Archive for March, 2017

Malicious outsider data breaches rise nearly 300% in 2016 | Health …

Cyber attackers launched 1,792 data breaches in 2016, which led to almost 1.4 billion data records being compromised worldwide, according to the newly released Breach Level Index (BLI) report from security provider Gemalto.

Identity theft was the leading type of data breach last year, accounting for 59 percent of all data breaches, the report said. More than half of the organizations hit with data breaches (52 percent) in 2016 did not disclose the number of compromised records at the time they were reported.

Jason Hart

The BLI is a global database that tracks data breaches and measures their severity based on multiple factors such as the number of records compromised, type of data, source of the breach, how the data was used, and whether or not the data was encrypted.

Also See: Why artificial intelligence is needed to prevent cyber attacks

By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing data breaches that are not serious from those that are truly impactful, Gemalto said. According to the BLI, more than 7 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches. That amounts to more than 3 million records compromised every day.

In 2016, the top 10 breaches in terms of severity accounted for more than half of all compromised records. Identity theft was the cause of 59 percent of all data breaches, up 5 percent from 2015. The second most prevalent type of breach in 2016 was account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 percent of all breached records. That’s an increase of 336 percent from the previous year.

This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information, the report said.

Malicious outsiders were the leading source of data breaches, accounting for 68 percent of the attacks, up from 13 percent in 2015. The number of records breached in malicious outsider attacks increased by 286 percent from 2015.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.


White Paper

Solving practical problems with healthcare analytics

Partner Insights
Sponsor Content From:

Article source: https://www.healthdatamanagement.com/news/malicious-outsider-data-breaches-rise-nearly-300-in-2016

,

No Comments

Feds: Nothing illegal in alleged KSU voter data breach

Those core systems are “air-gapped,” meaning they are not connected to the internet and are not connected to the KSU server involved in the investigation. The center uses the systems to help the state build and duplicate the digital lists of eligible voters used by poll workers in each of the state’s 3,000 precincts to verify voters’ names, addresses and registration.

Article source: http://www.ajc.com/news/state--regional-govt--politics/feds-nothing-illegal-alleged-ksu-voter-data-breach/OfFe6B22cpV1sS1dh9F5HI/

,

No Comments

Probe into ‘serious data breach’ after document revealing details of MPs’ staff wrongly posted online

The watchdog responsible for MPs’ pay and expenses is investigating a “serious data breach” after a document containing confidential details about MPs’ staff was wrongly posted online.

The Independent Parliamentary Standards Authority (Ipsa) said the document was uploaded in error on an old website on Thursday night.

The “confidential personal information” included details about MPs’ staff names, salaries, rewards, working patterns and holiday entitlements.

However, a spokesman insisted that the information would not have created a security risk after it was posted for about four hours last night.

He added that it would only have been accessed by a “small number” of people and that it had taken one hour to remove from the organisation’s website after officials were first notified of the breach.

In a letter to politicians, Ipsa chief executive Marcial Boo wrote: “We take information security very seriously and the safety and security of MPs and their staff is a priority.

“An investigation is currently underway and we have notified the Information Commissioner. We will be writing directly to all of those affected.”

Ipsa was originally set up in the wake of the 2009 MPs’ expenses scandal so that parliamentarians were no longer responsible for setting their own pay and conditions.

It quickly faced a backlash from some MPs with complaints of late payments and an overly-complicated computer system.

It faced further controversy in 2015 when it handed MPs a 10% pay rise – taking their annual salary from £67,000 to £74,000 – at a time of public sector pay restraint.

Article source: http://www.itv.com/news/2017-03-31/probe-into-serious-data-breach-after-document-revealing-details-of-mps-staff-wrongly-posted-online/

,

No Comments

Nearly 400 2017 Data Breaches Have Exposed More Than 7 Million Records

The latest report from the Identity Theft Resource Center (ITRC) indicates that there have been 392 data breaches recorded this year through March 28, 2017, and that nearly 7.4 million records have been exposed since the beginning of the year. The total represents a 51% increase in the number of breaches to date compared with 2015.

A massive data breach at America’s JobLink (AJL) reported last week exposed personal information on 4.8 million job seekers in 10 states. The exposed information includes the names, Social Security numbers and birth dates of job seekers in Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont.

ALSO READ: Retailers Closing the Most Stores

According to AJL, a hacker exploited a vulnerability in AJL’s application code to get the information. The breach was first noticed on March 12 and confirmed on March 21.

