Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Data Breach Security

Tax Identity Theft jumps on Payroll Scams

…The hackers also used a unique company issued URL. This URL is needed to register an ADP account. It is not known at this point in time if the U.S. Bank URL required credentials to gain access to or not, but since this data breach, U.S. Bank has withdrawn plans to further post the URL online. U.S. Bank has also removed their publicly accessible W-2 form from cyberspace. Despite the data breach, there were only minimal effects to employees and…

Three Quarters of a Billion Records breached

Last year, says the security firm Gemalto, over 700 million records were breached. Or, to put it another way, this translates to two million stolen or lost records every day. 2015 Breach Level Report 1,673 hacking incidents 398 were triggered from the inside of the attacked company: employees and even IT staff who were tricked (social engineering) by hackers into clicking on malicious links or attachments Government agencies suffered the…

Human error is inevitable: Here are some ways to protect your business

…n happens. These lapses in judgement are akin to how human error enables data breaches. Even worse, for a small business, employee behavior accounts for a significant number of hacking incidents – and the costs of data breaches are tremendous. A study from CompTIA says that human error is the foundation of 52 percent of data breaches. The CompTIA report also says that some of the human error is committed by IT staff. Funnily enough, it…

Reports say Russians hacked IRS Identities

…nce Committee Chairman, has stated: “When the federal government fails to protect private and confidential taxpayer information, Congress must act.” This is not the first time that the Russians have caused a data breach for the U.S. government. As for this latest incident, the Russian thieves had originally tried to get into the tax records of 200,000 people, but were only 50 percent successful—resulting in the breach of those…

Your Stolen Data around the World in 2 Weeks

…us for hacking rings (e.g., Russia, Nigeria and China) did most of the opening. Other access points included the U.S., Germany, Finland, New Zealand and Italy. This is sobering information for company leaders who fear a data breach. Bitglass points out that the average data breach takes 205 days to be detected. Wow, just how many access points would there had been in 205 days? Would it be a linear increase or an exponential increase? Consumers…

Identity Fraud Victim every two Seconds

…er a pre-existing account—made up 28 percent of ID fraud losses in 2013. But the greatest risk factor for becoming a victim of identity fraud is the data breach. In that year, 30 percent of people who were notified of a data breach became an ID fraud victim. Identity fraud is associated with credit cards, but this type of crime can also involve hijacking someone’s PayPal account, or account on Amazon and eBay. How to Protect Yourself Javelin…

The White Hat Hacker

These days, it is hard to pick up a newspaper or go online and not see a story about a recent data breach. No other example highlights the severity of these types of hacks than the Sony breach late last year. While a lot of information, including creative materials, financials and even full feature-length movies were released – some of the most hurtful pieces of information were the personal emails of Sony executives. This information was truly…

Data Breach Aftermath

…udulent charges. The breached card will be closed, and you’ll get a new one. And there is more. All sounds simple enough, but the experience can be a major hassle. Below is what you should do upon learning your card has been breached: If a SSN is breached, place a credit freeze or fraud alert with the three big credit bureau agencies. Placement of the credit freeze or fraud alert will net you a free copy of your credit reports; review them. See…

Cloud Data Breaches mo’ Money

…ths. 65% believed that if the data center were moved from the U.S. to a location offshore, a breach could result. All of these findings mentioned here are the result of self-estimations rather than objective analysis of real breaches. Ponemon also determined that if a breach involved at least 100,000 records of stolen personal data, the economic impact could jump from an average of $2.4 million to $4 million, up to $7.3 million. For a breach of…

Security is Everyone’s responsibility

…s would make them less likely to conduct business at a store or bank they usually use. That last point leads to reputation smearing and loss of customer trust. But what about customer responsibility when it comes to security breaches? The “blame the customer” mentality seems more appropriate in the workplace when employees bring to work their own devices to assist in their jobs. This lets the data-breach cat out of the bag. Though a significant…

SEC comes down on Breached Companies

…of data-breach risks, and the SEC has traditionally also assisted with ensuring that financial companies were well-equipped against hackers. But the SEC doesn’t like when there seems to be incomplete disclosures of the data breaches or some kind of perceived misleading information. For example, Target didn’t disclose its breach until the day after it was first reported—by renowned security blogger Brian Krebs. Just how much should companies say…

Post-Data Breach Reputation Building

…just a part of life. Companies should not wait till a breach occurs to figure out how to retain customer trust; they should plan ahead. Companies should be able to assess the risk related to the data they collect and have a breach response plan in place prior to a data breach. The IT department is often on center stage following a breach, but marketing, customer service, and HR departments are also very important. The departments should pool…

Mailroom Error, Big Data Breach

…xploring how it happened. Though the unintended recipients received information about other members’ scores on mood tests, medications and results of frailty tests, at least the Social Security numbers weren’t revealed. If a breach affects more than 500 people, law requires that the health industry alert the Health and Human Services Department, which will then launch an investigation. The affected consumers, and local news outlets, are also…

