Monthly Archives: October 2015

Celebrity Cyber News – Online Music

Celebrity Cyber News is a new feature of the African-American Cyber Report.  This section will feature news and updates of black celebrities making news in the cyber world.

Jay-Z

GTY_jay-z_nt_131025_16x9_992Rap mogul Jay-Z seems to be plotting a new direction for his online music service Tidal. According to Variety Jay-Z was recently seen leaving the Silicon Valley offices of Samsung Research America.

Although there is no definitive news as to what may be in the plans between these two entities some industry watchers believe a deal is in the works.

Both musc streaming services seam to be struggling. Samsung owns Milk Video and rumors are that it may be ready to go under.  And Samsung’s attempt to compete with Spotify with its Milk Music is also struggling and dumping employees.

Meanwhile Tidal has its own challenges losing top executives  and fighting a $50 million dollars suit and criticism from artists. But Jay-Z let it be known he is not yet ready to give up on the service.

Co-owner Madonna said in a recent interview with the Associated Press: “It’s just the beginning, so we’re working out a lot of kinks …we’re going to build something unique and amazing that’s going to attract a lot of people.”

If you’re wondering where the money will come from if such a deal were to take place consider this. A Samsung/Tidal deal would make sense for Jay-Z since Samsung could offer Tidal a huge distribution audience by pre-loading the Tidal app on Samsung smartphones. Samsung would get a boost from Jay-Z’s powerful name recognition. The electronics maker could offer its customers a more robust on demand music experience than Milk Music currently offers and put intself in the streaming music game on par with its arch rival Apple. Samsung has not commented on any possible deal.

A quick side note, Jay-Z may have forgotten he even owned Tidal. During testimony in a court case the rapper and businessman was aksed to state his occupation. Jay-Z listed numerous business interests but was reminded that he also owned Tidal. The rapper responded, “Oh yeah! I forgot that.”

Usher

Usher-ConfessionsArtists, especialy rap artist, are almost obligated to make a political statement. Usher has shown he is in touch with the streets where his fans reside by releasing an interactive video on Jay-Z’s Tidal service.

Usher, know for his smooth R&B ballads and powerful rap hits, is focusing on the harsh realities of police brutality. The singer has released a visual and audio experience entitledDon’t Look Away.” The song focuses on the recent spate of high-profile killings by of police of blacks and minorities. The video uses Usher’s new single “Chains” featuring Nas and Bibi Bourelly. When watching and listening to the video with your webcam it will automatically stop playing if you look away or switch tabs that show the details of the deaths of Trayvon Martin, Sean Bell, and others. A powerful political stament and a clever way to get you watch the video to the end.

According to Tidal all proceeds from the song will be donated to a “Donor Advised Fund” administered by social justice organization, Sankofa.org.

Kanye West

kanyeWith no prior announcement Kanye West released two tracks through his SoundCloud page. The cuts included a remix of  his 2008 hit “Say What You Will” featuring experimental music composer Caroline Shaw, and a brand new song called “When I See It.”  The song expands on The Weeknd’s 2015 cut “Tell Your Friends”, produced by West. Does the release of these tracks indicate more new music coming from West in the near future? Only Kanye can answer that question but any new music from the fertile mind of the hip-hop master is news.

 

 

 

Dangers of Public Wi-Fi

Cyber Security Awareness MonthOctober is National Cyber Security Awareness MonthThe African-American Cyber Report is dedicated to bringing the latest most relevant cyber security news and information to black people. The AACR answers black people when they ask; “What does that mean to me?”

Cyber security has become the single most urgent topic of our age. More people fear having their identity stolen than being robbed at gunpoint or murdered.

 As part of National Cyber Security Awareness Month the AACR is revealing the top cyber security threats of 2015 and the coming new year and how black people can guard against these threats.

Dangers of Public Wi-Fi

Free Internet! What a joy and convenience for business people and travelers when they can access the Internet at will without being charged. Free Wi-Fi is also a benefit to businesses that provide it to customers. Any location that offers Wi-Fi is often filled with people focused on their laptops.  But free Wi-Fi is also a danger to black people who are unaware of how open and free that network connection really is.

