Archive for November, 2014

Mortgage group apologises for data breach involving over 1000 customers

The Pricewatch five-grand challenge: how to save on energy costs


In part four of the series showing you how to save €5,000 a year, utility bills come under the spotlight as leaks to your wallet are plugged. And there’s a chance to win €5,000 (see Monday’s paper)

Article source: http://www.irishtimes.com/news/consumer/mortgage-group-apologises-for-data-breach-involving-over-1-000-customers-1.2020378

,

No Comments

Data Breach Reported at Chicago, Evanston Parking Garages

SP+ says data at 10 Chicago parking garages was breached.
View Full Caption

CHICAGO — A company that manages parking garages in Chicago and other cities said customer data at 10 local garages has been affected by a data breach.

SP+ announced Friday the company that manages some of its payment card systems found “an unauthorized person used that company’s remote access tool to connect to computers that process payment cards” in some of its locations.

Ten parking garages in Chicago and three in Evanston were affected, the company said. Other cities that saw data breaches were Cleveland, Philadelphia and Seattle. In all, 17 locations were affected.

The earliest data could have been breached in Chicago is Sept. 29; in Evanston, Oct. 8.

SP+ began an immediate investigation and hired a computer forensic firm to study the breaches, it said. SP+ said data at risk from malware installed on its servers may include a cardholder’s name, card number, expiration date and verification code.

The company said the malware has since been disabled, and is working with credit card companies to learn which accounts may be at risk.

“If a customer used his or her card at one of these locations between the earliest and last at risk dates, the customer should review his or her account statements for any unauthorized activity regularly,” the company said in a statement.

If a customer notices unauthorized charges, the company said to contact the bank that issued the card. Credit card companies typically guarantee cardholders are not responsible for fraudulent charges.

The local garages affected, as well as the at-risk dates are:

• 55 E. Monroe, Sept. 29-Oct. 29

• Aon Center, Sept. 29-Oct. 30

• John Hancock Center, Sept .29-Nov. 4

• 1406 N. Halsted, Sept. 29-Oct. 29

• 10 E. Ontario, Sept. 29-Oct. 29

• Cumberland CTA, Sept. 29-Oct. 29

• 500 W. Monroe, Sept. 29-Oct. 29

• Aqau, Sept. 29-Oct. 31

• Presidential Towers, Sept. 20-Oct. 31

• 120 N. LaSalle, Oct. 6-Oct. 29

In Evanston:

• Church Garage, Oct. 8-Oct. 26

• Maple Garage, Oct. 8-Nov. 10

• Sherman Garage, Oct. 8-Nov. 11

 

For more neighborhood news, listen to DNAinfo Radio here:

Article source: http://www.dnainfo.com/chicago/20141129/downtown/data-breach-reported-at-chicago-evanston-parking-garages

,

No Comments

Business forum: Data breach oversaturation — there’s danger in complacency

Share with others:


Print Email Read Later

As major data thefts become ever more common, consumers may be growing desensitized — and dangerously inattentive about protecting personal information. It’s understandable; when major breaches occur, the numbers of affected people are so large that it is difficult to relate to them on a personal level. And the sheer repetition of these stories in the news cycle has taken the edge off of the message that the data breach phenomenon is a real and growing crisis.

Like climate change and sky-high gas prices, the data theft crisis is on a path to fade into the background of our daily lives. But that is exactly the path we must avoid.

JPMorgan Chase recently announced that this summer’s massive cyberattack targeting its servers compromised 83 million accounts (76 million households and 7 million small businesses). And the recent Home Depot breach involving the theft of credit and debit card account information of millions of customers is a bigger incident by most measures than the similar attack on retail giant Target last year. Target lost about 40 million credit and debit card accounts; Home Depot disclosed that approximately 56 million accounts were exposed and that the hackers used sophisticated new methods and tools to avoid detection.

Yet the media reporting on, and public outcry concerning, both JPMorgan’s and Home Depot’s data breach incidents have been decidedly quieter than that concerning Target. And unlike Target, Home Depot’s share price has not seen a negative impact, while JPMorgan’s share value took an initial hit after the announcement but has already reversed course and seen recent gains.

