Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Social Security Number. Show all posts
Social Security Number
Data Breach Digital Security Passwords Sensitive data Social Security Number

Why Ignoring Data Breaches Can Be Costly




Data breaches are now more rampant than ever, exposing passwords and payment details to hackers. You could be getting breach alerts that pop up every so often, warning you that your data has been exposed. It's a wake-up call on how rampant the breaches are.

A Persistent Problem 

Data breaches have become part of our online lives. From credit card numbers to social security information, hackers never cease their attempts to access sensitive data. In fact, many breaches are financially driven, and about 95% of cyberattacks aim for money or valuable information. Still, despite all the news every day, companies often do not realise they have been breached until almost six months pass. The average time to discovery is 194 days according to Varonis. Therefore, the attackers have sufficient time to use the information before the companies can even initiate their response.

Rise of Breach Blindness

Over time, exposure to breach after breach has created "breach blindness," as if these alerts do not matter anymore. Since most of the time, nothing immediate happens, it is easy to scroll past breach notifications without thinking twice. This apathy is dangerous. Such a lack of care could mean stolen identities, financial fraud, and no one holding the companies accountable for their inability to protect the data.

When companies lose money as a result of these breaches, the consumer pays for it in the form of higher fees or costs. IBM reports that the worldwide average cost of a data breach is nearly $5 million, a 10% increase from last year. Such a high cost is a burden shared between the consumer and the economy at large.

How to Protect Your Data

Although companies are liable for securing data, there are various measures that can be undertaken personally. The first and most obvious measure is that your account should have a very strong and unique password. Hackers rely on frequently used, weakly protected passwords to bypass most accounts. Changing them with complexity makes it even more challenging for attackers to bypass and get to compromising your data.

It is much important to stay vigilant nowadays with data breaches being as common as a part and parcel of the internet. This breach, little by little, erodes privacy online and security. Stop pretending not to know those prompts; take them as warnings to check on your web security and work on strengthening it if needed. The one thing to do with all this is to keep apprised so as to not be taken in on the hook.




Read more »
USDoD
Data Breach Data Leak DOD Hackers Information Security Sensitive data Social Security Number USA USDoD

Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People

 


A significant data breach has reportedly compromised the personal information of 2.9 billion people, potentially affecting the majority of Americans. A hacking group known as USDoD claims to have stolen this data, which includes highly sensitive information such as Social Security numbers, full names, addresses, dates of birth, and phone numbers. This development has raised alarm due to the vast scope of the breach and the critical nature of the information involved. The breach was first reported by the Los Angeles Times, which revealed that the hacker group is offering the stolen data for sale. 

The breach allegedly stems from National Public Data, a company that collects and stores personal information to facilitate background checks. The company has not formally confirmed the breach but did acknowledge purging its entire database. According to National Public Data, they have deleted all non-public information, although they stopped short of admitting that the data had been compromised. In April, the hacking group USDoD claimed responsibility for the breach, stating that it had obtained the personal information of billions of people. This led to a class-action lawsuit against National Public Data, as victims sought redress for the potential misuse of their sensitive information. 

The lawsuit has intensified scrutiny on the company’s data security practices, particularly given the critical nature of the information it manages. The potential consequences of this breach are severe. The stolen data, which includes Social Security numbers, could be used for a variety of malicious activities, including identity theft, fraud, and other forms of cybercrime. The scale of the breach also highlights the ongoing challenges in safeguarding personal information, particularly when it is collected and stored by third-party companies. As investigations continue, the breach underscores the urgent need for stronger data protection measures. 

Companies that handle sensitive information must ensure that they have robust security protocols in place to prevent such incidents. The breach also raises questions about the transparency and responsibility of organizations when dealing with personal data. In the meantime, consumers and businesses are on high alert, awaiting further developments and the potential fallout from one of the largest data breaches in history. The incident serves as a stark reminder of the risks associated with data storage and the critical importance of cybersecurity.
Read more »
User Security
Data Breach Data Leak Social Security Number US Government User Security

Should Americans Share The Social Security Number? Experts Explain the Pros and Cons

 

The initial Social Security numbers were most likely issued in late 1936, and they were intended to be used solely by the US federal government to manage retirement and disability insurance payouts. However, in the 1960s, the use of Social Security numbers as universal identifiers skyrocketed as government agencies adopted automated data processing in their recordkeeping. 

