Zendesk, a company that offers online tech support to more than 25,000 clients, announced a security breach on Feb. 21. Hackers accessed support records for three of its customers: Twitter, Pinterest and Tumblr, according to .
The hackers downloaded email addresses and other contact information of users who emailed Twitter, Pinterest and Tumblr for tech support. All three sites have alerted affected users and recommend they stay alert to spear-phishing and other fraudulent emails.
The attack, the most recent in a long week of high-profile hacks, demonstrates the inherent data security risks when dealing with third-party vendors. Whether a consultant or business partner, accountant or law firm, if a third-party firm doesn’t have adequate data security policies, your business is vulnerable by association.
In a 2012 survey of data recovery vendors, the that 87 percent of respondents suffered a data breach in 2010 or 2011—and a whopping 21 percent happened at the hands of a third-party vendor. While 83 percent said business partners should ensure safe data-handling practices, only 9 percent actually reported doing so. In an earlier 2010 report, Ponemon found that 39 percent of all data breaches happened on a third-party vendor’s watch. However you slice it, trusting your sensitive data to another business is risky at best and downright dangerous at worst.
We have to thank the good people at for putting together the above video. The simple premise makes an excellent point: Everything an identity thief needs to hijack your life is freely available online.
The banking group hired an actor to play Dave, a psychic, and brought people in off the street for a reading under the guise that it was all being taped for a television show. Names of best friends, colors of motorcycles, how much one young lady has spent on clothes and the personal details of another young woman’s sex life are all “divined” by Dave the psychic.
One by one, like toy soldiers under fire, the country’s largest banks are being peppered with distributed denial-of-service attacks, or DDos.
In early September, test attacks began on small banks’ sites. Then JPMorgan, Citigroup and Bank of America were assaulted. Most recently , U.S. Bancorp and PNC Financial came under the digital hammer.
DDoS attacks have been around for a long time. Basically, a computer server is bombarded with requests in an attempt to make a site unavailable for intended users. The server becomes overloaded and cannot respond, or becomes paralyzingly slow. In the recent cases, online banking sites received so much traffic their websites went down. Down time, of course, means money lost. A sustained attack can cripple sites indefinitely.
My phone rings whenever an IDT911 client is hacked, suffers a data breach, or is a victim of identity theft via digital means. My job as chief information security officer is to look at all the digital evidence.
When possible, I reconstruct the cyber attack. It’s C.S.I. work. By reconstructing the attack, often I can tell where it came from, how it unfolded and—most importantly—who did it. It’s a way of finding and preserving digital evidence. There’s a reason that it’s called forensics.
Digital forensics can be divided into four categories. Knowing what they are and how to handle them in the event of an attack can help me do my job and restore your company’s daily operations.
By Adam Levin
It started out as a data breach like many others. The of a small medical practice in a wealthy suburb of northern Illinois, The Surgeons of Lake County, and broke into a server containing email and electronic medical records. But instead of sneaking out undetected and selling the stolen data on the black market, they took a novel tack – encrypting the data and posting a message demanding a ransom payment in exchange for the password.
The move from fraud to extortion in cases of data compromise is frightening for several reasons. First, it suggests that the criminals knew exactly what they were doing, and that they deliberately targeted digital medical records as part of a well articulated strategy – an approach that we can expect to see employed more frequently as the digitization of records and broadening of access become the norm in the health care industry. Secondly, this M.O. implies a tremendous confidence in the criminals’ power to disrupt – and a calculation that the illicit ROI from blackmail would exceed the price that the data would command on the black market.
All of this is ultimately made possible by the digitization of medical records and the placement of those records on networks – often unprotected ones. It gets you thinking…
It’s another manic Monday, and you’re racing to drop off the kids, fight traffic, and get to work in time—to watch the Olympics.
Americans are putting in time at the office—not to do actual work, but to watch Misty May-Treanor and Kerri Walsh Jennings go for gold in beach volleyball. Or the hot, post-Hunger Games event of archery. Or men’s trampoline. (Yes, men’s trampoline! Who knew there was such a thing, and that the aptly named Dong Dong of China would win it?)
The Olympics will cost U.S. companies according to the digital media company Captivate Network. In Los Angeles, so many on their work computers that the chief technology officer begged them to stop or it would threaten the city’s entire cyber system.
By Brian McGinley
In the spirit of the Olympic Games under way this summer in London, we’ve opted to award gold, silver and bronze medals to companies and government institutions for their performance in the 2012 (In)Security Games.
Find out which organizations experienced the thrill of a well-designed privacy plan and which ones endured the agony of an easily prevented data breach. The goal is simple. We want organizations to get smarter about data security to better protect consumers’ personally identifiable information.
You’ve probably seen or heard over DNSCharger—the latest malware to hit the Web.
DNSCharger is a Trojan horse malware that’s been around for years. It has been used in corporate espionage and state-sponsored attacks for the last decade. Essentially it points an infected computer to malicious, criminally controlled computer servers. Once you’re connected, the bad guys can steal personal information, which can lead to identity theft among other woes.