Last year there were more than 1,300 reported cyberattacks, according to Verizon’s Data Breach Investigation Report. Security industry experts are saying that 2014 will see an even larger number of such incidents.

The experts estimate that between 9 and 15 million people in the U.S. are the victims of identity theft every year. On average, each stolen identity results in about $6,000 of fraud.

Rather than growing calloused to these numbers, we should all be getting more vigilant. Regularly review your credit card and bank statements, and look for any signs of unusual activity. Be skeptical when shopping online and when facing an unfamiliar email. Safeguard any documents containing account numbers and Social Security numbers, and dispose of them thoroughly and securely.

If you are notified that your personal information may have been exposed, respond promptly and take measures to protect your identity. If you suspect that your information may have been compromised due to a cyberattack or a loss of data through negligence, quickly communicate with your bank and credit card company, and take other steps to protect your identity from fraud. You might consider credit monitoring and identity theft protection and restoration services.

The White House has issued a call for a tough new federal law requiring prompt consumer notification of data breach incidents. Congressional committees have pushed forward a number of such bills. These are promising and much-needed developments, but they will not eliminate the rapidly proliferating threat posed by cybercrime and they may not take effect for some time to come.

Meanwhile, each of us must take whatever measures we can to protect ourselves. Even if the news reports are beginning to feel numbingly familiar, we simply cannot afford to be complacent.

Sandy Brian Garfinkel is an attorney at Eckert Seamans Cherin Mellott whose practice focuses on business litigation.

Join the conversation:


<!–
This button is used for the non-AJAX submit function.

–>

Article source: http://www.post-gazette.com/business/legal/2014/11/29/Business-forum-Data-breach-oversaturation-there-s-danger-in-complacency/stories/201411220005

,

No Comments

Data breaches put holiday shoppers at higher risk for fraud

DAYTON, Ohio — In addition to spending too much, one of the biggest risks facing holiday shoppers is the security of their personal and financial information, say cybersecurity experts.

A year after a pre-Christmas data breach at Target Corp., which affected 40 million debit and credit card records, the chance of another large retailer suffering an attack is highly likely, said Chris Hart, operational risk director for Cincinnati-based First Financial Bancorp. Michaels Stores Inc., Home Depot, JPMorgan Chase Co. and others followed in Target’s wake with their own security lapses in 2014.

Because of the magnitude of compromised data this year, the biggest concern for holiday shoppers is how their already stolen information — such as credit card numbers, user names and passwords — will be handled during the busy spending season, Hart said.

“What we’ve seen with the breaches announced by Target and Home Depot and JPMorgan Chase is that we’ve put in jeopardy millions of consumers’ personal information,” he said.

“That loss of personal information is now going to be leveraged by fraudsters who will combine different pieces of that information in opening up unauthorized lines of credit and leveraging it for highly profitable fraudulent endeavors.”

Shoppers should be on high alert for suspicious activity on their bank accounts during the weeks between the Thanksgiving and Christmas holidays.

The number of breaches tracked by the Identity Theft Resource Center, a nonprofit group that provides counseling services to identify theft victims, has risen 25 percent in 2014 from the year before. The counseling center compiles media reports and records obtained from state attorneys general and has found about 679 data breaches nationwide so far this year.

Data breaches occur when fraudsters break into computer systems to steal consumer names, payment card numbers, medical records and other information. Personal cellphones, tablets and computers infected by malware through phishing emails and other scams can also be breached, Hart said.

In fact, Hart says, the next big data breach has already happened, but the affected company just doesn’t know it yet because it can take weeks to months to detect.

Retail breaches are attention-grabbing, but according to the National Retail Federation, more breaches occur at government agencies (13 percent) and financial institutions (34 percent). The trade group says 10 percent of breaches are at retailers, and 11 percent are at hotels and restaurants.

Not all data breaches are created equal, adds Eva Velasquez, chief executive of the Identity Theft Resource Center, based in San Diego. The risk is different for each disclosure because it depends on what information has been compromised.

“When it’s a matter of simply payment card information, that is generally less difficult to remediate and does less extensive damage,” Velasquez said. “When you have a debit card compromised, there’s potential a thief could go in and clear all your accounts.”

“If there’s a breach where other sensitive, personally identifying information is compromised, like your Social Security number and date of birth, things of that nature, that can be much more devastating,” she said.

