NewsAlerts

FTC Expresses Concern Over 'Kids' Apps

Tue, 21 Feb 2012 00:00:00 -0700

Thousands of applications for mobile devices specifically targeted to children may be breaching their privacy without parents' knowledge or consent.

A recent study from the Federal Trade Commission found that nearly 12,000 apps available in the Android Marketplace and Apple's App Store are designed for "kids," but in most cases, did not make clear whether the program collected data on users, according to a report from CNN. Consequently, parents may have a difficult time ascertaining whether an app their kid loves is surreptitiously using their data to send them targeted advertisements.

"Although the app store developer agreements require developers to disclose the information their apps collect, the app stores do not appear to enforce these requirements," the FTC report said. "This lack of enforcement provides little incentive to app developers to provide such disclosures and leaves parents without the information they need."

Eduard Goodman, the chief privacy officer for Identity Theft 911, maintains a blog about the ways in which consumers might be giving data about themselves to advertisers without realizing it, and ways they better protect themselves from doing so.

Google, Microsoft Faceoff Over Privacy Policies

Tue, 21 Feb 2012 00:00:00 -0700

After Apple discovered that Google was monitoring users' mobile Web browsing habits by circumventing privacy settings, Microsoft came forward and said the company was doing the same for its browsing software.

Microsoft accused Google of going around privacy settings in its Internet Explorer browser, but privacy experts say this is a result of a programming loophole in IE, according to a report from the Wall Street Journal. IE uses a computer protocol known as the Platform for Privacy Preferences Project (P3P) to allow or not allow websites to share privacy policies with the browser itself instead of forcing users to read through each site's policy.

But if a company doesn't set its P3P in the right format, it can still use the tracking cookies P3P is supposed to prevent, the report said. Google's P3P policy falls into the "wrong format" category, and has been known to security experts for some time. Some experts say Microsoft is at fault for allowing this loophole to remain open.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the ways consumers can better protect their sensitive data online.

Google Kept Tabs on iPhone Users

Fri, 17 Feb 2012 00:00:00 -0700

It was recently discovered that Google and other advertising companies were bypassing security settings for Apple's mobile Safari browser on iPhones.

Even after consumers opted out of the kind of web use tracking that companies use to create targeted ads, Google and others - including Vibrant Media, Media Innovation Group and PointRoll - continued monitoring their Web use, according to a report from the Wall Street Journal. Google only disabled the code that allowed it to continue tracking users after being contacted about the practice by the newspaper.

Google, for its part, believes the newspaper didn't have all the facts about how it monitored browsing behavior, the report said.

"The Journal mischaracterizes what happened and why," the Web giant said in a statement, according to the newspaper. "We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about how consumers can better protect their privacy online and stop transmitting personal information to advertisers.

UNC Charlotte suffers large data breach

Fri, 17 Feb 2012 00:00:00 -0700

The IT department at the University of North Carolina at Charlotte has put a large number of students' personal data at risk.

Students at the school recently received an email from administrators cautioning them that their information may have been exposed as a result of "human error" that led to data being improperly posted online, according to a report from the Charlotte Observer. The school learned of the breach on January 31, but did not notify students for two weeks, because it wanted to better understand the extent of the threat before alerting them.

UNCC has hired a computer forensics firm to conduct an investigation into whether any unauthorized information was leaked online, but that could take several weeks to determine, the report said.

"At this time, we believe the potential exposure was the result of configuration errors," the university wrote on its website. "As with any potential security incident, people are encouraged to be diligent in reviewing their personal information."

Ondrej Krehel, the chief information security officer for Identity Theft 911, has a blog about data breaches and the concerns that victims may face when dealing with the fallout from them.

Apple Changes Its App Privacy Requirements

Thu, 16 Feb 2012 00:00:00 -0700

After two members of the U.S. House Energy and Commerce committee asked Apple to start providing more information about its privacy policies, the company instead beefed up those protections.

Apple will now require that developers of applications for its iPhone and iPad mobile devices to seek "explicit permission" from users in order to gain access to data stored in their virtual address books, according to a report from Reuters. A number of blogs recently discovered that many popular apps were accessing those private details without fully alerting users that they were doing so.

"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," an Apple spokesman told the news service. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Eduard Goodman, the chief privacy officer for Identity Theft 911, has a blog about the privacy issues consumers face online, such as on social networks, as well as when using mobile devices.

U.S. Senators Pushing Another Cybersecurity Measure

Thu, 16 Feb 2012 00:00:00 -0700

The latest bit of cybersecurity legislation from top lawmakers would add significant protections for water and power systems across the U.S., which typically do not have strong security measures in place.

Bipartisan legislation introduced by Democratic Sens. John Rockefeller and Dianne Feinstein, Republican Susan Collins and right-leaning Independent Joe Lieberman would require the U.S. Secretary of Homeland Security to require infrastructure for U.S. utility systems, according to a report from Reuters. Hackers have been targeting major corporations and other high-profile targets, and the fear is they might turn their attentions to utilities, which are typically using only the simplest security measures.

"The prospect of mass casualty is what has propelled us to make cybersecurity a top priority for this year, to make it an issue that transcends political parties or ideology," Rockefeller told the Senate earlier this week, according to the news agency.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog that's updated regularly with information about the threats hackers pose not only to companies, but to consumers as well.

Privacy Row Brewing over FBI Tool

Wed, 15 Feb 2012 00:00:00 -0700

The Federal Bureau of Investigation recently announced plans to start monitoring consumers' activity on social networking sites as a means of improving awareness of potential problems in real time.

However, while privacy experts have widely decried the strategy as being extremely invasive, the agency says that the plan will first be vetted by its Privacy and Civil Liberties Unit, according to a report from Computerworld. That unit will look at the potential implications for the monitoring application's use and make sure the plan doesn't violate any laws.