Free and open Wi-Fi is a prime hunting ground for cyber criminals. These networks are open and all the information flying through the air is like fresh hanging fruit to thieves. Hackers and cyber criminals are often sitting in the room, and probably at the table next to you, watching the Internet traffic moving through Wi-Fi hotspots. They are collecting information from users that include user names and passwords to websites, personal information from your computer or smartphone. Hackers are even capable of planting malware and viruses on computers without the owners even knowing it. The result is hijacked bank accounts or stolen identities

But if you think that is bad it gets worse. Even if you don’t use the free Wi-Fi you could still be in danger. Many locations, especially airports, offer free charging stations. Well hackers have found those and are hacking phones, laptops and tablets while they are re-charging.

Hackers are using small inexpensive computers called a “Mactan.” They secretly install these tiny devices at charging stations to hack personal devices including iPhones. It is particularly frightening when you realize that free charging stations are popping up everywhere and most are un-attended and insecure. Many times you can find free promotional charging stations at events where many people gather including conventions and sporting events. Beware! Anyone can slip a device inside.

How simple is it? Here are the steps;

  1. Build the “Mactan. Cost, about $50.
  2. Hide the Mactan inside a public charging station and wait.
  3. Someone comes along and plugs in a cell phone for a quick charge.
  4. The virus takes less than a minute to upload.
  5. Done! Your phone or laptop is now infected. The virus can now steal personal information or transmit the phone’s location to a hacker.

Alicia diVittorio, consumer safety advocate for mobile security company Lookout says, “There’s definitely a security risk associated with public charging stations. It can be an open channel for potential attackers. We recommend against using them.”

So how do you stay safe when using public Wi-Fi?

  1. Always use a VPN connection. This software encrypts your data and location from a hacker. You can find the best free VPN software here.
  2. Watch what sites you visit. Stay away from sites that requires a user name and password like your bank,  favorite shopping website, social media or email. Visit those sites from home or a safe connection.
  3. Be aware of your surroundings. Someone may be watching you. Make sure no “shoulder surfers” are watching what you while you cruise the net. Consider purchasing a privacy screen to take along with you. Or at least sit with your laptop screen turned away from everyone else. What about that guy who seems to always be in the coffee shop whenever you go there. Is he a hacker?
  4. Keep your device charged. Make sure your device is fully charged before leaving home and only use trusted power sources. A wall outlet is best. You may want to buy a charger for your car.

Now you know.

 

 

App of the Week- WageSpot

WageSpotMany will tell you that nothng is more private than money, not even sex. But is the hush-hush attitude about wages and salaries keeping wages low? Are corporations using this situation against the 99%? That’s why WageSpot is the App of the week?

WageSpot allows the user to compare their income to that of others around them. Revealing one’s wages is a radical concept but America has a serious problem when it comes to wage gaps among workers across genders and even between races. It’s common knowledge that women earn less on average than men for the same job. And black men earn less that whites with equal education and qualifications. Why? WageSpot maybe abe to change some things.

Users of WageSpot will be able to see and share their salary information directly with other users. This feature will provide a clearer picture of what the worker should, or could be, earning.  

WageSpot uses data inputted by users that will be filterable by job title, salary, location, gender, job satisfaction, experience, and a number of other determinant factors.

In an email to Fortune.com co-founder Marat Galperin said, “What appealed most to us about the idea of WageSpot was that it was both controversial and compelling. The last American taboo on keeping salary information secret has really helped employers keep salaries down. We strongly believe that bringing transparency into the world of compensation can help turn the tables on employers by empowering employees with useful information. We envision WageSpot becoming a ubiquitous part of any salary discussion and a powerful tool helping level the playing field for all employees.”
WageSpot is free and available on Apple and Android devices.

National Cyber Security Awareness Month – Ransomware

Cyber Security Awareness MonthOctober is National Cyber Security Awareness Month. The African-American Cyber Report is dedicated to bringing the latest most relevant cyber security news and information to black people.

Cyber security has become the single most urgent topic of our age. More people fear having their identity stolen than being robbed at gunpoint or murdered.

In order to combat that fear and protect yourself and family members you need to understand what is hapening in the cyber world and how it affects you. When it comes to Internet related news the African-American Cyber Report answers the question for black people when they ask; “What does that mean to me?”

As part of National Cyber Security Awareness Month the AACR is revealing the top cyber security threats of 2015 and the coming new year and how black people should respond.

