identity theft protection

Consumers Fighting Identity Theft Need To Demand Data Breach Protection

Are you one of the millions affected by identity theft? Even if you are not, 2011 was the year of the data breach with over 36 million affected by breaches. Read More »

hhs data breach report infographic

How to Remove Responsibility While Avoiding Data Breaches in Healthcare

If you are in the healthcare industry then you are familiar with privacy and how important it is to keep confidential data secure. Not only are you under the scrutiny Read More »

verizon data breach report

Verizon Reports Data Breach Count Rises While Records Breached Falls

With the number of data breaches on the rise why are the amount of records stolen dropping? Verizon recently released a report called the 2011 Data Breach Investigations Report (DBIR) Read More »

medicare fraud

$60 Billion A Year Medicare Fraud and How Two Factor Authentication Can Increase Medicare Security

Medicare fraud is a huge problem in the United States. It is estimated that it costs taxpayers more than $60 billion each year. Some experts believe the number is higher Read More »

safer internet day

Safer Internet Day and how Two Factor Authentication Can Make It Safer

Today, February 7th, 2012 is officially Safer Internet Day (SID). Safer Internet Day is a global campaign that promotes a safer and healthier internet for everyone to use. It is Read More »

UFC.com’s Security Breach, Hackers Release Personal Information of UFC’s President Dana White

January 31, 2012   Adam Quart   No comments
ufc hacked security breach

On Sunday, January 22nd, UFC.com was hacked.  UFC.com was rerouted to the site UGnazi.com several times.  Dana White, the UFC’s president, called the site’s organizers terrorists at the “UFC on Fox 2” press conference.  The hacking of UFC.com is said to be the result of Dana White and the company’s support of SOPA and PIPA.  The SOPA and PIPA bills are aimed at stopping online piracy.

The attack was also reported to be because of retaliation for the shutdown of the file sharing website Megaupload.com.

Dana White did not tweet about the incident as he usually does about any incident related to UFC.com.  Dana White taunted the hackers to attack the site again saying reportedly, “Keep hacking our site, do it again. Do it tonight.”  The hacker that took credit for the hacking didn’t hack the site again, but posted Dana White’s personal information, including social security number, residential addresses, a vehicle identification number and personal phone number in reaction to the taunt.

The hacker is now reportedly targeting Dana White.  Dana White responded by saying that he’s not afraid of the internet and that it’s where the cowards live.

The hacking attacks might have been prevented if the UFC’s servers were protected by layered security such as two factor authentication.  If the servers were protected with two factor authentication, the network administrator could have been alerted that the site was being hacked and the hacker would have a much harder time gaining access to the site and redirecting it to another site.

Big organizations such as the UFC.com aren’t immune to attacks and they should take precautionary measures to protect themselves against these types of attacks.  Two factor authentication is relatively cheap to implement compared to other security solutions, easy to use, and is a very effective way to thwart hacking attacks.  If the UFC can incorporate layered security into their servers and access controls, they have a better chance at protecting against future attacks and securing their servers.  If the UFC were as aggressive on implementing security methods on their site as they are with their marketing, they would be a much more secure company with a much more secure website.

The hacking of UFC.com should have been addressed more seriously because a hacking incident like this should not be taken lightly.  Dana White and the UFC should acknowledge the hacking incident and also ensure fans of the website and organization that the site is easy to use since there are users that login to the site for updates and news.  Tickets are also purchased through UFC.com for events and users need to feel safe that their payment information and personal information will not be hacked and that the UFC.com is a secure site.  We will find out if the UFC will address the issue more seriously and if they will be hacked again.  Mixed Martial Arts is a popular sport and the UFC has a strong hold on the sport so fans will probably continue to log onto the site, but the UFC needs to be doing a better job at securing their website and servers so that hacking incidents don’t occur again and so that sensitive data of their users will be safe.

Read More

10-Year-Long Breach at City College of S.F.