The business sector leads all sectors in the number of records compromised so far in 2017, with more than 5.2 million exposed records in 206 incidents. That represents 52.6% of the incidents, and 71.4% of the exposed records so far in 2017.

The medical/health care sector has posted 24.7% (97) of all data breaches. The number of records exposed in these breaches totaled tops 2 million, or about 27.5% of the 2017 total.

The government/military sector has suffered 20 data breaches to date in 2017, representing about 0.6% of the total number of records exposed and 5.1% of the incidents. More than 44,000 records have been compromised in the government/military sector.

ALSO READ: Youngest County in Every State

The educational sector has experienced 61 data breaches since the beginning of the year. The sector accounts for 15.6% of all breaches for the year and more than 40,000 exposed records, about 0.5% of the year’s total.

The number of banking/credit/financial sector breaches now totals eight, just 2% of the total incidents reported so far this year. No records have been reported to be compromised in these incidents.

Since beginning to track data breaches in 2005, ITRC had counted 7,291 breaches through March 28, 2017, involving about 889 million records.

Related Articles

Article source: http://finance.yahoo.com/news/nearly-400-2017-data-breaches-152534084.html

,

No Comments

Feds pull student aid tool after potential data breach

BOSTON (AP) – Families applying for federal student aid are facing extra hurdles this year after a potential data breach led federal officials to remove an online tool that smoothed the process.

Federal officials say an online service known as the Data Retrieval Tool will stay offline until the next application period. In the past, families could use the tool to import their tax information automatically to a complex form needed to obtain federal aid.

Now families filing the form will have to fill out their tax information manually using old tax returns, an obstacle that could deter some families from filing.

Federal officials removed the online tool in early March after finding that identity thieves may have used stolen personal information to access the online tool and steal additional information.

(Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)

Article source: http://www.kolotv.com/content/news/Feds-pull-student-aid-tool-after-potential-data-breach-417752793.html

,

No Comments

‘Serious data breach’ as MPs’ staff names and salaries wrongly posted online

The Independent Parliamentary Standards Authority (IPSA) has said it is investigating a “serious data breach” after a document containing details of MPs’ staff names and salaries was wrongly posted on the internet.

In a letter to MPs, the organisation’s Chief Executive, Marcial Boo, revealed that “extremely sensitive personal information” about parliamentary staff had been mistakenly published on its old website.

“I am very sorry to have to inform you that last night there was a serious data breach on the old IPSA website,” he wrote to MPs. “Some documents were published in error.”

“These should not have been made public as they contained confidential personal information about MPs’ staff names, salaries, rewards, working patterns and holiday entitlements.”

The IPSA boss insisted, however, that no information that might compromise staff security had been published. 

“I would like to reassure you that no information relating to the security of the individuals affected was made public – no addresses, no bank account details, no phone numbers, and no National Insurance numbers were disclosed,” he wrote.

The information remained online for around four hours and was removed by IPSA “within an hour” of it being notified about the issue.

The watchdog said it takes information security “very seriously” and considered the safety of people working in Parliament to be “a priority”. It is currently investigating how the information was made public and will directly contact all those affected by the breach.

  • 1/20

    Digital Economy Bill

    • Give every household the legal right to fast broadband – but if they live in some remote areas, they’ll have to pay part of the cost themselves

    • Phone and broadband companies to be forced to release details of customer complaints and average broadband speeds

    • New powers to allow public bodies like councils and government department to share swathes of data – including unpaid bills

    Controversy Rating: 1/5

    Change Britain Rating: 3/5

  • 2/20

    Transport Bill

    • New laws to govern the development of driverless cars, drones and space planes which the Government hopes will encourage investment in the new technologies to take place in the UK

    • Making it legal for customers to buy insurance for driverless vehicles

    Controversy Rating: 1/5

    Change Britain Rating: 4/5

    This content is subject to copyright.

  • 3/20

    Planning Bill

    • Giving legal powers to villages and towns to set their own priorities for new housing. They won’t be able to turn down new homes, but they will have a say in where they can be built

    • Create a new National Infrastructure Commission to push through big projects such as nuclear power stations and new rail and road links – cutting the amount of time it takes to develop them

    Controversy Rating: 3/5

    Change Britain Rating: 3/5

  • 4/20

    Jobs Bill

    • Give powers to local authorities to reduce the level of business rates they charge. City Mayors would also be able to increase rates in some areas to pay for specific infrastructure projects to that would boost local growth

    Controversy Rating: 2/5

    Change Britain Rating: 2/5

    This content is subject to copyright.

