The following identity theft prevention tips are among those I cover in one of my keynote speeches.
- Review your Free Credit Report 3X per year at www.AnnualCreditReport.com.
- Opt-Out of financial junk mail.
- Stop Marketing Phone Calls at www.DoNotCall.gov.
- Freeze Your Credit. State-by-state instructions at www.Sileo.com/2.
- If you don’t want to use a credit freeze, place Fraud Alerts on your 3 credit files.
- Use sophisticated Identity Monitoring software to detect theft before it’s disastrous.
- Stop Sharing Identity (SSN, address, phone, credit card #s) unless necessary.
- Protect Your Wallet or Purse. Watch this video.
- Protect Your Computer and Online Identity. Privacy Means Profit
- Protect your Laptop. Visit www.Sileo.com/laptop-anti-theft for details.
- Bank Online: online bank statements, account alerts and bill-pay.
You should take five minutes to understand Java browser threat before it undermines your security. The internet has become much like the Wild Wild West, where individuals play by their own rules and do as they please. Think of hackers as being malicious like Mongo from “Blazing Saddles,” but as smart and cunning as the most nefarious of Bond villains. It all reads like a bad Hollywood script until you get hit.
These outlaws of the digital age have turned their attention to your browser, and specifically to Oracle Corp’s Java software, continuing their efforts to victimize unsuspecting individuals who think they’re surfing the net safely. According to a recent Reuters report, the company is hard at work on a software update meant to address a critical security flaw that would allow hackers to infect your computer, possibly even taking control of it and using it in an attack on another server.