Ransomware

First what is ransomware? Ransomware is a dangerous type of malware, which completely blocks access to a computer system. In other words if you get infected with ransomeware your computer will be locked up until you pay the hacker to release your computer and all its files. They often demand payment in bitcoins and if you don’t pay it is unlikely you will ever use that computer or see the data in it ever again. Yes, there are some ways to defeat ransomeware once you get hit but nothing is gauranteed.

Ransomware is expected to become more refined in its targets and methods. Cyber security experts predict that the variants of ransomware may target cloud based data storage such as Google Drive, Dropbox, OneDrive and many more. Once the cloud storage site is detected ransomware will exploit the stored personal credentials of the logged-in user and will even infect the website where the data is backed up. McAfee has warned that ransomware attackers will try as many ways possible to extort ransom payments from victims.

Now, how do you avoid getting hit by ransomware? First of all never, ever click on a link or open an attachment in an email from someone you do not know. And even if you do know the sender if you are not expecting the email pick up the phone and call them. Ask what have you sent me? Did you send it?  Remember, many viruses have the capability to email themselves to other computers. If the sender did not send the email then delete the email immediately. Ransomware is mostly found on suspicious websites, and arrives either via adrive-by download”, stealth download or through a user clicking on an infected advertisement or pop-up. Other actions you need to perform include;

  • Have security (anti-virus, anti-malware) software installed and up to date with a current subscription. Thousands of new malware variants  land on the Internet every day.  Outdated virus and malware definitions is almost as bad has having no protection at all.
  • Perform regular updates on all you computer software.  This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. The most common openings for malware and virus infections is through a software vulnerability or zero day exploits. Keeping software up to date helps minimize the likelihood you get caught up.
  • Make sure you are leveraging the full set of protection features delivered in your security product. Symantec and Norton products include five distinct layers of protection: Network (Intrusion Prevention), File (traditional AntiVirus, Reputation (Insight), Behavioral (SONAR) and Repair (ERASER and Norton Power Eraser).

Now you know. Tommorow, Public WiFi.

 

 

LinkedIn Must Pay for Spam

Linkedin-LogoIf you belong to LinkedIn the company may owe you money. A judge has ordered the company to pay its users for spamming email  in boxes.

LinkedIn was the target of a class action lawsuit and has agreed to pay $13 million to users who were spammed by the company’s overzealous email habits. Members of LinkedIn’s “Add Connections” program between September 2011 and October 2014, are eligible for a payout. You can submit a claim on this website. Applicants for compensation can expect to receive about $10.

The suit was filed in California and focused on users of the program who uploaded their personal contacts so LinkedIn can then send out invitation emails suggesting they connect through the service.

Recipient’s of the email who did not respond after a certain amount of time would then be sent additional emails.  

The suit points out that although a user may have given their permission to send out the initial invitation, they didn’t consent to the repeated emails or to the use of their name and image in those emails. According to the lawsuit an average of two additional emails were sent.

The court decided on the judgement based on the lack of clarity in LinkedIn’s terms of service about those follow-up emails. The lack of clarity will cost the Silicon Valley-based firm $13 million.

LinkedIn responded to the decision with a statement that said in part that the court should be clearer “about the fact that we send reminder emails about pending invitations from LinkedIn members, we have made changes to our product and privacy policy.”

The company went on to say , “Ultimately, we decided to resolve this case so that we can put our focus where it matters most: finding additional ways to improve our members’ experiences on LinkedIn. In doing so, we will continue to be guided by our core value – putting our members first.”

For related information about collecting money from class action lawsuits please the AACR report Class Action Lawsuits Issue Free Dollars

Now you know

 

 

The Snitch: Airline Boarding Passes

Boarding-passThe holiday season is fast approaching. Soon you maybe buying a plane ticket to see far flung relatives. That airline boarding pass is the ticket to get where you are going. And that boarding pass also knows a lot about you.

Airline boarding passes are a wealth of information about the passenger and in the wrong hands it can be a nightmare personal data loss. A first glance you will notice your name departure and destination information, flight number and seat assignment. Other information includes your frequent flyer account number. And in case you haven’t heard there are plenty scams that target frequent flyers and their cherished miles or points.

Cyber security firm Kaspersky Lab have spotted phishing scams that access frequent flyer accounts of airlines in order to steal the frequent flyer miles. 