  • 5/20

    Markets Bill

    • Making it easier for consumers to switch electricity and gas suppliers

    • Cutting down the time it takes for the Competition and Markets Authority to launch investigations into uncompetitive practices

    Controversy Rating: 1/5

    Change Britain Rating: 3/5

  • 6/20

    Bus Services Bill

    • Give local authorities and mayors powers to set standards for local buses – including frequency of services and fairs

    • Force all bus companies to provide real time information on services to app developers so everyone across the country will have the same ability as Londoners to know when the next bus is coming on their smart phone

    Controversy Rating: 1/5

    Change Britain Rating: 3/5

    2007 Getty Images

  • 7/20

    NHS Overseas Charging Bill

    • Increasing the number of services for which the NHS charges foreign patients

    • Reduces the number of people from the European Economic Area who are eligible for free services

    Controversy Rating: 1/5

    Change Britain Rating: 1/5

    2016 Getty Images

  • 8/20

    Pensions Bill

    • Capping early exit fees on company pension schemes

    • Create a new pensions guidance body to help consumers know their pension rights – and make best use of previous Government reforms allowing pensioners the right to take the money they have saved in a lump sum on retirement to invest how they like

    Controversy Rating: 1/5

    Change Britain Rating: 3/5

  • 9/20

    Children and Social Work Bill

    • New obligation on councils to be a ‘corporate parent’ to children in care and look after them even after they have grown up

    • Giving all children leaving care a personal advisor to help them find jobs, secure a home and deal with any problems

    • Create a new regulator for social work along the lines of Ofsted to drive up standards in the profession

    Controversy Rating: 2/5

    Change Britain Rating: 3/5

  • 10/20

    Education Bill

    • Force failing local authorities to convert all the schools in their area to academies

    • Reform school funding to address long standing disparities across the country that has disadvantaged schools in some rural areas

    Controversy Rating: 3/5

    Change Britain Rating: 2/5

    2015 Getty Images

  • 11/20

    Higher Education Bill

    • Making it simpler and easier for companies and other providers to set up new universities around the country. Ministers want to encourage institutions like Harvard and companies like Google to consider setting up campuses in the UK

    • Allowing universities who have been rated “excellent” for teaching to charge more than those who are not

    • Law to force universities to publish information about their application processes broken down by ethnicity, gender and socio economic background

    Controversy Rating: 2/5

    Change Britain Rating: 4/5

  • 12/20

    Prisons and Courts Bill

    • New law to create ‘reform prisons’ giving governors powers to set their own regimes and budgets

    • Obligation to publish re-offending rates by prison

    Controversy Rating: 2/5

    Change Britain Rating: 4/5

    2016 Getty Images

  • 13/20

    National Citizen Service Bill

    • New law to force schools to promote NCS to all 16 year olds and putting the scheme for the first time on a statutory footing

    Controversy Rating: 1/5

    Change Britain Rating: 3/5

  • 14/20

    Lifetime Savings Bill

    • Putting into law a Government plans to give people on working tax credits who save £50 a month a Government “bonus” of £50 up to a maximum of £300 a year

    Controversy Rating: 1/5

    Change Britain Rating: 2/5

  • 15/20

    Soft Drinks Industry Levy Bill

    • Introduce a sugar tax on soft drinks to fund school sports

    Controversy Rating: 3/5

    Change Britain Rating: 5/5

  • 16/20

    Bill of Rights

    • A new bill of rights to replace the Human Rights Act that will be based on the European Convention of Human Rights but will also take account of English common law

    Controversy Rating: 5/5

    Change Britain Rating: 4/5

    This content is subject to copyright.

  • 17/20

    Counter-Extremism Bill

    • New civil powers to allow authorities to ban so-called “extremist preachers”

    • New powers to intervene in Madrassas and other unregulated environments where children are present

    • New undisclosed powers to come out of Louise Casey’s review of Muslim integration

    Controversy Rating: 5/5

    Change Britain Rating: 4/5

  • 18/20

    Criminal Finances Bill

    • Make it an offence for companies not to stop their staff facilitating tax evasion

    • New undisclosed powers for courts to recover criminal assets

    Controversy Rating: 1/5

    Change Britain Rating: 1/5

    2016 Getty Images

  • 19/20

    Cultural Property Bill (Armed Forces)

    • Making it illegal for UK troops to damage cultural property in conflicts at home or abroad

    Controversy Rating: 1/5

    Change Britain Rating: 1/5

  • 20/20

    Wales Bill

    • Bill to put plans for further Welsh devolution on a statutory footing – following the new powers recently given to the Scottish Parliament

    Controversy Rating: 2/5

    Change Britain Rating: 3/5

The news comes amid ongoing fears about the safety of parliamentary staff. New security training and guidelines were issued after Labour MP Jo Cox was murdered in her constituency last June.

