Archive for July, 2013

As Americans hit the road this summer for road trips and other vacations, many may be accessing public wireless networks along the way to stay in touch with friends and family back home, check their emails or do some research on their destination. Next month, college students will start heading back to campus, too, and begin using public computers in school libraries. However, consumers should be careful when logging into public networks to ensure their personal online information is safe.

While public Wi-Fi spots, such as those in coffee shops and airports, are convenient, they can also be a hot spot for cyber criminals. These Wi-Fi networks are ripe for hacker exploitation because they function much like old-fashioned telephone party lines, according to the University of Virginia's Information Technology . Taking some extra steps for precaution can protect against the possibility of identity theft.

Wi-Fi Safety
If using a personal computer to access public Wi-Fi networks while on the go, there are a number of things you can do to protect the device from hackers. Before taking off on a trip, enable Secure Sockets Layer (SSL) connections on your most-used websites, . SSL connections encrypt the information exchanged on a website, making it difficult for hackers to access it. Gmail, Twitter and Facebook, for instance, have such SSL connection options. Clicking on the "Always Use HTTPS" option in Gmail and Twitter, for instance, will enable this security feature.

Turning off the Wi-Fi connection option on your computer before heading out to the airport or other destination where public networks are available is also a smart way to keep hackers out. This will ensure your computer does not hook up to a public network on its own, possibly putting your online information at risk. Once you have arrived at a destination and want to access the Internet, this Wi-Fi option can be turned back on.

For business travelers, using a virtual private network also ensures online safety while on the road. Many companies offer network access to employees while they are traveling, allowing them to hook up to the company's VPN outside the office. A VPN will act as a shield to outside attacks, the LA Times said.

Public Computer Safety
Public computers don't need to have anti-spyware programs installed on them – there are no regulations requiring such protection. So taking extra precaution becomes a necessity to ensure your personal information is kept secure.

Remembering to log out of a website is absolutely a must when using a public computer. Closing the browser window will not necessarily log a person out of a website, leaving that information accessible to the next person who uses the computer. Make sure websites, such as social networks, do not automatically save login information on the computer, as well.

Selecting the option to "browse privately" will also erase your tracks on a public computer. Erasing the history and temporary Internet files once you are done using the computer is another smart step.

Matt Cullina is chief executive officer of IDentity Theft 911.

Data privacy and security took center stage in the news this week when it was announced five men had been indicted in what could be the largest-known data breach scheme in the United States. A report announced by McAfee this week also shined a light on just how expensive cybercriminal activity costs U.S. companies every year: around $100 billion. An Internet scam targeting the birth of the royal baby in Britain and identity theft fears from U.S. veterans also made news this week.

Cybercrime Is Expensive
Companies were reminded how important it is to have proper data breach protection solutions in place when McAfee release a report conducted by the Center for Strategic and International Studies that showed the economic impact of a data breach to a business ranges from $20 billion to $140 billion a year. This is equivalent to about 508,000 lost jobs, the report said. The estimates are even lower than other reports, this week.

Five Men Charged in Largest Data Breach in U.S. History
Five men – four Russians and a Ukrainian – were indicted after U.S. prosecutors say they hacked into more than a dozen company networks and stole more than 160 million credit card numbers, causing the loss of hundreds of millions of dollars. The men, who range in age from 26 to 32, started the scheme in 2005 and hacked into databases of companies including J.C. Penney, 7-Eleven and JetBlue, . They were able to access systems by using a SQL Injection attack, which specifically targeted vulnerable databases, . The men then placed malware into the system, allowing them to repeatedly gain access to it.

Scammers Use News of Royal Baby to Lure Consumers Into Identity Theft Scheme 
As news emerged this week of the birth of the royal baby, so did an increased number of online scams. Scammers lured Internet users to click on a link by promising images and videos of His Royal Highness Prince George of Cambridge. However, once they arrived at the site, the user was asked to download the video player (which was actually malware) or "register" to the site (a phishing scam), . One spam-blocking service reported seeing more than a million scam emails of this sort.

Vet Worries About Sharing Too Much Personal Information Online
Tropp ID and SheerID are services that offer military veterans and their spouses special deals and discounts. However, one retired Army lieutenant colonel recently wrote into the Navy Times saying these sites were asking for what he believed was too much personal information. These sites were asking for vets' to provide a date of birth and the last four digits of their Social Security numbers, among other information. Blake Hall, CEO of Troop ID, responded, saying the company only asks for the minimum information for the site to verify a person did in fact serve in the military. SheerID also tried to reassure users that retailers cannot view personal verification information and SheerID cannot see payment information, .

Matt Cullina is chief executive officer of IDentity Theft 911.

A number of states are taking a second look at how they collect and sell patient health information. The move comes as a result of a June report from Bloomberg News and a Harvard University professor that showed some patient information was at risk of being exposed to the public due to Washington state selling medical data.

A number of state public-health agencies collect patient data and sell it to researchers and companies like data-mining firms, . They are exempt from the federal law for medical privacy, the Health Insurance Portability and Accountability Act. Though the information public health agencies sell does not contain names, addresses or dates of birth, it may include postal codes of where the patient lives, their age and when they were admitted to a hospital. This information, along with other public information, could be used to identify a patient.

Washington, along with Arizona, Nevada and Tennessee, reacted to the June report – beginning an audit of their privacy policies to reduce the chance of medical identity theft. Other states, too, including Alaska, California, Connecticut and Illinois, were already in the midst of their health data collection policies, the source said.

