Tuesday, October 14, 2014

Is Your Private Data Safe? Think again…

Is Your Private Data Safe? Think again

     In the never ending battle to keep your personal information private, it’s not just hackers you have to worry about but lax security and stupidity. No one cares more about keeping your information safe than you do.  Unfortunately, in our modern digital age, every company we deal with wants a piece of our privacy pie and we have no choice to give it to them if we wish to conduct business with them. However, a survey of data breaches in this year 2014 continues to show an increasing number of incidents in which data, including names and addresses, credit card and Social Security numbers, and medical records was lost or exposed to criminals. Scared? You should be. According to the Justice Department, 16.6 million adults were victims of ID theft in 2012.
     43% of companies had a data breach in the past year. The report, released October 3, 2014, was conducted by the Ponemon Institute, which does independent research on privacy, data protection and information security policy. That's up by 10% from the year before. A total of 589 data breaches have been recorded so far in 2014 by the Identity Theft Resource Center. About 76.7 million records have be exposed. Every Two Seconds in This Country, Someone's Identity is Stolen. Are You At Risk?
 
kmart
Sears owned K-Mart is the latest company to get hacked into and have data stolen. They don’t even have a number yet as to how many accounts were affected. It appears based on the information that they’ve shared that Kmart’s point of sale systems were compromised by malicious software. Kmart has discovered themselves in the unenviable position of being shoulder to shoulder with other hacked into companies like Dairy Queen, Neiman Marcus, AT&T and more.
From Kmart: “Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed. I sincerely apologize for any inconvenience this may cause our members and customers.”
From Kmart: “If customers see any sign of suspicious activity, they should immediately contact their card issuer. More guidance is also available on our website, kmart.com and customers can contact our customer care center at 888-488-5978.




Dairy Queen   

On Thursday, October 9, Dairy Queen confirmed that nearly 400 Dairy Queen locations (and one Orange Julius location) were compromised by Backoff malware in August. When news of a potential breach first broke in August, Dairy Queen denied the the breach initially but then began an investigation. The investigation revealed that the attackers used compromised account credentials from a third party vendor to get into Dairy Queen’s systems. Customers’ names, card information, and expiration dates were all accessed in the breach. Dairy Queen now believes that the malware has been contained, and the company’s website lists all affected stores as well as the dates of the attack.
 

 

 
AT&T  
An employee accessed personal information belonging to approximately 1,600 AT&T customers in August, Reuters reports. AT&T informed these customers in a letter that their Social Security numbers, driver’s license numbers, and internal AT&T information were all potentially compromised by the employee, who has since been fired. AT&T is offering free credit monitoring services to customers, and recommends they change their account passcodes.

 

JP Morgan Chase is notifying customers that their contact information, “specifically name, address, phone number and email address,” was compromised in a data breach that has reportedly affected 76 million Chase customers who have used Chase’s “web or mobile services: Chase.com, JPMorgan Online, Chase Mobile or JPMorgan Mobile,” according to a post on the company’s web site. In a filing to the Securities and Exchange Commission, the company said that the compromise impacts approximately 76 million households and 7 million small businesses.

Chase said that “there is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack.” The company also said that unlike recent attacks on retailers, “we have seen no unusual fraud activity related to this incident.”

 

Home Depot reported that cyber thieves stole information from 56 million credit and debit cards, far worse in terms of data loss than a similar attack late last year on the Target store chain, but no less worrying. Malicious software, or malware, was placed on Home Depot point-of-sale terminals, or cash registers, from April to September 2014, the company said in a news release. The malware was found in Home Depot stores in the USA and Canada. The home improvement chained confirmed that the 56 million credit cards may have been exposed during a five month attack on its system, and fraudulent transactions have begun to strikes its customers. In some cases, criminals have used the stolen card data to buy prepaid cards, electronics, and groceries. As if that isn’t enough, the criminals also siphoned cash from card owners’ bank accounts. The number of cards involved in Home Depot's loss dwarfs the 40 million Target says were compromised over a three-week period. Target said that breach also resulted in the theft of personal data for up to 70 million customers — including names, phone numbers, mailing addresses or email addresses — but the amount of overlap is unknown.
                                                              
The Home Depot and Target cases show that big-box retailers are particularly vulnerable to cyber thieves.

Thieves "are able to invest time in researching their targets to find a way into the network," says Trey Ford, a global security strategist at the security firm Rapid7, in a statement. "Once they're in, they stay quiet and fly unobserved under the radar."

Brian Krebs, who first broke news of the breach in his KrebsOnSecurity blog, reported that the malware was installed in terminals in self-service aisles, which limited the data loss. Though both credit and debit information was taken, the chain says, the thieves would have been unable to retrieve PIN numbers used on the debit cards.

Home Depot says the criminals "used unique, custom-built malware to evade detection. The malware had not been seen previously in other attacks," according to Home Depot's security partners.

