Archive for October, 2014

Major tech companies selling software to educational institutions have recently voiced support for stronger student data privacy by signing a pledge, . The move by these tech companies – including Microsoft and Houghton Mifflin Harcourt – marks a turning point for the almost $8 billion ed tech industry in protecting student data privacy. Over the past year, the industry has been criticized by parents and teachers for profiting off the information collected by the same software meant to enrich education for students in kindergarten through 12th grade. 

The companies that sign the pledge introduced by Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) promise to be more transparent about how student information is used, . The pledge said firms will not sell student information and only use the data for allowed educational purposes. 

"We wanted to say to parents: 'No one's going to sell your kids' data; nobody's going to track your child around the Internet; no one's going to compile a profile that is used against your child when they apply for a job 20 years later,'" said Jules Polonetsky, executive director of the FPF, according to the Times.

The Times noted some of the tech companies that have added their signatures to the pledge have given the Future Privacy Forum funds.

Enhanced Security a Focus in Privacy Pledge
The need to increase privacy protection and security of student data comes after data breaches and cyberattacks against educational institutions have amplified, which could make children more vulnerable to identity theft. Hackers may want to steal children's information held by schools to take advantage of the students' clean credit histories. 

The pledge also focuses on enhancing security for student information, such as implementing better security standards. The provisions of the pledge will be in effect by Jan. 1, 2015. After signing the pledge, companies were applauded for their actions, . 

Although some critics of the ed tech industry said the pledge shows companies are getting serious about student privacy, others want to see more action from the government to enforce the pledge, . A new bill called the Protecting Student Privacy Act made its debut in Congress in July. The legislation aims to prevent companies from selling student information for advertising and marketing purposes.

With actions to increase privacy protection from both the private and public sector, ed tech companies may be held more accountable for incidents that impact student privacy. 

ITRC Trick or Treat

October is a really fun month. The weather is turning, fall is in the air, and of course, there’s Halloween! But how can consumers make sure that October is full of treats, while not falling for any scammers’ tricks? By arming themselves with the facts and the resources to protect their personally identifiable information. (more…)


The Identity Theft Resource Center wants to hear from you!

Are you concerned about the recent spate of financial and retail data breaches at Target, Home Depot, JPMorgan Chase, and others? Take this !


With the retail and financial services sectors hit hard by recent reports of massive data breaches, companies not only fear the damage to their reputation, but they also fear the financial impact of these cyberintrusions. As more firms face the possibility of cyberattacks and insider threats, they are increasingly turning to cyberinsurance to protect themselves from the high costs of data breaches.

Ira Scharf, chief strategy officer at BitSight, said cyberinsurance is the fastest growing segment of the insurance industry, with more carriers meeting demand from firms seeking out greater coverage for data breach expenses, . 

Although cyberinsurance can prove effective in helping companies get back on their feet after the devastating financial blow of a major data breach, firms are still at risk for monetary loss if they experience declines in sales as well as consumer and investor confidence.

The question of whether simply having cyberinsurance is enough to cover the costs of data breaches is more relevant now that corporate giants like Target have already reported millions of consumer records compromised. Target's data breach at the heart of the holiday season in 2013 exposed 40 million credit and debit card numbers and 70 million customer personal information records.

Insurance companies are seeing a greater trend of firms choosing to buy cyberinsurance to guard against the risk of cyberattacks and create a better risk management culture, . 

Limits of cyberinsurance
​Not only did the breach potentially result in profit loss for Target – with first quarter earnings down 14 percent compared to the previous year - but the company also said it had $26 million in pretax data breach-related costs in the three months ended May 3. These expenses include identity theft protection services as well as legal fees. Numerous lawsuits from consumers and businesses – including those in the financial services industry – have been filed against the retail company. Of these costs reported by Target, about $8 million was covered by insurance. 

Analysts forecast the costs from the data breach could reach $1 billion, the Journal reported. However, Target's cyberinsurance policy may only be able to recover about $100 million of that amount. Although cyberinsurance could cover certain fees that could pile on after a breach, this policy does have its limits. 

Cyberinsurance coverage may not be fully understood by companies and intellectual property may not be insured by most companies, according to Dark Reading. With these costs in mind, firms need to address key issues and vulnerabilities within their IT systems and staff to fully guard against the financial impact of data breaches. 


The massive cyberattack on JPMorgan Chase Bank will impact more than 83 million households and businesses—and hold wide-reaching implications for your individual and commercial customers.

The attack, disclosed in a security filing on Oct. 2 according to , was lead by a group of overseas hackers who gained access to the network through high administration privileges, reaching more than 90 servers and securing account holder names, addresses, phone numbers and email addresses.

The breach comes at a time when persistent cyber attacks on financial institutions and retailers in the United States raise questions about the digital security of corporate America. In the past year, major retailers such as Target and Home Depot experienced significant data breaches.


Shellshock consumers

Shellshock is a software bug that threatens the overall security of the Internet and, by extension, the information you store online and websites you visit.

Shellshock was introduced into a free software program called Bash that helps people interact with their machines. Bash, developed in 1987, is used in most devices—computers, phones, servers, even cameras and appliances—that connect to the Internet. Linux, Unix and Apple operating systems use it. While it can be found in other systems, like Windows and Android, i and/or used by default on those systems.

The vulnerability could let hackers take control of a machine remotely to steal data, introduce malware and other nefarious activities. Because Shellshock has existed for about 20 years and was only discovered recently, hackers have had a significant head start on exploiting this weakness. Experts say it will be difficult to fix, at risk.


California law

California has toughened up its data disclosure law, pioneering legislation enacted in 2003 that directs companies and organizations to inform individuals when their personal data is compromised.

An amendment, this week, has added three additional requirements that could have an immediate impact on your business and how it secures sensitive organizational and customer information:


Londers Wi-Fi

Would you sign over your firstborn to use public Wi-Fi? Some busy Londoners did just that in an experiment to show the need for education around security issues with Wi-Fi usage.

The centered around a popular Wi-Fi spot that required people to “assign their first born child to us for the duration of eternity” when signing up. Six people agreed.

The Cyber Security Research Institute organized the event with backing from Europol and sponsorship from the security firm F-Secure, which won’t enforce the agreement, of course. Researchers also discovered that the mobile hotspot device revealed users’ passwords, a vulnerability that would allow hackers to steal usernames and passwords for accounts holding sensitive information.

We like this study because it’s a good opportunity to review some basic tips for safe public Wi-Fi usage. Keep hackers and data snoops out of your digital affairs by following these tips: