IRS Reports New Data Breach

According to the IRS, on Tuesday, hackers attempted to breach their computer systems in an attempt to file fraudulent tax returns.  The thieves were attempting to gain access to E-File pin numbers which are used by some people to file their tax returns electronically.  The IRS stated on Tuesday that approximately 464,000 social security numbers were accessed and nearly 100,000 of those were used to acquire E-file pin numbers.

The hackers apparently acquired personal tax payer data that was stolen from other sources to assist them in obtaining & generating the E-file pin numbers.  The IRS is also reporting that no personal data was compromised or released in the attack.  Tax payers who’s social security numbers may have been involved in the breach will be sent notifications by mail. The agency also noted that they are protecting the affected accounts by marking them to “protect against tax-related identity theft”.   This is especially unnerving considering the IRS suffered an extensive data breach in 2015 in which over 300,000 taxpayers information was stolen, used to file fraudulent tax returns and obtain over $50 million federal funds.

If the IRS isn’t going to do something to protect your sensitive data, isn’t it time you took matters into your own hands.  There’s no way you can protect yourself against a major corporate data breach like this one.  Individuals who are notified that their information has been part of a data breach are 6 times more likely to have been a victim of identity theft in the past year.

This means that before you are even told that your social security number, credit card number or other personal information has been part of a data breach, the criminals have likely used your information fraudulently, without you ever even knowing.  By this time, the damage has been done.

Start taking your identity protection seriously.  IdentityGuard.com provides unmatched credit & identity monitoring, so you know if your information has been breached before the IRS or retail store gets around to telling you.  Sign up today from StopIdentityFraud.org and get 30 days free protection and save $3.00/month off the homepage price.

25,000 New West Health Services Customer Information Compromised

An employee of New West Health Services recently had a laptop stolen, which contains personal and medical information of up to 25,000 current and former customers.  The information in the database includes name, addresses, drivers license numbers, some social security numbers and possibly banking, credit card and medical information.

At this point, there is no evidence that the data has been used improperly.  While New West declined to report approximately how many of it’s customers could be part of this breach, indications are that it my involve up to 25,000.

Based on a forensic investigation, New West says it believes the laptop contained:

• Customers’ names, addresses and, in certain instances, driver’s license numbers and Social Security numbers or Medicare claim numbers.

• It “may have also contained” information relating to some customers’ payment of Medicare premiums. That information includes electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and the card’s CVV number).  Read more about this medical database breach on Helenair.com

New West customers who receive letters advising them of the possibility that their information may have been part of the data breach should take steps to protect themselves.  This includes obtaining a letter from the insurance company if any of their information has been used, seen or stolen by unauthorized persons.  Setting up at least one year of paid credit monitoring, funded by the company or agency involved in the breach.

Fitbit Hacking – Are Your Wearable Devices At Risk?

Some of the hottest holiday gifts this past season were the wearable fitness tracking devices such as Fitbit, Runtastic Orbit & Mio Fuse.  But apparently the hackers of the world were paying attention as well and there have been reports of Fitbit accounts and other wearable technology accounts being compromised.  This was not reported as a breach on a large scale where a customer database was hacked.  It appears to have been some isolated incidents where customer usernames & passwords may have purchased on the black market where stolen account information is often bought and sold.

In the reported cases, the Fitbit identity thieves changed the account information shortly after stealing it.  This prevented the true account owners from accessing their accounts.  The criminals then used the stolen accounts to request replacement devices under warranty by reporting them as “faulty”.  In most cases, it was the more expensive Fitbit & wearable hardware that was the target of the scammers.  Its also scary to think of the personal health information that may be accessible to anyone who hacks a Fitbit account.   Previous articles on the topic have stated that a Fitbit type device can be hacked in less than 10 seconds.

As reported by Mr. Krebs, Fitbit’s cybersecurity team recently assigned risk levels to incoming requests. He quoted Fitbit’s CSO, Marc Bown as saying: “If we see an account that was used in a suspicious way or a large number of login requests for accounts coming from a small group of Internet addresses, we’ll lock the account and have the customer reconfirm specific information.” Not surprisingly, Fitbit has plans to introduce two-factor authentication to combat hijacking of Fitbit accounts via the company website.

You can read more about the Fitbit hacking incidents here.

Related Fitbit hacking resources:

https://www.schneier.com/blog/archives/2015/10/hacking_fitbit.html

https://www.theregister.co.uk/2015/10/21/fitbit_hack/

https://www.engadget.com/2015/10/21/fitbit-tracker-bluetooth-vulnerability/


Possible Dell Data Breach Being Reported

dell logo
Credit: REUTERS/Bazuki Muhammad

It appears that there may be another major data breach in the works. It’s being reported that many Dell customers are claiming to have been contacted by scammers who knew personal identifiable information that was part of a Dell database.  So far Dell is claiming that it has not bee hacked or breached but has no explanation for the possible stole data.