Criminals have distributed emails that entice airline customers with either prizes or more points in customers’ frequent flyer account. Victims are asked to enter their login information on a fake website. Once the hacker has their user name and password the miles or points are quickly stolen.  

A lot of information on that boarding pass is encoded. You will see a lot of numbers and barcodes. But it is fairy easy for a determined criminal to decipher those numbers and alphabets and even read the bar codes. There is a website dedicated to reading barcodes that can easily decipher that information.  According to Krebsonsecurity.com a boarding pass can reveal a lot more than most people realize.

Even if you are not a frequent flyer your name or maybe you email address or phone number are valuable information for a criminal. So once the trip is over do yourself a favor and destroy that boarding pass by shredding it or any method to make the data un-recoverable.

Now you know

 

Breach Brief – Scottrade

October 5, 2015

Scottrade

Scottrade-Logo-2011KrebsonSecurity.com reported that retail stock brokerage firm Scottrade suffered a data breach affecting 4.6 million customers. The company sent out notices via email and its website.  In the notice Scottrade stated that the breach occurred between 2013 and early 2014.  

It wasn’t until the FBI notified Scottrade that company even became aware of the breach. According to company spokesperson Shea Leordeanu FBI officials were investigating breaches involving financial companies when Scottrade was notified in late August of the hack.

 “They  asked us not to share the information with our customers so that they could complete a part of their investigation. We were then alerted last Friday that it was all right to begin notifying our clients and we began to do that as quickly as possible,” said Leordeanu.

Although Scottrade has 3.1 million customers the breach involved the personal data of 4.6 million people who had accounts with the company before February 2014. Hackers attacked a data base with information including names, email and physical addresses and Social Security numbers. But Scottrade claimed that hackers only took customer names and addresses. Leordeanu added that the company was not exactly certain how many names and addresses were lost so all customers were notified.

 Scottrade said that it does not believe that its trading platforms or any client funds were compromised only contact information. “We have not seen any indication of fraudulent activity,” said Leordeanu. The company notified its customers that all passwords are encrypted at all times. The company is offering a full year identity theft protection.

October 2, 2015

T-Mobile, Experian

ExperianLogoCredit services provider Experian reported a massive data breach. The data of 15 million people who signed up for T-Mobile services were stolen. 

People who applied for T-Mobile cell service between September 2013 through September 2015 are likely impacted by the breach. T-Mobile contracted with Experian to perform credit checks of cell service applicants.

t-mobile-logoThe information stolen includes customer names, addresses, social security numbers, birthdays, driver’s license numbers, military ID numbers and passport numbers.

According to Experian hackers broke into their computer systems and raided a server containing the information. Experian said no other servers were affected.  In a public statement Experian said; “this was an isolated incident of one server and one client’s data.”

An angry T-Mobile CEO John Legere said in a public statement; “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian. I take our customer and prospective customer privacy VERY seriously.”

Experian, one of the big three credit reporting agencies, collects vast amounts of sensitive personal information on all American consumers. The company is not new to data thefts and  has been involved in data breaches in the past. Previous Experian data breaches saw the loss of millions of records from its database through another company. The exact number of records lost is still unknown. 

September 29, 2015

Hilton Worldwide

PrintHilton Worldwide, a global hospitality company is investigating a possible data breach at its properties. The data breach may have compromised payment card data of its customers.

The data breach was reported by Cybersecurity blogger Brian Krebs on Friday. According to KrebsOnSecurity.com credit card provider VISA alerted financial institutions of a breach between April 21, 2015 and July 27, 2015, and included compromised card numbers. Hilton Hotels have not confirmed any data breach.

The data breach is not isolated to Hilton hotels alone. Besides the flagship Hilton Hotels, the subsidiaries include Embassy Suites, DoubletreeHampton Inn and Suitesand the upscale Waldorf Astoria Hotels & Resorts. All are thought to be affected by this breach. Hotel gift shops, bars and restaurant point of sale (POS) systems may have been affected.

Although Hilton has said nothing officially several financial institutions told KrebsOnSecurity.com that the breach may date as far back as November 2014, and the hotels may still still be at risk.

Hilton has released a vague statement that neither denies nor acknowledges a data breach occurred.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information. We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”

Trump Hotel Collection

Trump HotelUnlike Hilton Hotels Trump Hotel Collection has confirmed a malware data breach of their POS systems. The hotel confirmed the data breach after three months of investigations and the system may have been infected by malware for over a year.