The FBI says that enacting the plan will allow it to better keep tabs on data posted to sites like Facebook and Twitter to detect specific, credible threats, the report said. This plan comes in addition to similar strategies put forth by the U.S. Department of Homeland Security in recent months.

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes about the privacy threats consumers face when using social networks, and what they can do to protect that data, on his official blog.

Nortel Executives Chose to Ignore Breach

Wed, 15 Feb 2012 00:00:00 -0700

After telecom equipment manufacturer discovered it had suffered a major data breach at the hands of hackers, executives at the company apparently decided to ignore the problem.

An investigation into the breach was discovered by an employee, but a number of high-ranking executives, including the company's CEO who is now on trial for fraud, opted instead to do nothing to fix it, according to a report from CSO Online. It is believed that the breach was caused by hackers based in China, but because of the lack of pursuit on Nortel's part, it's unlikely the true origins will even be known.

The breach was originally discovered a decade ago, but not reported until after the company filed for bankruptcy and sold $4.5 billion worth of patents to tech companies such as Apple, Microsoft and Research in Motion, the report said.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about how companies should protect sensitive data and what consumers can do if a hacking attack exposes their personal information.

Consumers not comfortable sharing payment details

Tue, 14 Feb 2012 00:00:00 -0700

When it comes to making payments through shopping websites, consumers are generally quite familiar and comfortable with doing so, but the same is not true of social networking purchases.

Though sites like Facebook are certainly encouraging it, most consumers are wary of providing their credit card details through social networks, even when a secure payment platform is available, according to a recent survey by Digitas. In all, just 45 percent of those polled said they were at least "somewhat comfortable" in making a payment in this way. Often, and not surprisingly, those between the ages of 18 and 54 were far more likely to say they were comfortable with making this type of purchase than consumers who were 55 or older.

By contrast, though, 85 percent of those polled said they would feel more comfortable making this type of purchase if social networks took the time to address their security concerns, the poll found.

Eduard Goodman, chief privacy officer of Identity Theft 911, has a blog about the issues consumers face when sharing their information, be it personal or financial, through social networking sites.

Hackers Stole Steam User Payment Data?

Tue, 14 Feb 2012 00:00:00 -0700

The gaming company Valve, which operates the extremely popular service Steam, recently released more information to consumers victimized by a breach suffered last year.

The breach was originally revealed in November, when Valve said hackers had been able to access the Steam user database, according to a report from PC World. Originally, the company said it had no reason to believe users' payment data, which was encrypted, had been accessed, but it has since reversed that stance.

"Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008," Gabe Newell, Valve's co-founder and managing director, said in an email to affected users, according to the site.

However, the company also warned that it has no reason to believe the hackers had the ability to decrypt that information, the report said.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the threats hackers pose and what consumers can do to protect themselves in the wake of data breaches.

Continued Number of Medical Data Breaches Worries Many

Mon, 13 Feb 2012 00:00:00 -0700

As more healthcare providers move toward the adoption of electronic records, the continued occurrence of medical data breaches is creating concern for some industry professionals.

Since 2009, there have been at least 11 incidents involving the personal information of at least 500 people - the number which requires public disclosure - in the state of Michigan alone, the Detroit Free Press reports.

In total, those cases have involved the medical information of 118,000 individuals. Accross the U.S., the paper says that number is closer to 19 million.

"It's almost a matter of time before anyone can be a victim. The key is catching it early," Dennis Doherty, an assistant prosecutor who handles fraud cases for Wayne County, Michigan, told the paper.

Experts also told the news source that while many people are reassured when incidents involve data other than their Social Security numbers, resourceful identity thieves can still create significant issues.

For more information on data breaches and the impact they can have, see the blog of Ondrej Krehel, chief information security officer for Identity Theft 911.

Google Wallet Hacked Again, Wider Vulnerability Exposed

Fri, 10 Feb 2012 00:00:00 -0700

For the second time in less than a week, hackers have found significant vulnerability in Google's Wallet near-field communication payment system, raising the potential risk of identity theft for users.

The Google Wallet system stores very sensitive data, such as credit card numbers, in order to allow consumers to pay for items simply by waving their phone.

Earlier this week, the firm Zvelo said that it had found a glitch which allowed it to crack the system's four-digit PIN protection with users who had "rooted" their phones - removing the software and applications installed by the manufacturers.

However, as ZDNet reports, another company has found a more significant flaw which would affect more users and require limited expertise. The blog TheSmartphoneChamp found if a person were to clear the app settings of the phone and then open Google Wallet, the system would just ask for a new PIN but give access to any funds on the previous account.

Google later sent out an advisory, asking anyone who loses their phone to call them to disable the account.

Those looking for more information on information and data security can see the blog of Identity Theft 911 Chief Information Security Officer Ondrej Krehel.

Path Privacy Issues Raise Serious Flags

Fri, 10 Feb 2012 00:00:00 -0700

Privacy protection issues relating to social media websites continue to cause problems, with the latest issue revolving around Path and its 2 million members.

News came out this week that the social media site was actually downloading consumers' address books to its servers without any permission, Reuters reports. The company said that the information was used to help users find friends on the service, but significant backlash emerged.

The company's chief executive later apologized on the company's blog, saying that the firm "made a mistake" and subsequently deleted all of the contact information it had collected.

"Through the feedback we've received from all of you, we now understand that the way we had designed our 'Add Friends' feature was wrong," he said. "We are deeply sorry if you were uncomfortable with how our application used your phone contacts."

The latest version of the company's app will ask consumers if they want to opt in to a similar protocol.

For more on privacy or legal issues, please consult the blog maintained by Eduard Goodman, chief privacy officer at Identity Theft 911.

