IRS Breach Shows What Happens to PII After it is Sold on the Black Market

By | May 29th, 2015|Breach, Uncategorized|

IRS BreachThe IRS experienced a breach that is changing the way businesses and consumers think about personal information. Reporters attribute the IRS breach to a crime syndicate in Russia, who used personal information obtained elsewhere to exploit the Get Transcript feature on the IRS website. They successfully exploited 104,000 individuals and filed nearly $50 million in fraudulent tax funds.

“This breach is not just about what this single group is going to do with the information, but what happens when this information gets sold on the black market,” said cybersecurity author Peter Warren Singer to The New York Times. “It’s rare for the actual attackers to turn the information directly into money. They’re stealing the data and selling it off to other people.”

As Singer points out, this breach demonstrates how cyber criminals can take stolen data and exploit an online system to pick the pockets of thousands of consumers. Major data breaches thus far have proven that cyber criminals have the know-how to exploit major retailers’ security systems; this breach proves these criminals have more sophisticated schemes in their back pocket to cash in on the information they’ve stolen without having to find a vulnerability in an organization’s security system.

This is costly to businesses as it highlights the limited control they have on security breaches. Maintaining a healthy, secure system helps businesses avoid data breaches, but cyber criminals are working around secure systems by taking advantage of customers’ personal information. Gizmodo reporter Kate Knibbs calls this a “domino effect.” The way it works is that cyber criminals hack into a business’ system and steal customer data. Using that customer data, which includes name, address, email credentials and Social Security number, cyber criminals can log in to another business to make purchases or otherwise financially exploit a business. The result? A business is hijacked without its security system ever being hacked into. Cyber criminals are finding these workarounds, making their schemes more sophisticated and harder to identify from the outside.

So what exactly can we do to mitigate the risk of these types of breaches? Businesses and consumers must develop better habits and methods to protect their identities online. Password reuse is one of the most damaging habits of consumers. In fact, six out of 10 admit to reusing passwords across multiple sites. Convenience typically wins over security when it comes to interacting online. Businesses must innovate convenient options for consumers to better protect their digital identities. In the meantime, monitoring customer and employee credentials is a business’ best bet for protecting their assets.

How does this breach affect the way businesses handle security? How can businesses and consumers prioritize security over convenience when it comes to protecting digital identities? Let us know what you think on Facebook, Twitter and LinkedIn.

The Implications of Sharing Personal Data

By | January 28th, 2015|Uncategorized|

Data Privacy DayDid you know that privacy policies do not guarantee that your information will be kept private? Most companies use privacy policies to inform customers about how their personal information may be used, i.e. sold, shared, exchanged, not necessarily guaranteeing absolute confidentiality. In today’s increasingly digital world where exchanging personal information – your name, email address, home address, etc. – for access to websites, coupons and the like has become the norm. And, it can be difficult for consumers to understand the value of their personal information.

Today is the eighth annual Data Privacy Day, an international awareness effort spearheaded by the National Cyber Security Alliance (NCSA) that encourages all Internet users to consider the privacy implications of their online actions and motivate all companies to make privacy and data protection a greater priority. Since most consumers aren’t fully aware of the implications of sharing personal information, we’re taking a deeper look at what can happen when personal information is shared online.

Companies that collect don’t always protect
When you share personal information with a company online, that company is responsible for protecting your information. Even data that is seemingly harmless is extremely valuable to cyber criminals, like your email address or your mother’s maiden name for a password reset. When you share this valuable, personal information with a company online be sure to read the company’s privacy policy fine print in order to be certain that your information is not being shared publicly or with outside companies. In some instances, even reading the company’s fine print cannot keep your information safe. Millions were affected last year due to retail and medical data breaches, proving it difficult for companies to protect your data no matter how secure it may seem. Once cyber criminals have their hands on your personal information, you may be surprised at what they can do with it.

Cyber criminals patch together your digital profile
Bits and pieces of personal information stolen from companies can help cyber criminals patch together a complete picture of your digital identity. They can then use your digital identity to access more important information like your financial records from retail sites that have your credit card information stored. Many consumers leave a trail of personal information on the Internet, leading cyber criminals to steal your identity and your financial information.