The Trump Hotel Collection posted a undated “legal notice of potential security incident” on its website. The notice warned of POS breaches at  hotels in  Chicago, Honolulu, Las Vegas, New York, Miami, and Toronto. The notice did not give a specific number of customers who may be affected by the breach.

A statement from Trump Hotels said, “Payment card data, including payment card account number, card expiration date, security code, and names of individual cardholders who used a payment card at the hotel between May 19, 2014, and June 2, 2015, may have been affected.”  The hotel also warns that attackers may have also obtained cardholders’ names at the Las Vegas and Honolulu hotels.

A year of identity theft protection from Experian is being offered to all customers who used a payment card at those properties during the malware-infection period. A breach-notification letter is being sent to affected consumers by the law practice of Norton Rose Fulbright, which was posted by California’s Office of the Attorney General.

September 22, 2015

Systema Software

Systema SoftwareA mysterious data breach has compromised private health records and contact information of as many as 1.5 million Americans. The data was posted on Amazon’s cloud services. The insurers affected by the data breach include Kansas’ State Self Insurance FundCSAC Excess Insurance Authority, and the Salt Lake County Database .

The data exposed included police injury reports, drug tests, names, addresses, phone numbers, biological health information including existing illnesses and current medications used by the patients. The information was posted to Amazon servers by insurers using Systema Software. Systema provides insurance claims administration systems to insurance corporations and governments. The breach could violate HIPAA laws.

It is unknown how or who posted the information and the number of affected patients remains unconfirmed. It is estimated that as many as 1 million Social Security numbers, 5 million financial transactions, and hundreds of thousands of injury reports were exposed. According to Databreaches.net the data included billing prices, various patient identification numbers, and some 4.7 million note entries including data on fraud investigations.

For more information please see Gizmodo.com

 September 10, 2015

Excellus Blue Cross Blue Shield

ExcellusBCBSExcellus BlueCross BlueShield reported a long running cyber-attack that began in December 2013 but wasn’t discovered until Aug. 5, 2015. The breach may have exposed information on as many as  10.5 million individuals. Information exposed includes individual’s names, addresses, birthdates, Social Security numbers, member IDs, financial account information, claims data and clinical information.

Cyber security firm Madiant was hired to conduct a forensic assessment of Excellus’ IT systems and discovered the breach. Excellus which is based in Rochester, N.Y., took the action after a wave of similar major cyber-attacks on other health insurers, including Anthem Inc.Premera Blue Crossand CareFirst Blue Cross Blue Shield.

According to an Excellus spokesman of  the 10.5 million people affected 7 million were health plan members. Data belonging to another 3.5 million individuals belonged to Excellus’ holding company, the Lifetime Healthcare Companies. The individuals affected are Blue Cross Blue Shield plan members who sought treatment in the New York state service area. In a statement Excellus said,  “Individuals who do business with us and provided us with their financial account information or Social Security number are also affected.” Company officials said the that the data was encrypted but that hackers had access to administrative controls making the encryption a moot point.

 The company is cooperating with an FBI investigation.

California State University

California_State_University_SealOfficials of the Chancellor’s office of the California State University System confirmed on Tuesday that a third-party vendor had exposed the personal information of 79,000 students in late August. 

We End Violence, the San Diego based company that operated with the university to offer the course, has contacted students affected by the breach. The chancellor’s office said officials took immediate action to safeguard student information. 

The CSU Chancellor’s Office in Long Beach said the breach, discovered on August 28th, included information such as sexual orientation, gender, email and mailing addresses. According to school officials the breach did not reveal Social Security, driver’s license numbers or credit card data. The data breach affected students at eight CSU campuses who had enrolled in a required sexual assault training class. The affected campuses included Cal State San BernardinoCal State NorthridgeCal Poly Pomona and Cal State Los Angeles.

August 24, 2015 

IRS Breach

IRS_LogoThe Internal Revenue Service (IRS) widened the scope of the breach first announced in May. The government agency is saying that as many as 390,000 taxpayers are now at risk. The hack was centered around the IRS’ Get Transcript system.

