Posts

Equifax Data Breach Protection Tips

,

How to Protect Yourself from the Equifax Data Breach

Equifax, one of the three major consumer credit reporting agencies disclosed that hackers compromised Social Security and driver’s license numbers as well as names, birthdates, addresses and some credit cards on more than 143 million Americans. If you have a credit profile, you were probably affected.

Credit reporting companies collect and sell vast troves of consumer data from your buying habits to your credit worthiness, making this quite possibly the most destructive data security breach in history. By hacking Equifax, the criminals were able to get all of your personally identifying information in a one-stop shop. This is the third major cybersecurity breach at Equifax since 2015, demonstrating that they continue to place profits over consumer protection. Ultimately, their negligence will erode their margins, their credibility and their position as one of the big three.

But that isn’t your concern – your concern is protecting yourself and your family from the abuse of that stolen information that will happen over the next 3 years.

Minimize Your Risk from the Equifax Data Breach

  1. Assume that your identity has been compromised. Don’t take a chance that you are one of the very few adult American’s that aren’t affected. It’s not time to panic, it’s time to act.
  2. If you want to see the spin that Equifax is putting on the story, visit their website. Here’s how the story usually develops: 1. They announce the breach and say that fraud hasn’t been detected 2. A few days later when you aren’t paying attention, they retract that statement because fraud is happening, 3. Sometime after that they admit that more people, more identity and more fraud took place than originally thought. They encourage you to sign up for their free monitoring (which you should do), but it does nothing to actually prevent identity theft, it just might help you catch it when it happens.
  3. I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request a “call-in” password be placed on your account.
  4. Begin monitoring your bank, credit card and credit accounts on a regular basis. Consider watching this video and then setting up account alerts to make this process easier.
  5. Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T JUST CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.
  6. MOST IMPORTANTLY, FREEZE YOUR CREDIT. The video above walks you through why this is such an important step. Some websites and cybersecurity experts will tell you to simply place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile, so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Equifax is being overwhelmed by requests, so be patient and keep trying. Even if it doesn’t happen today, you need to Freeze Your Credit!

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an an award-winning author and keynote speaker on cybersecurity. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Data Breach 2015 Summary

Data Breach 2015 Summary Image

Influential Cyber Data Breach 2015

January Data Breach

Premera BlueCross BlueShield
Health insurance company Premera BlueCross BlueShield said in March that it had discovered a breach in January that affected as many as 11.2 million subscribers, as well as some individuals who do business with the company. The breach compromised subscriber data, which includes names, birth dates, Social Security numbers, bank account information, addresses and other information.

February Cyber Breach

Multi-Bank Cyberheist
In February, a billion-dollar bank cyberheist was discovered, affecting as many as 100 banks around the world. The breaches, discovered by Kaspersky Lab, infiltrated the banks’ networks using tactics such as phishing and gaining access to key resources, including employee account credentials and privileges. The cybercriminal ring, known as Carbanak, then used those credentials to make fraudulent transfers and make hijacked ATM machines appear legitimate as they funneled more than $1 billion into their own pockets.
Anthem
Anthem revealed a breach in February that exposed 80 million patient and employee records. Anthem said the breach occurred over several weeks, beginning in December 2014, and could have exposed names, date of birth, Social Security numbers, health-care ID numbers, home addresses, email addresses, employment information, income data and more. It said it did not believe banking information was taken. The Wall Street Journal reported that Anthem had not encrypted the data that was accessed by hackers.

May Security Breach

IRS
Thieves who used data stolen from other sources gained access to tax returns for 300,000 people through software called “Get Transcript” that allows taxpayers to retrieve their returns from previous years.
Relying on personal information — like Social Security numbers, birth dates and street addresses — the hackers got through a multistep authentication process. They then used information from the returns to file fraudulent ones, generating nearly $50 million in refunds. A significant note from this breach is that it fit an emerging pattern where Federal agencies often say months after they initially discover a breach that it has affected far more people than investigators initially believed.
Starbucks
This is a tricky one. This “breach” started when Starbucks customers noticed unauthorized access to their accounts. That access was reportedly followed by thieves using the auto-reload feature to rapidly rack up hundreds of dollars in charges. In reality the Starbucks mobile app was not hacked, but some customers did have unauthorized activity on their accounts because of poor security (password) decisions they had made. According to the Starbucks website:

“Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.”