Senate Tries to Find Breach Law Agreement

Thu, 09 Feb 2012 00:00:00 -0700

A number of proposals for new laws that would create an overarching national requirement for data breach notifications have been kicked around the halls of the Capitol Building for some time, but lawmakers are having difficulty reaching a consensus.

These bills, the most notable of which was drafted by Democrat Jay Rockefeller of West Virginia, Republican Susan Collins of Maine and Independent Joe Lieberman of Connecticut, have failed to be adopted because of disagreements about how data security should be addressed, according to a report from the Capitol Hill news site Politico. Currently, it's expected that amendments will be attached to address those concerns before the bill is voted on.

"If the committees of jurisdiction ask Sen. Lieberman to include the issue, he would be happy to consider," a spokeswoman for Lieberman on the Homeland Security and Governmental Affairs Committee told the website. "But if not, we think it’s pretty likely there will be amendments on it."

Brian McGinley, senior vice president of data risk management for Identity Theft 911, has a blog about ways companies can better protect consumers' sensitive information.

Google Paying To Track Web Use

Thu, 09 Feb 2012 00:00:00 -0700

Google is now launching a new campaign to track 100 percent of some consumers' Internet use, and pay them for it.

The data collection effort it is calling Screenwise offers consumers money in exchange for their installing a device that tracks and reports all their Web browsing to Google, according to a report from Ars Technica. For participating, those using the devices will receive $100 upon enrollment and $20 for very additional month as long as they sign up before March 1. Users of an associated Web browser extension, meanwhile, will receive a $5 Amazon.com gift card, and another for every three months they remain enrolled in the program.

This new program is notable because Google began offering it soon after it launched its new privacy policy changes, and will be used to help sell targeted ads, the report said. Now, all Web use done through Android phones, the Chrome browser (with the exception of Incognito windows), and its various services such as YouTube, Docs and Calendars, are able to be culled and integrated for the company's use.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about how consumers can protect themselves online.

Privacy Advocates Push Action against Google

Wed, 08 Feb 2012 00:00:00 -0700

A privacy rights group recently went to federal court to ask for action by the Federal Trade Commission against Google.

The Electronic Privacy Information Center's motion asks the FTC to stop Google's new privacy policies on the grounds that they violate a previous settlement between the search titan and the federal government, according to a report from the National Journal. The privacy changes from Google would reduce the number of policies the company controls from dozens to a single, overarching one. This is concerning to privacy advocates because the company is not seeking consent to do so.

"Google's recent announcement that the company intends to consolidate users' personal information without individuals' consent violates the consent order and threatens to harm consumers," the group's filing said, according to the report. "The FTC is required to enforce the consent order. But the commission has failed to do so."

Adam Levin, the chairman for Identity Theft 911, has a blog on which he regularly writes about the issues consumers face when putting their personal information online and agreeing to terms of service agreements.

Privacy Concerns Still Hamper Social Networks

Wed, 08 Feb 2012 00:00:00 -0700

While social networking is one of the most popular things to do on the Internet these days, many users have also expressed a significant amount of concern about just how safe the information they share on these sites is.

In all, 64 percent say they are either "very comfortable" or "somewhat comfortable" with the privacy protection afforded to them by social networking or media sites, but 28 percent said they had at least some discomfort about the safeguards, according to a recent poll from the consumer insight firm uSamp. Among those who responded to the poll by saying they don't use social networks, 73 percent said their privacy concerns were the reason they would not participate.

"User privacy is an enormously dynamic area, and even as site operators attempt to address the issue, consumer perceptions are slow to change," said Lisa Wilding-Brown, uSamp's vice president of global panel and sampling operations.

Eduard Goodman, the chief privacy officer of Identity Theft 911, has a blog about how consumers can better protect their personal information when they use social networking sites.

Could Facebook Release More Data Details?

Tue, 07 Feb 2012 00:00:00 -0700

A student group based in Austria recently discovered that the world's most popular social networking site could soon reveal some details about the types of information it collects on its users.

The group, known as "europe-v-facebook.org," said that as part of an agreement made in December with more than 500 million users outside North America, Facebook could soon release details about the categories of user information it collects, with the intention of making its privacy policies more transparent, according to a report from Reuters. Max Schrems, spokesman for the group, said that the European Union could also be doing more to compel the company to reveal more information about the way it handles data.

"The main issue is that [the group has] limited resources, especially for the access requests. I have the feeling that they are kind of thinking if they can get by without making full access to the raw data," Schrems said, according to the news service.

Adam Levin, chairman for Identity Theft 911, writes a blog about the numerous privacy issues consumers face when posting their information to social networks.

Some Hospitals Sift Through Old Records

Tue, 07 Feb 2012 00:00:00 -0700

A number of healthcare providers across the country are now looking through their old patient records - for both health and financial information - as a means of trying to attract customers for new and costly services.

In an attempt to boost revenues, many hospitals are pitching treatments and tests that can be performed by costly new machines to people who had previously visited the facility, according to a report from USA Today. But privacy experts find it troubling because it essentially discriminates on the basis of how much the hospital can earn from certain former patients and may also pose a privacy concern.

"I am really bothered by the overabundance of information that is flowing that is unnecessary and risky," Pam Dixon, executive director of the California-based consumer advocacy group the World Privacy Forum, told the newspaper.

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes regularly on his blog about the concerns consumers might face when companies start mining old data from existing records, and what those people can do to better protect that information.

Tax Identity Theft Incidents Continue Happening

Mon, 06 Feb 2012 00:00:00 -0700

Last year, there was a considerable spike in the number of fraudulent tax returns filed by identity thieves, and despite a greater effort to crack down on the scam by the IRS, the problem still persists.

