Brand and business reputation suffer following a data breach. A recently released survey puts some numbers to the losses and shows just how much that damage can be, with breach of customer data being the most costly. The study, independently conducted Ponemon Institute LLC and sponsored by Experian® Data Breach Resolution, is believed to be the first study to compare the impact of the loss of confidential customer or employee information and sensitive business information with loss of brand and business reputation.Continue Reading...
Please join us for this informative series focused on the technical, enforcement, and practical aspects of experiencing and responding to a data security incident. For the complete invitation and details on registration please click here.
IDENTITY THEFT, CORPORATE DATA SECURITY BREACHES AND LAW
ENFORCEMENT: SHOULD I CALL THE COPS?
Learn How to Effectively Utilize Law Enforcement and Private Security Resources to
Protect Yourself and Your Business From Computer Criminals
January 20, 2011
11:30 a.m. - 1:30 p.m. Lunch will be provided
Capital Club - 41 South High Street, 7th Floor
Trends in Identity Theft
What Can Lead to a Data Breach
Identity Theft Investigations
Is your phone ringing off the hook? Then you’d better check your bank account. According to the Federal Bureau of Investigation, a new “telephone denial-of-service” attack is combining high-tech and low-tech fraud techniques to steal money from the bank accounts of unsuspecting victims.
As reported in the alert issued by the FBI, the scam begins with the suspect obtaining a victim’s personal and banking information, perhaps including bank account numbers, PINs, and passwords. Scammer can obtain a victim’s personal and banking information in a variety of ways, such as through phishing emails, social engineering tactics, or malware surreptitiously installed on a person’s computer.
Once the scammers have the victim’s personal information, they begin tying up the victim’s telephone line by using automated resources to place hundreds or thousands of calls to the victim’s telephone, not unlike a Distributed Denial of Service attack aimed at a computer network that overwhelms a computer with requests for information resulting in a slowing or failure of the network.
While the victim is busy dealing with the onslaught of telephone calls, the scammers quickly drain the victim’s bank account using the previously obtained personal and banking information to gain access to the account. If the banking institution calls its customer to verify the transactions they find the victim’s telephone line to be busy. In some cases, scammers are brazen enough to change a victim’s contact information listed with the bank. As a result, calls from a bank to verify fraudulent transactions are redirected to the scammers. According to the FBI, “[b]y the time the victim or the financial institution realize what happens, it’s too late.”
Although the FBI did not disclose how much money it believes to have been stolen in this matter, it highlighted the case of a Florida dentist who lost $400,000 from his retirement account through such a scam. Based on the Bureau’s alert, it appears that such crimes will continue to increase in frequency.
Ultimately, the telephone calls serve as a diversion to occupy the victim and a barrier to prevent a bank from verifying the authenticity of fraudulent transactions. If you believe you have been targeted in such a scam, or if you believe you have been the victim of any other online fraud, visit the Internet Crime Complaint Center for resources and guidance.
In January 2008, the Davidson Companies, a financial services holding company, announced that a database containing current and past customer records had been hacked during a SQL injection attack. On April 14, 2010—more than two years after the network intrusion—the Financial Industry Regulatory Authority (FINRA) fined the company $375,000 for the breach.Continue Reading...
According to an FTC press release on March 3, 2010 and as reported in various media outlet reports, like this one from The New York Times, LifeLock, Inc., an identity theft protection company, has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services.
The FTC claims and state attorneys general actions appear to have been centered around LifeLock's representations that its protections against identity theft were complete, absolute, and guaranteed. FTC Chairman Jon Leibowitz noted in the FTC’s press release,
"While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it."