June Breaches

LastPass
In June, password management company LastPass revealed that it had been the victim of a cyberattack, compromising email addresses, password reminders, server per user salts and authentication hashes. The company said it believed its encryption measures would protect most users. At the time, solution providers said the breach was significant because it showed an increasing trend from attackers to target the security vendors themselves.
Office Of Personnel Management
Revealed in June, the two breaches of the Office of Personnel Management have snowballed into what is arguably one of the biggest cyberattacks in history. The larger of the two breaches, affecting 21.5 million federal workers, was discovered in late May after a separate, unrelated breach hit the agency in April, exposing the personnel data of 4.2 million individuals. While the actors behind the attack haven’t officially been announced, reports have tied the attacks to China-based hackers. While details are still emerging about the extent of the attacks and their effect on millions of federal workers, some of the implications have already begun with the resignation of OPM Director Katherine Archuleta.

July Data Security Breaches

Harvard University
A July breach at Harvard University, following in the footsteps of eight other education breaches this year, highlighted growing security concerns around the higher-education market. The breach affected as many as eight schools and administrative offices, though it remains unclear what information was accessed by the hackers. At the time, the University released a statement saying there was,”no indication that personal data, research data, or PIN System credentials have been exposed.” However, they acknowledged it was possible that user names and passwords used to access individual computers and University email accounts were compromised.
Army National Guard
The July data breach of the Army National Guard was the result of an improperly handled data transfer to a non-accredited data center by a contract employee, the organization said. The breach possibly exposed the Social Security numbers, home addresses and other personal information of approximately 850,000 current and former National Guard members, dating back to 2004.
CVS, Walgreens, others
In July, pharmacy chain CVS pulled its popular online photo print ordering site offline as it investigated a suspected hack. Credit card data, email and postal addresses, phone numbers, and passwords were taken, but it’s not clear how many millions were affected by the breach. No other linked data was taken in the breach, but Costco and Rite Aid, among others, were also hit.

Ashley Madison 
Around 37 million people were caught up in the Ashley Madison affair (for want of a better term). The site encourages its users to cheat on their partners. Aside from the many millions affected and the impact on relationships, should that information get into the hands of the enemy — think, Russia or China — it could lead to a considerable blackmail and espionage effort against US, UK, and allied countries.

August Cyber Security Breaches

iPhones
iPhone owners who practiced something known as “jailbreaking,” where they stripped their devices of Apple’s security settings, allowing the handsets to work overseas or run apps the company didn’t approve paid the price for ignoring Apple’s warnings that this practice left the devices vulnerable to hackers. It turns out more than 225,000 of those phones have been hacked and cybersecurity researchers found the users’ breached information on the black market.

September Data Breaches

Hilton/Doubletree

The hotel chain fell victim to a credit card breach at registers in gift shops and restaurants at several of its U.S.-based properties and franchises. Those affected included the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts. The breach appeared to be linked to a compromised point-of-sale-system rather than an issue relating to the guest reservation systems at the affected locations.

October Security Breaches

T-Mobile/Experian

Hackers stole the personal details of T-Mobile US customers, acquiring the records of approximately 15m people, including new applicants requiring a credit check for service or device financing from September 1 2013 through September 16 2015. These records included personal details such as name, address and date of birth as well as encrypted fields with Social Security numbers and identification numbers from driving licenses or passports. Experian said this encryption may have been compromised.

John Sileo is an an award-winning author and keynote speaker on identity theft, cyber security, social engineering & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

The Ashley Madison Hack: An Affair to Remember FOREVER

, ,

Come on, admit it. Don’t you feel just a little satisfaction watching 37 million adulterers exposed in the Ashley Madison hack? “They do kind of deserve to be cheated just a bit for being cheaters,” someone in one of my keynote speeches commented.