The IRS and U.S. Department of Justice are working hard to stamp out instances of criminals filing these bogus claims, that can net them as much as $1,700 per tax return and be particularly difficult for victims to sort out, according to a report from the Detroit Free Press. In January, the agencies targeted 105 people in 23 states allegedly connected to this type of fraud.

"This unprecedented effort against identity theft sends a strong, unmistakable message to anyone considering participating in a refund fraud scheme this tax season," said IRS Commissioner Doug Shulman, according to the newspaper. "We are aggressively pursuing cases across the nation with the Justice Department, and people will be going to jail. This is part of a much wider effort under way at the IRS to help protect taxpayers."

Adam Levin, the chairman of Identity Theft 911, writes regularly on his blog about the issues consumers face when they're hit with fraud.

Lawmakers Express Concern Over Google Privacy

Mon, 06 Feb 2012 00:00:00 -0700

Officials both in the U.S. and the European Union have said that Google's new overarching privacy plan for all its services could be a point of concern for consumers.

Google recently announced that it would merge all its 60 different Web service privacy policies into one, allowing the company to better compile information about users' Internet habits, according to a report from eWeek. But that has some U.S. Senators concerned, especially because, in a recent meeting with Google executives, many of their concerns were not addressed.

Meanwhile, the Article 29 Working Party, a European Union privacy watchdog, said it has serious concerns about the change, and that the French data protection agency CNIL will meet with Google to discuss them, the report said. For its part, Google says it is making these changes to provide greater "transparency, control and security" for consumers' accounts.

Eduard Goodman, the chief privacy expert for Identity Theft 911, writes a blog about the ways consumers can work to better protect their sensitive personal information online.

Medical Data Breaches Surged Last Year

Fri, 03 Feb 2012 00:00:00 -0700

The number of patient records that were exposed in data breaches throughout 2011 almost doubled from the total observed in 2010.

A study by the IT security consulting firm Redspin found that the number of exposed patient records rose 97 percent in 2011 to a total of more than 19 million affected consumers, according to a report from Infosecurity. Those records were compromised in a total of 385 recognized breaches, though the study only considered incidents in which 500 or more individuals were exposed.

Malicious data breaches in particular proved problematic, the report said. In all, they comprised 60 percent of those incidents reported last year.

"As electronic health records become more widely adopted, it is quite logical that the data becomes concentrated more highly," said Daniel Berger, Redspin's president and chief executive officer, told the site.

Brian McGinley, the senior vice president of data risk management for Identity Theft 911, maintains a blog about what organizations can do to better protect sensitive information on consumers, as well as what those affected by data breaches can do to safeguard themselves from being hit by fraud.

Are Major Companies Hiding Data Breaches?

Fri, 03 Feb 2012 00:00:00 -0700

There have been a significant number of major data breaches in recent years, and now it seems that some suffered by major corporations have gone unreported to the U.S. government.

It appears that at least six major companies have suffered some manner of data breach as a result of hacking by cybercriminals or spies overseas have not alerted the government to the incidents, according to a report from Reuters. This is despite the U.S. Securities and Exchange Commission recently having introduced new guidelines for how and when companies that are publicly traded are supposed to report this type of breach.

"It's completely confusing to me why companies aren't reporting cyber risks," Jacob Olcott, former counsel for the Senate Commerce committee, told the news agency.

For example, defense firm Lockheed Martin said that in May it had beaten back a cyberattack on its servers but then did not report the incident in its quarterly filing with the government, the report said.

Ondrej Krehel, the chief information security officer for Identity Theft 911, has a blog about hacking attacks and what consumers and companies alike can do to prevent these threats.

Could 'Big Data' Pose Security Risk?

Thu, 02 Feb 2012 00:00:00 -0700

"Big data" is the industry term for large amounts of information being posted and stored online that is so large it cannot be compressed by normal means, and some security experts now believe that might pose a significant problem for companies that manage it.

There are all types of files that are considered "big data," such as that on social media sites, financial systems and even government databases that store massive amounts of information designed to be private, according to a report from Dark Reading. But the problem big data is that there is simply so much information that it's difficult for even the best-equipped organizations to protect all of it all the time.

The obvious issue with this is that it puts consumers at risk, and also makes it more difficult for the companies that manage this information to remain compliant with data protection laws, the report said. As a consequence, groups are more focused on protecting the whole of their databases rather than individual pieces of information.

Brian McGinley, senior vice president of data risk management for Identity Theft 911, has a blog about how companies can better protect sensitive information.

Facebook Says More Privacy Concerns Loom

Thu, 02 Feb 2012 00:00:00 -0700

Facebook, the world's most popular social network with hundreds of millions of members, recently filed for an initial public stock offering, but in doing so warned that there could be more privacy trouble in the future.

The social network has often come under the scrutiny of federal lawmakers and other agencies as a result of its often controversial privacy practices, and it cautioned that in becoming a publicly traded company, it would face even more scrutiny, according to a report from the Washington Post. Already, it has reached a number of settlements with agencies like the Federal Trade Commission with regard to the way it protects its users' personal information. And with this move, it's unlikely that those will simply go away overnight.

"We expect to continue to be subject to such proceedings in the future," Facebook said in the filing documents, according to the newspaper.

Eduard Goodman, the chief privacy officer for Identity Theft 911, has a blog on which he writes about the various ways consumers can protect their sensitive data even when using social networks.

Email Providers Trying to Stop Phishing

Wed, 01 Feb 2012 00:00:00 -0700

Email service providers including Google, Yahoo, Microsoft and AOL are coming together to support a renewed effort to reduce the amount of phishing emails their users receive.