Before Getting Rid of Your Old Printer, Say “Goodbye” to Lingering Data

In the security business, there’s a lot of talk about protecting your smartphones and computers from malware and viruses, as well as loss and theft. It makes sense. Most of us use our smartphones and computers on a daily basis and keep important information on them like passwords, user names, and credit card numbers. But there are other devices that hold sensitive data that we don’t really talk about. For example, printers. Some printers have…

Healthcare Providers Gaining Trust by Marketing Security

…provides the following guidelines for healthcare insurers and providers: Continue to use state-of-the-art IT techniques to secure cloud services, access points, databases and mobile devices; and to better monitor systems for breaches. Improve security of corporate devices and employees’ personal mobile devices used for work. Enhance employee training at all levels to decrease errors, improve device security and ensure HIPAA compliance. Also…

Data Breaches May Result in Board Breakups

…sight into the corporation’s data-protection risks. Boards simply need to be more proactive in safeguarding their companies against data breaches. Institutional Shareholder Services (ISS) prepared a report on the Target data breach and aftermath. The report states that Target’s board members should have been kept in the loop pertaining to protection of sensitive information and what a breach could mean to brand reputation and customer loyalty….

Data Breach Response Planning 101

…ny prepare to retain as many customers as possible following a data breach? Be prepared, and this preparation should include a way to stay level-headed. One way to stay cool and collected is to avoid jumping the gun when the breach occurs, because if the business is too hasty at revealing the breach, the organization will have that much less time to respond in an efficient, optimal matter. Thus, take the time to consult with experts and gather…

Cyber Security Insurance Difficult for Business to Navigate

…New York Times estimates, companies seeking coverage can only hope for, at best, a $300 million policy, peanuts compared to the billions devoted to property protection. Though this still sounds generous, the cost of a major breach can easily exceed it. Target’s situation is on course for just that, says the New York Times online article. The 2011 Sony breach has already exceeded $2 billion in fallout. The best policies cover costs associated…

Healthcare Establishing Customer Security Programs

…sion on their customers: Implementation of the most current IT practices should be done because it is paramount to secure mobile devices, access points, databases, cloud services, etc., and to better keep tabs on systems for breaches. The security of employees’ personal mobiles and the organization’s devices needs to be stronger. Employee training must be improved, from the bottom up, to reduce mistakes. HIPAA compliance needs to be reinforced….

Malware Can Hide in the Most Obvious Places

…icult to pinpoint, namely because of the confidential nature of the breach resolution process. A New York Times online report points out that one security expert says that third party leaks may account for 70 percent of data breaches, and from the least suspected vendors, at that. When the corporation’s software remotely connects to all those other things like the A/C, vending machines, etc., this is practically an invitation to hackers. Hackers…

Healthcare Firm pays Big Bucks for Breach

…gment is that both organizations will have to overhaul security measures, a major corrective action undertaking that includes developing a risk management plan and providing progress reports. Find more information about this breach here: http://insurancenewsnet.com/oarticle/2014/05/08/data-breach-results-in-$48-million-hipaa-settlements-a-500992.html Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You…

Data Breaches Equal Job Loss

…system. Boards are also latching onto this issue and will be very influential in the before and after of a breach. The company CEO isn’t just responsible for sales; this individual is responsible for security. Target’s data breach is a rude awakening for CEOs everywhere; data security breaches influence sales—very negatively—not to mention customer loyalty. And then there’s the enormous expense of recovering from the breach and regaining…

Study Shows Businesses not prepared for Attacks

…and-dime security, they’ll get what they pay for. The research turned up the following after surveying 360 senior business leaders in organizations nationwide and in Europe and Asia-Pacific: 77 percent experienced a security breach within the past two years. 38 percent lack a response plan for a cyber attack. 17 percent believe they’re “fully prepared” for a cyber attack. Many of the survey participants reported that they relied upon IT…

Data Breaches: How To Protect Your Business From Internal Threats

…accident. According to a recent Forrester Research report titled “Understand the State of Data Security and Privacy,” 25 percent of survey respondents said that abuse by a malicious insider was the most common way in which a breach occurred in the past year at their company, while 36 percent of breaches were caused by employee mistakes, making it the current top cause of most data breaches. Another report, from MeriTalk, which focuses on the…

15 Tips to Prepare for Big and Small Security Threats

Businesses that focus on the big security breach may very well be missing the smaller threats that can do serious damage. A human can easily kill a gnat. So how is it that just one gnat can drive you crazy, even though you can kill it in an instant? You are bigger and mightier … yet one gnat can get the best of you. That’s because you’re too big for the gnat, as it buzzes around your eyes, nose and in your hair. This is just like when…

Courts side with Consumers in Data Breach

…ed to AvMed, a health insurer, and the unencrypted data involved records of tens of thousands of the company’s customers. Though the consumer-plaintiffs suffered no identity theft or other direct losses, they blamed AvMed of breach of contract and fiduciary duty, negligence and unjust enrichment. These claims were dismissed by the U.S. District Court for the Southern District of Florida, but the plaintiffs appealed. The U.S. Court of Appeals for…