In this case, the hackers weren’t seeking money, they were seeking revenge. Their goal was to get Ashley Madison to shut down the site because they said it wasn’t living up to it’s own privacy policy (they weren’t). But to side with the hackers is a bit like saying it’s okay to pepper spray customers to keep them from going into a store you’re morally opposed to. In other words,  be careful when you condone the use of customers as pawns to fuel change. You just might be the next customer to become a victim, and your data could be just as sensitive (your medical records, divorce proceedings, kids’ geographical location or your online video viewing habits).

I, like many others, have a hard time feeling sorry for the consequences of the stupid and poor choices some have made. It’s not like the victims of the Ashley Madison hack are in the same category as the innocent mom who shopped for holiday presents at Target, or the senior citizen who had their Social Security number breached due to Anthem’s careless cyber security.

However, as someone committed to protecting moms and senior citizens and everyone else from experiencing the blowback from thieves, exploiters and liars, I just can’t stay away from this one. Because even non-users are ultimately effected by the Ashley Madison hack. 

How the Ashley Madison Hack Affects Non-Users Like You

  1. This hack has continued with the precedent set by the Sony hackers because they not only stole the information, but they are blackmailing the company by threatening to make the data public unless the company accedes to their demands (stopping the release of “The Interview” or shutting Ashley Madison down). And the blackmail often works, meaning that this trend will continue!
  2. Besides the effect of having divorce lawyers calling their Maserati dealer to order a new car, this has allegedly led to suicides and to the resignation of Noel Biderman, the chief executive officer of Avid Life Media Inc., the company behind Ashley Madison. After major breaches (Sony, Target, OPM, Ashley Madison), the highest executive becomes the sacrificial lamb.
  3. In addition to the database of users’ names, addresses and the type of extramarital arrangement they were looking for, hackers have also gotten information on 9,693,860 credit and debit card transactions conducted on the site since 2008, opening the doors wide for identity theftI can almost guarantee that this will affect someone in your life.
  4. Cyber extortion has erupted because Ashley Madison has gone on the offensive and offered a bounty for the “capture” of the enemy. The site is offering a reward of $500,000 for information that leads to the successful arrest and prosecution of the people who stole and leaked its data. This sets an alarming precedent of the weaponization of consumer information and the resulting retaliation.
  5. Perhaps the scariest consequence of all is that after the hackers followed through on their threat to make the information public (after AM officials called the hack bogus), enterprising coders created online tools that allowed anyone to easily search the breached Ashley Madison data to see if their friends, family, partners and spouses used the website. That almost guarantees that the breach data will be used to commit fraud (many times breached data is recovered before it is exposed on the open market).

If you are thinking, “serves them all right”, just realize that next time it might be your employer’s or bank’s website. It could be your doctor, your hospital or political organization. It could be the data from your child’s school. And it could be an affair you will never forget.

John Sileo is an an award-winning author and keynote speaker on cyber security, identity theft, internet privacy, and fraud. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

3 Key Protections for Anthem Breach Victims

,

What’s the Anthem breach?

  • More than 80 million patient records were stolen out of Anthem’s servers.
  • If you are an Anthem, Blue Cross or Blue Shield customer, now or in the past, you are probably affected by the breach.
  • The data stolen included at least Social Security numbers, birthdates, addresses, email addresses and employment information.
  • Not included in the breach (or at least disclosed as being part) were credit card numbers or medical data.

Why is the Anthem breach so serious?

  • When breach includes so much data on each victim, especially your Social Security number, it makes it fairly easy for cyber criminals and identity thieves to create new accounts in your name or takeover existing financial accounts. In other words, they can bank as you, borrow as you and pose as you in order to financially exploit you.
  • The loss of medical ID can be devastating, as criminals can potentially cash out your medical benefits, append your medical records with dangerous information (e.g., a different blood type) or apply for loans or services in your name.

What STEPS SHOULD I TAKE RIGHT NOW to protect myself?

1. Monitor the breach and take advantage of the two years of ID theft monitoring they are providing at www.AnthemFacts.com.