 

Target, after acknowledging that as many as 110 million customers had personal information and card data stolen, said it would speed up its adoption of more secure payment technology. Suddenly, banks were being pressured to issue customers new cards with microchips, which have been used in Europe for more than 20 years. Congressional committees asked, with urgency, what more could be done.
Breached at Target: 70 million had names, addresses, emails and phone numbers stolen. 40 million credit and debit accounts and data of cards used at Target were stolen.

 


EBay
The online retailer suffered one of the biggest data breaches yet reported by an online retailer. Attackers compromised a “small number of employee log-in credentials” between late February and early March to gain access to the company’s network and, through it, compromised a database that contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The breach is thought to have affected the majority of the company’s 145 million members, and many were asked to change their passwords as a result.

 
Michaels Stores                                                         



The point-of-sale systems at 54 Michaels and Aaron Brothers stores “were attacked by criminals using highly sophisticated malware” between May 2013 and January 2014. The company said up to 2.6 million payment card numbers and expiration dates at Michael’s stores and 400,000 at Aaron Brothers could have been obtained in the attack. The company received confirmation of at least some fraudulent use.

 

Montana Department of Public Health and Human Services
Triggered by suspicious activity, officials conducted an investigation in mid-May that led to the conclusion that a server at the Montana Department of Public Health and Human Services had been hacked. The server held names, addresses, dates of birth and Social Security numbers on roughly 1.3 million people, although the department said it has “no reason to believe that any information contained on the server has been used improperly or even accessed.”

 

Variable Annuity Life Insurance Co.
A former financial adviser at the company was found in possession of a thumb drive that contained details on 774,723 of the company’s customers. The drive was provided to the company by law enforcement as the result of a search warrant served on the former adviser. The thumb drive included full or partial Social Security numbers, but the insurance company said it didn’t believe any of the data had been used to access customer accounts. It’s not the first time the company has lost data on a thumb drive. In 2006, it wrapped up a lawsuit against a former financial adviser for downloading “confidential customer information” onto “a portable flash drive.”

 

Spec’s
A 17-month-long “criminal attack” on the Texas wine retailer’s network resulted in the loss of information of as many as 550,000 customers. The intrusion began in October 2012 and affected 34 of the company’s stores across the state. It continued until as late as March 20 this year, and the company fears hackers got away with customer names, debit or credit card details, card expiration dates, card security codes, bank account information from checks and possibly driver’s license numbers.

 


St. Joseph Health System
A server at the Texas health care provider was attacked between Dec. 16 and 18 last year. It contained “approximately 405,000 former and current patients’, employees’ and some employees’ beneficiaries’ information.” This included names, Social Security numbers, dates of birth, medical information and, in some cases, addresses and bank account information. As with many other hacks, an investigation wasn’t able to determine if the data was accessed or stolen.

 

In closing, there really isn’t anything we can do to keep our data safe, except to no longer do business with anyone, unless it is strictly cash. If you are fortunate to be able to do so, paying cash for everything will keep your data more safe and private than any company can keep it. As most people cannot afford to pay everything with cash, limit your use of private data to those that absolutely need it. Don’t give anything and everything out simply because someone asks for it. Try to limit your transactions with a small number of companies. Don’t apply for every credit card available to you. The less your data is out there, the less chance that some cyber thief will steal it. Remember, in this day and age, there is no such thing as privacy. Your data is always subject to being compromised.
 
 

I’m enclosing a few contact numbers in the case you are subject to identity theft:

Internal Revenue Service: Telephone Assistance for Individuals who believe they may be a victim of Identity Theft: No Tax Administration Impact - Did not receive a notice from the IRS. Toll-Free 1-800-908-4490 (Automated and live assistance)

Hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time). For additional information, refer to our Identity Theft and Your Tax Records page on IRS.gov.
 
Federal Bureau of Investigation: FBI.gov or your local field office. A stolen identity is a powerful cloak of anonymity for criminals and terrorists…and a danger to national security and private citizens alike.
 
Social Security Administration: www.ssa.gov. 
If you are the victim of identity theft, take these steps immediately:
1) Place an “Initial Fraud Alert” with one of the three credit reporting agencies.
2) Order your free copy of your credit report.
3) File an “Identity Theft Report” with the Federal Trade Commission at: https://www.ftccomplaintassistant.gov/#crnt&panel1-2

Until next post, I wish you well. May all your dreams come true. Stay Safe. Show compassion. Be kind to one another and those without a voice. Don't share your personal information just because one asks for it.

Regards,
S.J. Francis
In Shattered Lies: "It's All About Family."  Coming in 2015 from Black Opal Books.

My Black Opal Books Author Page:

View My ShoutOut:  http://bit.ly/1r3oynM
 A Book Review 4 U: abookreview4u.blogspot.com
A Consumer's View: aconsumersview.blogspot.com
OnefortheAnimals:    onefortheanimals.blogspot.com
 
 
 

Good Reads:       https://www.goodreads.com/user/show/33550975-s-j

Copyright 2015 by S.J. Francis. No portion of this blog post may be reprinted, modified or used without written permission of the author.