A number of major companies, including the service providers, Bank of America, Fidelity Investments and PayPal, are working in concert to develop DMARC.org, which will promote a standard set of technologies to better identify and eliminate phishing messages, according to a report from the Wall Street Journal. These scams work by having a cybercriminals send an email that looks or sounds like it's from an official source, but is designed to glean personal or financial information from a target for the purposes of fraud.

"If you are a big bank or a retailer, you have a very strong interest in making sure people trust your messages," Michael Osterman, president of Osterman Research, told the newspaper.

Brian McGinley, senior vice president of data risk management for Identity Theft 911, writes a blog on which he discusses a number of security topics, including how consumers can keep their personal information safe from fraudsters.

Kentucky Hospital Hit with Data Breach

Wed, 01 Feb 2012 00:00:00 -0700

The largest group healthcare practice in Central Kentucky has been hit with a data breach as a result of a stolen laptop.

The computer, which was being used to store patient data, was taken from Lexington Clinic's neurology department on December 7, and the organization has already begun to alert the more than 1,000 affected patients of the incident, according to a report from SC Magazine. The exposed information included names, contact information and diagnoses for some of the patients at the neurology department itself.

However, the group, which runs more than 25 offices throughout the state, said the personal information did not extend to financial data or Social Security numbers, the report said. It also noted that there has been no indication to this point that the information stored on the laptop has been used for fraudulent purposes.

Ondrej Krehel, chief information security officer for Identity Theft 911, writes regularly on his blog about the problems consumers face when dealing with data breaches and what they can do to mitigate those issues.

FDA Employees Sue Over Email Monitoring

Tue, 31 Jan 2012 00:00:00 -0700

Doctors and scientists working for the U.S. Food and Drug Administration say their employer secretly monitored their personal emails after they alerted Congress to concerns they had about some medical devices the agency approved.

In a suit brought against the FDA by six of the affected workers, it is claimed that the surveillance took place over a period of two years, whenever they accessed their personal Gmail accounts from government-owned computers, according to a report from the Washington Post. How the agency kept tabs on those messages was detailed in both emails and internal memos the six plaintiffs acquired using the Freedom of Information Act. Those say the agency believes the information was shared with lawmakers illegally.

"Who would have thought that they would have the nerve to be monitoring my communications to Congress?" Robert Smith, one of the plaintiffs in the suit, told the newspaper.

Adam Levin, chairman of Identity Theft 911, writes a blog about consumers legal rights when dealing with privacy issues and identity theft, including what recourse they may have for these problems.

New Type of Scam Hits Facebook

Mon, 30 Jan 2012 00:00:00 -0700

A new type of spam on Facebook may look like an innocent link sent by a friend, but in reality, it's a way for scammers to rip off personal and even credit card information.

A company known as Adscend Media was recently hit by a suit from both Facebook and the Washington state Attorney General over claims that the online marketing firm is posting links that look like they're from friends but are in fact just advertisements, according to a report from Washington, D.C., television station WUSA. It's claimed that the company lures users into giving personal and financial details about themselves, then ordering products that it never sends. Currently, it's not known how many people have been victimized by the scam.

"This company is misleading you, the user, the consumer, into thinking that you are getting a message from a friend," assistant attorney general Paula Selis told the news station. "And, in fact, that's an advertisement."

Eduard Goodman, chief privacy officer for Identity Theft 911, writes a blog about how consumers can protect their information on social networking sites.

University of Hawaii Settles Breach Suit

Fri, 27 Jan 2012 00:00:00 -0700

A class action lawsuit brought against the University of Hawaii as a result of five separate data breach incidents that took place between 2009 and 2011 has been settled.

The case, known as Gross v. University of Hawaii, will allow more than 98,000 UH students, faculty, alumni, employees and others who were exposed as a result of this string of incidents to receive two free years of credit monitoring and fraud restoration services, according to a report from Honolulu television station KITV. The breaches occurred at four different colleges controlled by the UH system, including two UH campuses and two community colleges.

A UH spokeswoman told the news station that it estimates it will have to pay about $550,000 to cover the cost of the monitoring services over the next two years, the report said. Members of the class action suit will receive notification letters by March 1. However, the settlement must still be approved by the court.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about data breaches and how they can affect consumers.

University System of Maryland Suffers Breach

Fri, 27 Jan 2012 00:00:00 -0700

The University System of Maryland recently learned that the server it was using to store the Social Security numbers and credit card information of prospective students was open to the public.

The issue was discovered as part of a study by the state's General Assembly's Office of Legislative Audits between February 2008 and March 2011, according to a report from the Gaithersburg Gazette. In addition to the Social Security and credit card data, students' names and other personal details were listed on a database in plain text.

"We estimate that over 8,000 records existed on the server which contained the aforementioned personally identifiable information," the audit report said, according to the newspaper. "Such information could be accessible to unauthorized individuals if the related server were compromised."

However, the school asserts that there is not yet any evidence that the information has been used for fraud, despite being available online for years, the report said.

Brian McGinley, senior vice president of data risk management for Identity Theft 911, maintains a blog about how organizations can properly protect sensitive consumer data and what those affected by breaches can do to mitigate the damage.

Alabama Sports Fans Hit by Breach

Thu, 26 Jan 2012 00:00:00 -0700

The popular University of Alabama sports memorabilia and apparel retail site Bamastuff.com recently announced that it had been affected by a data breach that exposed a large amount of customers.

Consumers who bought items from the site between August 1, 2009, and January 16, 2012, may have had their credit card information and other personal details - including their names, email addresses, billing and shipping addresses and telephone numbers - exposed in the breach, according to a report from the Huntsville Times. The site has already begun notifying customers of the incident, which was discovered this week.

The incident has been identified as the cause of numerous fraudulent charges, but the site says most have been reversed, the report said. In addition, it is urging customers to alert their banks to the issue and change their passwords if they have not done so since placing their original order.

