Sony Data Breach Grows by 25 Million – $1 Billion Price Tag
Sony just admitted this week that their Sony Online Entertainment (SOE) division, which they though was not affected by the recent breach, has also been compromised. They believe that the hackers stole personal information from an additional 25 million users and that the breach included credit card information.
In an unrelated article, Mizuho Investors Securities analyst Nobuo Kurahashi estimated the cost of Sony’s recovery from the data breaches to be approximately $1.25 billion:
Kurahashi estimates that the data breach will cost Sony about Y100 billion, or $1.25 billion from lost business, various compensation costs and new investments–assuming that no additional security problems emerge. The cyber attacks on Sony in recent weeks involved the theft of personal data that include names, passwords and addresses from accounts on its PlayStation Network and Sony Online Entertainment gaming services. Sony has also said that more than 10 million credit-card numbers may have been compromised.
The return on investment of Sony simply protecting their customer data properly in the first place would be thousand-fold. But if companies were doing more to protect themselves before the attack, what would we write about?
John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.
WiFi Security Flaw in Smartphones Threatens Your Wallet
Recent information available in Britain has shown that popular hotspots can be easily mimicked by thieves, which leaves consumers vulnerable to identity theft.
Tests conducted showed that security experts were able to obtain usernames, passwords and messages from phones using WiFi in public places. The tests all used volunteers so that no actual breach occurred. In cases where the iphone 4 was targeted, the information could be taken and stored without the user even knowing.
This issue is a huge problem for the UK’s nearly 5 million BT hotspots located in train stations, coffee shops, hotels, and airports. While the smartphone service providers have knows about these WiFI security flaws for some time, they have still not done anything about it.
Using inexpensive communication equipment and free software that you can download from the internet, thieves can set up bogus hotspots to start sniffing your personal information. Once you have established a connection with one of these impersonators, whether on a phone or laptop, they can start decrypting your sensitive data.
While this is a huge issue, identity theft experts have found that a bigger problem is when these fake WiFi hotspots ask you to pay for the service and then gain access to your credit card number. Thieves state that once they have your personal logins and your credit card number, they can do almost anything, including buying gifts, purchasing gift cards for any amount, wire transferring funds to themselves, in addition to other methods for turning your privacy into profits.
iPhone Location Tracking Leads to Privacy Lawsuit
Apple has been hit with a lawsuit in Florida alleging the company is violating iPhone user’s privacy and committing computer fraud. The case came in response to news that the iPhone maintains a time stamped location log, and that data is also stored on user’s computers.
The lawsuit was filed in Federal court in Tampa Florida on April 25 by two customers who claimed Apple was tracking iPhone owner’s movements without consent, according to Bloomberg.
The case was filed after word that the iPhone and iPad with 3G support maintains an unencrypted log file showing where users are based on cell tower triangulation. That file is transferred to user’s computers during the sync process with iTunes and is maintained as part of the device’s backup file collection.
Location logging has been active in the iPhone and 3G iPad since the release of iOS 4 last June, which means some users have nearly a year’s worth of data stored away. Apple is denying that they are actively tracking user locations.
Award-winning author and identity theft keynote speaker John Sileo trains executives and employees to respect and protect the data that makes their company profitable. His clients included the Department of Defense, Homeland Security, FDIC, Pfizer, Blue Cross and organizations of all sizes. Contact him directly on 800.258.8076 or watch him deliver an Identity Theft Speech.
Sony PlayStation Network User Information Hacked
Sony Corp. on Tuesday admitted that hackers have obtained personal data and possibly credit card information of tens of millions of people who have registered for PlayStation Network, the company’s online game and movie service, as well as its Qriocity digital music service.
PlayStation is a fun game, data breach is not.
As of March 31st, the Sony PlayStation Network has about 77 million accounts. These accounts link users to the network to obtain downloads and access online movies through services like Netflix. While Sony states that not all of the 77 million accounts are active accounts and some individuals have multiple accounts, they are not denying that a breach of information occurred.
The company spokesman, Patrick Seybold, admitted that the hackers not only gained such information as names, addresses, phone numbers, user names, birth dates, email addresses and passwords of registrants; but they are unsure if credit card information was compromised as well. Update: Sony recently announced that an additional 25 million records were breached.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Seybold wrote. ”If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
Comprehensive Opt Out List for Marketing Databases
Major data breaches like the recent Epsilon Breach occur frequently, even if you don’t hear about all of them. With all the publicity surrounding this particular breach, people have been asking how to remove themselves from some of those marketing lists that are frequently compromised.
Opting our of marketing databases is one way to lower your risk of becoming a data breach victim.
So, how do I get out of marketing data bases?
Most databases allow you to opt out of having them share and sell your information, you just need to find out how. Many sites make it tricky to get this done, but most sites that are selling or harvesting your information allow you to do so one way or another.
