Monthly Archives: April 2017

Breach Brief – InterContinental Hotels

InterContinental Hotels Group announced today that its hotel chain has been hit by malware resulting in a massive data breach. The hotel chain was infected by malware in its payments systems. The malware was designed to collect guest’s credit card data including name, card numbers, expiration dates and security codes. According to a hotel spokesperson, “Approximately 1,200 IHG-branded franchise hotel locations in the Americas were affected.”

According to KrebsOnSecurity.com the number may even be higher. The website originally reported the data breach in December. Krebs reports that IHG has not yet inspected all its properties some of which are franchises. IHG has been reaching out to franchised properties asking them participate in the investigation.

The data breach began in September 2016 and continued through to the end of December of last year. According to IHG there is no indication the malware was active after December 29th. However, it cannot verify that all the malware was removed until March.

To add insult to injury the hotel chain does not know how many customer were affected nor is it offering any help to those customers. The company is only saying that guests should “remain vigilant to the possibility of fraud” and urged customers to review their card statements.

In an email to TheVerge.com IHG stated that its investigation was ongoing and a “small percentage” of franchises haven’t participated. IHG says it has 3,925 hotels in the Americas. IHG owns the following hotel chains in the U.S.

If you have stayed in any of these hotels since September of last year there is a website where you can check to see if that hotel was affected. IHG plans to add additional locations to the list when its investigation is completed.

Celebrity Cyber Report – Prince

Prince was one of the greatest and most prolific artist of our time. According to some sources the Great Purple One has enough unpublished music to release albums for the next one hundred years.

Prince reportedly has a vault that contains songs, albums and even movies that have never been seen by the public. According to Prince’s sound engineer  David “David Z” Rivkin, “We used to do two songs a day, and he just put them away,” he said. “Maybe he instructed his lawyers to never release them. I hope that’s not the case. I’d like to see some of them come out, a lot of them were pretty great.”

The existence of Prince’s hidden treasure was confirmed by Mobeen Azhar an investigative reporter and filmmaker. Azhar produced a documentary last year entitled  “Hunting for Prince’s Vault.”

Azhar was able to confirm that Prince had produced some powerful music. So powerful that he did not think the public was ready for it.  Among the mysterious recordings is an album by the name of “The Dream Factory.” According to Azhar Prince reportedly felt another song, “The Divine,” had harmonies so intense that “people weren’t ready to hear this song yet.”

But Prince was not just recording his new music. Prince also recorded every concert he ever performed.

As we have written Prince has been reborn in online music streaming. A platform he was never really pleased with and even banned his music from being played there. But on the anniversary of his death a new Prince album is being released online.

Entitled “Deliverance” the six-song album offers music recorded between 2006 and 2008. The title track is currently available on iTunes and Apple Music. Fans can see a short video and hear what is described as Prince’s “unheard spiritual voice.”  According to PrinceRogersNelson.com  the album is only available in the U.S.

Tech Jobs Underpay Black Women and Minorities

Unless you’re a white man working in the tech industry you can forget getting top pay. Hired.com recently published a study indicating that two out of three women working in the technology industry are paid less than men. That’s an improvement over last year when 69 percent of women were paid less compared to 63 percent this year.

But black women appear to be the hardest hit by pay disparities. According to the study African-American women make only 79 cents for every dollar a white man made. Black men made only 88 cents for every dollar paid to white counterparts. This pay gap can cost African-American tech workers as much as $10,000 a year in salary.

Because of the intense interest in increasing diversity in the tech industry blacks are 50 percent more likely to get hired but they are likely to be offered less pay. The study revealed Latino candidates are 26 percent less likely to get hired than a white candidate and Asians are 45 percent less likely. However they are still paid more than blacks but less than white hires. For example Latinos received only $5,000 less that white hires while Asians averages $2,000 less than whites.