States are looking into whether their policies should be strengthened as data-mining technologies become more sophisticated, making it easier for people to use medical information to identity someone. Also of concern is how the use of electronic medical records is spurring the amount of how much patient data is being generated and then shared.

Nevada health agencies, specifically, are asking the buyers of the medical data what exactly they are doing with it, Bloomberg reported.

Prescription data provider IMS HEalth Inc. is just one example of a company that purchases medical data from state health industries. WebMD Health Group is another. The more data a company has, the more useful the medical information becomes, according to the source. It's expected the medical data industry will exceed $10 billion by the end of the decade.

Some States Still Lagging
At least 26 states sell hospital records. All 50 states were asked by Bloomberg for its June report if they participate in selling medical information. Three said they did not collect or sell such information and 18 said they had no plans to review or change privacy policies. The remainder of the states did not reply.

Matt Cullina is chief executive officer of IDentity Theft 911.

Smishing is an identity theft scheme that involves sending consumers text messages containing a link to a fraudulent website or a phone number in an attempt to collect personal information. This scheme is becoming increasingly popular and consumers should know how to determine if they are being targeted by these criminals to protect their mobile data security.

Earlier this month, the Better Business Bureau was warning consumers of smishing, which has become prevalent in the age of the smartphone. Many mobile phone users keep their personal data, like bank account information, stored on their smartphones, but this information can be accessed by criminals through phishing and other scams. One example of a phishing scam is a criminal sending an alert from a bank asking the cellphone user to follow a link to verify account information, the , such as "reactivate your ATM card" by entering a PIN.

T-Mobile was also warning its customers of the scheme. Criminals could pose as T-Mobile through a text message, scamming users to enter personal information. However, the cellphone provider said it would "never ask you to 'confirm' or 'verify' your sensitive personal information in an unsolicited SMS text message," so users should know immediately that any text message is a scam. Like the BBB, T-Mobile said users should not reply to such text messages, not click on any link in them and contact the business that the criminal is posing to represent.

Take Action, Avoid Falling For the Scam
Consumers should also send these scam text messages to 7726 (SPAM) to cellphone carriers to have the number blocked, the BBB said. If the smishing scam included the name of a bank, contact bank to notify them of the text.

Like phishing, short message service (SMS) text messages, or "smishing," makes consumers think their financial accounts may be compromised, and therefore they follow the fake URL or call a fraudulent phone number even if they suspect it is a scam. But identifying the scam is a consumer's first defense from becoming a victim of the crime.

Consumers should be wary of any message that comes from "5000" or other number that is not a cell number, . A message that is asking a consumer to respond quickly can be a scam, and consumers should stop and think it over before taking action. "Remember that criminals use this as a tactic to get you to do what they want," the article stated.

071813_Weekly Roundup
Data tracking was a hot topic in the news this week. For one, Nordstrom customers heard some troubling news: The retailer is tracking them through their smartphone signals. Consumers also heard about the possibility the government could track their locations thanks to cellphone data. The Illinois Attorney General Office, too, announced it is investigating how health websites compile medical data about their users.


When a business decides to get rid of old electronics to upgrade to new technology, it’s important they remember to clear any sensitive company data from the machines. Whether a company recycles the electronics or simply throws them away, they could be at risk of a data breach if they do not take the proper steps to clear the devices of personal information.

Some companies outsource the disposal of information technology assets to a third-party vendor that specializes in data destruction or electronics recycling. These vendors can be a cost-effective solution for a business looking to safely dispose of important company devices while ensuring their data is not put at risk. However, to avoid the risk of a data breach even more, some companies actually physically destroy drives and data storage media. This could be seen as the most effective way to ensure no data is stolen once it reaches the trash bin, .


The first national Military Consumer Protection Day will be held this week to spread awareness of the risk of identity theft among servicemembers.

The first national Military Consumer Protection Day will take place July 17. The day is aimed at spreading awareness to military service members and their families on how to protect against identity theft.

The Federal Trade Commission said it received more than 62,000 identity theft complaints from servicemembers, veterans and their spouses in 2012. The frequent relocation and steady income of military families can make them prime targets to identity thieves. This encouraged the FTC and partners to sponsor the new awareness day.

“It’s a great day to empower military and veteran communities with information as the first line of defense against consumer fraud,” the FTC said on its website.


The United Kingdom has been suffering data breach issues lately, with the Ministry of Defense facing cyberattacks and breaches becoming more popular for the National Health Services. This week’s news also included a warning to consumers to watch out for fraudulent bank alerts and an announcement that the U.S. Postal Service is selling consumer addresses.


The IRS uploaded tens of thousands of tax records on U.S. nonprofits earlier this week. Normally that’d be good news in the name of transparency, but the monolithic tax agency failed to redact Social Security numbers on the files. Thankfully the error was caught quickly by Public.Resource.Org, which tracks government public record keeping.

Public.Resource.Org’s head, Carl Mahmud, who’s lobbied for transparency in non-profit tax accounting for years, : “This is only one of several exempt organization databases that the IRS has totally bungled. They’ve become addicted to bad Internet hygiene and it is time now for the Service to admit it needs help.”



BlueBox, a security research firm, said it discovered a “mastery key” loophole for nearly all Android phones that could make it easy for cybercriminals to hack into users’ operating systems. The bug could be used by hackers to steal personal data from Android users and allow the criminals to send people junk messages, .

While there has not been evidence that cyberthieves have exploited the loophole, BlueBox said the implications of this loophole were “huge.” The bug exists in every Android device made since 2009, or 900 million phones, the firm said on .