Ondrej Krehel, chief information security officer for Identity Theft 911, writes regularly about data breaches and the fallout consumers can face from them on his official blog.

Data Privacy Day Coming on Saturday

Thu, 26 Jan 2012 00:00:00 -0700

Data Privacy Day 2012 is slated to be observed on January 28, and is intended to help educate the public about the threats they face in putting their personal information online.

The event, put on by the National Cyber Security Alliance, will feature participants including Google, Intuit, Comcast, MasterCard and NQMobile, as well as sponsors such as Intel and eBay, the nonprofit public-private group announced. It will include events, training seminars and other initiatives leading up to and including the day itself.

"Everyday our lives become more reliant on the Internet and the goal behind Data Privacy Day is to educate digital citizens on how to protect their personal information online and make them more aware of the impact that technology has in their lives," said Michael Kaiser, executive director of the NCSA. "While we celebrate Data Privacy Day on January 28th, we want audiences to use safe data privacy practices year-round."

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about how consumers can better protect their private, personal information online.

Anonymous pledges hacking attack on ESPN

Wed, 25 Jan 2012 00:00:00 -0700

ESPN is the latest major corporation to come into the crosshairs of "hacktivist" group Anonymous as a result of its support for the controversial SOPA and PIPA bills that were struck down last week.

The planned attack on ESPN, announced on Anonymous' YouTube channel, is scheduled for January 31, and the group is encouraging non-members to take part as well, according to a report from CIOL. This is the latest attack planned by the hacking collective, which recently hit CBS.com, Warner Brothers and even the FBI.

The narrator of the YouTube video encouraged users to click on a link to a manual on "How to Join Anonymous," so that they could also take part in the denial of service, or DDoS, attacks, the report said.

Ondrej Krehel, the chief information security officer for Identity Theft 911, maintains a blog on which he writes regularly about the threats hackers pose to businesses and consumers alike, and recommends ways to better shield themselves from being affected by these attacks.

Hackers Gain Access to Dreamhost Database

Wed, 25 Jan 2012 00:00:00 -0700

The popular web hosting company Dreamhost recently had its customer database servers attacked by hackers, potentially exposing the login details for its hundreds of thousands of customers.

In response to the breach, the company almost immediately began work to reset all passwords for FTP access on shared hosting accounts, according to a report from Tech World. Dreamhost customers use three different passwords to access their Web admin panels, email accounts and FTP or shell accounts, and the company also recommended changing email login details to make sure that data was safe as well, but did not require it.

"Due to the fast action we took to reset passwords, we're not seeing any unusual malicious activity on customer accounts," DreamHost said soon after the incident, according to the report. "Our security software and systems are functioning normally."

The company will also continue monitoring customers' accounts for malicious activity in the next few weeks, the report said.

Brian McGinley, senior vice president of data risk management for Identity Theft 911, writes a blog about how consumers can protect their information online and how companies can better handle data risks.

Connecticut Attorney General Investigating Zappos Breach

Tue, 24 Jan 2012 00:00:00 -0700

Connecticut Attorney General George Jepsen, as well as officials from nine other states, are now launching an investigation into the data breach suffered by online shoe retailer Zappos.com last week.

Jepsen recently wrote a letter to Zappos' chief executive officer asking how the incident occurred and how many people were affected, as well as how those who were hit by the breach were identified and alerted to the issue, the Attorney General's office said. In addition, he wanted to know whether the company had any plans in place for remediating the problem.

"This incident raises serious concerns about the possibility of fraud and targeted e-mail 'phishing' or other scams, as well as questions about the effectiveness of the company's measures to protect the confidentiality and security of private information that it receives from consumers," Jepsen wrote.

Ondrej Krehel, chief information security officer for Identity Theft 911, maintains a blog about data breaches and the effects they can have on consumers, as well as how those affected by these incidents can ensure they aren't victimized by fraudsters.

Gas Companies Warn of Data Breach

Tue, 24 Jan 2012 00:00:00 -0700

The personal information for customers of both new York State Electric and Gas and Rochester Gas and Electric has been exposed in a recent data breach.

The companies reported that the incident took place as a result of a subcontractor's employee gaining access to customer data without authorization, according to a report from The Associated Press. The companies say there is no evidence that the consumers' personal data - which includes Social Security numbers, dates of birth and bank account details in some cases - has been used inappropriately. Altogether, the companies have more than 1.8 million gas and electric customers.

However, the companies have already reported the incident to the authorities, hired computer forensics experts and began offering a year of free credit monitoring to those affected, the report said. In addition, they also set up a toll-free help line.

Brian McGinley, senior vice president of data risk management for Identity Theft 911, writes a blog about how companies can better protect customer information and what consumers can do to protect themselves when that data is exposed.

Popular Dating App Hacked for Data

Mon, 23 Jan 2012 00:00:00 -0700

A dating smartphone application in Australia was recently hacked, potentially exposing the personal information for millions of its members.

The company behind the app, known as Grindr, acknowledged that the breach had taken place earlier this month and is attempting to reassure users that an update will be released soon, but it has also offered little in the way of information about the incident, according to a report from PC Magazine's Security Watch. As of November, the app had more than 3 million users in 192 countries, meaning the breach is quite significant.

With Valentine's Day right around the corner, many singles may be increasing the amount of information they share about themselves on these dating sites, but experts say keeping it as limited as possible on these and even standard social networks is always a good idea.

Ondrej Krehel, chief information security officer for Identity Theft 911, maintains a blog about how hackers can access consumers' personal information by attacking social networks and other websites.

Garden Center Possibly Caused Data Breach

Mon, 23 Jan 2012 00:00:00 -0700

Ward's Nursery and Garden Center, a popular shop in Great Barrington, Massachusetts, may be the origin for a data breach that has affected at least several dozen people in the area.

