Posts

3 Key Protections for Anthem Breach Victims

,

What’s the Anthem breach?

  • More than 80 million patient records were stolen out of Anthem’s servers.
  • If you are an Anthem, Blue Cross or Blue Shield customer, now or in the past, you are probably affected by the breach.
  • The data stolen included at least Social Security numbers, birthdates, addresses, email addresses and employment information.
  • Not included in the breach (or at least disclosed as being part) were credit card numbers or medical data.

Why is the Anthem breach so serious?

  • When breach includes so much data on each victim, especially your Social Security number, it makes it fairly easy for cyber criminals and identity thieves to create new accounts in your name or takeover existing financial accounts. In other words, they can bank as you, borrow as you and pose as you in order to financially exploit you.
  • The loss of medical ID can be devastating, as criminals can potentially cash out your medical benefits, append your medical records with dangerous information (e.g., a different blood type) or apply for loans or services in your name.

What STEPS SHOULD I TAKE RIGHT NOW to protect myself?

1. Monitor the breach and take advantage of the two years of ID theft monitoring they are providing at www.AnthemFacts.com.

2. Monitor your credit reports for free on www.AnnualCreditReport.com.

3. Freeze your credit to keep criminals from taking advantage of your buying power. This is the most powerful step you can take, but it does make it slightly less convenient when you apply for new credit.

4. Call all financial institutions you work with and have them put a “phone-password” on your account so that the thieves can’t simply use your SSN to gain access.

5. Turn on Two-Factor Authentication on all financial accounts to further protect your account.

6. Monitor your financial accounts and health insurance Explanation of Benefits (EOB) for transactions you don’t recognize. Alert the provider if you suspect foul play.

John Sileo delivers keynote speeches designed to make security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact The Sileo Group directly on 800.258.8076.

Anthem Phishing

Data Breach Expert's Pragmatic View on PF Chang's News

pf changsData Breach Expert Alert: The restaurant chain P.F. Chang’s China Bistro has reported a security breach that may have led to the theft of customer data from credit and debit cards used at 33 restaurants.  In addition to stolen card numbers, the intruder may have gotten  names and expiration dates as well.  The breach took place between October 19th of 2013 and June 11th of 2014 and supposedly has affected 33 locations.

If P.F. Changs follows in the footsteps of the recent Target breach, you can expect an expanding number of stores and customers affected over the coming days. It seems that the data breach playbook suggests that companies initially under-report the severity of the security lapse in order to keep customer shock and defection to a minimum. Once the news cycle has worn out the topic (generally 3-5 days), the breached company generally issues news on additional stores affected, customer data lost, increases in the actual data affected, etc. Let’s hope P.F. Chang’s does a better job of communicating damage the first time.

If you believe you have visited any of these locations during the affected time period, I suggest that you cancel your credit card and get a new number. At this point, it’s easier to do that several times a year than it is to recover from actual fraud. You may also call P.F. Changs directly at 1-877-412-7152.

John Sileo is a data breach expert and keynote speaker on avoiding disasters like P.F. Changs. John specializes in making security entertaining, so that it works. John is President of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Data Breach Expert John Sileo on Fox & Friends – Target Data Breach

,

Data Breach Expert John Sileo goes on Fox & Friends to discuss the 110 million records breached at Target.

Stock Plummets as Epsilon Breach Rears Ugly Head

,

When will corporations learn? I received 6 data breach emails yesterday because of the Epsilon’s lack of security.

Have you been inundated with more spam and phishing emails recently? If so, it may be due to one of the largest email and data breaches in Internet history. Epsilon is one of the world’s largest providers of marketing-email services and they handle more than 40 billion emails annually and more than 2,200 global brands.

Epsilon issued the following statement: “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only.”

The following companies have already sent out warnings (like those below) to their companies: Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.

While the statement above says that only names and emails were compromised, experts are saying that both Marriott Rewards and Ritz-Carlton Rewards had member rewards points disclosed, along with names and e-mail addresses. This could give scammers more leverage when they attempt a targeted campaign. The Epsilon data breach not only exposed names, information and e-mails of its clients’ customers, but sent its stock down nearly 7 percent before the news was even hours old.

