Technology Law Source : Technology Lawyers & Attorneys for Patents, Trademarks & Copyright Issues in Ohio, Washington DC, Florida

This week, the Identity Theft Resource Center released its 2010 data breach statistics report for data breaches through June 22, 2010. According to this weekly report, 2010 has already seen 325 reported data breaches exposing approximately 8.3 million records. Considering that the 2009 report shows 498 reported data breaches for all of last year, it looks like 2010 will see an increase in overall data breaches.

Companies collecting personal information should take proactive measures to avoid data breaches. Proactive measures include maintaining an up-to-date security policy, safeguarding sensitive data, encrypting data, turning on and monitoring system logs, and restricting access to only those who need it. (See our previous post for an example of why security implementations should be kept up to date.)

It is also important to have a preemptive response plan in place to deal with a data breach should one occur. A response plan should include means of investigating the data breach, notifying those whose records or information are potentially affected, addressing legal concerns, addressing public relations concerns, making other required notifications (such as those described here), and ensuring the data breach is not ongoing or recurring.

• Email This
• Print
• Share Link

Is your phone ringing off the hook? Then you’d better check your bank account. According to the Federal Bureau of Investigation, a new “telephone denial-of-service” attack is combining high-tech and low-tech fraud techniques to steal money from the bank accounts of unsuspecting victims.

As reported in the alert issued by the FBI, the scam begins with the suspect obtaining a victim’s personal and banking information, perhaps including bank account numbers, PINs, and passwords. Scammer can obtain a victim’s personal and banking information in a variety of ways, such as through phishing emails, social engineering tactics, or malware surreptitiously installed on a person’s computer.

Once the scammers have the victim’s personal information, they begin tying up the victim’s telephone line by using automated resources to place hundreds or thousands of calls to the victim’s telephone, not unlike a Distributed Denial of Service attack aimed at a computer network that overwhelms a computer with requests for information resulting in a slowing or failure of the network.

While the victim is busy dealing with the onslaught of telephone calls, the scammers quickly drain the victim’s bank account using the previously obtained personal and banking information to gain access to the account. If the banking institution calls its customer to verify the transactions they find the victim’s telephone line to be busy. In some cases, scammers are brazen enough to change a victim’s contact information listed with the bank. As a result, calls from a bank to verify fraudulent transactions are redirected to the scammers. According to the FBI, “[b]y the time the victim or the financial institution realize what happens, it’s too late.”

Although the FBI did not disclose how much money it believes to have been stolen in this matter, it highlighted the case of a Florida dentist who lost $400,000 from his retirement account through such a scam. Based on the Bureau’s alert, it appears that such crimes will continue to increase in frequency.

Ultimately, the telephone calls serve as a diversion to occupy the victim and a barrier to prevent a bank from verifying the authenticity of fraudulent transactions. If you believe you have been targeted in such a scam, or if you believe you have been the victim of any other online fraud, visit the Internet Crime Complaint Center for resources and guidance.

• Email This
• Print
• Trackbacks
• Share Link