by Christopher Maag
Now even your video games can be hacked. Sony announced recently that all 77 million people who use their PlayStations to play online video games may have had their names, and maybe their credit card numbers, stolen by hackers. The hackers also obtained users’ addresses, birthdays and billing history.
The data breach forced Sony to shut down the online gaming network last week.
“We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience,” the company said in a press release. “Our teams are working around the clock on this, and services will be restored as soon as possible.”
Hackers gained access to the network from April 17 through April 19. Sony has not released yet how the breach occurred, but said in press releases that it is working to figure out how the hackers gained access. The breach affected Sony’s PlayStation Network, which people can use for online games and access to music, TV shows, and movies, as well as Qriocity, its cloud music subscription service.
In light of recent announcements regarding major breaches and stolen PII (personally identifiable information) of Epsilon clients, celebrities and now Sony’s PlayStation gamers, you may be left thinking, “what do I do if this involves me?”
Identity Theft 911 experts have recently assembled the best tips to help you from falling victim to the several potential dangers and scams resulting from these illegal activities.
But, the Sony PlayStation breach presents consumers with a new set of challenges to keep compromised data safe. The large scale of the breach, coupled with a demographic that includes many minors, makes for a perfect storm for identity thieves.
Some tips to stay safe after an online breach:
1. Determine if you were impacted – ask your kids and significant other if they have a PlayStation or Qriocity gaming account.
2. Check your PlayStation account for the type of information in your profile to give a better idea of what is out there and what data may have been compromised.
By Ondrej Krehel, Identity Theft 911
You pull up to the gas station and wave a tiny magic wand. The pump starts automatically and, without a card swipe or a stroll inside to pay the attendant, your linked credit card is tapped for that full tank of fuel. It’s a familiar situation for any ExxonMobile customer with a Speedpass.
Now imagine that the Speedpass works for all purchases, from groceries to movie tickets. And rather than a tiny wand dangling from your key chain, the magic is embedded in your credit card itself.
This is the direction all the major credit companies are moving. RFID or Radio Frequency Identification could make the magnet swipe on the back today’s credit card something like the typewriter. But is it secure?
RFIDs or RF tags are basically one-way, read-only radio transmitters. They’re always on and when placed near a receiver they send the information needed to, say, complete a purchase. The concern is whether this information can be intercepted, stolen by just simply reading it, or hijacked and then used to commit fraud or an identity theft scam.
On April 26, Sony’s PlayStation Network (PSN) announced more bad news regarding an outage that occurred between April 17 and April 19 – customers’ information, including email addresses, names, home addresses, passwords, date of birth and perhaps even credit card information – may have been compromised due to an invasion into the network. With approximately 77 million users, this breach is cited as possibly one of the biggest data breaches ever, according to the folks at MSNBC.
Identity Theft 911 expert Brian McGinley, senior vice president of data risk management, commented that “when it comes to cyber-crime, for businesses, it’s no longer a case of if but rather a case of when.” Sony was aware that there were a number of malicious entities gunning for them and still was not able to secure their company from this attack. Regardless of their best efforts, major companies are still getting routinely beat by the bad guys – and it is dangerous, expensive and a threat to commerce and consumers. Fortunately, Sony has the resources to respond, remediate, and recover – whereas a smaller business entity could be brought to its’ knees and put out of business.
By Ondrej Krehel, Identity Theft 911
Engadget is a regular morning stop for consumer tech news and I can’t stop thinking about its recent posts on the Google kill switch.
It all started when Google removed 21 malicious apps from the Android Market, the app store for the Google smartphone OS. It later came out that there were 56 malicious apps affecting at least 260,000 users. The apps were up to all kinds of no good, including uploading phone information to third parties and setting up backdoors so new software can be remotely installed.
Then Google flipped the kill switch.
This company-installed backdoor—Apple and Microsoft phones have them, too—allowed Google to remotely access its users’ phones and delete the offending apps. It went one step further by installing a new security patch. Think of it as an auto-update and auto-delete, over which you have no control.
Tim Burton, Tommy Lee Jones and even Gaylord Focker, a character from the “Fockers” movies, are the latest celebrity victims of identity theft.