The stolen information will allow scammers to send authentic-looking email messages that appear to come from a bank or other business with whom the user has an existing relationship. The emails will try to trick people into parting with information such as their usernames and passwords for bank accounts or other online accounts, or they could try to trick people into downloading malware on to their systems. People who don’t fall for such scams should be fine. (ComputerWorld)

So how do you know if you have been affected by this massive breach? Watch out for emails (like the ones I received for being a customer of the institutions below) alerting you to the breach. But observe the following precautions:

  • Be on the lookout for sophisticated phishing emails that seem to be sent from your bank or other financial institution. Now that the bad guys have your name AND email address, they can make them very authentic and already know that you bank with that particular institution.
  • Keep software protection updated.
  • Don’t click on any links within the breach emails you receive, as scammers will undoubtedly send phishing versions in the name of data security to extract even more data out of you. Always retype the known website address (www.USBank.com) into the toolbar. You can also move the mouse over the link to see if the domain name matches the company.
  • Make sure that all websites you visit start with https (which signals that it is a secure connection – not a perfect indicator, but better than nothing).
  • Don’t give out any sensitive information out via email and be wary about giving it out over the phone.
  • If you are ever unsure call the number listed on the company website.

These companies will start to lose customers because of the Epsilon breach, and Epsilon will begin to lose stock value and reputation within the industry. Can you imagin a corporation trusting them with their private data again?

John Sileo speaks and consults to clients about information leadership, including identity theft, social media exposure and reputation management. His clients include the Department of Defense, Pfizer, Blue Cross and Homeland Security. Learn more about bringing John to your organization at www.ThinkLikeASpy.com.

 

 

Son of a Breach! 40,000 Student Identities Exposed

The Social Security numbers, grades, and other personal identity information of over 40,000 former University of Hawaii students were posted online. The information was removed earlier this week, after almost 12 months online.  The University apologized and explained that a faculty member doing a study on student success rates believed the information was being held on a secure server. It was not.

Apparently this was the third such breach that the University has suffered from in the past year. Each incident has increased student concern, and the university promises to beef up network security. It is beginning to look like these are promises that they have little intention of keeping. If the University were serious, they would immediately implement a data privacy awareness program to train staff and students on protecting private and sensitive information. There is no indication beyond empty press releases that they have begun taking even this most basic step.

U of H contends that there is no evidence that the information had been stolen or misused to date. That, however, is highly unlikely. Many times, identity thieves will wait until the dust has settled from such a breach to begin using the information for financial gain. The university has advised anyone who may have been affected to obtain and review their credit report for any signs of fraud. Again, if the university were serious, it would be providing free credit monitoring to those affected.

In 2002, the University phased out the use of Social Security Numbers to identify students. However, for students who attended the University prior to 2002, Social Security numbers are still used to identify those students. As you can imagine, it is difficult to contact affected students long after they have graduated, making the University’s task even more difficult.

To learn more about how to recover your stolen identity, check our our Identity Theft Prevention and Recovery workbook.

15 Data Security Tips to Protect Your Small Business

Thanks to SmallBusinessComputing.com and Jennifer Schiff for this article!

In August 2010, the Privacy Rights Clearinghouse published its latest Chronology of Data Breaches, which showed that since 2005 more than a half-billion sensitive records have been breached. Of those breached records — which contained such sensitive data as customer credit card or social security numbers — approximately one-fifth came from retailers, merchants and other types of non-financial, non-insurance-related businesses, the majority of which were small to midsized.

An equally scary statistic: approximately 80 percent of small businesses that experience a data breach go bankrupt or suffer severe financial losses within two years of a security breach, according to John Sileo, a professional identity theft consultant and speaker, who knows firsthand about the havoc a security breach can wreak on a small business.

What can a small business owner do to protect her business from a security breach? Small Business Computing spoke with two security and privacy experts and consulted the leading security and privacy sites to find out. The good news: protecting your business from a data security threat is easier than you think. It’s also much cheaper than the physical, financial and emotional cost of repairing one.

Click Here to Continue Reading……

John Sileo speaks professionally about social media exposure, identity theft and cyber crime for the Department of Defense, Fortune 1000 companies and any organization that wants to protect the profitability of their private information. Contact him directly on 800.258.8076 or visit his financial speaker’s website.