Data Security Legislation is inevitable

…his year,” says Brian Dodge, a senior vice president at the Retail Industry Leaders Association. Recently the Data Security Act was introduced. It would require companies and banks to have privacy protections and investigate breaches, plus alert customers about big risks of theft or fraud. Banks have complained about the costs of responding to data breaches and have insisted that retailers take more action to the fallout. The DSA could take some…

Cyber Insurance vs. General Liability

…lieve that such specific insurance is already built into their current general liability policy. Insurers all across the nation are wanting to put language in their policies that exclude coverage of losses stemming from data breaches, which include loss of credit card information. However, courts have the final say-so in just how far these exclusions can go. Companies need to seriously consider cyber insurance policies that specialize in…

Insurance Company fined BIG for Breach

…to federal government agencies and Puerto Rico. TSS complied with the PRHIA’s requests for information pertaining to the DEM beneficiaries. TSS also took additional measures, one of which was that of issuing an alert of the breach through local media; all of the affected beneficiaries were notified by mail of the breach. In the filing, Triple-S affirms that it takes the matter very seriously and is “working to prevent this type of incident from…

Data Breach Notification Bill goes to the House

…customers can sue for statutory damages. Companies operating in NM will also have additional data security and data disposal requirements, due to the bill. Enacting H.B. 224 would make New Mexico join 46 states who have data breach alert laws. Payment Card Breach Within two business days: Time allowed for card issuers facing a breach to notify all the merchants “to which the credit card number or debit card number was transmitted,” according to…

Credit Card Theft increasing for Banks and Retailers

…ist best practices that can optimize a company’s protection against cybercrime. Let’s take a look at some highlights of the data breaches of 2013. Though that conservative 740 million records was disclosed, 89 percent of the breaches and loss of data incidents could have been thwarted. 76 percent of breaches were due to stolen or weak account credentials. In 2013 alone, 40 percent of the top breaches were recorded. Insider mistakes or threats…

Banks and Retailers fight it out over Who’s at fault

…the plate too. Forty-six states already have standards for businesses to inform customers of data breaches. However, banks would like a federal standard. Senators Tom Carper and Roy Blunt have introduced such a bill. After a breach may be too late: The customers of the breached retailer in December didn’t just have their credit card numbers taken, but other data such as e-mail addresses and phone numbers. Once hackers have these, they have more…

How Data Breaches happen and how to respond

…tting upper management involved is critical for establishing a solid groundwork for security. Keeping up to date and re-evaluations should be carried out on an ongoing basis to always stay on top of the latest trends in data breach and security technologies. Also ongoing should be training and practice of the company’s response plan to data breaching. Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You…

Data Insecurity causes Customer Headaches

…s “Is it time to go back to cash?” The answer is NO, but consumers should definitely have cash on hand. Not having cash will severely limit consumers in the event of a massive power outage and we are seeing that massive data breaches have big time negative effects too. Large banks, in response to that 110-million-account breach, may be putting limits on card usage, and can have cards replaced relatively quickly. But smaller financial…

Data Breaches hurt Businesses’ Brand

…itional fraud, has come more media and customer scrutiny resulting in compounded brand damage. Trust and Security Feeling secure and trusting the brand is a major force behind consumer loyalty. Prior to that massive December breach, the retailer was right up there with its huge competitors as far as meeting reasonable consumer expectations. That data breach has severely tainted the retailer’s customers’ trust. The 2014 Customer Loyalty…

Been Breached? A Response Plan

…rom them precisely what information the consumer notification should contain. Select someone from your organization to manage release of information. This contact individual should be given updated information concerning the breach, plus your official response, as well as guidelines for how victims should respond. To aid victims’ communication options, consider providing a toll-free number, posting a website or mailing letters. Explain clearly…

What is a Data Breach and how do I protect Myself?

…ations with encryption and use a VPN for portable devices. Use secure passwords with upper/lower case and numbers. In the event someone else is responsible for a breach read very carefully any notification of a data security breach and don’t assume that the breach was accidental or that identify theft is not likely. Use an identity theft protection product. It will scavenge cyberspace for any unauthorized use of personal information such as from…

Identity Theft on the Rise…Again

…2004. This equates to one incident of identity fraud every three seconds. One in four recipients of a data breach notification became a victim of identity fraud. This year, almost 25 percent of consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010. The study found consumers who had their Social Security number compromised in a data breach were five times more likely to be a fraud…

Breach Means More Retailer Card Fraud

…eir account balances wiped out, as it was likely more cases would be identified. In the United States a similar card skimming scam was pulled off at the Stop and Shop Supermarket chain.   The most recent large card data breach was from Barnes & Noble. “Barnes & Noble has detected tampering with PIN pad devices used in 63 of its stores. Upon detecting evidence of tampering, which was limited to one compromised PIN pad in each of the…

How to Handle a Credit Card Breach While Abroad

One of the best and worst parts of traveling overseas is being immersed in a different language. My wife and I once got lost in Naples, Italy. When we pulled over and asked a stranger for directions, he answered in rapid Italian, which we don’t speak. We had no idea what he was saying, but were mesmerized just watching him talk. After two minutes he stopped, so we said “Grazie!” and kept moving. Now imagine if you had to deal with credit card…

Utah Medicaid Breach Serves as Another Wakeup Call

…ersonal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised.” Words like “tragic” are generally associated with death, not data breaches, nonetheless, it’s not good to have your Social Security number in the hands of a criminal. The data breached will most certainly cause thousands of people to suffer from identity theft. New lines of credit opened…

Business Data Breaches Key in Rise of ID Theft

…s, or using the information to create new accounts or to take over existing credit card accounts. According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of data theft incidents in which personal data is compromised, lost, or stolen: “employees losing laptop computers, hackers downloading…

What Are the Latest Identity Theft Statistics?