January 27, 2012   Absolute Software Blog
 We know that approximately 5% of data breaches take years to discover. Just this month, for example, the City College of San Francisco discovered an “infestation” of computer viruses that have been leaking data for more than a decade. The investigation of the initial security flag found that an infestation of computer viruses had been lurking on college computers since 1999. Not all systems have yet been analyzed.According to what is known already, each night several viruses would troll college networks and transmit data to sites in Russia, China and several other countries. Computers all across campus have been infected and it is likely that personal computers and data devices connected to the college network in the last 10 years have also been affected.
“We may never know the full extent of the damage, and how many lives have been affected by this,” CTO Hotchkiss told three college trustees Thursday evening who met to discuss school buildings and technology issues. “These viruses are shining a light on years of (security) neglect.”
The college is currently attempting to trace the extent of the breach and will attempt to notify affected individuals.According to the news report, the City College of San Francisco was particularly lax in its security policies. For example, passwords for computer systems had not been changed in more than 10 years and that both technologies and policies for protecting information were years in arrears.
Read More

Hackers Make Unauthorized Trades in Online Brokering Accounts

January 25, 2012   Adam Quart   No comments
hacked-online-trading

In recent news, some clients of online stockbrokers in Australia have had their accounts compromised and they have been advised to change their user passwords.  Investigations are currently being conducted by the Australian Securities and Investments Commission.  The ASIC believe that the hacking attacks were organized, but they haven’t determined how client passwords are being compromised as of yet.  Hacking attacks like these could have been prevented if proper security measures were in place for the broker’s clients and their systems.  Using layered security measures such as multi factor authentication dramatically reduces the likelihood of online user accounts being compromised.

According to the ASIC, the hackers used the accounts to engage in trades that lost the clients money.  About a dozen share-trading accounts have been hacked across several brokers and the ASIC is cooperating with international authorities to trace proceeds reaped by the other party in each transaction.  The ASIC has also said that the attacks are not believed to be associated with the attacks that shut down online brokers E*TRADE and Directshares.

Representatives at E*TRADE and Directshares have recommended that their users who have online brokerage accounts keep their anti-virus and anti-malware software up to date on their PC devices.  E*TRADE was targeted by hackers late in 2011 to access a small number of online broking accounts to make unauthorized trades.  E*TRADE has stated that their systems was not the source of their security systems, but rather the user’s accounts were compromised.  E*TRADE has recommended users to change their account passwords and also to check their computers to make sure there is no malicious software that logs their keystrokes.  Users that have online brokerage accounts should also check their transaction history for unusual trades and to report any unauthorized trades to the authorities and their broker.

The user accounts that were hacked could have been protected from unauthorized persons accessing their account if stronger authentication measures were used to authenticate the users accessing the account.  Layered security such as multi factor authentication identifies users using multiple methods.  Two factor authentication is a form of multi factor authentication and could have been used to thwart the hacking attacks.  If two factor authentication were used to authenticate the broker’s online clients, the chance of the hackers accessing the data would minimal.  A user’s login, or something they know, and a user’s mobile phone, or something they have, are two factors that can be used to authenticate them.  The most secure way of authenticating someone through their mobile phone is to send a one-time password to the mobile phone because the user has the phone on them and is able to enter the one time password along with the login credentials to verify them.  In the case of the broker’s client’s accounts being hacked, the hackers would only have the login credentials and the access would have been prevented because they wouldn’t be able to receive the one time password sent through the mobile phone.  This type of authentication is a standard in industries such as banking and healthcare.  The best way to prevent these type of hacking attacks is to scan your computer for viruses, malware, and to incorporate two factor authentication as an additional layer of security to protect against unauthorized access.

Read More

Hackers Lead US Data Breaches in 2011

January 17, 2012   Absolute Software Blog

According to an upcoming study from the Identity Theft Resource Center (ITRC), previewed in advance by Information Week, 419 breaches were publicly disclosed in the US for 2011 affecting 22.9 million records*. Of those breaches, hack attacks were the leading cause of data breaches for the year, responsible for 26% of all known data breach incidents.

Following hack attacks, lost “data on the move” accounted for the second largest sector of breaches in 2011 (18%). Data on the move includes data storage devices, laptops or paper reports that were lost or stolen in transit. Insider theft accounted for another 13% of reported data breaches.

The data for 2011 indicates that malicious attacks, combining both insider theft with malicious hack attacks, accounted for 40% of known breaches. Breaches that were the result of accidents accounted for 20% of known breaches. Non-financial and healthcare groups saw the greatest incidence of insider theft and non-financial businesses were also the target of the greatest number of hack attacks.