“That actually gives the thief the ability to act as you,” she said. “They can file for government benefits in your name; they can file a false tax return.”

Perhaps most troubling is that consumer data are no safer now than in past years, despite increasing reports of security failures, said James Thurston, spokesman for the Ohio Bankers League.

“Sadly it isn’t, and the reason why not is because the hackers, cybercriminals are getting more sophisticated. We’re talking about organized crime in places like Russia, China and Eastern Europe,” Thurston said.

“The retailers’ defenses have not kept pace with the sophistication of hackers,” he said.

Chelsey Levingston,

Dayton Daily News

AT A GLANCE

Here are tips to help consumers better protect their information:

Know that online
shopping is riskier than brick-and-mortar sales. Online shoppers should be wary
that the website they are browsing is legitimate. Today, a lot of imitation
websites look like the real thing. Make sure the hardware and software being
used to browse hasn’t been compromised by a virus or malware. At an online
checkout, one of the things to be aware of is that the session with the retailer
is secure. The way to tell is to look for “https” in the website address
and look for the “s” at the end. If there’s no “s,” don’t add any
personal information or credit card number through that website.

Activate online
banking alerts to receive notifications of account activity.

Especially online, pay
with a prepaid card or credit card because there are more protections. With
credit cards, there’s a zero liability or minimal liability for customers from
fraudulent charges. Also, the Fair Credit Billing Act gives customers the right
to dispute credit card charges and temporarily withhold payment while the
dispute is investigated.

Review financial
statements to make sure debit and credit card transactions are reconciled
accurately. Shoppers are encouraged to keep receipts for all purchases, in the
store and online, including order numbers and warranties. That way, when it comes time to reconcile purchases with a statement, those
records are available. In previous data breaches, criminals have attempted to post a small charge to
check for live accounts or to see whether a consumer is monitoring an account.
Larger fraudulent charges could occur hours, weeks or months later.

Alert the bank or
credit union immediately if fraudulent charges or debits are suspected.

Take advantage of free
credit monitoring services if
provided by affected impacted
retailers. Consumers should deal directly with the retailer to avoid falling
prey to phishing scams or other fake credit monitoring offers.

Article source: http://www.dallasnews.com/business/personal-finance/headlines/20141128-data-breaches-put-holiday-shoppers-at-higher-risk-for-fraud.ece

,

No Comments

Data breaches put holiday shoppers at higher risk for fraud

Other than spending too much, one of the biggest risks facing holiday shoppers heading into Cyber Monday is the security of their personal and financial information, say cybersecurity experts.

A year after a pre-Christmas data breach at Target Corp. that affected 40 million debit and credit card records, the chance of another large retailer suffering an attack is high, said Chris Hart, operational risk director for Cincinnati-based First Financial Bancorp. Michaels Stores Inc., Home Depot, JPMorgan Chase Co. and others followed in Target’s wake with their own security lapses in 2014.

Because of the magnitude of compromised data this year, the bigger concern for holiday shoppers than the next hack is how their already stolen information — such as credit card numbers, usernames and passwords — will be used during the busy spending season, Hart said.

“What we’ve seen with the breaches announced by Target and Home Depot and JPMorgan Chase is that we’ve put in jeopardy millions of consumers’ personal information,” he said.

“That loss of personal information is now going to be leveraged by fraudsters who will combine different pieces of that information in opening up unauthorized lines of credit and leveraging it for highly profitable fraudulent endeavors.”

Shoppers should be on high alert for suspicious activity on their bank accounts during the weeks between the Thanksgiving and Christmas holidays.

The number of breaches tracked by the Identity Theft Resource Center, a nonprofit that provides counseling services to identify theft victims, has risen 25 percent in 2014 from the year before. The counseling center compiles media reports and records obtained from state attorneys general, and found 679 data breaches nationwide so far this year.

Data breaches are when fraudsters break into computer systems to steal consumer names, payment card numbers, medical records and other information. Personal cellphones, tablets and computers infected by malware from phishing emails and other scams can also be breached, Hart said.

In fact, Hart says the next big data breach has already happened, but the affected company doesn’t know it yet because it can take weeks or months to detect.