…ed steady. One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud. According to the survey the three most common items exposed during a data breach are: —…

Is Email Encryption Right for Your Business?

…to sniff out that data in plain text. With criminal hackers, government funded hackers and the various other snoops, email encryption today is essential. In a recent study by Ponemon Institute, the latest U.S. Cost of a Data Breach report, which was just released today, shows that costs continue to rise. This year, they reached $214 per compromised record and averaged $7.2 million per data breach event. The fact is that individuals still care…

5 Quick Tips on How to Prevent the Next Data Breach

…/Wikileaks/ScriptKiddies and the organized web mobs of the world. Did you know they have wreaked havoc to the degree that almost a billion records have been compromised? A recent study “gathered 3,765 publicly disclosed data breach incidents occurring in 33 countries during 2005-2010. The incidents included over 806.2 million known records being disclosed– averaging more than 388,000 records per day/15,000 records per hour every single day for…

Supermarket Skimming Scam Highlights Retailer Risk

A California supermarket chain recently sent letters informing customers that a security breach had been discovered at 20 of their stores. The breach notification letter released by Lucky Supermarkets reads, in part: “Dear Lucky Customer: In the course of regular store maintenance, we discovered our credit/debit card readers at the self-check lanes ONLY in 20 stores (listed below) had been tampered with. Steps were taken immediately to remove…

Javelin Study Shows Increased Credit Card Fraud Risk

Consumers, businesses, retailers, and even the media are becoming numb to news about data breaches. Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts. Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data. Time reported on a recent Javelin Strategy and Research survey…

Spear Phishing Leaves a Bloody Wound

…pted passwords. The recent Epsilon data breach resulted in a similar loss of data. Epsilon is a marketing company that sends over 40 billion emails a year, and keeps millions of consumer email addresses on file. When hackers breached Epsilon’s database, the email subscriber lists for over 100 major companies were compromised. Consumers received breach notifications from financial institutions including Citigroup, Capital One, and JPMorgan Chase,…

Data Breaches Up, Lost Records Down

…nd all those credit numbers would immediately be cancelled. A breach of just 10,000 credit card numbers would be more likely to stay under the radar, meaning those cards would remain active for longer. There are now multiple breach lists, and not all define a data breach the same way. According to the Identity Theft Resource Center, there were at least 662 data breaches in 2010, which exposed more than 16 million records. Nearly two-thirds of…

Epsilon Breach Reminds of Security Awareness

…in a hack attack. Consumers are now receiving breach notifications from the likes of financial institutions such as Citigroup, Capital One and JPMorgan Chase, and hotels such as the Marriot and the Hilton. The result of the breach will mean consumers will receive phishing emails that look like one of the legitimate entities breached but are in fact fake trying to trick the victim into entering their usernames and passwords or providing personal…

Epsilon Breach Will Impact Consumers for Years

…ames and passwords. Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing or spear phishing ones. Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel the effects for decades. Email addresses fall in the middle because consumers have the ability to change them, but…

Criminal Hackers Responsible For Most Data Breaches

…te’s affected residents. Interestingly, the ITRC found that information about 29% of the 662 reported breaches for 2010 could be credited to authorities in those states.” The Privacy Rights Clearinghouse’s Chronology of Data Breaches found that more than 500 million sensitive records have been breached in the past five years. Examples of incidents in which personal data is compromised, lost, or stolen include “employees losing laptop computers,…

img_breach

Using Social Media Passwords With Critical Accounts

…rds for more critical sites, like webmail or online banking, having your social networking account compromised can make those other accounts vulnerable as well. Last year, 32 million passwords were posted online after a data breach at RockYou, a company that creates applications for social networking sites. The breach revealed the weakness of most people’s social networking passwords. InformationWeek reports, that all the major sites have the…

Data Breach Security

2007 Press Releases

…ts to Secure Their Laptop Computer Fleets with Internet-based GPS September 14, 2007: Identity Theft: Expert and Speaker on Personal Security Says Recent News Underscores Implications of Research Linking P2P Networks to Data Breaches September 10, 2007: Identity Theft Expert: and Speaker on Personal Security Comments on Research into IT Security Professionals’ Attitudes about Security August 29, 2007: Identity Theft: Expert and Speaker on…

