With the holiday season fast approaching, the Grinch might not be the only one trying to steal Christmas. The surge in cyberattacks could bring down the typical optimism exhibited by retailers during this time of year, especially as companies hard hit by past data breaches try to cope with security concerns. 

Firms like eBay and Target, which were both scrutinized by the media for their widespread data breaches, are looking to recover from these incidents this holiday season. In 2013, Target discovered it was the victim of a malware attack affecting its point of sale systems at stores throughout the country right in the middle of the busiest shopping period of the year. The attack resulted in the exposure of 110 million records, with financial records accounting for 40 million. 

Like Target, eBay faces potential profit losses as a result of its systems being compromised. Recently, eBay said…

When a company confirms a data breach, this security event can cause ripples in the economy. Not only do the companies that experience the breach have to content with its financial impact, but the payment industry tied to these firms is also particularly hit hard. Facing huge monetary losses from cyberattacks that exposed millions of customers' information, banks and other financial institutions are now guarding against the impact of identity theft and data breaches with the help of biometrics, The Associated Press reported

As cybercriminals are infiltrating sensitive corporate systems and using both high- and low-tech methods for identity theft, banks are now ramping up their use of technological solutions like biometrics to fight fire with fire. The AP report highlighted the growing use of speaker recognition among banks to detect fraudsters and protect consumers. 

The software developed by anti-fraud companies can screen callers during calls…

Major tech companies selling software to educational institutions have recently voiced support for stronger student data privacy by signing a pledge, The New York Times reported. The move by these tech companies – including Microsoft and Houghton Mifflin Harcourt – marks a turning point for the almost $8 billion ed tech industry in protecting student data privacy. Over the past year, the industry has been criticized by parents and teachers for profiting off the information collected by the same software meant to enrich education for students in kindergarten through 12th grade. 

The companies that sign the pledge introduced by Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) promise to be more transparent about how student information is used, according to the website for the privacy pledge. The pledge said firms will not sell student information and only use the data for allowed educational purposes. 


ITRC Trick or Treat

October is a really fun month. The weather is turning, fall is in the air, and of course, there’s Halloween! But how can consumers make sure that October is full of treats, while not falling for any scammers’ tricks? By arming themselves with the facts and the resources to protect their personally identifiable information. (more…)


The Identity Theft Resource Center wants to hear from you!

Are you concerned about the recent spate of financial and retail data breaches at Target, Home Depot, JPMorgan Chase, and others? Take this survey!


With the retail and financial services sectors hit hard by recent reports of massive data breaches, companies not only fear the damage to their reputation, but they also fear the financial impact of these cyberintrusions. As more firms face the possibility of cyberattacks and insider threats, they are increasingly turning to cyberinsurance to protect themselves from the high costs of data breaches.

Ira Scharf, chief strategy officer at BitSight, said cyberinsurance is the fastest growing segment of the insurance industry, with more carriers meeting demand from firms seeking out greater coverage for data breach expenses, Dark Reading reported

Although cyberinsurance can prove effective in helping companies get back on their feet after the devastating financial blow of a major data breach, firms are still at risk for monetary loss if they experience declines in sales as well as consumer and investor confidence.

The question of whether simply having cyberinsurance is…


The massive cyberattack on JPMorgan Chase Bank will impact more than 83 million households and businesses—and hold wide-reaching implications for your individual and commercial customers.

The attack, disclosed in a security filing on Oct. 2 according to Third Certainty, was lead by a group of overseas hackers who gained access to the network through high administration privileges, reaching more than 90 servers and securing account holder names, addresses, phone numbers and email addresses.

The breach comes at a time when persistent cyber attacks on financial institutions and retailers in the United States raise questions about the digital security of corporate America. In the past year, major retailers such as Target and Home Depot experienced significant data breaches.


Shellshock consumers

Shellshock is a software bug that threatens the overall security of the Internet and, by extension, the information you store online and websites you visit.

Shellshock was accidentally introduced into a free software program called Bash that helps people interact with their machines. Bash, developed in 1987, is used in most devices—computers, phones, servers, even cameras and appliances—that connect to the Internet. Linux, Unix and Apple operating systems use it. While it can be found in other systems, like Windows and Android, it is not installed and/or used by default on those systems.

The vulnerability could let hackers take control of a machine remotely to steal data, introduce malware and other nefarious activities. Because Shellshock has existed for about 20 years and was only discovered recently, hackers have had a significant head start on exploiting this weakness….

California law

California has toughened up its data disclosure law, pioneering legislation enacted in 2003 that directs companies and organizations to inform individuals when their personal data is compromised.

An amendment, signed into law this week, has added three additional requirements that could have an immediate impact on your business and how it secures sensitive organizational and customer information:


Londers Wi-Fi

Would you sign over your firstborn to use public Wi-Fi? Some busy Londoners did just that in an experiment to show the need for education around security issues with Wi-Fi usage.

The experiment centered around a popular Wi-Fi spot that required people to “assign their first born child to us for the duration of eternity” when signing up. Six people agreed.

The Cyber Security Research Institute organized the event with backing from Europol and sponsorship from the security firm F-Secure, which won’t enforce the agreement, of course. Researchers also discovered that the mobile hotspot device revealed users’ passwords, a vulnerability that would allow hackers to steal usernames and passwords for accounts holding sensitive information.

We like this study because it’s a good opportunity to review some basic tips for safe public Wi-Fi usage. Keep hackers and data snoops out of your…