Retail breaches are attention-grabbing, but according to the National Retail Federation trade group, more breaches occur at government agencies (13 percent) and financial institutions (34 percent). According to the association, 10 percent of breaches are at retailers, and 11 percent are at hotels and restaurants.

The Kroger Co. has to constantly modify its systems because the “bad guys” are highly skilled, said Rachael Betzler, a spokeswoman for the Ohio grocery company.

“Data security and privacy are very important to our customers, and Kroger pledges to protect the security and privacy of any personal information customers provide to us, including credit card information,” she said. “Constant vigilance is required to stay ahead of criminals who want to misuse customer payment information.”

Some tips on how consumers can better protect their information:

▪ Online shopping is riskier than brick-and-mortar sales. Online shoppers should be wary about whether the website they are browsing is legitimate. Today, a lot of imitation websites look like the real thing.

Make sure the hardware and software being used to browse haven’t been compromised by a virus or malware.

At an online checkout, one thing to be aware of is that the session with the retailer is secure. The way to tell is to look for “https” in the website address and look for the “s” at the end. If there’s no “s,” don’t add any personal information or credit card number through that website.

▪ Activate online banking alerts to receive notifications by email or text message of account activity.

▪ Especially online, pay with a prepaid card or credit card because there are more protections. With credit cards, there’s zero liability or minimal liability for customers from fraudulent charges. Also, the Fair Credit Billing Act gives customers the right to dispute credit card charges and temporarily withhold payment while the dispute is investigated.

▪ Review financial statements to make sure debit and credit card transactions are reconciled accurately. Shoppers are encouraged to keep receipts for all purchases, in-store and online, including order numbers and warranties.

That way, when it comes time to reconcile purchases with a statement, those records are available.

In previous data breaches, criminals have tried to post a small charge to check for live accounts or to see whether a consumer is monitoring an account. Larger fraudulent charges could occur hours, weeks or months later.

▪ Alert the bank or credit union immediately if fraudulent charges or debits are suspected.

▪ Take advantage of free credit monitoring services if provided by affected retailers. While doing so, deal directly with the retailer to avoid falling prey to phishing scams or other fake credit monitoring offers.

Article source: http://www.kansascity.com/news/business/technology/article4187481.html

,

No Comments

Parking Garages in Chicago, Evanston Hit by Data Breach

Several parking garages in Chicago and Evanston were hit by a data breach this month that could compromise customers’ information and credit card data, a parking facility service provider said Friday.

The parking management company, SP+, said it received notice on Nov. 3 about a data breach at a company that maintains payment card systems in some of their parking facilities.

“An unauthorized person used that company’s remote access tool to connect to computers that process payment cards in a limited number of those facilities,” SP+ said in a statement. “The unauthorized person used the remote access tool to install malware that searched for payment card data that was being routed through the computers that accept payments made at the parking facilities.”

The company said customer information may have been captured in the breach, including the cardholder’s name, card number, expiration date, and verification code.

In total, 17 facilities across the country were affected, including 10 in Chicago and three in Evanston.

Chicago

55 East Monroe, 9/29/2014 – 10/29/2014

Aon Center, 9/29/2014 – 10/30/2014

John Hancock Garage, 9/29/2014 – 11/4/2014

1460 N. Halsted (BlackHawk), 9/29/2014 – 10/29/2014

10 E. Ontario, 9/29/2014 – 10/29/2014

Cumberland CTA, 9/29/2014 – 10/29/2014

500 W Monroe, 9/29/2014 – 10/29/2014

Aqua, 9/29/2014 – 10/29/2014

Presidential Towers, 9/29/2014 – 10/31/2014

120 North LaSalle, 10/6/2014 – 10/29/2014

Evanston

Church Garage, 10/8/2014 – 10/26/2014

Maple Garage, 10/8/2014 – 11/10/2014

Sherman Garage, 10/8/2014 – 11/1/2014

The company urged customers that may have used a credit card at any of the locations to review their bank account statements. Those that discover unauthorized charges should contact the bank that issued their card.

Anyone with questions can call SP+ at (877) 717-0004.
 

News breaks at inconvenient times.  Download one of the NBCChicago mobile apps and have the news come to you. Watch live streaming newscasts, receive critical push notifications on the go and stay in touch with your city around the clock. 