2008-2009 Press Releases

…nts’ Laptop Tracking-Equipped Computers—Thirty-two Times below the Average October 9, 2008: Identity Theft Protection Expert and One You Security:Research Finds Companies Not Reporting Security Lapses to Clients Even as Data Breach Tally Grows to Highest Ever October 3, 2008: Identity Theft Expert and MyLaptopGPS: Laptop Theft Incidents in U.S. and U.K. Show the Crime Affecting Wide Cross-Section of the Population September 26, 2008: Identity…

Data Breaches Persist In Health Care

…7,000 individuals. Many of the documents contained sensitive patient communications, treatment data, medical diagnoses and psychiatric evaluations. At least five files contained enough information to be classified as a major breach under current health-care breach notification rules.” In my own research, digging through P2P networks, I’ve uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve…

Credit Card Data Breaches Cost Big Bucks

…they weren’t notified they are no less susceptible to fraud, they are just blissfully unaware they are paying for an identity thief’s Las Vegas bender, and the fraud goes undetected. DigitalTransactions explains, “Data breaches are one obvious pathway to fraud, but a breach alone doesn’t mean an affected consumer will become an identity-fraud victim. Banks often give free credit-report monitoring services to customers whose data may have…

Published Articles

…MBER http://youngwidowsandwidowersblog.blogspot.com/2008/11/dont-get-scammed.html (quoted November 2008 Dont Get Scammed) http://www.worldhealthcareblog.org/2008/11/07/security-expert-robert-siciliano-on-express-scripts-data-breach/ (quoted November 2008 Security Expert Robert Siciliano on Express Scripts Data Breach) http://www.cbsnews.com/stories/2008/11/19/earlyshow/contributors/susankoeppen/main4616942.shtml (quoted November 2008 Potent…

The $6.75 Million Dollar Laptop

…more than 1,000 records containing personal information. At about 40% of the companies that participated in the study, the chief information security officer (CISO) was in charge of managing the response related to the data breach.” And how about the maximum data breach cost in the study? $31 million. That’s a rather expensive laptop, and probably worth a few dollars to protect instead. (Note: the breach may actually have been the result of…

Security Breach Threatens Soldiers' & Civilians' Personal Information

…tion on the computers or laptops that are stolen is wort h much more tha n the hardware itself. Th e money today is in the data that is stolen that can be used to commit identity theft . In the past few years , numerous data breaches have occurred simply because a laptop or PC was stolen from someone’s home. A Veterans Administration employee ’ s home was broken into and his work PC was stolen which had almost 26.5 million Social S ecurity…

Data Breaches: The Insanity Continues

…ead require breached entities to report breach incidents via a single public website. This would allow analysts (and law enforcement) to look for trends and link crimes to a single ring or hacker faster. Insanity 4 – A Breach is a Breach: Let’s not kid ourselves. “Risk of harm” is not a useful standard for determining if the public and consumers should be notified about a breach, especially if the company involved gets to define “risk of…

2009 Data Breaches: Identity Theft Continues

…hout an answer, ITRC used percentages to analyze the 498 breaches recorded this year looking for any changes or new trends. (Both raw numbers and percentages have been provided in all charts) The main highlights are: • paper breaches account for nearly 26% of known breaches (an increase of 46% over 2008) • business sector climbed from 21% to 41% between 2006 to 2009, the worst sector performance by far • malicious attacks have surpassed human…

Data Security Predictions For 2010

…r data loss prevention (DLP) tools will increase even as prices fall by half; 3) Cloud data security concerns will begin to dissipate; 4) Full disk encryption will continue its steady march into the enterprise, spurred on by breach disclosure laws; and 5) Enterprises will give enterprise rights management (ERM) software a second look as an enforcement option coupled with DLP. Information Rights Management (IRM) is a term that applies to a…

Merchant Credit Card Transaction Monitoring

…Sage advice below. “Many businesses are familiar with the PCI Security Standards Council’s requirements, yet many card fraud incidents go undiscovered for long periods of time. In fact, according to Verizon’s 2009 Data Breach Investigations Report, 75% of compromises were discovered at least weeks after the compromise. Data security is not all about prevention; it also requires detection and monitoring. In the event of a breach or card…

70 Million Veterans at Possible Risk For Identity Theft

…A Veteran’s Administration laptop was stolen from the home of an employee of the Department of Veterans Affairs containing personal records of 26.5 million veterans in 2005 and eventually settled a class action suit over the breach by paying out $20 million. NARA also lost a hard drive including 100,000 Social Security numbers. The risks associated with this kind of a breach generally revolve around new account fraud. New account fraud occurs…

The Scourge of Medical Identity Theft

…ure of protected health information in a manner not permitted [by the HIPAA Privacy Rule] that compromises the security or privacy of the protected health information.” Most states have required corporations to disclose data breaches for the past few years. Ever since the ChoicePoint breach in 2005, states have been implementing notification laws. At the time, ChoicePoint was only required to notify California residents. Once word spread that…