Fears about security at the Palace of Westminster re-emerged when attacker Khalid Masood was able to breach the building’s security perimeter and stab PC Keith Palmer to death before being tackled by armed police. The Met Police has said a full review of security on the parliamentary estate is underway. 

IPSA has previously been criticised over its decision to award MPs an 11 per cent pay rise while other public sector salaries remained frozen. A number of parliamentarians have previously complained that the watchdog is inefficient and overly bureaucratic. 

  • More about:
  • Independent Parliamentary Standards Authority
  • Parliament

Article source: http://www.independent.co.uk/news/uk/politics/ipsa-investigate-mp-seriousdata-breach-staff-names-salaries-internet-post-wrongly-a7660811.html

,

No Comments

Feds pull student aid tool after potential data breach

BOSTON (AP) — Families applying for federal student aid are facing extra hurdles this year after a potential data breach led federal officials to remove an online tool that smoothed the process.

The Education Department and the Internal Revenue Service said Thursday that an online service known as the Data Retrieval Tool will stay offline for the rest of this application season. In the past, families could use the tool to import their tax information automatically to the Free Application for Federal Student Aid, a complex form needed to get federal aid.

Now families filing the form will have to fill out their tax information manually using old tax returns, an obstacle that some education experts fear will deter families from filing.

“It’s not impossible, but it it’s going to make it more difficult,” said Justin Draeger, president and chief executive of the National Association of Student Financial Aid Administrators. “Not everybody has access to their prior year’s return.”

Federal officials unexpectedly removed the online tool in early March, at a time when many families across the U.S. were applying for aid. The IRS later said they shut it down because identity thieves may have used personal information “obtained outside the tax system” to access the online tool in an attempt to steal further data.

Identity thieves could use that information to generate fake tax returns and claim the tax refunds. The IRS said it’s still trying to determine how many taxpayers might have been affected, but added that the agency had already stopped some questionable tax returns that were filed by users who accessed the tool.

IRS Commissioner John Koskinen acknowledged the inconvenience, but said the agency couldn’t risk the safety of taxpayer data.

“Protecting taxpayer data has to be the highest priority, and we will continue working with (the Education Department office that handles student aid) to bring this tool back in a safe and secure manner,” Koskinen said in a statement.

For families that don’t have copies of their tax returns, the IRS suggests trying to retrieve the documents from their tax preparers or the software they used to file it. If needed, the IRS can also provide a tax transcript that includes a summary of previously filed tax returns.

The tool’s absence could cause extra work for colleges, too. The IRS routinely asks campuses to verify the tax information on the form from certain students as a security measure. In the past, students who didn’t use the online tool were more likely to be selected for extra verification, Draeger said. Some colleges have already noticed an increase in verification requests this year.

“If nobody is using the IRS data retrieval tool, it’s unclear whether this is going to throw a wrench into their income verification modeling,” Draeger said.

Federal officials say the data tool will remain offline until the start of the next FAFSA season, which typically begins Oct. 1.

Article source: http://wwlp.com/2017/03/30/feds-pull-student-aid-tool-after-potential-data-breach/

,

No Comments

Malicious outsider data breaches rise nearly 300% in 2016

Cyber attackers launched 1,792 data breaches in 2016, which led to almost 1.4 billion data records being compromised worldwide, according to the newly released Breach Level Index (BLI) report from security provider Gemalto.

Identity theft was the leading type of data breach last year, accounting for 59 percent of all data breaches, the report said. More than half of the organizations hit with data breaches (52 percent) in 2016 did not disclose the number of compromised records at the time they were reported.

Jason Hart

The BLI is a global database that tracks data breaches and measures their severity based on multiple factors such as the number of records compromised, type of data, source of the breach, how the data was used, and whether or not the data was encrypted.