From our perspective, this sounds like a possible new twist on an old trick.  Scammers have been contacting windows users for years, acting as support techs who have “detected a problem” with the persons PC.  They give steps to “fix the problem” and the scammers then get remote access to their computers.  Installing ransomware, malware and even locking the victims out of their computers.  Then, to add insult to injury, they send a large bill for the tech support.

If you ever receive an unsolicited call from a computer or software company, do the right thing and hang up immediately.

As far as this possible Dell data breach is concerned, we will wait for a more in depth response in coming days.  But don’t be surprised if they release a statement confirming a full blown data breach scenario.  Protect yourself today with credit monitoring & id theft protection.

Read More About the Dell Data Breach At This Link. 

Additional Dell Data Breach Resources

https://powermore.dell.com/technology/a-breach-is-found-now-whom-do-i-tell/

https://www.startupsmart.com.au/management/legal-matters/dell-data-breach-prompts-cyber-crime-warning/201104082247.html

https://www.ibtimes.com.au/dell-hit-second-security-breach-one-day-criticised-lax-security-1486915

Dell Threat Report Claims 100 Percent Increase in SCADA Attacks

Differences Among Certain Data Security Breaches

Although right off the bat every single data breach is going to feel like it is going to ruin your life, the truth of the matter is that, for the most part, fixing the fallout from data breaches can be relatively hassle free. However, there are a handful of situations that may lead you down years of cleanup and finding surprise after surprise on your credit reports.

 

Major data breaches, stolen credit cards, hacked social media accounts, spammed email, missing snail mail — many of us are experiencing fraud fatigue. But no breach should be ignored, though some expose you to more danger and aggravation than others. It helps to know whether you’re facing a minor annoyance or a full-on code red alert.

With help from security experts, we’ve produced a risk-o-meter to rate risks and hassles. You can also learn how to avoid some of these breaches.

You are not your credit card

Keep in mind that there’s a big difference between a risk or breach involving only one account and a breach that exposes your entire identity.

“You have to understand, you are not your payment card,” says Eva Casey Velasquez, president and CEO of Identity Theft Resource Center in San Diego. “If you have a credit card compromised, the remediation process is significantly easier. You simply call your financial institution and inform them that your existing account was compromised and you need a new card.”

Read more at CreditCards.com

One Way Hackers are Gaining Access to Company Databases

Although most phishing scams are targeted at gaining access to peoples’ financial details or login credentials, fraudsters and thieves also use the tactic to find ways into a company’s databases. These hackers send these phishing attempts to as many of the target company’s email addresses they can find. The sites they lead to look just like the company’s and hackers only need to fool a single person out of hundreds or even thousands before having access to all of your financial or personal information as well as those of all the company’s other customers.

If you’re concerned about identity theft or data breaches, you should consider signing up for an identity theft protection service.

Hackers who gained entry to Anthem and Premera BlueCross BlueShield computer systems last year reportedly directed phishing emails at company employees. The emails directed the employees to visit webpages that appeared to be legitimate Anthem or Premera sites.

But they were lookalike sites, according to articles posted by consulting firm ThreatConnect and cybersecurity writer Brian Krebs. One was prennera.com (instead of the legitimate premera.com) and the other we11point.com (instead of wellpoint.com, reflecting the corporate name that Anthem then used). CONTINUE READING AT D&C

What to Know about Data Breach Protection

Data Breach – What Is It?

Data breach happens when one’s private identifying information including name, email address, address, debit or credit card data, driver’s license number, and SSN are put at risk either on paper or electronically.

Electronic data breach may be in numerous forms such as spyware, malware, hacking, skimming, inside breach or physical loss of payment cards or devices like laptops and computers. While the kinds of data breach differ, they all have one thing in common and this is unencrypted personal information that falls into jeopardy in the hands of fraudsters or thieves.

How to Protect Your Business from Data Breach

databreachEvery business that deals in debit or credit cards or electronic fund transfers, regardless of experience, transaction volume, and size, can be a victim of security breach. This is the reason why data breach protection is always necessary.

When compared to some countries in European Union and Canada where strong data protection acts were introduced for years, the US government hasn’t highly regulated or legislated data privacy. But, the forty-six states and some places like Puerto Rico have enacted legislation, which requires notification of the security breaches that involve personal information.

There are also partial federal regulations, which govern the storage, use, and acquisition of personal data in the US, yet it is up to businesses and individual merchants to implement such data breach protection programs. It’s also their responsibility to give technologies and policies to shield both their customers and businesses from potential devastating fallout generated by a security breach.

