Data Privacy Day is an initiative of the National Cyber Security Alliance started in 2008 in United States and Canada. Now it is celebrated also in Europe and its purpose is to raise awareness among Internet surfers, social media fans, online gamers, online shoppers…so pretty much all of those who use the Internet, about the importance of their personal information privacy.
We are big fans of data security, so we encourage you to do the following for at least one day OR starting from today:
1. Stop sharing so much personal information on your Facebook, Twitter, Google +, etc. account. Hackers can use that information and you might find out one day your online identity is robbed, your passwords don’t match anymore, or even worse, your bank account is empty. Not to mention the creepy stalkers outside your house, who, of course, found out where you live from Facebook…
2. Change your passwords and do not assume that using the same strong password on all your online accounts is enough. Use alphanumeric passwords, but not “pasword1234″.
3. Use a special card for online transactions. There are options like disposable cards, or weekly withdrawal limits you can set with your bank.
4. Encrypt your data on USB sticks or other portable storage devices. Losing such a small device where you surely have important data is very frustrating. At least no one will be able to access your data once they find your USB stick.
5. Don’t forget about your mobile devices: smartphones and tablets. They need protection as much as your laptop or desktop does. Don’t download suspicious apps and use AdBlock software to avoid annoying popup ads that could also carry malware.
This is it from us, but the guys from National Cyber Security Alliance have more advices and you can find them on:
The European Union is planning to create and launch a European Cybercrime Centre by January 2013. The centre, a proposal of the European Commissions, will operate within Europol, the continent’s police agency and will deal with online banking fraud, attacks against smartphones and other large scale types of attacks which are directed against public services and infrastructure. Read more
People who use social networks and smartphones can easily become victims of identity fraud, as shown in the 2012 identity fraud study carried out by Javelin Strategy & Research.
The US number of victims was 13% higher more than 11.6 million adults have fallen pray to identity fraud, yet the average dollar amount stolen in these incidents was about the same as the previous year. Consumers whose personal information has been compromised by corporate data breaches were the most likely victims. Persons who have received notifications of a data breach affecting their personal data are 9.5 times more likely to experience identity fraud than those who did not receive such a notification.
Javelin also tracked users’ online behavior to see its impact on identity fraud. “LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud, although there is no proof of direct causation”. The survey also showed users ignore warnings about social networks being heavily used by fraudsters and are still sharing a significant amount of personal information that might be used to steal their identities. One of the examples quoted in the report was business social network LinkedIn where people connect with strangers without reading carefully or paying attention to of what they are really doing.
7% of smartphone users became victims of identity fraud last year, showing a 33% higher incidence rate compared to the general public. A good way to prevent such breaches for smartphone users is to have passwords on the home screen (the study shows 62% of mobile users fail to set one), to block access to information stored on the phone. Another safety measure to prevent identity fraud is to never tick the “remember password” button to save the information on their mobile device (32% users do this). Mobile users should also never accept the invitations of strangers or use the GPS tracking locations.
99% of small healthcare organizations in North America suffered a data breach in the past 12 months and more than 70% do not have enough budget to invest in risk management solutions to be able to comply with legal requirements and industry standards. These are the key findings of a new survey by the Ponemon Institute.
The Ponemon Institute surveyed more than 700 IT and administrative professionals in healthcare organizations that employ a maximum 250 people.
“Cybercriminals are hunting for medical records,” said Larry Ponemon, chairman and founder of Ponemon Institute. “The most serious issue is just the complacency small healthcare providers seem to exhibit with respect to securing patient records.” Read more
The Kansas Department on Aging has recently reported a hardware theft that caused a data breach affecting about 7,000 of its customers. A laptop, a flash drive and paper files were stolen out of an employee’s vehicle, putting thousands of senior customers at risk.
The stolen files contained personal and protected health information belonging mainly to customers located in Sedgwick, Harvey, and Butler counties. The theft was immediately reported to the Wichita Police Department. The Kansas Department on Aging says it is cooperating with the police, but the stolen hardware has not yet been recovered. Read more
A data breach affecting 1.8 million customers of two New York utilities companies has recently been made public by the New York State Public Service Commission. The investigation into this data breach was initiated after an employee from a third party IT company contracted by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) was given unauthorized access to the company’s databases.
It is not clear if accessing the customer databases had any malicious intent, both affected companies claiming there was no proof of any data having been misused as a consequence of the breach. But, to stay on the safe side, they have decided to send out notifications regarding the data access, as it exposed Social Security Numbers, dates of birth and financial account information, as shown in the official press release sent out by the NY Commission. Read more
When you are the lead artist of a security mishaps that ended up in a data breach affecting some 24 million people, consequences are bound to catch up with you. And they just have caught up with shoe retailer Zappos.com and the bigger online fish behind them, Amazon.com. The two companies are being sued by the customers affected by the data breach, being accused of negligence.
A woman from Texas seems to be the main promoter in this Kentucky lawsuit. She claims that she and millions of other customers were harmed by the exposure of their personal account information. Zappos and Amazon have not commented on the lawsuit as of earlier today. Read more
Almost two weeks ago, we revealed the major changes that had happened this year in the major data breaches top of all times. 2011 was leading in what the number of high profile of breaches is concerned. The top might change once more, ensuring an even stronger position for the current year as hackers hit Steam, a gaming giant that is home to 35 million user accounts.
What we know so far is that the Steam customer data base has been indeed accessed by hackers.
“We learned that intruders obtained access to a Steam database in addition to the forums,” said Gabe Newell, co-founder and managing director of Steam parent company Valve. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”
A data breach occurring at the Vacationland Vendors arcade games in Wisconsin Dells effected 40,000 credic and debit cards. The incident was caused by hackers who gained access to the card processing systems of the Wilderness Waterpark Resort in the Dells and Wilderness at the Smokies in Sevierville. The breach only affected the arcade systems, those using their credit cards for other services, such as reservations, eating at the resort restaurants or shopping for gifts have not been affected.
According to Vacationland Vendors, the hack was discovered on March 22, but it is believed that all cards used between December 12, 2008, to May 25, 2011. The good news is that the 40,000 cards exposed, company officials believe only 20 were actually impacted by the breach. Read more
We have recently written quite a few pieces on hacking, hacker-caused data breaches, and other such incidents. As we kick off the week and this first month of fall, more pieces of news along the same line come to our attention.
Two students hacked into the Birdville Independent School District’s servers and ran across a file containing 14,500 student names, ID numbers as well as social security numbers.
Borlas.net was also the playground of hackers. After managing to access their files, the hackers responsible for the security breach also leaked names, passwords, emails and phone numbers of nearly 15,000 registered users. Read more