2. Monitor your credit reports for free on www.AnnualCreditReport.com.

3. Freeze your credit to keep criminals from taking advantage of your buying power. This is the most powerful step you can take, but it does make it slightly less convenient when you apply for new credit.

4. Call all financial institutions you work with and have them put a “phone-password” on your account so that the thieves can’t simply use your SSN to gain access.

5. Turn on Two-Factor Authentication on all financial accounts to further protect your account.

6. Monitor your financial accounts and health insurance Explanation of Benefits (EOB) for transactions you don’t recognize. Alert the provider if you suspect foul play.

John Sileo delivers keynote speeches designed to make security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact The Sileo Group directly on 800.258.8076.

Anthem Phishing

Is Home Depot Data Breach an Example of the “New Normal”?

,

Home Depot Data Breach Exposes Our Growing Complacency

When Target suffered a data breach back in December of 2013, you couldn’t look at a news source without seeing a new story about it.  Yet when the Home Depot data breach was revealed recently, it received almost a ho-hum reception in the news.  This, even though, it was the biggest data breach in retailing history and has compromised 56 million of its customers’ credit cards!  It seems we have come to expect these data breaches to the point where we have become almost complacent.

Consumers, like the companies that breach our data, have become apocalyptic zombies, staring unquestioningly forward as we are attacked from all sides.

Even scarier is that it appears the retailer itself had become complacent. Former members of Home Depot’s cyber security team said the company was slow to respond to early threats and only belatedly took action.  It used outdated Symantec antivirus software from 2007 and did not continuously monitor the network for unusual behavior, such as a strange server talking to its checkout registers. These are security oversights that most companies eliminated 5 years ago!

Another issue is that Home Depot performed vulnerability scans irregularly and often scanned only a small number of stores.  The former employees say that more than a dozen systems handling customer information were not assessed.  Home Depot has defended its actions saying that they have complied with industry standards since 2009 and those standards included an exception from scanning store systems that are separated from larger corporate networks.

This brings up a great point: Compliance with laws doesn’t equate to security for customers. And customers leave because of security breach – they could care less about compliance mumbo jumbo.

Yet another smudge on their record is they hired a security engineer, Ricky Joe Mitchell, who had been fired from his previous job.  In April, he was sentenced to four months in prison for disabling the computers for a month at that former employer.

After the Target breach, Home Depot brought experts in from Voltage Security, a data security company that introduced enhanced encryption that scrambled payment information the moment a card was swiped in some of its stores.  However, by that time it was too late; hackers had been stealing millions of customers’ card information and had gone unnoticed for months. The rollout of the company’s new encryption was not completed until last week.

Home Depot has just become a perfect case study of all of the ways that a corporation can fail to protect itself from breach. They make Target look like rocket scientists. In the meantime, those of us who are customers continue to pay their price for their ignorance and inability to take responsibility for their data.

John Sileo is an an award-winning author and keynote speaker on cyber security and data breach. He specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

US Companies Face Cyber Attacks; Live in a State of Cyberseige

When JP Morgan was recently asked about reported cyber attacks, their spokesperson replied that they were “closely safeguarding information and would notify anyone affected” and went on to add that companies of its size experience cyber attacks “nearly every day”.  It seems a rather casual reply for an event that may have resulted in the theft of multiple gigabytes of sensitive data!

Yet that is the reality today.  In fact, the financial industry, and most of the business world, has been described as being in a state of almost perpetual cybersiege.  Cyber attacks have become so commonplace that most businesses have almost come to expect it.

Which is why we have stopped paying attention, because breach is so normal. And breach is so normal because corporations don’t train their employees correctly on how to avoid it. 

In the case of the attacks on financial institutions this week, however, officials briefed on the attack said there had been multiple, very sophisticated, intrusions.  They are thought to have been “far beyond” the capability of normal hackers and seem to be part of an international wave of nationalist cybercrime campaigns against financial institutions.