If you break down the data breaches by sector, Government and Armed Services exposed 44% of all exposed records, non-financial businesses (33%), medical and healthcare groups (16%), educational institutions (4%), and banking, credit and financial firms (3%). When it comes to data breaches, 81% of the 22.9 million exposed records included Social Security Numbers.

*Only 52% of disclosed breaches detailed the number of sensitive records exposed. Records not-deemed ‘sensitive’  (financial or SSN related) or breaches undisclosed or undetected would seriously inflate these figures.

Read More

Zappos.com Hacked: How Data Breaches Affect Us

January 16, 2012   Adam Quart   No comments
zappos-data-breach

The latest big ecommerce site to be victim of a cyber attack was Zappos.com by a hacker who accessed a part of the company’s internet network through one of its servers in Kentucky, CEO Tony Hsieh said in an email to employees January 15, 2012. The data breach compromised customer account information such as billing addresses, names, email addresses, phone numbers, passwords in encrypted form, and the last four digits of credit card numbers. CEO Tony Hsieh said the security problem did not affect “critical credit card and other payment data” and that they were “cooperating with law enforcement to undergo an exhaustive investigation.”

Zappos.com was acquired by Amazon.com in July, 2009 for $1.2 billion and operates as an independent unit of Amazon.com. Amazon.com is known for having security measures, such as two factor authentication, in place to protect its customer’s personal data. The company will be notifying 24 million customers to change their passwords as a protective measure and to also reset their passwords anywhere else where their passwords may be the same. A menu has been added to Zappos.com pages to “create a new password” to encourage customers to change their passwords as soon as possible. The company is known for their stellar customer service and due to the high volume of customer calls, they will be switching their phones off and direct customers to contact them via email for assistance.

Even though security measures such as stronger passwords can be in place to protect customers, ecommerce companies like Zappos.com can be attacked by hackers and data can still be compromised. There’s not enough information that is released on the attack yet, but customers know that they need to change their passwords to protect themselves. Zappos.com, on the other hand, knows now that they need to have better security measures in place to protect their servers and to better detect threats against hackers in the future.

The scariest part of the data breach is that customer’s passwords in encrypted form were stolen which can be cracked by programming software that can encode it. This would allow hackers access to their logins across other sites if they use the same email and password logins. Zappos.com customers that have been breached should be careful to use different passwords on different ecommerce sites to reduce the chances of their information being compromised since their account information so that if one site gets attacked, their information won’t be able to be used on other sites. Users that utilize stronger passwords using a combination of letters, numbers and symbols reduce the chance of hackers “guessing” their passwords. Unfortunately, Zappos.com servers were hacked which users cannot control, but using stronger passwords across different sites that their personal information is stored on decreases the chances of their passwords being hacked or stolen.

Some users who have Gmail accounts were also compromised recently. Users were notified that suspicious activity occurred on their accounts and were advised to change their passwords. Some users were compromised by hackers in other countries such as India, Germany and Russia for example. Gmail users that utilize stronger passwords with a combination of letters, numbers and symbols will be safer than users that utilize only letters and numbers. With Zappos.com accounts and Gmail accounts being compromised recently, users are reminded that stronger passwords should be used on any accounts that store their information online and also to use separate passwords across different accounts to protect their sensitive information.

Gmail offers two factor authentication options if you enable them, but this feature is not activated by default. Amazon offers multi factor authentication for their web services, but Zappos.com is run independently and does not yet incorporate multi factor authentication for their users. The added layer of security from the two-factor authentication process allows for a safer user experience online in situations where sensitive information is stored and shared. It makes one wonder if a two-factor authentication solution could have prevented the Zappos.com Data Breach not only with their users, but also in protecting access to their servers. For instance, if a Zappos.com employee was alerted using their mobile phone that a server was being accessed, they could receive a one-time password and use their login credentials to authorize access or reject access which could have prevented the attack.

Strong passwords along with better password policies can make for stronger security. Strong two-factor authentication can enhance security and potentially keep companies like Zappos.com alert and on guard against attacks, for example, if servers are being accessed by unauthorized individuals.

Read More