Also See: Why artificial intelligence is needed to prevent cyber attacks

By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing data breaches that are not serious from those that are truly impactful, Gemalto said. According to the BLI, more than 7 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches. That amounts to more than 3 million records compromised every day.

In 2016, the top 10 breaches in terms of severity accounted for more than half of all compromised records. Identity theft was the cause of 59 percent of all data breaches, up 5 percent from 2015. The second most prevalent type of breach in 2016 was account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 percent of all breached records. That’s an increase of 336 percent from the previous year.

This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information, the report said.

Malicious outsiders were the leading source of data breaches, accounting for 68 percent of the attacks, up from 13 percent in 2015. The number of records breached in malicious outsider attacks increased by 286 percent from 2015.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.


Infographic

Telehealth: The new normal for patient care

Partner Insights
Sponsor Content From:

Article source: https://www.healthdatamanagement.com/news/malicious-outsider-data-breaches-rise-nearly-300-in-2016

,

No Comments

Managing the Rise in Hospitality Data Breaches

You are responsible for reading, understanding and agreeing to the National Law Review’s (NLR’s) and the National Law Forum LLC’s  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review – National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558  Telephone  (708) 357-3317 If you would ike to contact us via email please click here.

Article source: http://www.natlawreview.com/article/managing-rise-hospitality-data-breaches

,

No Comments

We cannot accept data breaches as the new normal

Something as innocent and constructive as applying for a job online should not be a cause for concern for identity theft. Yet, this week, Delawareans who utilized a national database connecting job seekers with employers were the victims of a malicious hacker.

While no Delaware computer system was breached, the Delaware Department of Labor is part of a 10-state web-based alliance to serve job seekers through American JobLink (AJL), the national database that was breached. An application was exploited to enable fraudulent access to users’ names, dates of birth and Social Security numbers. AJL brought in the Federal Bureau of Investigation’s (FBI) cybercrime unit and hired computer experts to immediately secure its systems so that the JobLink website is now safe for users. The Delaware Department of Labor immediately notified the media and users of the potential breach with advice on how to protect personal information.

There is now a toll-free call center impacted Delaware JobLink users should call immediately: (844) 469-3939. The call center is open Monday through Friday from 9 a.m. until 9 p.m. EST through at least April 5.

Furthermore, based on Delaware Department of Labor demands, AJL is agreeing to three years of free credit reports for impacted Delaware JobLink users and will provide up to $25,000 for identity restoration for any Delaware JobLink user whose identity was in fact stolen as a direct result of the AJL website data breach.

Delaware JobLink users who call the toll-free number listed above will be given an access code to enroll in Equifax’s free credit report monitoring. Impacted users must enroll within the next 90 days, or by mid-June 2017.

But we understand that is not enough. In our Internet-dominated world of smart phones, computers, and other personal devices, we must all take extra steps to secure our personal information. The Department of Labor is working to limit the use of sensitive personal information, such as Social Security numbers, however, there are some federal unemployment and job training services that require social security numbers to receive benefits and services.

Further, the Department of Technology Information mandated several years ago that companies doing business with the State of Delaware agree and adhere to 13 very strict contractual agreements to protect Delawarean’s sensitive personal information. We will continue to strengthen these protections to thwart the deceit and exploitation of hackers.

There are steps you can take to monitor your personal information. In addition to free credit reports, you can put a fraud alert on your accounts so that you are notified immediately of suspicious activity. Here is the contact information if Delaware JobLink users want to contact credit reporting agencies beyond the free three-year service provided through Equifax.

You may also contact the IRS Identity Protection Specialized Unit at 1-800-908-4490. See identitytheft.gov/databreach for additional follow-up steps.

In addition, if you believe a fraudulent income tax return may have been filed using your personal information please contact the Delaware Division of Revenue at 1-800-292-7826 or 302-856-5358 or visit www.revenue.delaware.gov for more information regarding identity theft.

All of us rely on the efficiency of computers and smart phones to live our lives. You need to trust that state and federal agencies, as well as private companies, are trying to stay one step ahead of deceitful people who want to illegally obtain your personal information. For those who used Delaware JobLink our advice is: stay vigilant, closely monitor your credit reports and take advantage of the free services being provided to protect your personal information.

Dr. Patrice Gilliam-Johnson is the Delaware Secretary of Labor. 

Article source: http://www.delawareonline.com/story/opinion/contributors/2017/03/30/we-cannot-accept-data-breaches-new-normal/99832342/

,

No Comments