The IRS suspended the Get Transcript online service in May. The service was intended to simplify how taxpayers retrieve their tax records, review their tax account transactions, get line-by-line tax return information or wage and income reported to the IRS for a specific tax year.  Hackers circumvented the Get Transcript’s authentication safeguards and are believed to have gained access to taxpayer information, including Social Security numbers.

According to an August 17th statement the IRS stepped up its investigation of the breach. A deeper review of the compromised system included analyzing over 23 million system uses, including the 2015 filing season. Investigators were looking for suspicious activities and identified “more questionable attempts” to obtain taxpayer records through the Web application.

No details were provided on how the agency uncovered the additional taxpayer account breaches. But it is believed that the hackers were very skillful and probably covered their tracks to make it more made it difficult for the tax agency to quickly assess the extent of the breach.

Update-Ashley Madison Breach

ashley-madison-hed-2014Hackers who stole profile and customer data from Ashley Madison have released the data online. According to multiple reports a 10GB file of customer’s personal data including email addresses, member profiles and transaction data is now available online. Some reports say as many as 32 million customer’s information was released including one million UK civil servants, U.S. officials, members of the U.S. armed forces and top executives at European and North American corporations. There already reports of blackmail and divorce petitions because of the data release.

Impact Team, the hacker group claiming credit for the data theft,  released the data after Avid Life Mediawhich owns Ashley Madison and Established Men failed to meet demands that they permanently shut the sites down down. Cougar Life, another Avid Life Media site, was not mentioned and seems to be unaffected.

Additional information;

The Blackmail of Ashley Customer Has Already Begun

People are already starting divorce proceedings because of the Ashley Madison leak.

After the devastating hack, these lawsuits are threatening to wipe Ashley Madison out altogether.

A chart made from the leaked Ashley Madison data reveals which states in the US like to cheat the most.

The Pentagon Is Investigating the Ashley Madison Leak.

How to check if an account was exposed in the Ashley Madison hack

August 4, 2015

United Airlines

united_continental_logo_detAccording to Bloomberg Business United Airlines has reported that it’s customer flight records have been lost to a data breach.

The breach was detected in May or June of this year and involved flight manifests. Chinese hackers are suspected. These same Chinese hackers are suspected of stealing more than twenty million OPM records. Experts believe that Chinese intelligence is constructing a massive database.

United Airlines is one of the government’s largest contractors. It is believed that the stolen data contains vast amounts of information on military and government officials and federal employee’s travel.

Experts have also questioned a possible connection between the hack and the computer glitch that caused flight delays on July 8th. Evidence from the investigation reveal that hackers may have been inside United’s computers for months.

A spokesman for United Airlines declined to confirm that a breach occurred and insisted that customer’s private data is safe.

One of the major concerns is that hackers, tinkering with sensitive systems, could accidently or deliberately, cause massive flight delays or even cripple a major airline causing nationwide and potentially global aviation gridlock. Another concern is backdoors left inside computer networks that allow hackers back in at will.

United spokesman Luke Punzenberger said of customer information that United “would abide by notification requirements if the situation warranted.”

Medical Informatics Engineering

mielogolargeA data breach at Medical Informatics Engineering has compromised the data of over 3.9 million people nationwide. According MIE the information loss includes names, phone numbers, mailing addresses, user names, hashed passwords, security questions and answers, email addresses, birthdates, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, doctors’ names, medical conditions, and spouses’ and childrens’ names and birthdates.

MIE creates electronic medical records software for health care providers and the result of the breach could impact as many as 11 healthcare providers including local, national and the federal government.

According to the company the hackers had access to the MIE servers for three weeks and have stolen the information to sell on the black market. Experts suspect the theft was likely and inside job.

MIE has reported the breach to the FBI Cyber squad and said the investigation into the security breach is ongoing. MIE  is offering free credit monitoring and identity theft protection. The company has established a toll free hotline available Monday-Friday 9:00AM-9:00PM EST at (866) 328-1987.

 July 28, 2015

Experian

ExperianLogo

Experian Credit Reporting Services is the target of a class action lawsuit filed in California. The amount is to be determined. According to the suit Experian was negligent and violated consumer protection laws because it failed to realize that for nearly a year a customer of it’s data brokerage subsidiary, Court Ventures, was actually a criminal gang specializing in selling consumer data to identity thieves. Experian purchased Court Vnetures in 2012.