Best Practices to Achieve Successful Data Breach Protection

One of the very first steps to protect yourself, your customers, and your business from data breach is to adhere to PCI DSS, which stands for Payment Card Industry Data Security Standard. This is also known as PCI compliant. The PCI DSS’ requirements are concentrated on increasing the security for the transmission, storage, as well as cardholder data processing. Aside from that, businesses must strive for the tightest security against fraud and some data breaches through utilizing advanced and standard prevention and detection tools like those provided by some companies.

Other ways of practicing data breach protection are:

  • Validating and requiring complete order information like phone number and full number for each order before you proceed to the shipping process.
  • Changing your password and your security question and answer every forty-five to sixty days as a safeguard.
  • Using a 3rd party solution to keep the strictest security standards to submit transactions to payment gateway.
  • Monitoring transactions, especially those from other countries, with an eye towards possible fraudulent practices like a number of tractions or orders where delivery and billing addresses don’t match.

Data Breach Protection: Computer-Based Security

Machines like computers can be weak links that contribute to data breach protection. The standard computer security practices you can consider are:

  • Installing a firewall that will monitor external connections.
  • Installing an anti-virus software, such as Norton Internet Security. This should be updated regularly and installing or downloading all security updates in a timely manner.
  • Sharing access to the network drives and other computers only when needed.
  • Avoiding requesting or sending confidential information through unsecured methods including online chat sessions or email. If you got a request, always confirm your request through phone before you respond.
  • Storing confidential or sensitive information separate from the web servers in an encrypted database that’s not connected online.

Data breach protection is the best defense against fraud. So, make no mistakes and always consider it as your top priority to protect yourself and your business. If you think you can’t handle data breach protection, it is also a good idea to consult or ask for professional help. A lot of companies are now offering data breach & identity theft protection solutions. When choosing a provider, ensure that it is reliable and has been servicing the industry for several years. Even if new companies claim the best services to offer, experienced providers can always make a difference, especially if you want to get the best value of what you have spent. In this way, you will get the highest possible level of data breach protection.

Steps to Take if You’re The Victim of a Data Breach

Anyone can be a victim of data breach. Even some of the popular organizations have suffered from data breaches, which compromised millions of payment-card numbers and accounts. If you are one of those who have information that could be exposed in a data breach, there are ways on how to minimize of being an identity victim theft.

  1. Know What Was Stolen

You will need to pin down exactly what type of information was lost in data breach. Get a copy of your credit report first. Here’s a list of the best credit report sites. Sensitive information could fall into general categories such as:

  • Least Sensitive – Street addresses and names. These information was a bit harmless when this was printed in your phonebook. At present, a name typed into the search engine may yield data beneficial to online marketers as well as nosy neighbors, yet probably not enough to cause severe trouble.
  • More Sensitive – Dates of birth, credit card account numbers, and email addresses. Stolen email addresses could result to increased spam and stolen credit cards may result to fraudulent charges, yet cardholders are generally protected from the liability. Dates of birth are useless, yet once these are combined with a name, it can be more valuable than addresses due to the reason that these never change and often used for verifying identity.
  • Most Sensitive – SSN or SIN in Canada, financial-account numbers, online account passwords, and payment card security passcodes are the most sensitive information. Online account passwords, once combined with email addresses, may be used when hijacking online accounts. Card security codes allow a thief use stolen card numbers for telephone and online shopping. Bank account numbers, on contrary, can allow thieves to monitor your financial transactions and may move money into any accounts.

2. Change Affected Passwords

If online accounts have been compromised, changing passwords right away is important. If you use same passwords for other accounts, change them and make new yet strong passwords for every account. Do not reuse passwords for your second account. In this way, you will be able to limit the damage next time data breach hits and you will not have to undergo this process again.

If online companies offer 2-factor authentication for protecting accounts, take advantage of it. Through this, thieves who attempt to lot into online accounts can’t get in, even using the right passwords, unless they have numeric codes that company texts to legit cellphone of the user. If remembering and creating all new passwords is hard, utilize a password manager to do the job for you. Through a password manager, you will need to remember one password and this software will take good care of the rest. But, the downside is that once the master password was compromised, all your accounts will be compromised too.

Contacting financial institutions and credit-reporting bureaus can also be a good idea. In this way, you will be able to cancel your stolen card and get new one right away. They can also freeze your account so that thieves won’t be able to get your money or use your credit card to make transactions or purchases.

With the increase if major retail data breaches over the past several years, now is the time to put an identity theft & data breach protection plan into place.  Stay informed and get alerts if your information is part of a data breach.  Don’t wait for the retailers to contact you.  By then, the damage could already be out of control.