 

Article source: http://www.nbcchicago.com/news/local/Parking-Garages-in-Chicago-Evanston-Hit-by-Data-Breach-284178291.html

,

No Comments

Report: Execs fail to recognise data breach damage

Top tips: Moving to a services-led model


Ron Caines

Five practical steps to changing your business model without disrupting your business

Article source: http://www.channelpro.co.uk/news/8838/report-execs-fail-to-recognise-data-breach-damage

,

No Comments

Retailers’ data breaches could get ‘ugly’ during holiday season

Hold onto your credit cards — cybercriminals are eager to hack them, and this holiday shopping season, there is a good chance they will be successful.

Despite the massive and high-profile data breach at Target last year, in which thieves stole credit card or personal information for up to 110 million people just as the shopping season kicked into high gear, many large retailers remain woefully unprepared to defend against a cyberattack, according to security experts.

Meanwhile, cyberthieves are smarter and more efficient at breaking into retailers’ networks and stealing consumer data, and some credit card companies are ratcheting down fraud protection to speed transactions during the shopping rush. That sets up the holidays to potentially be a whammy of a payday for criminal groups — and puts consumers at greater risk as they enter the biggest shopping season of the year.

Thieves stole credit card or personal information for up to 110 million Target customers last year.

“It’s the perfect time to get boatloads of credit cards in one shot,” said John Kipp, chief operating officer for security firm Sera-Brynn. “The holiday season is a wonderful time for criminals.”

And consumers can expect to pay — as retailers face mounting fines from financial regulators for data breaches, and must invest in pricey new security systems, some experts expect the costs will be passed on to consumers in the form of higher prices.

According to a study by Cambridge-based security firm BitSight Technologies, which analyzed the risk of a breach at 300 large retail companies, 58 percent of retailers are less secure than they were a year ago because more hackers have been getting inside their firewalls and stealing data, often quicker and more stealthily than they were before. Retailers — which just a few years ago weren’t worried about cybersecurity — are struggling to plug the holes in their networks and their vendors’ networks. Many retailers don’t have cybersecurity expertise in their boardrooms, can’t find the cash to invest in the protection they need and are too slow to react in the cat-and-mouse game with cybercriminals, experts say.

“Compared to two years ago, I would say that not much has changed except the urgency by the criminals,” said Martin Ferenczi, president of North American operations for Oberthur Technologies, a digital security company.

The gaps in security suggest data breaches are as inevitable during these next few weeks as the ugly Christmas sweater party and jockeying for parking at the mall. Experts say holiday season is prime time for criminals, who see crowded malls and customers armed with credit cards and shopping lists as easy targets. And this holiday season is expected to be a lucrative one, with the National Retail Federation predicting sales in November and December will grow 4.1 percent over last year to $617 billion, and shoppers will spend about 5 percent more on gifts than last year. Strong job growth, lower gas prices, rising consumer confidence and a tech economy that’s on fire should lead to a particularly spend-happy holiday season in the Bay Area.

“Bad guys know that this is a big shopping season,” said Bob Ackerman, founder and managing director of venture capital firm Allegis Capital and an expert in cybersecurity issues. “Bad guys are on the prowl, they are active, and they know this is a time of year where there is a lot more fish that their net can capture.”

Compounding the risk is that credit card companies usually relax fraud rules between Black Friday and Christmas because they have to process a tremendous volume of purchases in a short period of time, security experts say, and fraud detection often slows down transactions.

Since the start of the year, more than 500 million credit card records have been stolen, according to cybersecurity firm TrapX Security. This year, there have been 20 publicly reported data breaches at major retailers.

“It’s definitely going up,” Kipp said. “We’ve already eclipsed last year in terms of data breaches, and the holidays haven’t arrived yet. I think it’s going to get ugly.”

Retailers have ramped up security plans to protect themselves and their customers after the Target breach, a sweeping hack in November 2013 that convinced most retailers that cyberattacks are a real and unavoidable threat. Still, most corporations have moved too slowly to keep up with cybercrime syndicates, which need only a computer and a savvy hacker to wreak havoc, experts say.