It is expensive to battle a cyberseige.  JPMorgan Chase said in its 2013 annual report that it planned to spend more than $250 million and devote about 1,000 people to cybersecurity in 2014.  According to a report on cyber security and the banking sector released by the New York State Department of Financial Services in May, more than three-quarters of financial institutions expect their information technology security budgets to rise over the next three years. That might be the silver lining in what is a cloudy outlook for corporate security.

John Sileo is an an award-winning author and keynote speaker on data breach. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Data Breach Expert's Pragmatic View on PF Chang's News

pf changsData Breach Expert Alert: The restaurant chain P.F. Chang’s China Bistro has reported a security breach that may have led to the theft of customer data from credit and debit cards used at 33 restaurants.  In addition to stolen card numbers, the intruder may have gotten  names and expiration dates as well.  The breach took place between October 19th of 2013 and June 11th of 2014 and supposedly has affected 33 locations.

If P.F. Changs follows in the footsteps of the recent Target breach, you can expect an expanding number of stores and customers affected over the coming days. It seems that the data breach playbook suggests that companies initially under-report the severity of the security lapse in order to keep customer shock and defection to a minimum. Once the news cycle has worn out the topic (generally 3-5 days), the breached company generally issues news on additional stores affected, customer data lost, increases in the actual data affected, etc. Let’s hope P.F. Chang’s does a better job of communicating damage the first time.

If you believe you have visited any of these locations during the affected time period, I suggest that you cancel your credit card and get a new number. At this point, it’s easier to do that several times a year than it is to recover from actual fraud. You may also call P.F. Changs directly at 1-877-412-7152.

John Sileo is a data breach expert and keynote speaker on avoiding disasters like P.F. Changs. John specializes in making security entertaining, so that it works. John is President of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Latest Tax Scams "Target" Data Breach Victims

,

irs scam alertIt’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014.  They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name.  Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.

KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each.  This data is being sold in hundreds of online “stores” advertised in cybercrime forums.  A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.

The twist this year is that telephone scams are being linked to the breaches as well.  There are many variations, but most involve criminals contacting a victim saying they are from the IRS and that money is owed.  They know the victim’s personal information such as Social Security numbers (from the stolen breach data), so it is very convincing.  They may demand payment be sent immediately, threatening anything from arrest to driver’s license revocation if non-compliant.

Then here’s the kicker, there is often a follow up call supposedly from the local police department or the state motor vehicle department (with realistic numbers on the caller ID using a “spoofing” technique) to scare the victim into action even more.  So far victims in nearly every state have fallen prey to this scheme to the cost of more than $1 million.

To read more about the characteristics of these scams and how to avoid them or get help if you think you’ve been a victim of this hoax, visit the IRS website.  In the mean time, remember what IRS Acting Commissioner Danny Werfel said in a press release: “Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer.”

Also remember to guard well your personal information.  This tax scheme is just one example of how obtaining your personal information from one source makes it easier to socially engineer you in another way.  Be wary to be on the safe side!

John Sileo   [ Expert in the Art of Human Hacking ]

At The Sileo Group we make security sticky, so that it works.
We specialize in humorously-interactive keynotes that inspire human
 responsibility around privacy, technology and business risk. Interested?
Watch John engage and change an audience at the Pentagon, discuss
ID theft on the Rachael Ray Show or just listen to our satisfied clients.

303.777.3221 | Social Engineering | Identity Theft | Mobile Technology | Internet Privacy

“Jaw dropping content laced with laughter.”  – Homeland Security

Higher Education Features Cyber Security Expert John Sileo

Universities perfect learning environment for data security

Higher Ed Organizations are among the highest risk groups to become victims of identity theft and data breach. Because students are relative “beginners” when it comes to personal finances, because university environments are predicated on trust and credibility, and because of the recent progress towards a mobile-centric, social-networking-dominated campus, higher education’s digital footprint is constantly exposed to manipulation.

