According to the IRS, on Tuesday, hackers attempted to breach their computer systems in an attempt to file fraudulent tax returns. The thieves were attempting to gain access to E-File pin numbers which are used by some people to file their tax returns electronically. The IRS stated on Tuesday that approximately 464,000 social security numbers were accessed and nearly 100,000 of those were used to acquire E-file pin numbers.
The hackers apparently acquired personal tax payer data that was stolen from other sources to assist them in obtaining & generating the E-file pin numbers. The IRS is also reporting that no personal data was compromised or released in the attack. Tax payers who’s social security numbers may have been involved in the breach will be sent notifications by mail. The agency also noted that they are protecting the affected accounts by marking them to “protect against tax-related identity theft”. This is especially unnerving considering the IRS suffered an extensive data breach in 2015 in which over 300,000 taxpayers information was stolen, used to file fraudulent tax returns and obtain over $50 million federal funds.
If the IRS isn’t going to do something to protect your sensitive data, isn’t it time you took matters into your own hands. There’s no way you can protect yourself against a major corporate data breach like this one. Individuals who are notified that their information has been part of a data breach are 6 times more likely to have been a victim of identity theft in the past year.
This means that before you are even told that your social security number, credit card number or other personal information has been part of a data breach, the criminals have likely used your information fraudulently, without you ever even knowing. By this time, the damage has been done.
Start taking your identity protection seriously. IdentityGuard.com provides unmatched credit & identity monitoring, so you know if your information has been breached before the IRS or retail store gets around to telling you. Sign up today from StopIdentityFraud.org and get 30 days free protection and save $3.00/month off the homepage price.
Today I want to talk about physical security and maybe go a little more in-depth than previuosly. I actually worked with an individual who lost sensitive data and it was through a physical method that they lost it. A lack of physical security. So she had a truck all kitted out to come out to your location to shave your dog, shave your cat, whatever was needed. And when she would come out to that location to perform that service for customers, she would take payment from them. Now she may take payment with cash or check, but she also took credit card payments. Now the caveat to that is, she didn’t actually have a mobile payment method with her. She had her credit card processing terminal at her storefront location. And it was stolen.
It begs the question whether she should have had that data stored in that manner anyway. But the reality is a simple lock on that door, putting an electronic device with electronic controls, those things could have protected her. But unfortunately she didn’t have those controls and she was compromised. In truth it’s actually kind of a bizarre method to process. To say, hey! can I write it down on a piece of paper and take a back to process? I promise I’ll do in a safe and a secure fashion. That person’s put their trust in you. Your customers put trust in you. And the trust was lost. She had to go back to her customers and inform the customer I just lost your data while I was eating lunch. The reality is, she’s one of many people that are losing data. You hear about these big medical breaches, the physical security, the physical breaches breaches if you will, are having a major leak in the medical industry because everybody is storing patient data on some type of backup device or on a laptop or tablets.
It’s happening a lot. It’s ease of use. Wherever you’re at, your in a medical profession, you’re trying to provide medical services to patients as quickly as he can. I mean you don’t want anything to hinder that patients medical service. So we put on an electronic device, which makes it easier for us to access, easier for us to diagnose and treat, and we don’t protect it. We put it in a vehicle, we leave it in an office that’s unlocked, we didn’t document where it was at and it gets stolen. Your business may be concerned about protecting a trade secret, the secret recipe of your business. And you as the business owner, you care about that.
You care about the sensitivity of it and the security of that. But what you need to remember is, while you may care, your employees may not have the same investment. So it’s important like I referenced in the last episode, it’s important to document what sensitive information you’re trying to protect. I know I said electronic devices, but really it’s all sensitive data. Document what you’re trying to protect. Now that is valuable data and you don’t want people to get a hold of that, so that needs to be physically protected. But make sure it’s documented. Make sure that you know where it’s at, that you have policy and procedures in place that has a protection for each of those. Then you need to make sure that when that’s documented, you document who has access to it.
There is no worse feeling asking yourself, where did it go and who had access to it, who was the last person with it. It makes your job incredibly frustrating hard, and if there was sensitive data especially if it’s industry-specific and/or there was a compliance guideline behind it, you could be liable for that data that’s lost so documenting what you have, documenting who has access to it, is absolutely crucial for your business. The reality is, we want to hear from you. If you have questions you’d like answered, if you have concerns or things you’d like me to answer, please let us know.
An employee of New West Health Services recently had a laptop stolen, which contains personal and medical information of up to 25,000 current and former customers. The information in the database includes name, addresses, drivers license numbers, some social security numbers and possibly banking, credit card and medical information.
At this point, there is no evidence that the data has been used improperly. While New West declined to report approximately how many of it’s customers could be part of this breach, indications are that it my involve up to 25,000.
Based on a forensic investigation, New West says it believes the laptop contained:
• Customers’ names, addresses and, in certain instances, driver’s license numbers and Social Security numbers or Medicare claim numbers.