The leader of the identity theft ring was sentenced to 13 years in prison last week in New Hampshire. Hieu Minh Ngo accessed as many as 200 million consumer records by posing as a private investigator based in the United States.

According to the government Ngo collected nearly $2 million from his scheme. The IRS has confirmed that 13,673 U.S. citizens had their personal information stolen and sold on Ngo’s websites Superget.info and Findget.me. The stolen identities were used to file over $65 million dollars in fraudulent tax returns.

Plaintiffs in the case have asked the court to compel Experian to notify all consumers affected by the breach, provide free credit monitoring services, turn over all profits made as a result of the Ngo relationship and to establish a fund to reimburse victims for the time and expenses of fighting fraud and correcting identity theft caused by customers of Ngo’s ID theft service.

U.S Census Bureau

2000px-Census_Bureau_seal.svgThe U.S. Census Bureau reported a data breach early last week. In a written statement released on Friday Census Bureau Director John H. Thompson said a database belonging to the Federal Audit Clearinghouse had been attacked. The FAC collects audit reports from the government agencies and other organizations spending federal money. 

According to Thompson the information included the names of people who submitted information, addresses, phone numbers, user names and other data. According the Bureau no household or business data was lost.

In the statement Thompson wrote that the intruders accessed the database through a configuration setting on an external IT system. That system is separate from the Census Bureau internal systems that stores census data.

In the statement Thompson went to say, “Over the last three days, we have seen no indication that there was any access to internal systems.”

The attack was apparently in protest of the Trans-Pacific Partnership and the Transatlantic Trade and Investment PartnershipBoth are pending trade agreements that have been widely criticized. A group calling itself Anonymous Operations claimed credit for the breach and posted a link on Twitter to four of the stolen files.

July 20, 2015

Ashley Madison

ashley-madison-hed-2014A hacking group calling itself the Impact Team has hacked into the sex hookup website AshleyMadison.com.

According to Krebsonsecurity.com massive caches of customer and company data have been stolen and posted online. The group claims to have totally penetrated the company’s networks taking control of the company’s customer database of 37 millon users, financial records and other proprietary information. As a website dedicated to cheating spouses the damage could go well beyond lost data.

Avid Life Media, which in addition to Ashley Madison also owns hookup sites CougarLife.com and EstablishedMen.com, was attacked in retaliation for lying to customers. According to the Impact Team hackers ALM advertised to customers  a service allowing members to completely erase their profile information for a $19 feeAccording to the hackers the company is not fully deleting user’s information including personally identifiable information, user’s purchase details and real name and address.

The hackers have demanded that Ashley Madison and Established Men websites be taken down immediately and permanently or more information will be released online.  The hackers are threatening to release customer records, including profiles with their secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.

Avid Life Media CEO Noel Biderman believes the attack maybe the work of one or more persons, possibly an employee or contractor, who had legitimate access to the company’s network.

July 18, 2015

CVSPhoto.com, Costocophotocenter.com, RiteAid Photo, Sams Club, Walgreens & Tesco

CVS PhotoPNI Digital Media  is a third party vendor that handles transactions for these retailers according to KrebsOn Security.com PNI has suffered a data breach of unknown size. But it is known that customer payment information has been compromised.

Neither PNI nor any of the retailers connected with the breach have said much only saying that more information will be released as it becomes available. CVSPhoto.com took down its photo site and posted an announcement indicating an investigation is under way and that other CVS sites such as it’s pharmacy were unaffected by the breach. CVS has asked customers who used the photo service to check and monitor their card statements for suspicious activity or transactions. If anything looks strange they are to contact their bank or card company immediately to report it.

Costcophotocenter.com and RiteAid photo also took their sites down.

UCLA Health

UCLA Health has confirmed health information for as many as 4 million individuals has been exposed as a result of a data breach that may have began last September. The FBI is investigating and UCLA has hired a private forensics experts to beef up the security on it’s servers.

According to a UCLA Health statement released on Friday “criminal hackers” hacked into parts of the organization’s computer network containing personal and medical information.

UCLA Health began investigating suspicious activity on its networks in October of 2014. At the time they  did not believe the attackers gained access to areas of the network containing personal and medical information.

“As part of that ongoing investigation, on May 5, 2015, UCLA Health determined that the attackers had accessed parts of the network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information. Based on the continuing investigation, it appears that the attackers may have had access to these parts of the network as early as September 2014. We continue to investigate this matter.”