TJX Identity Theft Costs Another 10 million, Protect Yourself from WarDriving

…e stolen. TJX recently agreed to pay $9.75 million to 41 states to settle an investigation of the massive data breach. According to some reports, TJX has spent up to $256 million attempting to fix the problem that led to the breach. It’s been said repeatedly that the criminal hackers responsible for the breach were sitting in a car outside a store when they stumbled across a vulnerable, unprotected wireless network using a laptop, a…

E-banking just got less secure

…umbers. And they have figured a way to crack the encryption codes. The first signs of PIN tampering were recognized when investigators studied the processes of the 11 criminals who were caught after the TJX data breach. That breach involved 45 million credit and debit cards. The crime ring needed PIN codes to turn that data into cash. An investigation into this breach reported that the hacks resulted in “more targeted, cutting-edge,…

Week of FUD; Hackers breach electric grid, Conficker sells out, Obama has a plan

…has bombarded the media with fascinating claims of gloom and doom. (I’m guilty of it, too.) The hype hasn’t entirely met the hyperbole. There have been no major catastrophic issues. The power hasn’t gone out, and data breaches haven’t occurred in the 3-15 million PCs that have been compromised by Conficker. But that doesn’t change the fact that there are still real problems that need solving. The security community and the media are…

Identity Theft Crime Victims Bill of Rights

…companies in the identity theft prevention space have banded together to create a “Bill of Rights” for victims of identity theft. A Bill of Rights would provide victims of identity theft the needed leverage in response to a breach of their information that leads to numerous forms of identity theft. The consortium has some work to do to get the attention of legislators before it becomes law. This is certainly a noble effort that if passed will…

Bankers Warned; Massive Credit Card Processor Breached

…ts some BIN number have been targeted by criminals. VISA officials reported that while the number of accountholders affected is undetermined, it appears to be fewer than those affected by the recent Heartland Payment Systems breach, but a significant number nonetheless. And unlike the Heartland breach, where thieves also captured Track 2 data, officials reiterated that no personal information was taken in this most recent event. The status of…

Identity Theft Expert Speaker; VA agrees to pay $20 million to veterans in 2006 data breach

Identity Theft Expert Speaker; Robert Siciliano www.IDTheftSecurity.com VA agrees to pay $20 million to veterans in 2006 data breach Government is paying up regarding a stolen laptop from 2 years ago. A laptop computer was stolen from the home of a Veterans Administration employee and had 26.5 million names addresses and social security numbers of veterans and their families. Thats almost 10% of the population on one $1000.00 computer with a 30…

Identity Theft Expert Speaker ; Regulators:Thanks PCI, but we'll take it from here

…Jan 1 but has been pushed back to May 1. Nevada’s law went into effect on October 1. As far back as May 2007, Minnesota passed a law known as the Plastic Card Security Act. Under the statute, companies that suffer data breaches and are found to have been storing prohibited credit or debit card data on their systems will have to reimburse banks and credit unions for the costs of blocking and reissuing cards. Attempts at passing similar…

Identity Theft Expert and MyLaptopGPS: Laptop Theft the Culprit in Nearly Half of Data Breaches in Australia, Research Reveals

…, he has discussed data security and consumer protection on CNBC, NBC’s “Today Show,” FOX News Network, and elsewhere. Nearly 80 percent of 156 major Australian organizations had experienced some form of data breach during the five years immediately preceding Symantec’s survey of them earlier this year. Furthermore, 45 percent of these breaches, according to the computer security provider’s Data Loss Prevention…

Identity Theft Protection Expert and One You Security: More Evidence Surfaces to Indicate that Organizations Hemorrhage Data at an Alarming Rate Worldwide

…ularly discusses data security and consumer protection on CNBC, on NBC’s “Today Show,” FOX News Network and elsewhere. Nearly 80 percent of 156 major Australian organizations had experienced some form of data breach during the five years immediately preceding Symantec’s survey of them. Additionally, just shy of 40 percent had experienced between six and 20 known data breaches during the same time period, according to the…

Identity Theft Protection Expert and One You Security: Research Shows that Consumers' Information is Probably Already in Thieves' Hands

…‘s editorial board, Siciliano regularly discusses data security and consumer protection on CNBC, on NBC’s “Today Show,” FOX News Network and elsewhere. Negligent company insiders cause 75 percent of all breaches in the U.S., revealed the 2008 Study on the Uncertainty of Data Breach Detection, joint research announced on Oct. 13 by Compuware Corporation and Ponemon Institute©. Additionally, their study of more than…

Identity Theft Protection Expert and One You Security: Research Finds Companies Not Reporting Security Lapses to Clients Even as Data Breach Tally Grows to Highest Ever

…and derived from a comprehensive study of IT Directors, CTOs and IT security managers in 300 public and private sector organizations, further found that more than half of companies fail to understand the impact of a security breach. “The rate of data breaches itself is a major cause for concern,” said Chris Harris, president and CEO of One You Security. “But the prospects for industry-wide reforms would at least seem hopeful if a…

Identity Theft Protection Expert and One You Security: Amid More Data Breaches, Research Reveals Consumers' Ire and Simplicity of Security Measures that Firms Neglect