• It “may have also contained” information relating to some customers’ payment of Medicare premiums. That information includes electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and the card’s CVV number). Read more about this medical database breach on Helenair.com
New West customers who receive letters advising them of the possibility that their information may have been part of the data breach should take steps to protect themselves. This includes obtaining a letter from the insurance company if any of their information has been used, seen or stolen by unauthorized persons. Setting up at least one year of paid credit monitoring, funded by the company or agency involved in the breach.
Anyone can be a victim of data breach. Even some of the popular organizations have suffered from data breaches, which compromised millions of payment-card numbers and accounts. If you are one of those who have information that could be exposed in a data breach, there are ways on how to minimize of being an identity victim theft.
- Know What Was Stolen
You will need to pin down exactly what type of information was lost in data breach. Get a copy of your credit report first. Here’s a list of the best credit report sites. Sensitive information could fall into general categories such as:
- Least Sensitive – Street addresses and names. These information was a bit harmless when this was printed in your phonebook. At present, a name typed into the search engine may yield data beneficial to online marketers as well as nosy neighbors, yet probably not enough to cause severe trouble.
- More Sensitive – Dates of birth, credit card account numbers, and email addresses. Stolen email addresses could result to increased spam and stolen credit cards may result to fraudulent charges, yet cardholders are generally protected from the liability. Dates of birth are useless, yet once these are combined with a name, it can be more valuable than addresses due to the reason that these never change and often used for verifying identity.
- Most Sensitive – SSN or SIN in Canada, financial-account numbers, online account passwords, and payment card security passcodes are the most sensitive information. Online account passwords, once combined with email addresses, may be used when hijacking online accounts. Card security codes allow a thief use stolen card numbers for telephone and online shopping. Bank account numbers, on contrary, can allow thieves to monitor your financial transactions and may move money into any accounts.
2. Change Affected Passwords
If online accounts have been compromised, changing passwords right away is important. If you use same passwords for other accounts, change them and make new yet strong passwords for every account. Do not reuse passwords for your second account. In this way, you will be able to limit the damage next time data breach hits and you will not have to undergo this process again.
If online companies offer 2-factor authentication for protecting accounts, take advantage of it. Through this, thieves who attempt to lot into online accounts can’t get in, even using the right passwords, unless they have numeric codes that company texts to legit cellphone of the user. If remembering and creating all new passwords is hard, utilize a password manager to do the job for you. Through a password manager, you will need to remember one password and this software will take good care of the rest. But, the downside is that once the master password was compromised, all your accounts will be compromised too.
Contacting financial institutions and credit-reporting bureaus can also be a good idea. In this way, you will be able to cancel your stolen card and get new one right away. They can also freeze your account so that thieves won’t be able to get your money or use your credit card to make transactions or purchases.
With the increase if major retail data breaches over the past several years, now is the time to put an identity theft & data breach protection plan into place. Stay informed and get alerts if your information is part of a data breach. Don’t wait for the retailers to contact you. By then, the damage could already be out of control.
Data Breach – What Is It?
Data breach happens when one’s private identifying information including name, email address, address, debit or credit card data, driver’s license number, and SSN are put at risk either on paper or electronically.
Electronic data breach may be in numerous forms such as spyware, malware, hacking, skimming, inside breach or physical loss of payment cards or devices like laptops and computers. While the kinds of data breach differ, they all have one thing in common and this is unencrypted personal information that falls into jeopardy in the hands of fraudsters or thieves.
How to Protect Your Business from Data Breach
Every business that deals in debit or credit cards or electronic fund transfers, regardless of experience, transaction volume, and size, can be a victim of security breach. This is the reason why data breach protection is always necessary.
When compared to some countries in European Union and Canada where strong data protection acts were introduced for years, the US government hasn’t highly regulated or legislated data privacy. But, the forty-six states and some places like Puerto Rico have enacted legislation, which requires notification of the security breaches that involve personal information.
There are also partial federal regulations, which govern the storage, use, and acquisition of personal data in the US, yet it is up to businesses and individual merchants to implement such data breach protection programs. It’s also their responsibility to give technologies and policies to shield both their customers and businesses from potential devastating fallout generated by a security breach.
Best Practices to Achieve Successful Data Breach Protection
One of the very first steps to protect yourself, your customers, and your business from data breach is to adhere to PCI DSS, which stands for Payment Card Industry Data Security Standard. This is also known as PCI compliant. The PCI DSS’ requirements are concentrated on increasing the security for the transmission, storage, as well as cardholder data processing. Aside from that, businesses must strive for the tightest security against fraud and some data breaches through utilizing advanced and standard prevention and detection tools like those provided by some companies.
Other ways of practicing data breach protection are:
- Validating and requiring complete order information like phone number and full number for each order before you proceed to the shipping process.
- Changing your password and your security question and answer every forty-five to sixty days as a safeguard.
- Using a 3rd party solution to keep the strictest security standards to submit transactions to payment gateway.
- Monitoring transactions, especially those from other countries, with an eye towards possible fraudulent practices like a number of tractions or orders where delivery and billing addresses don’t match.
Data Breach Protection: Computer-Based Security
Machines like computers can be weak links that contribute to data breach protection. The standard computer security practices you can consider are:
- Installing a firewall that will monitor external connections.