Courtesy USAToday

Hired’s study revealed an interesting situation. The average white software engineer in San Francisco and New York asked for $126,000 in annual salary and usually recieved an average offer of $125,000. But blacks seem to be asking for less salary and getting it. Blacks in the San Francisco bay area/Silicon Valley asked for $115,000 and in New York $113,000.

Why are black technology workers asking for less money? According to the report’s author, Jessica Kirkpatrick, blacks maybe asking for less because people base their salary expectations on what they are currently earning. According to Kirkpatrick blacks lower expectations are a reflection of past salary history and being denied raises and promotions.

This pay disparity is not going unnoticed. Google is currently under scrutinity because of accusations that it is underpaying women.  Google recently announced on Equal Pay Day that it hadclosed the gender pay gap globally.But testimony from a Department of Labor official in federal court stated that Google systematically  discriminated against women. The official went on to say that Google’s discriminatory practices were “extreme” even for the tech industry. Google has been under pressure from the federal government to produce pay data to ensure the company is in compliance with anti-discrimination laws. Google has failed to produce the information so far and called the government request a “fishing expedition.”

African-Americans and Internet Privacy

Black people don’t like the idea of putting their business “in the streets.” Its a cliche that means we keep our affairs to ourselves and unless it concerns you then stay out of it. But black people are Internet users and we need to be concerned about our privacy there as well.

Recently some changes have occurred that need to be addressed if you go online. The Federal Communication Commission and President Trump have rolled back Obama administration rules that kept your Internet service provider from tracking your online activity and selling it to whoever wants to buy it. Basically its now legal to put your business in the streets of the cyber world.

You need to understand that its not just your business but the online activity of anyone in your home that uses your Internet connection. That includes your children. Why are they doing this?  Its all about targeting advertisements at you.

For marketers knowing what’s happening with you and in your home helps them to sell you to something. But it goes deeper than that. They can sell this information to the police or anyone willing to pay for your digital profile. Whats in your digital profile? Try financial data such as your online banking, shopping and credit data, personal health information, your browsing history such as what websites you visit including social media and porn, app usage, and your location. If you have children in the house what are they doing online? The cable company knows who their friends are and where they are, what school they go to and a lot more about what they do online.

But let’s take it deeper. You probably have cable television, phone service and even cellphone service from the cable company. If you have Comcast that additional service is coming this year.  AT&T is also offering this bundled service.   So what does that mean for your privacy? It means these companies know everything you are doing. What television shows you watch and record on your DVR and who you call on your home phone and/or cellphone.

Let’s get even deeper. Do you have a home security system provided by the cable company? How about a smart thermostat on your wall? Now the cable company knows when you come and go and can even see into your home if you have security cameras. The cable company, because it provides your internet connection, knows how cool or warm you like your home and its all for sale. Thats your busness in the street.

What can you do about it? Now is the time to learn about VPN’s. A VPN is a service that creates a private connection over the public Internet between you and the website you visit. Its called tunneling. The VPN service can scramble or encrypt you information so that not even your ISP can see it. Basically a VPN hides who you are, where you are and what you’re doing online.

VPN’s are relatively easy to install and use but there a few things you need to understand. They are not perfect. For example you may experience a slow down in your connection speed. VPNs don’t block ads or ad tracking. You need to block cookies and ads using your browser. To block ad trackers, try using a privacy-focused browser extensions like uBlock Origin and Privacy Badger. These will stop ad-trackers from following you around the Internet.

Most major browsers offer ad blocker extensions. You can find the best paid and free ad and pop up blockers at PC & Network Downloads.

But there is an easier step you can take to protect your privacy, simply switch web browsers. To make an immediate difference in your online privacy download and install the Opera web browser. This is currently the only available web browser that comes with a VPN. Opera also offers a mobile browser and a free standing VPN app along with other tools.