A California couple allegedly created 200 blank access cards and fraudulent credit-account paperwork for them and other Hollywood stars, according to the Los Angeles Times.
Ex-convict Christopher Herrick, 43, and Traci Godlef, 42, were arrested on suspicion of identity theft and forgery at the Glendale, Calif., motel where they were living.
In their motel room, police found a credit history report with the name “Gaylord Focker” (played by actor Ben Stiller) and an address in Van Nuys. They also located computer equipment including hard drives, printers and scanners.
Sophisticated cyberthieves grab headlines because law enforcement focuses on identity theft crime rings with a high volume and global reach, said Brian McGinley, senior vice president of data risk management at Identity Theft 911.
By Ondrej Krehel, Identity Theft 911
Email addresses and names exposed in the Epsilon breach can reveal more about consumers than we thought, especially when they’re connected to the world’s largest drug maker.
GlaxoSmithKline said the breach affected consumers who were registered on its websites for prescription and nonprescription drugs and products. Glaxo used Epsilon to handle its email marketing campaigns. When hackers broke into Epsilon’s database earlier this month, they stole subscriber lists for more than 100 companies, including financial institutions and retailers.
Interested in antidepressants? Cancer treatments? HIV drugs? Now the hackers may know that, too. And the way current laws are structured victims can’t expect any direct financial compensation for what amounts to medical information breach. (Can we call this a HIPPA light violation?)
But that could change. Senators Kerry and McCain are pushing for a new commercial privacy bill of rights that would require companies to keep consumer data, such as emails and names, secure in an encrypted format. The bill would also require “managerial accountability” and implement processes for responding to nonfrivolous consumer inquiries.
By Eduard Goodman, Identity Theft 911
For the past three years, companies have tracked how consumers surf the Internet—what we buy, read and eat—with little to no self-regulation. They’ve collected our personal information, created profiles on us and sold them to advertisers without our consent.
Now, we’re seeing a push for legislation that would protect our privacy online.
In February, Representative Jackie Speier, a Democrat from California, introduced a bill that would give the Federal Trade Commission the authority to establish a Do Not Track system for consumers who don’t want their online activity monitored. The system would offer consumers an opt-out mechanism, similar to the National Do Not Call Registry.
Rep. Speier’s draft legislation does a great job of expanding the definition of private data to cover any information transmitted online that contains or tracks an individual’s online activity; any unique identifiers specific to the individual, such as an IP address; and personal information, including name and email address.
by Christopher Maag
How many websites do you currently visit that require you to log in with a username and password? Five? Dozens? And how many times do you type the same password into many different sites? If you’re like most people, you probably don’t invent an entirely new password for each site. How could you possibly remember them all?
This is just one way in which the current system of online security is broken, according to the Obama administration. Now the Commerce Department has a roadmap for figuring out how to fix it. The department recently released a “National Strategy for Trusted Identities in Cyberspace,” and it’s intended to bring new levels of trust to online commerce.
“The fact is that the ‘old’ password and user-name combination we often use to verify people is no longer good enough. It leaves too many consumers, government agencies and businesses vulnerable to ID and data theft,” Commerce Secretary Gary Locke said in a press conference. “This is why the Internet still faces something of a ‘trust’ issue. And it will not reach its full potential—commercial or otherwise—until users and consumers feel more secure than they do today when they go online.”
By Brian McGinley, Identity Theft 911
When it comes to instituting a security protocol at your business—be it a Fortune 500 company or a three-man shop—you have to establish expectations and trust your employees to do the right thing. If you can’t trust them, it’s time to find some new people.
Security is a journey, not a destination, and it begins with education. Employers need to show their staff why security is important and what good security looks like. Then they need to trust workers to adopt and implement best practices and regularly monitor the results.
Sure, there are technical elements that must be in place, but beyond that security is a mindset. Privacy by Design, an approach that calls on companies to build privacy into their infrastructures, is good for both businesses and consumers. The FTC and many big Internet firms are behind this philosophy, which is also an attitude, a management style. You, as a business leader, need to model this style, this behavior, for your employees, your peers, your executive management and your clients. It’s about showing people what exactly is the right thing to do—even when no one is looking!