Archive for December, 2013

When it comes to safety on the Internet, many people may be worried about who is looking at their data. From data brokers to the federal government, there are a number of organizations that have access to consumer information. Although breaking privacy laws is a major concern for users of the Web, keeping their personal and financial information safe from cybercriminals was an even bigger concern.

Identity Theft A Bigger Concern Than Online Tracking
Predominantly, Americans are more concerned with their personal information being stolen opposed to having their online activity tracked, . The survey, which was conducted by the Benenson Strategy Group, polled 1,000 U.S. voters about their Internet worries.

"By wide margins this survey clearly shows that ID theft has touched the majority of consumers in some way, and that hacking is more worrisome to consumers than tracking, and that voters want the government to more aggressively go after cybercriminals," said Ed Black, president and CEO of CCIA.

The survey showed 54 percent were concerned about their Internet activity being tracked and being used for marketing purposes.

Although online tracking was a major worry for many of the voters, an overwhelming majority cared about identity theft. Of the 1,000 voters who took the survey, 75 percent were worried about their personal information being stolen by identity thieves and online hackers.

Adobe And Target Hit By Data Breaches In 2013
Identity theft and data breaches have been a major cause of concern in the country over the past year. In October, more than 38 million Adobe users had their user IDs, names, passwords and encrypted debit and credit card numbers stolen, . Target was hit by a massive data breach during peak holiday shopping days, from the end of November to mid-December. As many as 40 million customers had their credit and debit card information accessed during this time, . Consumers always hear about data breaches occurring at small businesses that may have limited access to IT security resources, but a major chain like Target getting breached can cause some concerns for shoppers.

Consumers Doing More To Safeguard Personal Information
After some startling events this past year, American should do their best to safeguard their personal information. The survey found that many voters are going out of their way to protect their online data, including by disabling cookies, installing ad blocking software and refusing to let websites remember their credit card information. By doing these little things, Americans can guard their personal information and combat identity thieves.

Privacy protection for worldwide online users may become more of an issue as several members of United Nations have voiced their displeasure with current laws. U.N. Human Rights Commissioner Navi Pillay  an Internet user's online rights are just as important as any other type of human rights. 

"Combined and collective action by everybody can end serious violations of human rights," Pillay said. "That experience inspires me to go on and address the issue of Internet [privacy], which right now is extremely troubling because the revelations of surveillance have implications for human rights … People are really afraid that all their personal details are being used in violation of traditional national protections."

Discussion Of Privacy Protection Laws The Key To Changing Them
​Pillay, who is a native of South Africa, compared the recent chatter of governments surveying online users to the discussion of apartheid in South Africa. Pillay believes the same pressures that helped end apartheid can help end government intrusion.

The U.N. has asked Pillay to file a report on digital privacy protection rights. This report is being undertaken after former Central Intelligence Agency (CIA) employee Edward Snowden leaked classified documents regarding the U.S. tracking and collecting personal data, .

Privacy protection has been a hot button issue in the U.S. as of late. With the Snowden leaks and the recent data breach of 40 million Target customer, consumers may want to look at these actions U.N. officials are trying to do. Pillay is pushing for more people to start a conversation about privacy rights with the hope it will change lawmakers minds.

UN High Commissioner Proponent Of Online Rights
​Pillay has been a major figure in promoting the awareness of online rights and securing tighter privacy protection laws. In December 2010, Pillay defended whistleblower Wikileaks after the site published thousands of classified U.S. documents, the RT Network Reported.

Resolution Passed To Defend Online Users
The U.N. is already doing their part to fix privacy protection laws. The U.N. General Assembly unanimously agreed on a resolution that would safeguard privacy rights against improper online surveillance, . The resolution calls for all 193 member states of the U.N. to respect each state's privacy rights and end violations. The resolution was agreed upon after reports of the U.S. monitoring and collecting data on several world leaders including German Chancellor Angela Merkel and Brazil President Dilma Rousseff.

Pillay said in an interview with the BBC these online rights are important and abuses of power need to stop.

"I don't grade human rights," Pillay said. "I feel I have to look after and promote the rights of all persons. I'm not put off by the lifetime experience of violations I have seen."

Eduard Goodman is chief privacy officer at IDentity Theft 911.

Google is in a bit of hot water after it was fined by a Spanish privacy watchdog on Dec. 19. The fine stemmed from the search engine breaking the country's data protection laws regarding collecting personal information from consumers and failing to inform consumers the purpose of the collection.

The fine, which totals $1.2 million, is a "modest" fine for the California-based company, Reuters reported. Although the fine may be modest, it aims to prohibit Google from collecting consumer personal information that is used in a variety of cloud storage services without notifying consumers as to the purpose of each collection and service.