“If the question is how fast can corporate America adopt these new technologies, the answer is it’s going to be too late for this season,” said Carl Wright, general manager and executive vice president of TrapX Security.

Retail industry leaders, however, say credit card companies and banks haven’t taken enough responsibility for protecting consumer data, at times stymieing retailers’ progress. Recently, about 100 retailers joined together to share information about bugs and potential threats, keeping each others’ networks safe, said Mallory Duncan, senior vice president and general counsel for the NRF.

“It’s like having a neighborhood watch so they know the threats in the vicinity,” he said.

There are signs of progress. The study by BitSight Technologies found that three-quarters of retailers who experienced a data breach did improve their security — a bright spot that shows the breach “woke up boards and woke up executive management teams,” and Stephen Boyer, BitSight’s co-founder. These retailers have embraced cybersecurity, not just as a job for the IT department, he said, but as a new way of doing business that involves better technology, buying cyberinsurance, hiring security experts and sometimes replacing top-level executives. Target ousted its CEO following the breach and replaced him with Brian Cornell, known for his data security chops.

These efforts help minimize the risk, but they also cost the retailer, who may pass the buck to the consumer.

“It gets passed on in higher prices,” said Venky Ganesan, managing director and venture capitalist at Menlo Ventures. “It’s the silent pass. They are going to try and pass the entire thing on to consumers.”

Contact Heather Somerville at 510-208-6413. Follow her at Twitter.com/heathersomervil.

tips to Protect yourself from retail hacks

Pay in cash
Use prepaid cards
Avoid debit cards
Don’t make purchases on public WiFi
Secure all your accounts with strong passwords, and change passwords frequently
Store passwords using secure programs such as 1Password or LastPass
Use encrypted websites, which begin with “https”
Carefully review credit card bills
Ask your financial institutions to set up fraud alerts on your accounts
Ask your bank for a credit card with EMV chip technology (Walmart and Sam’s Club have EMV chip card readers)
Update your computer operating system

Sources: Duo Security, Sera-Brynn, Oberthur Technologies, Boston Consulting Group

Article source: http://www.mercurynews.com/business/ci_27025645/retailers-data-breaches-could-get-ugly-during-holiday

,

No Comments

After a data breach, it’s consumers left holding the bag

Shoppers have launched into the holiday buying season and retailers are looking forward to year-end sales that make up almost 20% of their annual receipts. But as you check out at a store or click “purchase” on your online shopping cart, you might be setting yourself up as the victim of a crime.

Good luck getting data out of here, hackers! A far cry from today’s internet-connected registers.
Kozuch, CC BY-SA

Major data breaches at big retail companies have brought this form of cybercrime to the international stage. Between November 27 and December 15, 2013, hackers accessed Target’s point of sale machines – the cash registers – that housed millions of credit and debit card numbers in addition to the names, addresses, email addresses and phone numbers of shoppers. They stole an estimated 40 million credit and debit card numbers. In 2014, hackers stole approximately 56 million customer credit and debit card numbers from Home Depot.

These numbers are astronomical – where does all that stolen information go? And who is behind it?

Hidden hackers

The individuals or groups of people responsible for these kinds of cybercrimes are varied. There are teenage opportunists operating alone, hackers looking for a challenge and even sophisticated organized criminal syndicates. Some criminals simply want to see if they can break through security systems as practice to hone their hacking skills. Speculation circulates that some hacking is state-sponsored; there’s little published research to back it up, but it appears China, for one, engages in cyber espionage.

Criminals seeking to profit from stolen information may open bank accounts in victims’ names or access financial institutions for monetary gain. Of course, no single person is opening 40 million new credit cards. Hackers who steal identities and credit card information in the massive volumes of the Target or Home Depot breaches may break down the millions of credit and debit accounts into bulk batches – groups of 10,000, for instance – and sell them to the highest bidder via online illegal marketplaces, such as those on the Tor Network.

Once personal data is stolen and sold, the possibilities are endless. Criminals use stolen identities to create fake state or country IDs and to purchase things like plane tickets, cars, and weapons. Email addresses become spamming targets. Credit/debit card information is valid as long as the victim remains unaware of the theft. That’s why it’s so important for consumers to vigilantly check their accounts on a regular – even daily – basis.