Today, if you apply for a credit card, buy a property, or even receive a pay cheque, you must provide your Social Security number. It's perhaps the most vital piece of identification you have, yet data breaches are increasingly exposing private numbers. According to the Los Angeles Times, hackers recently hacked background-checking organisation National Public Data, acquiring the personal data of 2.9 billion people, including the Social Security numbers of every citizen in the United States. 

Due to the fact that almost all US citizens and permanent residents possess a Social Security number, cell phone providers, utility companies, and even retail establishments now require these numbers for authentication. They are therefore a very attractive target for identity theft. How can you decide whether to disclose your Social Security number and when not to? We sought advice from the specialists. 

When is sharing my social security number acceptable? 

There are good reasons to share your Social Security number, even though it's crucial to keep it private. "Your phone number is required by any company you apply to for a loan or credit line," stated Paige Hanson, head of cyber safety education at NortonLifeLock, in an interview. 

According to Hanson, this covers banks and credit reporting agencies, but since a phone contract is similar to a line of credit, it might also refer to a cell service provider. 

In addition, your Social Security number will be required for all tax-related transactions, such as your employer filing your income report to the IRS, according to Alan Butler, executive director of the Electronic Privacy Information Centre, a nonprofit organisation dedicated to protecting identity and privacy rights. If you have an investment adviser or are making a $10,000 or larger cash transaction, such as purchasing a home or vehicle, you will have to disclose it. 

When should I not disclose my Social Security number? 

There are numerous situations in which you should not disclose your Social Security number. With the growth of phishing attempts, never share personal information over email or phone.

"If you're not initiating the call, you should never share your personal information," NortonLifeLock's Hanson stated. "Even if it looks like it's coming from a legit company you do business with.” 

Confirming the final four digits of your Social Security number is lowered risk, according to Hanson, because the company already has the data. 

Not everyone asking for your phone number has malicious intentions. "Some businesses just want your code just because it's a faster way to look up your account," Hanson pointed out. 

But that's not a compelling argument for them to have it. Others may want it if they're asking you to sign a contract, such as a gym membership. "It's an easier way to go to a collections agency if they have to," Hanson added. "But there are other ways.” 

Your Social can be requested by employers, but it "absolutely cannot be required to get a job," according to Hanson. Thus, it ought not to appear on a job application. Don't give them your personal information if they won't budge and you feel uneasy doing so. 

Prevention tips 

By the time you reach adulthood, your Social Security number has been placed into so many systems that it is hard to keep completely secure. However, there are methods that consumers can take to better protect their account information. Do not carry your Social Security card in your wallet or pocketbook. Keep it in a safe location at home. Also, instead of throwing away any documents or letters with your phone number, shred them. Also, find out why you're being asked for your social security number. 

You can also secure your Social Security number by "freezing" your credit reports with Transunion, Equifax, and Experian. If someone attempts to use your phone number to open a credit card or obtain a loan, the request for your credit report will be denied. You can freeze your report indefinitely or specify a "thaw" date.
Read more »
Social Security Number
Billion Data Records Cyber Security Cyber Security Cybercrime Cyberhackers Cyberthreats Datasecruity Datathreats Social Security Number

2.7 Billion Data Records Leaked Including Social Security Numbers

 


There has been news about a prominent hacking group that claimed a large amount of sensitive personal information was allegedly stolen from a major data broker about four months ago, but a member of that group has reportedly released most of the information for free on an online marketplace where stolen personal information is sold. 

A breach of sensitive data, including Social Security numbers and other personal information of Americans, could have a transnational impact on identity theft, fraud and other crimes, said Teresa Murray, director of consumer advocacy for the U.S. Public Information Research Group. An online hacking forum has exposed nearly 2.7 billion personal information records belonging to Americans, including names, addresses and even Social Security numbers. 

Information including Social Security numbers was also posted to the forum. This data originated from a company which collected and sold the data for legitimate purposes but in April 2024, it is claimed that the data was stripped and offered for sale by the company. As part of the investigation, it was reported that the information had been stolen from National Public Data by a threat actor called USDoD. 