…ive people saying it should be a “one strike and you’re out” rule when it comes to data loss. Juxtaposed with this was additional research from the Verizon Business RISK Team, “which studied 500 security breaches that occurred between 2004 and 2007,” reported nextgov on Sept. 22, and found “87 percent of all security breaches could have been avoided ‘if reasonable security controls had been in place at the…

Identity Theft Protection Expert and One You Security: Millions of Mortgage Records in Unauthorized Hands Leave Consumers in Need of a Bulwark against Financial Fraudsters

…ith a pattern, noted Siciliano. He pointed to a recent survey jointly conducted by the Ponemon Institute and Hilb Rogal & Hobbs Company, which found 50 percent of its participants saying the number one root cause of data breach incidents is employee negligence. “These kinds of data breaches occur largely because of policies that consumers have no control over,” said Chris Harris, president and CEO of One You Security. “But…

Identity Theft Protection Expert and One You Security: Largest Data Breach Thus Far of 2008 Underscores Need for Consumer Choice in Financial Fraud Protection

…in 2007 rose by 16 percent compared to the previous year. While acknowledging that computer intrusions fall under a different category of breach than do the loss of data back-up tapes, Siciliano nevertheless noted that “breaches are breaches, and a number of studies suggest that the overall trend is upward for all kinds.” “Data breaches aren’t going away,” said Chris Harris, president and CEO of One You Security….

Identity Theft Expert and MyLaptopGPS: Organizations Must Protect Employee Data Stored on Mobile Computing Devices

…e default assumption ought to be that the data is also at risk,” said MyLaptopGPS’ chief technology officer, Dan Yost, who invited readers to visit the MyLaptopGPS blog and discuss the Charter Communications data breach. “The default practice for organizations, in fact, should be to raise the odds of sparing the data from this risk — by installing laptop tracking technology on their fleets of mobile computing…

Identity Theft Protection Expert and One You Security: Common Data Handling Practices Mean Consumers Need Protection against Financial Fraud

…Social Security number into something of little use to financial fraudsters.” Subscribers to One You Security receive newsletters and special alerts from Siciliano. Through these, they get the latest information on data breaches and learn more about identity theft prevention. Chief security analyst for One You Security and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano regularly discusses data…

Identity Theft Protection Expert and One You Security: Research Shows Consumers Misplacing Blame for Identity Theft

…8 percent of U.S. consumers pointing to personal irresponsibility as the main cause of identity theft. Another study, released by Javelin in June, looked at the perceptions of consumers whose data had fallen prey to security breaches. Fifty-five percent of these consumers expressed diminished confidence in the breached organization’s ability to protect and manage their personal data, according to Javelin’s news release, which went on…

Identity Theft Protection Expert and One You Security: Year-Over-Year Spike in Data Breaches Will Prompt Consumers to Protect Their Own Financial Identities

…is One You Security’s service, which helps to render these universal identifiers useless to the thieves who would otherwise use them to steal consumers’ financial identities. “Smart consumers notice the data breaches,” said Siciliano. “They also realize that every security breach runs the risk of leaking data likely to include Social Security numbers, maybe even theirs. And until the infrastructure in place for…

Identity Theft Expert and MyLaptopGPS: Organizations Averse to Implementing Proactive Security Measures Need Affordable Laptop Tracking Technology

…ation, dealing with a laptop theft after it happens will cost money — lots of it. The far preferable approach is to incorporate far less expensive security technologies proactively to prevent laptop thefts and the data breaches that commonly follow.” CEO of IDTheftSecurity.com and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano leads Fortune 500 companies and their clients through consumer…

Identity Theft Expert and Speaker on Personal Security: Reported Losses of Data Records during Last Two Weeks Further Erode Consumer Confidence

…l data of around 700,000 customers at risk of further foul play. The information lost included addresses, Social Security numbers, and some customers’ medical codes. “These are only the largest of recent, reported breaches,” said Siciliano. “The fact of the matter is that consumers are really in the dark when it comes to knowing just how many of their unique data records are falling prey to thieves. The real tally is likely…

Identity Theft Expert and Speaker on Personal Security: Massive Data Breach Is One More Reason for Consumers to Take the Security of Their Identities Seriously

…stores in the Northeast, released 4.2 million credit and debit card numbers from the relative safety of the firm’s databases. This later led to about 1,800 cases of fraud, revealed the chain, which first learned of the breach December 2007 breach in late February, the Associate Press found. Readers may view the video below of Siciliano on “FOX News,” where he discusses the Hannaford breach and explains effective countermeasures…

Identity Theft Expert and Speaker on Personal Security: Recent Data Breaches Affect a Total of Nearly One Million Consumers as Industry Fights Legislation

…rienced identity theft speaker and author of “The Safety Minute: 01,” he has discussed data security and consumer protection on CNBC, on NBC’s “Today Show,” on FOX News, and elsewhere. Already, data breaches have plagued numerous organizations in 2008, which has seen 28 incidents since the beginning of January, according to sources cited in a Jan. 30th article by InformationWeek. Just four of the many breaches in…