Some of the biggest headaches come when a criminal steals valid identity details – such as name, date of birth or social security number. It can be extremely challenging for a victim to prove he is the REAL John Doe. Bank accounts can be closed and credit/debit card numbers changed as soon as foul play is detected, but a person’s name and SSN cannot. The greater risk for holiday shoppers is that stolen financial information will be used to make unauthorized purchases, but having someone create a new identity with stolen personal information isn’t outside of the realm of possibility.

Hackers don’t need the plastic to get full use of your credit card numbers.
Cards image via www.shutterstock.com.

(Lack of) legal response

In today’s world, victim and offender no longer need to be in physical proximity. And because of the wide range of cybercrime perpetrators, each with different motives, law enforcement agencies have quite a challenge on their hands. The FBI’s Internet Crimes Complaint Center receives over 250,000 reports each year from victims of cybercrimes, totaling over US$781 million per year in losses. It’s estimated that many times more victimizations are never reported – the so-called “dark figure” of cybercrimes.

Law enforcement agencies struggle to hire and train personnel on detecting and investigating these types of crimes. Currently, if you discover yourself to be the victim of cybercrime, your local police department is probably ill-equipped to handle the case. Instead, your financial institution will most likely work with you to investigate the issue, and you should report the incident to the FBI’s Internet Crimes Complaint Center.

The average financial loss for complaints the FBI received in 2013 (that involved any monetary loss) was $6,245. Each bank has its own policies, but for the most part they eventually remove the fraudulent charges from hacked credit cards – typically after a lot of paperwork on the part of the victimized consumer. Regaining money stolen from a debit card or checking account can be much harder.

Consumers as cybercrime-fighters

While lawmakers consider how to target cybercrime and agencies work out how to equip themselves, it falls to citizens to protect themselves.

  • Request new debit and credit cards from your financial institutions once or twice a year. You’ll receive new numbers and won’t have to pay for the new cards. Change your PIN on a regular basis. Monitor your credit report annually.
  • Don’t over-share on social media. Protect your image and personal info.
  • Never open an email or link from someone you don’t know.
  • Never share passwords or personal info with an untrusted source. When in doubt, call the institution to clarify the situation.
  • Report any suspicious activity or instances of victimization to the FBI’s Internet Crime Complaint Center.
  • Limit the number of online payments you make.
  • Only complete online payments on secured (https) websites from a password-protected computer. Using your smartphone or tablet on a wifi network gives bad guys an easy way to capture your info.
  • Use security software on your devices and perform routine checks to ensure your system is bug-free.

Article source: http://theconversation.com/after-a-data-breach-its-consumers-left-holding-the-bag-33067

,

No Comments

Retailers data breaches could get ‘ugly’ during holiday season

Hold onto your credit cards — cybercriminals are eager to hack them, and this holiday shopping season, there is a good chance they will be successful.

Despite the massive and high-profile data breach at Target last year, in which thieves stole credit card or personal information for up to 110 million people just as the shopping season kicked into high gear, many large retailers remain woefully unprepared to defend against a cyberattack, according to security experts.

Meanwhile, cyberthieves are smarter and more efficient at breaking into retailers’ networks and stealing consumer data, and some credit card companies are ratcheting down fraud protection to speed transactions during the shopping rush. That sets up the holidays to potentially be a whammy of a payday for criminal groups — and puts consumers at greater risk as they enter the biggest shopping season of the year.

“It’s the perfect time to get boatloads of credit cards in one shot,” said John Kipp, chief operating officer for security firm Sera-Brynn. “The holiday season is a wonderful time for criminals.”

And consumers can expect to pay — as retailers face mounting fines from financial regulators for data breaches, and must invest in pricey new security systems, some experts expect the costs will be passed on to consumers in the form of higher prices.

According to a study by Cambridge-based security firm BitSight Technologies, which analyzed the risk of a breach at 300 large retail companies, 58 percent of retailers are less secure than they were a year ago because more hackers have been getting inside their firewalls and stealing data, often quicker and more stealthily than they were before. Retailers — which just a few years ago weren’t worried about cybersecurity — are struggling to plug the holes in their networks and their vendors’ networks. Many retailers don’t have cybersecurity expertise in their boardrooms, can’t find the cash to invest in the protection they need and are too slow to react in the cat-and-mouse game with cybercriminals, experts say.