"The most engaging speaker I've ever heard - period"

“The most engaging speaker I’ve ever heard – period.”  Debbie Bumpous, NSU Chief Information Technology Officer speaking about John Sileo

“John Sileo was the secret sauce in launching our cyber security awareness program” – University of Massachusetts Director of IT

Universities are 357X more likely to be affected by data breach than the average organization. High profile cases, some of which ended in class action lawsuits against the breached university include the University of Nebraska (650,000 breached records at an estimated cost of $92 million), UCLA, Auburn, Delaware, and Texas. Data theft is bad for students, time consuming for the administration and a public relations nightmare for the university. John Sileo knows their pain first hand, as he is generally the person contacted by universities after they have been breached. 

Video: watch John help a university prevent data theft before it happens

Universities Have a Distinct Advantage in the Fight for Data Privacy

There is genuinely optimistic news amidst the gloom and doom. Because of their teaching facilities, their communication channels and their understanding of pedagogy, universities small and large are uniquely equipped to train campus wide on the simple steps to keep private data secure before it is breached. But it takes the right speaker to introduce security in such a way that it connects with a mixed audience–student and faculty, young and wise, technologically-oriented and digitally-challenged.

John Sileo sets the standard for presentations that get students, faculty and administrators to emotionally connect to the critical nature of privacy, security and identity protection. Using his own personal story of identity theft, John interacts with your audience to gain “buy in” to the increasing importance of securing identity in a mobile-driven, social-media-dominated world.

“If the presentation is boring or overly technical, the campus won’t listen, won’t learn. John is anything but boring…”

Video: Hear what university leaders have to say about John’s ability to make it personal

John has spoken extensively for other universities to increase awareness on privacy, security and identity. Unfortunately, he’s usually brought in AFTER THE BREACH and asked to sign confidentiality agreements that don’t allow him to disclose his work with the university. And if there is someone that respects his client’s right to privacy and confidentiality when requested, John is it. We can say that John has worked with top ranked universities in California, Colorado, Connecticut, Massachusetts, Maryland, South Dakota, Nebraska, Florida, New York, Pennsylvania , Washington D.C., Utah, Wyoming and Virginia. We hope that your university/fraternity/organization chooses to proactively address the problem like those public references listed below:

Listen to what Universities have to say about John’s presentations

Wellesley College“Your presentation had the audience engaged from the first moment you started speaking. Data security is so often such a dry topic that it can be very challenging to get our users to listen to anything we have to say (let alone to show up). Your personal stories were both heart wrenching and thought provoking, and they provided an important backdrop for the lessons you were teaching. And you did all of this with humility, and a wonderful sense of humor, that caputred the audience’s attention. When people were leaving the event, many told me it was the best presentation they had ever seen and it was unanimous that was time well spent.”

— Donna Volpe Strouse, Information Security Officer, Wellesley College


 

UMASS“John’s presentation was excellent. He has a unique and skilled way of connecting with the audience and relating personal security to university security initiatives.”

“Felt like a knowledgeable friend grabbed me by the shoulders, slowed me down and saved me from getting into trouble.”

Engaging and entertaining delivery of what is typically a dry topic – it makes the message stick.”

“Compelling, persuasive, intelligent, common sense and passionate presentation that opens your eyes. Funny too!”

— Various CIO Coordinators and Attendees at the Six University of Massachusetts Campuses


 

Seal_of_Northern_State_UniversityThe most engaging speaker I’ve ever heard – period. As part of a campus-wide cyber-security awareness program, Northern State University hosted John Sileo on our campus. John’s presentation was the culmination of a month-long awareness campaign for faculty, staff and students and part of the National Cyber-Security Awareness Month. The presentation itself was of the highest caliber. John personally catered the content of his presentation to our unique and diverse audience members. John is an incredibly motivational presenter that can speak directly to any audience, of any age. Throughout his presentation, he actively engaged members of the audience, capturing and holding their attention. This engagement brought a personal touch to the presentation and underscored the importance of his message. I would highly recommend John Sileo as a presenter or guest speaker. His expertise, friendliness, and professionalism are exemplary.”

— Debbi Bumpous, Chief Information Technology Officer, Northern State University


 

Foundation_LogoThe Delta Gamma Foundation is the heart of the Delta Gamma Fraternity… One of the most successful programs we offer our collegiate and alumnae members is our Lectureship in Values and Ethics. Now present on 15 campuses throughout the United States (with 4 more Delta Gamma chapters in the process of completing their lectureship), our lectureship series has featured such nationally acclaimed speakers as Colin Powell, Queen Noir, Maya Angelou, Barbara Bush, Gerald Ford, Jeff Probst and many more.