- Installing an anti-virus software, such as Norton Internet Security. This should be updated regularly and installing or downloading all security updates in a timely manner.
- Sharing access to the network drives and other computers only when needed.
- Avoiding requesting or sending confidential information through unsecured methods including online chat sessions or email. If you got a request, always confirm your request through phone before you respond.
- Storing confidential or sensitive information separate from the web servers in an encrypted database that’s not connected online.
Data breach protection is the best defense against fraud. So, make no mistakes and always consider it as your top priority to protect yourself and your business. If you think you can’t handle data breach protection, it is also a good idea to consult or ask for professional help. A lot of companies are now offering data breach & identity theft protection solutions. When choosing a provider, ensure that it is reliable and has been servicing the industry for several years. Even if new companies claim the best services to offer, experienced providers can always make a difference, especially if you want to get the best value of what you have spent. In this way, you will get the highest possible level of data breach protection.
Although right off the bat every single data breach is going to feel like it is going to ruin your life, the truth of the matter is that, for the most part, fixing the fallout from data breaches can be relatively hassle free. However, there are a handful of situations that may lead you down years of cleanup and finding surprise after surprise on your credit reports.
Major data breaches, stolen credit cards, hacked social media accounts, spammed email, missing snail mail — many of us are experiencing fraud fatigue. But no breach should be ignored, though some expose you to more danger and aggravation than others. It helps to know whether you’re facing a minor annoyance or a full-on code red alert.
With help from security experts, we’ve produced a risk-o-meter to rate risks and hassles. You can also learn how to avoid some of these breaches.
You are not your credit card
Keep in mind that there’s a big difference between a risk or breach involving only one account and a breach that exposes your entire identity.
“You have to understand, you are not your payment card,” says Eva Casey Velasquez, president and CEO of Identity Theft Resource Center in San Diego. “If you have a credit card compromised, the remediation process is significantly easier. You simply call your financial institution and inform them that your existing account was compromised and you need a new card.”
Some of the hottest holiday gifts this past season were the wearable fitness tracking devices such as Fitbit, Runtastic Orbit & Mio Fuse. But apparently the hackers of the world were paying attention as well and there have been reports of Fitbit accounts and other wearable technology accounts being compromised. This was not reported as a breach on a large scale where a customer database was hacked. It appears to have been some isolated incidents where customer usernames & passwords may have purchased on the black market where stolen account information is often bought and sold.
In the reported cases, the Fitbit identity thieves changed the account information shortly after stealing it. This prevented the true account owners from accessing their accounts. The criminals then used the stolen accounts to request replacement devices under warranty by reporting them as “faulty”. In most cases, it was the more expensive Fitbit & wearable hardware that was the target of the scammers. Its also scary to think of the personal health information that may be accessible to anyone who hacks a Fitbit account. Previous articles on the topic have stated that a Fitbit type device can be hacked in less than 10 seconds.
As reported by Mr. Krebs, Fitbit’s cybersecurity team recently assigned risk levels to incoming requests. He quoted Fitbit’s CSO, Marc Bown as saying: “If we see an account that was used in a suspicious way or a large number of login requests for accounts coming from a small group of Internet addresses, we’ll lock the account and have the customer reconfirm specific information.” Not surprisingly, Fitbit has plans to introduce two-factor authentication to combat hijacking of Fitbit accounts via the company website.
Related Fitbit hacking resources:
Although most phishing scams are targeted at gaining access to peoples’ financial details or login credentials, fraudsters and thieves also use the tactic to find ways into a company’s databases. These hackers send these phishing attempts to as many of the target company’s email addresses they can find. The sites they lead to look just like the company’s and hackers only need to fool a single person out of hundreds or even thousands before having access to all of your financial or personal information as well as those of all the company’s other customers.
Hackers who gained entry to Anthem and Premera BlueCross BlueShield computer systems last year reportedly directed phishing emails at company employees. The emails directed the employees to visit webpages that appeared to be legitimate Anthem or Premera sites.
But they were lookalike sites, according to articles posted by consulting firm ThreatConnect and cybersecurity writer Brian Krebs. One was prennera.com (instead of the legitimate premera.com) and the other we11point.com (instead of wellpoint.com, reflecting the corporate name that Anthem then used). CONTINUE READING AT D&C
It appears that there may be another major data breach in the works. It’s being reported that many Dell customers are claiming to have been contacted by scammers who knew personal identifiable information that was part of a Dell database. So far Dell is claiming that it has not bee hacked or breached but has no explanation for the possible stole data.
From our perspective, this sounds like a possible new twist on an old trick. Scammers have been contacting windows users for years, acting as support techs who have “detected a problem” with the persons PC. They give steps to “fix the problem” and the scammers then get remote access to their computers. Installing ransomware, malware and even locking the victims out of their computers. Then, to add insult to injury, they send a large bill for the tech support.
If you ever receive an unsolicited call from a computer or software company, do the right thing and hang up immediately.
As far as this possible Dell data breach is concerned, we will wait for a more in depth response in coming days. But don’t be surprised if they release a statement confirming a full blown data breach scenario. Protect yourself today with credit monitoring & id theft protection.
Additional Dell Data Breach Resources