“Compared to two years ago, I would say that not much has changed except the urgency by the criminals,” said Martin Ferenczi, president of North American operations for Oberthur Technologies, a digital security company.

The gaps in security suggest data breaches are as inevitable during these next few weeks as the ugly Christmas sweater party and jockeying for parking at the mall. Experts say holiday season is prime time for criminals, who see crowded malls and customers armed with credit cards and shopping lists as easy targets. And this holiday season is expected to be a lucrative one, with the National Retail Federation predicting sales in November and December will grow 4.1 percent over last year to $617 billion, and shoppers will spend about 5 percent more on gifts than last year. Strong job growth, lower gas prices, rising consumer confidence and a tech economy that’s on fire should lead to a particularly spend-happy holiday season in the Bay Area.

“Bad guys know that this is a big shopping season,” said Bob Ackerman, founder and managing director of venture capital firm Allegis Capital and an expert in cybersecurity issues. “Bad guys are on the prowl, they are active, and they know this is a time of year where there is a lot more fish that their net can capture.”

Compounding the risk is that credit card companies usually relax fraud rules between Black Friday and Christmas because they have to process a tremendous volume of purchases in a short period of time, security experts say, and fraud detection often slows down transactions.

Since the start of the year, more than 500 million credit card records have been stolen, according to cybersecurity firm TrapX Security. This year, there have been 20 publicly reported data breaches at major retailers.

“It’s definitely going up,” Kipp said. “We’ve already eclipsed last year in terms of data breaches, and the holidays haven’t arrived yet. I think it’s going to get ugly.”

Retailers have ramped up security plans to protect themselves and their customers after the Target breach, a sweeping hack in November 2013 that convinced most retailers that cyberattacks are a real and unavoidable threat. Still, most corporations have moved too slowly to keep up with cybercrime syndicates, which need only a computer and a savvy hacker to wreak havoc, experts say.

“If the question is how fast can corporate America adopt these new technologies, the answer is it’s going to be too late for this season,” said Carl Wright, general manager and executive vice president of TrapX Security.

Retail industry leaders, however, say credit card companies and banks haven’t taken enough responsibility for protecting consumer data, at times stymieing retailers’ progress. Recently, about 100 retailers joined together to share information about bugs and potential threats, keeping each others’ networks safe, said Mallory Duncan, senior vice president and general counsel for the NRF.

“It’s like having a neighborhood watch so they know the threats in the vicinity,” he said.

There are signs of progress. The study by BitSight Technologies found that three-quarters of retailers who experienced a data breach did improve their security — a bright spot that shows the breach “woke up boards and woke up executive management teams,” and Stephen Boyer, BitSight’s co-founder. These retailers have embraced cybersecurity, not just as a job for the IT department, he said, but as a new way of doing business that involves better technology, buying cyberinsurance, hiring security experts and sometimes replacing top-level executives. Target ousted its CEO following the breach and replaced him with Brian Cornell, known for his data security chops.

These efforts help minimize the risk, but they also cost the retailer, who may pass the buck to the consumer.

“It gets passed on in higher prices,” said Venky Ganesan, managing director and venture capitalist at Menlo Ventures. “It’s the silent pass. They are going to try and pass the entire thing on to consumers.”

Contact Heather Somerville at 510-208-6413. Follow her at Twitter.com/heathersomervil.

tips to Protect yourself from retail hacks

Pay in cash
Use prepaid cards
Avoid debit cards
Don’t make purchases on public WiFi
Secure all your accounts with strong passwords, and change passwords frequently
Store passwords using secure programs such as 1Password or LastPass
Use encrypted websites, which begin with “https”
Carefully review credit card bills
Ask your financial institutions to set up fraud alerts on your accounts
Ask your bank for a credit card with EMV chip technology (Walmart and Sam’s Club have EMV chip card readers)
Update your computer operating system

Sources: Duo Security, Sera-Brynn, Oberthur Technologies, Boston Consulting Group

Article source: http://www.mercurynews.com/business/ci_27025645/retailers-data-breaches-could-get-ugly-during-holiday

,

No Comments