Acquiring Information Through Cloud Services
A cloud service storage system involves storing data on various virtual servers, which may limit a person's control over their information. In a statement, The Spanish Agency for Data Protection said Google has collected consumer information at an alarming pace from its citizens.

"Inspections have shown that Google compiles personal information through close to one hundred services and products it offers in Spain, without providing in many cases the adequate information about the data that is being gathered, why it is gathered and without obtaining the consent of the owners," the Spanish Agency for Data Protection said in a statement.

The inquiry began in March 2012 when Google altered some of its privacy policies and started collecting data after consumers used any number of Google sites, . Spain and five other European countries began investigating the search engine's practices when they were not properly notified as to why the information was being used for marketing purposes, when the data collection began, and for how long Google was keeping and storing the data.

Similar Instance In November
This is not the first time Google has gotten in trouble for collecting consumer information. Back in November in the U.S., the company paid a $17 million fine to 37 states to settle allegations it secretly tracked consumer web activity secretly, . New York Attorney General Eric Schneiderman Google violated more than privacy laws. 

"Consumers should be able to know whether there are other eyes surfing the web with them," Schneiderman said in a statement. "By tracking millions of people without their knowledge, Google violated not only their privacy, but also their trust."

Google said it will work with European authorities to help with the investigation and explain any language in the Google privacy policies that the European authorities may be confused about, Reuters reported..

Walter Boyd is senior privacy advisor at IDT911 Consulting.

A new report released by the Senate Commerce Committee highlighted privacy protection concerns regarding the unregulated methods private data collection companies use to obtain the public's information, .

Many consumers may not be aware of how the data collection process works or why firms collect their data. However, a recent report, "A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes," from the senate committee has  started to shine a light on these companies' methods. Typically a data brokerage firm will collect personal data from people through social media and online purchasing history, and then sell the personal information to marketers. Sen. Jay Rockefeller, D-W.Va., who initiated a similar report last year, the data brokerage business is a very viable one and using public information is a key reason why.

"In 2012, the data broker industry generated $156 billion in revenues," Rockefeller said. "That's more than twice the size of the entire intelligence budget of the United States Government – all generated by the effort to learn about, and sell, the details about our private lives."

Updating Privacy Laws
The report went on to say the advances in the Internet over the past few years have now made it even easier to acquire personal information for marketing purposes. The report said even the smallest bit of information could be tracked such as what type of food products consumers buy and even how much they travel in a given amount of time. The Senate Commerce Committee said that many of the current privacy protection laws that are in effect are slightly outdated and are not doing enough to help protect personal information.

"There is no one comprehensive privacy law governing information collection and sale of consumer data by private sector companies and … existing privacy laws have 'limited scope' regarding the collection, use and sale of consumer data for marketing purposes," .

Regulating The Data Brokerage Business
Many of these data firms offer privacy protection for their customers and education about such matters, but it is at the company's discretion and is not heavily enforced. The senate committee said it is disappointed that this industry is not doing more to help out its customers.

The report also highlighted three specific companies – Acxiom, Experian and Epsilon – that have not divulged information to the committee. The Federal Trade Commission will be assisting the committee in helping regulate privacy protection laws and Sen. Rockefeller said these three companies will be closely monitored.

"I am putting these three companies on notice today that I am not satisfied with their responses and am considering further steps I can take to get this information," Rockefeller.

Walter Boyd is senior privacy advisor at IDT911 Consulting.

point of sale
Target shoppers maybe at risk of identity theft if they made purchases at the popular retailers from Nov. 27 to Dec. 15.

Data from more than 40 million credit and debit cards was stolen during that peak holiday shopping period, according to reports.

What can consumers do to protect their identities? Here are some tips from our experts.

(more…)

Target

The exposure of more than 40 million debit and credit card numbers at Target stores over the Thanksgiving holiday is a frightening testament to how sophisticated hackers have become at attacking point-of-sale (POS) systems used in retail stores and restaurants to process consumers’ credit and debit card payments.

Hackers target POS systems because they’re easily exploited to obtain credit card and PINs for sale on the black market. POS systems are IP devices and servers that scan, process and store credit card information. Hackers are able to obtain information from both POS devices and the operating systems they run on. They use that data to develop malware and botnets to gather credit card information from thousands of POS systems, as reported by .

(more…)

With the end of the year approaching, many experts are weighing in about what types of cyberattack​s will trend in 2014. Experts from Internet security firm Kaspersky Lab offered some insight for the next year . The security firm said the Edward Snowden revelations, where the former National Security Agency (NSA) employee released more than 200,000 classified documents, will affect how businesses safeguard their information during 2014. Alexander Gostev, chief security expert for Kaspersky Lab's Global Research & Analysis Team said in an email that businesses should prepare themselves.

