Recent high-profile data breaches have illustrated criminals’ insatiable appetite for data and financial reward. If you do get hacked, then, here’s how to recover.
The post How do you recover from a hack? appeared first on We Live Security.
Tag Archives: data breach
OPM Breach Dates Back to December
The attack on the Office of Personnel Management that was disclosed earlier this month began as early as December 2014 and likely was the end result of a social engineering attack that enabled the hackers to gain valid user credentials and move around OPM’s network. During a hearing on Capitol Hill Tuesday to address the […]
LastPass Has Been Breached: Change Your Master Password Now
Luckily no passwords were actually stolen in the attack on LastPass last Friday, according to the Company’s Blog: “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.” Nonetheless account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
Because of that everyone using the LastPass service will receive a mail, prompting them to reset their master password, according to the blog entry. On top of that the company will also require users who log in from a new device or IP address to verify their ID via mail if multifactor authentication is not enabled for the specific account.
Considering your stored passwords the blog says: “Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.”
So apparently there is no need to change every password you have stored with them. You can if you are really really concered for your accounts, but according to LastPass there is no need for it. Just make sure none of the other passwords you use is the same as the master password of your LastPass account.
The post LastPass Has Been Breached: Change Your Master Password Now appeared first on Avira Blog.
Impact of Healthcare Data Breaches Goes Beyond Financial
This past week, CareFirst, a U.S. based BlueCross and BlueShield insurer with coverage in Mid-Atlantic States, revealed that 1.1 million user accounts were compromised. CareFirst is the third U.S. health insurance company to publicly acknowledge a data breach recently, following Premera Blue Cross and Anthem. It seems relatively small potatoes compared to the Premera (11 million people) and Anthem, which acknowledged that hackers broke into a database containing personal information for about 80 million of its customers and employees. But if you’re one of the 1.1 million, it isn’t small potatoes.
It can also hit very close to home. I just discovered friends of mine were among those caught up in the Anthem hack, which also led to them being part of the income tax fraud scheme that I and my fellow blogger, Tony Anscombe, have written about previously. My friends were tipped off when a new credit card arrived that they hadn’t ordered. Shortly after, they tried to file their income taxes and found they’d already been filed –and a substantial over-payment (not based on their calculations) had already been claimed by the perpetrator.
CareFirst said that the attackers gained limited, unauthorized access to a single CareFirst database. CareFirst said the attackers didn’t get access to Social Security numbers, employment info, financial data, medical data or consumer passwords –because those are encrypted and stored in a separate system.
However, attackers could have potentially acquired members’ names, birth dates, email addresses and subscriber identification number. (You can also see the full statement from CareFirst on its website.)
The attack occurred in June 2014, two months after the insurer detected an attack that the organization thought it had contained… But the hackers had left behind hidden back doors that let them re-enter later, undetected, according to reports, by the Baltimore Sun and others.
According to CareFirst, it has run comprehensive internal security tests, and hired an outside security company for further assessment, as well. It is offering two years of free credit monitoring and identity theft protection services for those members affected. Finally, it is letting those customers know who might be compromised. (Anthem did this also, though my friend was not among those notified…)
IT security has to be a priority for all businesses, but particularly for healthcare, where the stakes are so high. The healthcare industry needs to conduct extensive ongoing internal IT evaluations and adopt stricter policies – especially around what data they need to keep and for how long.
According to a new research by Ponemon Institute sponsored by IBM, “2015 Cost of Data Breaches Study”, data breaches in healthcare are the most expensive to remediate and only going up. The study covered 350 companies in 11 countries across 16 industries.
Consider the case of the UK-based Cottage Healthcare Systems. Hackers swiped 32,500 patient records and its customers sued Cottage for $4.1 million. Its insurance company, Columbia Casualty Company, settled the claims. But now Columbia has come back to Cottage to recoup the settlement, because it claims Cottage did not provide adequate and secure IT systems, so it wants its money back.
As consumers, we have to do more too. We need to monitor the activities on all of our accounts, financial and via our health care providers and insurance companies– and note anything that’s irregular or suspicious.
You can find some helpful information on the Federal Trade Commission (FTC) website to identify signs of medical identity theft, including these:
- A bill for medical services you didn’t receive
- A call from a debt collector about a medical debt you don’t owe
- A notice from your insurer saying you reached your benefit limit or denial of insurance for a condition you don’t have.
The FTC encourages visiting IdentityTheft.gov to report incidents and get information on how to recover from identity theft.
US blames China for massive data breach
The OPM is responsible for human resources for the federal government which means they are the collectors and holders of personal data on all federal employees.
Law enforcement sources close to the breach stated that a “foreign entity or government” possibly Chinese was believed to be behind the attack, according to an article published in The Guardian.
It should be noted that the Chinese government stated that it was ‘not responsible’ and this conclusion was ‘counterproductive’.
The OPM carries out background checks on employees and holds data dating back to 1985. A successful attacker could gain access to records of past and present employees, with data that could even refer to retired employees and what they are doing now.