How to make a difference during Data Privacy Day
Here are some tips on how you can increase your privacy online from the NCSA:

  • Think of your personal information like money – value it and protect it. You are often paying for “free” services with your personal information. Before you willingly provide your information to a service, make sure it is a business you trust to handle your information with care.
  • Manage your browser cookies to maximize your privacy and prevent unwanted tracking.
  • Demand that businesses be honest about how they collect, use and share personal information.
  • Be cautious about who you “friend” and communicate with online.

Join the Data Privacy Day conversations online by using the hashtag #DPD15! And, let us know what you think on Facebook, Twitter or LinkedIn.

News Recap: Senate Report Aims to Stop Malvertisements

By | May 29th, 2014|Uncategorized|

Ads blogEarlier this month, the United States Senate published Online Advertising And Hidden Hazards to Consumer and Data Privacy, a report that analyzes and investigates the distribution of malware through online ads.

AdWeek’s Katy Bachman shared insights from the report, citing that “in some instances, clicking the play button would initiate a pre-roll ad on YouTube or Yahoo that could deliver malware to consumers’ computers… Sites that consumers would expect to be safe, including The New York Times, Major League Baseball and the San Francisco Chronicle, were found to host ads with malware, many delivered by third-party ad networks.”

The complexity of online advertising makes it difficult to identify who is responsible.

“An ordinary online advertisement typically goes through five or six intermediaries before being delivered to a user’s browser, and the ad networks themselves rarely deliver the actual advertisement from their own servers,” cites the Senate report. “In most cases, the owners of the host website visited by a user do not know what advertisements will be shown on their site.”

This presents a privacy problem for users, Lucian Constantin explains in PCWorld. According to Constantin, “in most cases users can’t control what data is being collected, who collects it and how it’s used.” Constantin pulled an example from the Senate report during which one visit to a tabloid news website sparked interactions with 352 web servers, “many of those interactions were benign; some of those third-parties, however, may have been using cookies or other technology to compile data on the consumer. The sheer volume of such activity makes it difficult for even the most vigilant consumer to control the data being collected or protect against its malicious use.”

Should websites be held responsible for the advertising content hosted on their site? How can consumers protect themselves from malvertisements? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Privacy Awareness Week: What are you doing to protect your privacy?

By | May 7th, 2014|Uncategorized|

Technology is Changing_APPAMay 4 through May 10 is Privacy Awareness Week (PAW), an initiative of the Asia Pacific Privacy Authorities (APPA) held every year to promote awareness of privacy issues and the importance of the protection of personal information. To commemorate this week, we would like to share a few of our favorite privacy resources.

To highlight the importance of personal privacy, APPA recently released an infographic on the topic. The infographic shows how technology has changed over the years and the privacy risks across the Asia Pacific Region. APPA also provides an online test that looks at identity theft situations to see how aware you are about identity theft risks. The overall assessment shows how exposed you are to identity theft and offers tips along the way.

The Federal Trade Commission (FTC) teamed up with APPA this week to talk about why privacy matters, and offers tips, for both individuals and businesses, on how to protect your personal information in today’s digital world. The FTC’s Privacy and Identity topic page offers privacy and identity topics on how to: limit unwanted calls and emails, protect your computer, talk to kids about online safety, protect your identity and repair identity theft.

Earlier this year, we celebrated Data Privacy Day, an international effort hosted by StaySafeOnline.org to help educate people on the importance of protecting their privacy and controlling their digital footprint. We nod our heads in agreement with their privacy tips to stay secure online:

  • Secure your devices. Set passcodes or pass phrases to be sure only you can access your smartphone, tablet or PC.
  • Secure your accounts. In addition to passwords, enable two-factor authentication to add another layer of security.
  • Make passwords long, strong and unique. Passwords should be different for each account, have as many characters as allowed and include numbers, symbols and letters, capital and lowercase.
  • Think before you app. Before downloading a mobile app, understand what information the app accesses to function, including location.
  • Back it up. Store digital copies of your valuable work, music, photos and other information on an external hard drive or online cloud.

What are you doing to protect your privacy on a day to day basis? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts