IDentity Theft 911 has been nominated for an Advisen Cyber Award and we’re kindly requesting your help. The event is designed to recognize firms and individuals who are guiding and shaping the cyber liability space. (more…)

The Government Accountability Office (GAO) reported that the Securities Exchange Commission (SEC) has several major security weaknesses in its IT system, according to SC Magazine. For example, it does not encrypt sensitive data, nor does it properly identify and authenticate users. This puts the system at risk for data breaches, according to GAO.

"The information security weaknesses existed, in part, because SEC did not effectively oversee and manage the implementation of information security controls during the migration of this key financial system to a new location," GAO wrote in its report.

According to the report, GAO found that access controls were not strong enough because the SEC did not consistently update its software with the latest patches. Additionally, there was not enough segregation of duties between development and production. Thus, a developer's account could be active on a production server, allowing that developer access to files he…

Michaels has confirmed that two different eight-month-long security breaches have exposed up to 3 million credit and debit cards to hackers, according to K​rebsOnSecurity.

Michaels CEO Chuck Rubin writes that the security companies the firm hired to prevent hacks did not initially detect the malware used to steal credit cards.

"After weeks of analysis, the company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms," the statement said.

The hackers managed to steal payment card information, such as credit and debit card numbers and expiration dates, however, customers' names, addresses and debit card PINs do not seem to have been compromised. Additionally, only a smart percentage of Michaels shoppers are predicted to have been affected during this period, according to…

The Canadian Revenue Agency (CRA) discovered April 11 that hundreds of Canadians had their social insurance numbers stolen due to the Heartbleed security bug. However, the agency waited until the April 14 to make this information public because the Royal Canadian Mounted Police (RCMP) asked the CRA to delay notifying the public, according to CBC News.

"Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability," the CRA said in a statement. "Late Friday afternoon, given that further access to data was no longer possible and that we had identified a viable investigative path, the RCMP asked CRA to delay advising the public of the breach until Monday morning. This deferral permitted us to advance our investigation over the weekend, identify possible offender and has helped mitigated further risk."

The "King of Identity Theft"
Murray Rankin, a New Democratic Party critic for…

The number of U.S. citizens who have experienced a data breach has increased, according to Pew Research. In fact, 18 percent of adults have had information stolen via the Internet between 2013 and 2014. Such information could be a Social Security number, credit card or bank account data. In 2013, that number was only 11 percent. The total percentage of adults who have had their email or social networking account hacked was 21 percent, or more than one out of five adults.

Cybersecurity isn't as safe as some may have thought. Companies as large as Target and Neiman Marcus have experienced major data breaches that resulted in the compromise of millions of customers' credit and debit card information. Additionally, the Heartbleed Bug in Internet security protocols used by a large portion of the Web was recently exposed, raising awareness of major…

The best way to keep protected health information secure is for health IT security professionals to treat the information as though it were their own. Health information management professionals can prevent medical identity theft in a number of different ways, following certain strategies, said The American Health Information Management Association (AHIMA) in a recent article.

One such strategy is to treat awareness of medical identity theft as a quality of care issue. Another method is to make patients aware of the dangers of medical identity theft. If patients are aware of the risks that come when their private health information (PHI) is exposed, they will act quickly in the event of a breach. There should also be a policy in place if a breach or act of identity theft occurs – with a clear outline of how to respond if such a thing happens, and then…

Padlock

The green padlock that appears before a website address has long been an indicator of a website’s secure connection. Not anymore.

Security experts have discovered a flaw in the software that provides extra protection for websites. Yahoo, Facebook, Google and Amazon are all working to fix the problem, which could render users’ sensitive information—passwords, Social Security numbers, bank information—vulnerable.

(more…)

GoldJulia Angwin has glimpsed the future of privacy—and it’s going to cost a pretty penny. Angwin, the author of “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance,” told Marketplace Tech how much she spent last year to protect her data: $2,500.

(more…)

Cybercriminals typically prefer to use malware they can buy on the black market, rather than produce their own unique software, according to a Websense threat report discussed by Dark Reading. In fact, most hackers prefer the cheapest, most efficient software they can find for creating data breaches. In other words, creating advanced malware such as Stuxnet from scratch is a relatively rare occurrence.

According to Charles Renert, vice president of Websense Security labs, the number of hackers who purchase exploit kits rather than build their own malware is about 1,000 to 1. Having said that, most of the kits that are utilized by hackers get further modified so that they will continue to work despite fixes to security breaches.

The strategy that most hackers are now employing when buying hacking tools is akin to that used by a business driven by profit and risk management. It…

Recently, hacking attempts have become more sophisticated as an emerging trend, according to a study by IT firm Websense reported by Dark Reading. Although the attacks are not customized to the extent that the software itself is new every time, the software used in attacks have become more sophisticated than previous versions, and often the exploits are personalized enough to bypass most security features and stay one step ahead of security.

"Of the more than 4.1 billion live attacks that Websense technology prevented in 2013, nearly all exhibited techniques to bypass traditional defenses, compromise systems, and persist throughout infected networks in pursuit of confidential data," according to the Websense 2014 Threat report.

The report demonstrated other features of current cyberattacks, such as the fact that in most hacking attempts that involve website reroutes, the number of different websites used averages to four. Website reroutes help to disguise a…