A large number of fraudulent purchases were made earlier this month with credit and debit card data culled from an unknown source, but a bank recently traced them to a potential commonality: the garden center, according to a report from the Berkshire Eagle. The stolen data was used to make bogus purchases in person all over the world, and as many as a few hundred people may have been affected.

"We know it’s one company, based on an analysis of debit and credit card transactions," Charles Troccia, vice president of retail banking and marketing for Pittsfield Co-operative Bank, told the newspaper. "It’s been isolated to one common denominator."

It's believed that the information was stolen over a two-month period ending in mid-January, the report said.

Adam Levin, chairman of Identity Theft 911, writes a blog about the threats consumers face from this type of fraud and what they can do to reduce their risk.

New NYPD Tool Could Violate Privacy

Fri, 20 Jan 2012 00:00:00 -0700

A new technology that allows the New York City Police Department to detect concealed weapons from a distance of 13 feet is being called a privacy concern by civil liberties advocates.

The tool, known as Terra-hertz, detects radiation emitted from the body and can therefore see when things such as concealed weapons block the radiation, according to a report from the television station New York 1. Currently, the system is just being tested, but privacy advocates say it's just a high-tech version of the city's already-controversial random "stop and frisk" policy.

"Do New Yorkers have to worry about a virtual pat-down whenever they’re out on the street?" Donna Lieberman of the New York Civil Liberties Union told the news station.

However, the NYCLU also concedes that such a tool would reduce the number of more invasive physical pat-downs by as much as half a million per year, the report said.

Adam Levin, the chairman for Identity Theft 911, has a blog on which he discusses many consumer issues including ways to protect privacy and guard against identity theft.

FBI Shuts Down File Sharing Site

Fri, 20 Jan 2012 00:00:00 -0700

The popular site Megaupload, which allowed users to upload files of all types and therefore became popular in the file-sharing community, was recently shut down by the U.S. Department of Justice and the FBI.

In addition to seizing the site itself, the government charged seven people connected with running it with operating an international enterprise based on Internet piracy, according to a report from the New York Times. A grand jury indictment accuses the site of causing $500 million in damages to copyright owners and making $175 million through ad sales and premium subscriptions.

Four of the seven people charged have already been arrested in New Zealand, including the site's founder, the report said. In all, 20 search warrants were executed in both the U.S. and eight other countries and roughly $50 million in assets were seized.

Eduard Goodman, chief privacy officer for Identity Theft 911, writes a blog on which he explains the legal issues that can arise for consumers online when they use particular websites that may be connected with illegal activities.

Google Launches New Privacy Ad Campaign

Thu, 19 Jan 2012 00:00:00 -0700

Google, which in recent months has come under scrutiny from the U.S. government for the way it protects consumers' privacy, has now launched an ad campaign designed to make Americans more aware of the ways they can safeguard themselves.

The campaign, which is entitled "Good to Know," is first rolling out in about two dozen magazines and newspapers across the country, as well as in public places, according to a report from the L.A. Times. It is designed to educate consumers about Internet privacy through tips and advice about how to manage the personal data they share online through Google and other websites.

"Given who we are, we have a strong incentive to make the Internet a place that people feel safe to do interesting things," Alma Whitten, Google's director of privacy, told the newspaper.

Eduard Goodman, chief privacy officer for Identity Theft 911, maintains a blog about the issues consumers deal with when posting private information online and gives advice about how to better protect those details.

Colorado ID Theft Ring Broken Up

Thu, 19 Jan 2012 00:00:00 -0700

Police in Colorado Springs, Colorado, have several people connected to a massive identity theft and drug ring that has ripped off 230 people in six different states.

The investigation, which has been ongoing for more than a year, recently led to the arrest of five people, including Lawrence Purtzer, believed to be one of the ring's leaders, according to a report from the Colorado Springs Gazette. Purtzer is being held in El Paso County jail in lieu of $155,000 bail. He is charged with multiple felonies associated with the fraud ring.

One of the other people arrested as part of the bust admitted to forging checks as a means of supporting a $200-a-day drug habit, the report said. In all, investigators have opened 50 cases against more than 25 people who have been identified as participants in the fraud ring.

Adam Levin, chairman of Identity Theft 911, writes a blog about the threats consumers face from fraud and what steps they can take to help protect themselves from being affected by it.

Symantec Reassures Over Reported Data Breach

Wed, 18 Jan 2012 00:00:00 -0700

The online security giant Symantec was recently affected by a massive data breach that allowed hackers to gain access to some proprietary source code for its popular Norton Antivirus program, but the company now says that consumers have little to fear as a result.

While hackers gaining access to the source code for a very popular virus protection program could theoretically be disastrous, Symantec has reassured consumers that the versions of its software which were compromised are several years old, according to a report from Reuters. In addition, it says that the breach, which was only discovered in the last few weeks when the unknown hackers responsible released the code, actually took place in 2006.

In all, the hackers gained access to the source code for the 2006 editions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, Symantec spokesman Cris Paden told the news agency. Currently, it's unclear exactly why the hackers sat on the source code for six years.

Typically, source code is closely protected by the companies that develop it because it could be used by rivals to find out trade secrets, as well as by hackers to find out ways around the security the code provides, and plan attacks that circumvent those protections, the report said. Paden also said that anyone using more up-to-date versions of these virus protection programs will face no threats from the hackers.

"They are protected against any type of cyber attack that might materialize as a result of this code," Paden told the news agency.

Paden did acknowledge that some people using the pcAnywhere software, which grants users remote access to their computers, might face a slightly higher risk for being hacked, but that the company is reaching out to those using it to let them know about the situation and possibly help them increase their protection, the report said.