A few other things you need to know about VPNs. Finding one that is the “best” is a tough job. There are many available and not all are created equal. Some use outdated encryption technology and others keep logs of your traffic. This is where the work comes in. Why would you use a VPN service that keeps logs of your internet activity? Kind of defeats the whole purpose doesn’t it? You need to check their privacy policies before you purchase a VPN service. And by the way they are fairly cheap. About $50-$100 a year. Some sell lifetime subscriptions.

Right now the atmosphere in the Washington D.C is not conducive to protecting your privacy. And, to be honest, its damn near impossible. But you can keep some of your business off the streets some by  exercising a few measures and using a VPN is a good start.

Now you know.

 

Tax Season 2017 – Talk to Parents and Grandparents About Tax Scams

Tax season is scam season. It is also a good time to talk to elderly people about their tax returns. In the age of the Internet, email and smartphones older people to get confused and even intimidated by the technology. And scam artists know this.

For elderly African-Americans information security is a key concept they need to understand. Something as simple a securing sensitive papers can make a great deal of difference. African-American seniors need to understand that simple documents such as a utility bill can lead to identity theft. These are new concepts for many older people.

Some elderly people live in senior citizens homes or assisted living facilities. Others have in home care. These older people, because of their situation, are vulnerable. If you have a parent, grandparent or elderly reative in this situation make sure mail and other documents are properly secured. Live-in or visiting caregivers are supposed to be trusted but we know that is not always the case.

Makes sure they understand that they are not to give any information over the phone. Fake IRS scam artists are very skilled at intimidating and confusing older people on the phone. Make sure they know to hang up the phone immediately. Remember, some calls are phishing calls. This is where the caller asks question to get information that is just the beginning of the scam. They use methods known as social engineering. Older people are vulnerable because they may fall for a friendly voice on the other end asking seemingly innocent questions. Other times they may think they are talking to the IRS.  Again, remind them never give informaion over the phone.

Ask questions; who is preparing their taxes? Is this a legitimate company? Can they be trusted? How is their information handled and secured? How much are they charging? All these question maybe intrusive but if you feel your parents or grandparents are vulnerable then its better to be an nuisance now than to regret it later.

Some older people do indeed use the Internet to shop, send email and conduct other business. Make sure they understand that the IRS does not conduct business by email. Teach them to avoid clicking on links or opening attachments.

Finally, persuade older people to ask for help. Many older people guard their independence jealously. They want to feel they are in control of their own lives. Make sure they know you are there to help them and protect them.

 

Breach Brief – FAFSA

Applying for federal student aid  just got a lot harder for students and families. FAFSA or the Free Application for Federal Student Aid was breached and the IRS has taken part of the system offline.

According to Federal officials the online service known as the Data Retrieval Tool was shut down and will stay offline until the next application period. The service allowed students and families to import their tax information automatically to an already complex form used to secure federal student aid.

As a result of the shut down applicants will have to fill out their tax information manually using old tax returns. This time consuming task could slow down or even block some students from getting student financial aid. This is especially troubling as black and minority students lean more heavily on financial aid than their white counterparts.

Justin Draeger, president and chief executive of the National Association of Student Financial Aid Administrators  said, “Its not impossible, but it it’s going to make it more difficult. Not everybody has access to their prior year’s return.”

Officials removed the online tool in early March after suspicions were raised that identity thieves may have stolen personal information using information found, or stolen, elswhere.  It is suspected the thieves used the information to steal additional information from FAFSA and the IRS.

IRS Commissioner John Koskinen said the agency couldn’t risk the safety of taxpayer data. “Protecting taxpayer data has to be the highest priority, and we will continue working with (the Education Department office that handles student aid) to bring this tool back in a safe and secure manner.”

For students and families who are not in possession of copies of their tax returns, the IRS reccomends contacting their tax preparer or checking the tax software they used to file their returns.  Filers can also contact the IRS for a tax transcript that includes a summary of previously filed tax returns.

Students and parents should check the FAFSA website for application deadlines.

Officials reported that the  data tool will remain offline until the start of the next FAFSA season begins Oct. 1.