On June 18, 2010, at our 64th biennial Convention in Denver, CO, the Delta Gamma Foundation sponsored our Convention Lectureship in Values and Ethics. This lectureship is very special because it is presented to the entire Convention body. Our guest speaker was John D. Sileo who spoke on identity theft prevention… John captivated an audience of 900 ranging in age from 19 to 90 telling his personal story of theft identity and educating all of us to intellectually understand the importance of one’s privacy. John is a story teller who tells a compelling story with humor, intrigue and ongoing audience interaction. The presentation was outstanding.

Delta Gamma continues to receive positive feedback on John’s presentation and performance. On behalf of the Delta Gamma Foundation, we would strongly recommend John for any audience of any age. His story needs to be told and shared.

— Roxanne LaMuth, Delta Gamma Foundation


 

CSC Wordmark 208- 2006John Sileo is the real deal. He speaks because he has something to say, but also because he is interested in his audience! If you host speakers, do yourself a favor and hire John… he will remind you of all that is good about offering a speaker to an audience.

Loree MacNeill, Chadron State College

 

 

ID Experts Infographic on Data Breach Trends

,

ID Experts Infographic

Definitions

Identity Theft: involves the misuse of another individual’s personal identifiable information for fraudulent purposes.

  • Identity theft is the fastest-growing crime in the U.S., affecting 1 in 20 consumers.

Medical Identity Theft: occurs when someone uses an individual’s name and personal identity to fraudulently receive medical services, prescription drugs or goods, including attempts to commit fraudulent billing.

  • Medical identity theft affected 2 million people in the U.S. in 2011.

Data Breach: a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual.  Data Breaches may involve:

  • Credit card numbers
  • Personally identifiable information
  • Protected health information
  • Social Security Number
  • Trade secrets
  • Intellectual property

Who/What’s at Stake?

An identity is stolen every 3 seconds!

  • 5 million Americans were victims of identity theft in 2003.
  • 12.6 million Americans were victims of identity theft in 2012.
  • 608,271,950+ records have been compromised due to security breaches since 2005.
  • 94% of Healthcare organizations surveyed suffered at least one data breach in the past two years.
  • A medical record can fetch $50 on the black market.

Cyberterrorism is on the horizon. 

Cyberterrorism is any “premeditated, politically motivated attack against information computer systems, computer programs, and data”. Why is it on the horizon?  Currently unprotected mobile devices, personal and private data proliferation and distributed computing trends all drive the increase of data breaches and identity theft.

  • 9.6 million petabytes of information is processed per year’
  • 36.7 million people n the U.S. own smartphones.
  • Healthcare organizations have moved from paper-based records to electronic health records.
  • 88.6% of healthcare professionals access patient information with unsecured smartphones.

Defining breaches and regulations

  • 2003: Choicepoint was the first “industry” breach.  It affected 140,000 people in 50 states.  Security breach laws were enacted in most states as a result.
  • 2003: California enacted SB 1386, the first mandatory breach notification law in the U.S. to regulate the privacy of personal information.
  • 2003: Fair and Accurate Credit Transaction Act (FACTA) granted consumers one free credit report per year.
  • 2006: Department of Veterans’ Affairs had personal information stolen from its database, affecting 26.5 million people.
  • 2007: T.J. Maxx had 45 million credit and debit card numbers stolen.
  • 2009: Health Information Technology for Economic And Clinical Health (HITECH) Act incentivized healthcare organizations to adopt electronic medical records.
  • 2011: 77 million Sony PlayStation accounts were hacked.
  • 2012: 780,000 Medicaid patients and children had their information stolen from the Utah Department of Health.
  • 2013: HIPAA Final Rule strengthens the privacy and security protections for health information.

Data breaches are expected to escalate with the looming threats of organized crime, corporate espionage and cyberterrorism.

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.