In addition, Laura DiDio, an analyst with security firm ITIC, told Reuters that some aspects of the 2006 code are likely still in use, and may be used to get around even current versions.

Ondrej Krehel, chief information security officer for Identity Theft 911, writes a blog about the tactics hackers use to gain access to consumer information and what computer users can do to better protect themselves.

Amazon Sued over Zappos Data Breach

Wed, 18 Jan 2012 00:00:00 -0700

Amazon.com, the company that owns popular online shoe retailer Zappos, was recently hit with a class action lawsuit saying it failed to comply with federal consumer credit laws.

The recent Zappos data breach exposed the personal information for more than 24 million customers, and the suit says they are now more vulnerable to phishing attacks from hackers as a result, according to a report from Bloomberg News. The complaint also says that consumers affected by the breach will incur expenses for credit monitoring, suffer emotional distress and lose privacy.

The suit seeks unspecified damages and a court order that would require Amazon to pay for credit monitoring and identity theft insurance, the report said. It was filed in federal court in Louisville, Kentucky, as the breach occurred as a result of a hacking attack on an unprotected computer in nearby Shepherdsville.

Ondrej Krehel, the chief information security for Identity Theft 911, writes a blog about data breaches, hackers and the threats consumers face as a result of these issues.

Cloud App Use Increases Breach Risk

Wed, 18 Jan 2012 00:00:00 -0700

With more businesses adopting cloud computing as a way to store and share data, and more consumers tapping services that allow them to access it, the need for security of these applications is becoming clearer.

Services such as mobile applications that allow users to instant message, stream audio or video and play games use the same web ports that many companies use to store data in the cloud, creating a complicated environment for businesses, according to a report from PC World. Because the same ports are being used for very different reasons, it makes it easier to bypass conventional security standards set up for systems protections.

"It's clear that employees want to use the software and tools that they want to use, and this is making securing corporate data much more difficult than it already is," says Mike Rothman, analyst and president at security research firm Securosis.

Brian McGinley, senior vice president of data risk management for Identity Theft 911, writes about the risks posed by this type of threat and the way they can increase the likelihood of a data breach.

San Francisco Community College Suffers Breach

Tue, 17 Jan 2012 00:00:00 -0700

A community college in San Francisco was recently hit with a data breach that exposed the personal information for more than 100,000 students and employees.

The City College of San Francisco's recent data breach was caused by its computer networks being hit by malware programs that inappropriately transmitted data, though the school is currently unsure of exactly what information was exposed, according to a report from The Associated Press. The school has already begun notifying students, faculty and staff about the breach, but note that no instances of identity theft have been reported as a result of the incident at this point.

"We don't know the extent to which data was captured," John Rizzo, president of the college's Board of Trustees, told the news agency. "We don't know if individuals were affected, if they had data stolen that has affected them. But the potential is there."

Ondrej Krehel, chief executive officer for Identity Theft 911, writes a blog about data breaches and the dangers consumers face when dealing with the fallout from these potentially harmful incidents.

Scammers Target Colorado Seniors' Credit Cards

Tue, 17 Jan 2012 00:00:00 -0700

A major power provider in Colorado is now warning customers that they may be targeted by scammers pretending to be customer service representatives for the company.

Xcel Energy says a bogus company is now contacting senior citizens to say their electricity payments have been received but the check was left unsigned, according to a report from Denver, Colorado, television station KWGN. Consequently, they say, seniors will be required to pay by giving their credit card number over the phone.

Of course, this is all a scam, and those who have been duped by the crooks should contact their credit card issuer as soon as possible to mitigate the damage, as well as their local police department, the report said.

"Investigators have not determined how many customers have been contacted by the bogus company but speculate that seniors may be a primary target because of their propensity to make payments by check," Xcel said, according to the news station.

Adam Levin, chairman for Identity Theft 911, writes regularly about the threats consumers face from phishing scams and other types of identity theft.

Washington HR Manager Charged With Identity Theft

Mon, 16 Jan 2012 00:00:00 -0700

A former human resources manager is being charged with multiple counts of identity theft after allegedly using his position to steal money from other workers' paychecks.

Officials say 44-year-old Don Kelley abused his position as a manager at a seafood company starting in 2008, according to a report from the Skagit Valley Herald.

That year, three temporary employees which had been hired by the company left. However, Kelley manipulated records so that it appeared they were still working, but all of their money was deposited into his own bank account, the news source reports.

He stole nearly $200,000 before the details were uncovered during an audit last year, which led to Kelley's firing. Additionally, the news source reported that authorities found multiple discrepancies in job applications submitted by Kelley, in which he stated he had a doctorate degree and had served in the Coast Guard. Neither was true.

Kelley is set to appear in court by the end of this month.

For further information on information security or data risk management, read the blog maintained by Identity Theft 911 Senior Vice President of Data Risk Management Brian McGinley.

Zappos Customers Hit by Data Breach

Mon, 16 Jan 2012 00:00:00 -0700

The online shopping website Zappos.com is asking all of its customers to reset their passwords after the company was hit by a data breach over the weekend.

In an email to employees, company officials said while full credit card numbers had not been compromised, the cyber thieves may have stolen customers' names, emails, addresses, passwords, phone numbers and the last four digits of their credit cards, IDG News reports.

"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation," CEO Tony Hsieh said in the email.

The company has also shut down its phone customer support since it didn't feel its system could keep up with the volume of potential calls.

Support is still available online or via Twitter, however, international customers are currently unable to access the website. According to the report, Zappos did not respond to inquiries about whether it will provide identity theft protection to its customers.

For regular information on data breaches and their impact, consult the blog of Ondrej Krehel, chief information security officer of Identity Theft 911.