"Snowden's revelations have intensified the demand for rules prohibiting the use of foreign services," . "These aspirations will grow ever stronger and legislative restrictions will inevitably transform into technical prohibitions."

Kaspersky experts honed focused on three main areas where they forecast increased security for 2014:

Cloud Service Attacks
Experts from Kaspersky said a major trend for next year will be hackers continuing to target cloud services. Kaspersky experts said that if cybercriminals infiltrate the servers of cloud storage providers, they will be able to access a large amount of data from businesses and either steal or manipulate valuable information.

Software Developers A Target
Another trend Kaspersky experts foresee in 2014 is increased data breaches among software developers. Experts say that cyberattackers could easily get into software programs through a vulnerability and use them for illegal or fraudulent purposes. An attack similar to this happened this year against a software program from Adobe .

Hackers were able to exploit a vulnerability in Adobe's ColdFusion that let them infect systems with malware to steal data. The malware would still collect data even if there was a secure connection between the user and server.The Adobe data breach can have future consequences because hackers can use the Cold Fusion tool in order to manipulate other Web-based systems, which could result in numerous data breaches.

Preparing for Next Year
With the influx of cyberattacks over the past year and the trends on the horizon, businesses should do their best to upgrade their cybersecurity defenses in order to protect themselves against future attacks. Kaspersky Lab said that many criminals will be developing new techniques to cause data breaches and that businesses should be looking for new ways to protect user data. They can protect user information increasing the amount of Virtual Private Network (VPN) services and encryption tools they employ.

Mark McCurley is Information Security Advisor at IDT911 Consulting.

Top 5 Intriguing ID Thieves

Identity thieves can be a bold and brazen lot—stealing from their victims in the most obvious and appalling ways.

In past years, we’ve seen thieves bill pregnancy tests to a 72-year-old, go on extensive shopping trips on their own relative’s dime, and withdraw hundreds of thousands of dollars from retirees’ bank accounts.

This year—just as 16.6 million Americans age 16 and older were identity theft victims last year—we’ve assembled a short list of the top five most unusual identity theft cases for 2013.

(more…)

Increasing the amount of privacy protection for students who use Web-based teaching software has become a hot topic as of late, .

The use of technology and other forms of web-based software may be a new way to teach children, but it is also a thriving enterprise. Education software used for pre-kindergarten to 12th-grade students is an $8 billion business, the Software and Information Industry Association reported.

Need To Improve Software Security
Although this is a popular teaching tool, there are a few cracks in the system when it comes to protecting student information a new study conducted by the . Joel Reidenberg​, law professor at Fordham University, said in an interview using teaching software may not have the most top notch privacy protection.

"We found that when school districts are transferring student information to cloud service providers, by and large key privacy protections are absent from those arrangements," Reidenberg told the New York Times.

Identity theft among children can be dangerous because if their Social Security numbers are stolen, thieves can use them to apply for government benefits and open lines of credit in their names .

Increasing Privacy Protection For Students
As a way to combat data breaches among schoolchildren, several lawmakers are hoping to pass legislation that would improve privacy protection for students, . Sen. Ed Markey, D-Mass., and Rep. Joe Barton, R-Tex., are looking to pass a privacy law to help protect students' identities when they use school sanctioned teaching software. Sen. Markey and Rep. Barton, along with Sen. Mark Kirk, R-Ill., and Rep. Bobby Rush, D-Ill., re-introduced the Do Not Track Kids Act in November, AdWeek stated.

The main goal of the Do Not Track Kids Act is to increase the age of digital privacy protection in the Children's Online Privacy Protection Act. The current act only protects up to the age of 12, but the new bill would extend the age range to students 13 to 15. Protecting the identity of students is the prime goal .

"When it comes to kids and their use of the Internet in the new mobile environment, it is especially important that the strongest privacy protections are in place so that children do not have personal information collected or disclosed," he said. "We must not allow the era of big data to become big danger for children on the Internet in the 21st century."

The Do Not Track Kids Act is not the only form of legislation that helps student's privacy protection. The requires schools to have written permission from a student's parents if the school will be sharing a student's personal information.

Year in Review

This has been a supremely active year in the data privacy sector. NSA spying regularly captured headlines as new details emerged about the agency’s dragnet. The British phone hacking scandal continued to unfold as trials marched on and press employees pleaded guilty. And, of course, data breaches hit companies in all industry sectors.

Threat areas covered the spectrum, from external hackers to internal negligence. Bad guys were stealing passwords and other sensitive information any way they could. Some insiders—employees, contractors and the like—purposely exposed data or facilitated hacking activities, while others merely failed to take the necessary precautions to ensure confidential information was protected.

With this banner year nearly behind us, it’s time to look at the lessons we can learn from all that transpired in 2013.

(more…)