Regardless of whether you believe the continual finger pointing by one government at another, there are real people that are effected and protecting them and their identity should be the priority.
Alarmingly, an official said to Reuters that “Access to data from OPM’s computers, such as birth dates, Social Security numbers and bank information, could help hackers test potential passwords to other sites, including those with information about weapons systems”.
How to stay safe
While those of us who do not work for the government won’t have been affected by this breach, what can we do to protect ourselves identity theft?
- Ensure your online accounts are not using the email address and a password that could be guessed from personal information, if you are then change the password.
- Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
- Spammers may send emails that look like they are coming from valid sources. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact the sending organization directly to ensure it’s an official communication.
- Avoid using the same email address or identity across multiple online accounts. For example, have a primarily email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.
- Avoid Cold Calls: If you don’t know the person calling then do not hand over payment or personal details. If in doubt, hang up and call the organization directly to establish you are talking to legitimate operators.
- Set privacy Settings: Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.
- Destroy documents: Make sure you shred documents before disposing of them as they can contain a lot of personal information.
- Check statements and correspondence: Receipts for transactions that you don’t recognize could show up in your mail.
- Use strong passwords and two factor authentication: See my previous blog post on this, complex passwords can be remembered simply!
- Check that sites are secure: When you are sending personal data online, check that the site is secure – there should be a padlock in the address or status bar or the address should have a ‘https’ at the start. The ‘s’ stands for secure.
- Updated security software: Always have updated antivirus software as it will block access to many phishing sites that will ask you for your personal data.
Also consider enlisting an identity monitoring service, commercial companies that have been breached often offer this reactively to the victims. Understanding where or if your identity is being abused in real time will give you the ability to manage issues as they happen.
OPM Data Breach: Data of 4 Million Federal Workers Exposed
According to the official news release, hackers managed to breach the Office of Personnel Management (OPM). With the information of 4 million federal government workers exposed, it is one of the biggest in the federal government’s history. The hack was discovered because “within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks”.
In order to determine the full impact the OPM is now investigating the issue together with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI).
In their statement the agency wrote: “Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.”
Sounds all good, but who is to blame? According to The Washington Post and the Wall Street Journal the hackers might have been Chinese, a link that China’s Foreign Ministry Spokesman calls “irresponsible”.
The post OPM Data Breach: Data of 4 Million Federal Workers Exposed appeared first on Avira Blog.
100,000 Tax Accounts Breached Through IRS “Get Transcript†App
While nothing is impossible to breach you’d think that it would be really really hard to gain access to information like the one from the IRS. At least that’s what I thought – until I saw their press release today. According to the statement cybercriminals managed to illegally gain access to data from about 100,000 accounts by using the IRS’ very own “Get Transcript” app. Accessed data include things like addresses, birthdates, Social Security information, and the tax filing statuses.
Now don’t misunderstand the situation: The IRS has not been hacked. Well. Not in the usual sense of the word anyway. “These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer”, explains the IRS statement. What does that mean? The criminals collected a lot of data and information on a lot of unlucky people – be it through phishing of by buying data from shady online sources – and used them to actually access taxpayers past tax records.
According to the information supplied the attackers tried to access 200,000 accounts between February and mid-May which leaves them with a success rate of 50%.
Once the IRS identified the questionable attempts to gain access to its data it decided to shut down the “Get Transcript” app temporarily. The whole affair is now also under investigation of the Treasury Inspector General for Tax Administration and the IRS’ Criminal Investigation unit.
The IRS closes the statement with the following: “The IRS will be working aggressively to protect affected taxpayers and strengthen our protocols even further going forward.”
The post 100,000 Tax Accounts Breached Through IRS “Get Transcript” App appeared first on Avira Blog.
CareFirst data breach leaves 1.1m health insurance customers vulnerable
More than 1.1 million health insurance customers have been left vulnerable by a vast data breach, after criminals gained access to a CareFirst database in a “sophisticated cyberattack.”
The post CareFirst data breach leaves 1.1m health insurance customers vulnerable appeared first on We Live Security.
Was Sally Beauty Hacked Yet Again?
The cosmetic retailer states that it is investigating “reports of unusual activity” on payment cards used at some of their U.S. Sally Beauty retail stores.
“Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected,” the company says in a statement. “Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.”
In last year’s beach more than 25,000 records of Sally Beauty customers were affected, including sensitive information like payment card numbers and security codes. The data went on sale on Rescator, a rather popular underground crime store.
Customers who are concerned about the security of their payment cards are advised to call the companies Customer Service Hotline, where the individual concerns will be addressed. Once available further updates will also be released on sallybeautyholdings.com.
For further information read the companies official statement over here or find out more about last year’s hack.
The post Was Sally Beauty Hacked Yet Again? appeared first on Avira Blog.
Target agrees to $19 million data breach settlement with MasterCard
Target has ended its dispute with MasterCard over the retail giant’s 2013 data breach by agreeing to a $19 million reimbursement to issuers.
The post Target agrees to $19 million data breach settlement with MasterCard appeared first on We Live Security.