The Privacy Rights Clearing House lists 135 marketing data brokers who are selling your private information, and tells you whether or not they have opt-out policies. If they do, you have to go to the brokers’ websites and suppress your name yourself. Most of the sites have hard-to-find opt out pages, but you can generally track them down by visiting the Privacy Policy which frequently appears as a link in small print at the bottom of the home page.
Stock Plummets as Epsilon Breach Rears Ugly Head
When will corporations learn? I received 6 data breach emails yesterday because of the Epsilon’s lack of security.
Have you been inundated with more spam and phishing emails recently? If so, it may be due to one of the largest email and data breaches in Internet history. Epsilon is one of the world’s largest providers of marketing-email services and they handle more than 40 billion emails annually and more than 2,200 global brands.
Epsilon issued the following statement: “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only.”
The following companies have already sent out warnings (like those below) to their companies: Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.
How to Change Your Facebook Password
A close friend of mine just had his Facebook account taken over and used for pretty nasty things, so… this is just a quick reminder to change your Facebook password frequently for added security. If you have been a member for years, like most people, and have not ever changed your password, I recommend you do so right now (don’t wait, you’ll never do it later).
On a site like Facebook that houses so much of your personal reputation and information, it is good to keep passwords new and difficult to hack. We see people’s Facebook profiles get hacked every day from clicking on malware and phishing schemes – and once they have your Facebook password, they probably have the same password you use on other accounts. Changing your password frequently, as simple as it sounds, is an easy way to avoid some of the privacy problems posed by Facebook. Once you are logged in, visit your Account Settings Page. On the first page next to Password click change.
Now that you are in your Account Settings, spend a minute clicking around to explore some of your other settings. While changing your password doesn’t solve all of your security issues, it will help you feel a bit safer on the social networking giant!
Identity Theft is #1 Consumer Complaint 11th Year in a Row
According to the Federal Trade Commission, Identity Theft still tops the annual list of consumer complaints. The list was released last Tuesday and Identity Theft was #1 for the 11th year in a row with more than 250,000 complaints. Identity theft accounts for 19% of all consumer complaints received by the FTC last year.
Why is this such a lingering, time-tested problem? Because most people, most businesses, read about it being such a terrible problem, and then go off an do little about it. Corporations fail to train their employees on personal identity theft, and that lack of skill and prevention framework seeps into the workplace. This, in turn, leads to the loss of more data, customer records, employee files and intellectual capital.
The report also states that the Miami-Ft. Lauderdale, Fla. area ranks #1 in the nation for identity theft complaints per capita. Number 2 on that list is Brownsville, Texas followed by Dunn, N.C.
The 10 top consumer complaints nationally in 2010 were:
- Identity theft
- Debt collection
- Internet services
- Prizes, sweepstakes and lotteries
- Shop-at-home and catalog sales
- Impostor scams
- Internet auctions
- Foreign money, counterfeit check scams
- Telephone and mobile services
- Credit cards
Entire Town in Colorado Has Identity Stolen
In a town with a population of about 3,000 people it seems that almost all the citizens of Bennett, Colorado have had their identity stolen. The scheme was simple and it was easy to fall victim. Identity thieves apparently used skimmers to extract credit and debit card numbers from individuals. Skimmer scams can happen when the criminal installs a “skimming” device over the card slot of an ATM, debit or credit card reader. The skimmer then reads the magnetic strip as the user unknowingly passes their card through it.
In the case of Bennett, Colorado it is believed that this was done at a local King Soopers gas pump. The skimmer is gone now and authorities are on the hunt for the thief. King Soopers has denied that any of the fraudulent activity happened at their gas pumps and authorities have also said that they knew this was a crime spree for the past few weeks. In the meantime, many of the victims who used debit cards are without those funds because its the same as using cash. The average amount stolen was around $700 and more people are coming forward every day.
There are many ways you can make sure that you don’t become a skimmer victim.
Tired of Being Tracked by Websites? Do Not Track is Here.
In response to the growing demands for more privacy on the internet, Mozilla implements a Do Not Track option in Firefox 4.
The most recent version of Mozilla Firefox, which was rolled out this February, offers users the option to opt-out of website tracking. Once enabled, the user’s preference to not be tracked is automatically sent to the website. That doesn’t mean that the website has to do anything about it, but there will probably be a bit of a stink about those sites that don’t respect user’s privacy preferences (it would be the equivalent of someone making a sales call to you after you join the Do Not Call list). Unfortunately, most users will never know which websites are participating in the opt-out Do Not Track function.
Learn more about Firefox’s Do Not Track Technology and about the Big Brother issues posed by companies tracking your every move on the internet.
In my opinion, beginning to solve the surfer privacy issues at the browser level is the right direction to take. It is the most universal gate through which all surfers pass – no one visits a website without touching a browser. If consumers get behind the technology now and let the companies they do business with know that they expect them to honor Firefox’s Do Not Track technology, there will be no option but to acquiesce.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