Identity Theft Expert and Speaker on Personal Security: Frequency of Data Breaches to Increase before it Subsides

…nial activity with an annual budget and hired staff to carry out objectives.” Other reports suggested that TMTs’ concerns were justified. Last year saw more than a tripling of data records falling prey to security breaches despite a decrease in the number of breaches, a Jan. 11th article on the CNET News blog reported—from 50 million records exposed in 2006 to 162 million in 2007. Readers may view YouTube video below of…

Identity Theft Expert and Speaker on Personal Security: Governments Must Set a Much-Needed Example of Responsible Laptop Computer Security

…oday Show,” FOX News, and elsewhere. In the past few weeks, a number of government-owned laptop computers have gone missing, placing thousands of citizens’ sensitive data at risk of identity theft: On Jan. 1, The Breach Blog reported that a laptop computer belonging to the United States Air Force (USAF) had gone missing from a USAF band member’s home on Nov. 19, 2007, at Bolling Air Force Base in Washington, D.C. Data stored on…

Identity Theft Expert and Speaker on Personal Security: Save Money on Rising Costs of Data Breaches by Spending it on Better Security That Costs Less

…r of sensitive data records lost in 2007 vs. the previous year, from 49.7 gone missing in 2006 to more than 162 million in 2007. Furthermore, according to the Ponemon Institute’s “2007 Annual Study: Cost of a Data Breach,” announced on Nov. 28, the cost per lost record for organizations that experience data breaches has risen by more than 8 percent, from $182 last year to $197 in 2007. Significantly affecting the increase,…

Identity Theft Expert and Speaker on Personal Security Reacts to Data Breaches That Have Left More Than 10 million Records Lost in Just One Month

…log-on and password information to obtain the e-mail addresses of 1.6 million members of Monster.com. Authorities remarked that the bounty from Monster.com represented a bonanza for spammers and phishing rings. An unrelated breach of data at Fidelity National Information Services’ subsidiary, Certegy, put 8.5 million consumer records in the hands of thieves, According to an Aug. 9th report in DM News. Against the backdrop of other recent…

Identity Theft Expert and Speaker on Personal Security Says Any Laptop Computer Theft Must Also Be Treated as a Breach of Data

(BOSTON, Mass. – Aug. 13, 2007 – IDTheftSecurity.com) Last month’s theft of a laptop computer from a high-tech security products manufacturer has resulted in a data breach. According to Robert Siciliano, a widely televised and quoted personal security and identity theft expert, the development at once underscored the danger posed by recent laptop thefts and revealed the need for better antitheft protection on mobile computing…

Identity Theft: Expert Lauds Massachusetts' New Credit Freeze Law—Identity Theft Expert and Speaker on Personal Security

…ace,” said Siciliano. “But ‘finally’ is the operative word. The pace of progress has been slow for state and federal legislation alike. The entire nation has needed credit freeze access and compulsory breach disclosure laws for a long time.” Playing a key role in the reporting of a highly publicized security breach at ChoicePoint, Inc. in early 2005, California’s SB 1386 has for a number of years obligated…

Identity Theft: Federal Task Force Provides Good Recommendations Too Late—Identity Theft Expert and Speaker on Personal Security

…, to inform the public when data breaches of certain magnitudes occurs. Thirty-five states already have such laws. One notable example is California’s SB 1386, which compelled ChoicePoint, Inc. to report a massive data breach in early 2005. On April 20, SearchSecurity.com reported the on the activities of security industry lobbyists, the Cyber Security Industry Alliance, who have claimed that a preponderance of differing state laws makes…

Identity Theft: Data Breaches Throw Electronic-Payment Security and Customer Loyalty into Question—Identity Theft Expert and Speaker on Personal Security

…April 11, Javelin Strategy & Research announced the results of a study on how data breaches affect consumer behavior, finding that 77% of the consumers surveyed intend to stop shopping at merchants that suffer from data breaches. Yet The Associated Press reported soon thereafter that TJX Cos., which recently suffered a data breach exposing “45.7 million credit and debit cards to potential fraud,” experienced a 6 percent rise in…

Identity Theft: Retail Store Data Breach Affects Millions of Consumers, Including a Widely Quoted Identity Theft Expert and Speaker on Personal Security

…ot taking advantage of tools that might protect their financial information. An article in Network World reported on April 10 that fewer than 10 percent of the approximately 163,000 consumers affected by the ChoicePoint data breach in 2005 used the free credit monitoring, credit reports, and identity-theft insurance the company offered. Data breaches can be costly to a company that experiences them. Findings from Forrester Research reported in…

Identity Theft–Fighting Legislation May Also Improve Consumer Perceptions—Identity Theft Expert and Speaker on Personal Security

…velin’s March 8 news release, only 20 percent of the survey’s 1,200 randomly sampled respondents, all credit or debit cardholders, said they would likely continue shopping at a store if they learned it had a data breach that may have compromised their card account information; nearly 78 percent, in fact, would be unlikely to continue to shop there. Meanwhile, activity from state governments and in the U.S. Congress pointed to new and…

 

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in