Office of Personnel Management

Even though OPM suffered a data breach and the loss of information of 24 million Americans the government still has not notified those invividuals. Its been two months.

Officials from multiple agencies familiar with the investigation say that OPM is working with other agencies to set up a system to inform the victims.

An OPM official, who wishes to remain anonymous, said that because of the complicated nature of the data and movement of contract and federal employees it would be weeks before a mechanism was in place.

According to the official the government is attempting to establish a central notification system rather than rely on separate agencies to make notifications. An outside contractor  is being considered for the task but OPM has not yet asked for bids for the job.

July 16, 2015

OPM Data Breach

An interagenOPM Sealcy task force investigating April’s OPM hacking has determined with “high confidence” that as many as 21.5 million people had their personal information stolen. This includes social security numbers .

The Office of Personnel Management updated its website last Thursday with the startling new information.

According to the OPM 4.2 million former federal employees’ personnel data was stolen. While investigating that theft investigators found a much larger data theft. OPM has not yet notified the 19.7 million additional individuals affected. Those are the people who requested a background check normally for employment purposes or acces to classified information. An additional 1.8 were people were not job appicants but were either married to or co-habiting with an applicant.

In addition to personal information the hackers stole as many as one million fingerprint records.

Applicants who applied for employment had their user names and passwords for investigation forms stolen. It is also highly possible that information such as mental health history and financial history many have also been stolen. Applicants that were interviewed as part of their background investigations often reveal this sensitive information when applying for security clearences.

OPM attempted to take some of the sting from the bad news by saying “there is no evidence that health, financial, payroll, and retirement records of federal personnel or those who have applied for a federal job were impacted by this incident (for example, annuity rolls, retirement records, USAjobs, Employee Express).” The agency assures the public that it’s working to create safeguards to prevent such incidents in the future.

OPM Director Katherine Archuleta resigned her position last week after whitering criticism over the data breach.

Army National Guard Data Breach

Seal_of_the_United_States_Army_National_Guard.svgCurrent and former members of the Army National Guard members dating back to 2004 had personal information including social security numbers, birthdates and home addresses stolen. 

National Guard Spokesman Major Earl Brown, said “The National Guard Bureau takes the control of personal information very seriously,” said Brown. “After investigating the circumstances of these actions, and the information that was transferred, the Guard has determined, out of an abundance of caution, to inform current and past Guard personnel that their Personally Identifiable Information (PII) was among the files that were transferred.”

“The issue was identified and promptly reported, and we do not believe the data will be used unlawfully,” Brown said. “This was not a hacking incident, in which the intent was to use data for financial gain. Nonetheless, the Guard believes that individuals potentially affected need to know about the breach and what actions they can take to protect themselves from potential identity theft.”

If you are a member of the Nationa guard and need more information please  go to http://www.nationalguard.mil/Features/IdentityTheft.aspx or call  toll-free 877-276-4729 8AM to 4PM EST, Monday through Friday. You can also email any questions you have to dod.data.breach.questions@mail.mil

First African-American Joins Apple’s Board

James Bell Apple

James A. Bell

James A. Bell, a 38 year veteran of aerospace giant Boeing, will be joining Apple’s Board of Directors as its first African-American Member.

Bell comes to Apple with an impressive resume that includes his nearly four decades at Boeing where he retired as the company’s chief financial officer. Bell was also the highest ranking  African-American in Boeing history and served as the interim CEO in 2005. Bell’s resume includes board membership at JPMorgan Chase, Dow Chemical and CDW. He is also a trustee at Chicago’s Rush University Medical Center.

In a statement Bell said, “I am an avid user of Apple products and have a tremendous respect for the company’s ability to innovate. I am delighted to join Apple’s board.”

Apple reported it is making progress hiring more women and minorities to the company. It’s been well documented that Silicon Valley has a serious diversity problem. Apple has hired 65 percent more women, 50 percent more African-Americans and 66 percent more Latinos in the past 12 months. The data was released by Apple’s Diversity Report. Bell’s hiring will improve diversity at the company’s highest level.

Apple CEO Tim Cook said, “ James brings a wealth of global financial  and industrial experience from his successful career at Boeing as corporate president and CFO. I am thrilled to welcome him to Apple’s board of directors.”