Using information scraping from public sources, National Public Data compiles individual profiles that are then used to create portfolios of individual properties, which are marketed to consumers. In addition to serving private investigators, the company also provides background checks and criminal record searches to a variety of government agencies and organizations. 

It was reported that the data was scraped by a company called National Public Data, along with names, addresses, and even Social Security numbers, which were retrieved from a database scraping company. Earlier this year, Jericho Pictures Inc., which is an operator of the National Public Data program, played a key role in the court case that occurred in the Southern District of Florida regarding the data. 

As Bloomberg Law reports, plaintiff Christopher Hofmann brought forth a claim against Jericho Pictures over a violation of data privacy and the gross negligence of the company about sensitive and personal information. Hoffman also argues that the method of assembling data that National Public Data uses is not open to the public and, as a result, not approved by the people whose data is being gathered in this way. 

As Jericho Pictures and National Public Data have yet to comment on the massive data breach that affected more than 2.7 billion people, it remains uncertain if they will purge or encrypt their existing data to avoid any further damage to their reputations. A hacker forum in which Fenice is known has been flooded with files obtained from the hacker community, which had been purloined. Fenice's posts were a much more complete version of previous breaches, which he uploaded for free. 

Fenice now lays legal responsibility for the leak of National Public Data's information, however, it is clear that it has been caused by another hacker, SXUL, rather than USDoD, a prominent hacker suspected of leaking information. It is worth noting that when USDoD first acquired the data, it offered to sell it for 3.5 million dollars. 

As per the hacker, the database had been compromised and had contained 2.9 billion records containing information on millions of people in Canada, the United Kingdom, and America. There has been a lot of buzz about USDoD, ever since it was linked to an alleged attempt for $50,000 to be made on InfraGard's user database in December of 2023 by two individuals. As a result, a variety of threats have penetrated the network and released partial copies of the data, with each leak sharing a different number of records and, in some cases, different data types compared to the previous leak. 

An individual identified as "Fenice" on August 6th leaked the most complete version of the stolen National Public Data data free of charge on the Breached hacking forum under the name of Fenice.  The data breach, however, was subjected to another threat actor that Fenice referred to as "SXUL," instead of the US Department of Defense, who was responsible. In addition, this data may have become outdated, having no current address for any of the people checked, so there is a possibility that this data has been taken from an old backup, which would indicate that older data may have been used. 

Jerico Pictures, which is believed to be operating under the name National Public Data, has been sued numerous times for not adequately protecting the personal information of people as a result of the data breach. This data contains a huge number of social security numbers, which means that users should monitor their credit report for any signs of fraudulent activity and report it to the appropriate credit bureau if they find any. 

As previously leaked samples will also contain phone numbers and email addresses, users must remain vigilant against phishing attempts as well as SMS texts that may attempt to get them to provide additional sensitive information through phishing e-mails and SMS texts. Christopher Hofmann, the named plaintiff, reported that on July 24, he was informed by his identity theft protection service provider that his personal information had been compromised. 

According to the notification, the breach occurred as a direct result of the security incident involving the website "nationalpublicdata.com." It was further disclosed that Hofmann's data had been published on the dark web, highlighting the serious nature of the breach and its potential implications for those affected.
Read more »
User Privacy
Data Breach Data Leak GMA Social Security Number U.S. Firm User Privacy

Hackers Siphon 340,000 Social Security Numbers From U.S. Consulting Firm

 

Greylock McKinnon Associates (GMA) has discovered a data breach in which hackers gained access to 341,650 Social Security numbers. 

The data breach was disclosed last week on Friday on Maine's government website, where the state issues data breach notifications. In its data breach warning mailed to impacted individuals, GMA stated that it was targeted by an undisclosed cyberattack in May 2023 and "promptly took steps to mitigate the incident." 

GMA provides economic and litigation support to companies and government agencies in the United States, including the Department of Justice, that are involved in civil action. According to their data breach notification, GMA informed affected individuals that their personal information "was obtained by the U.S. Department of Justice ("DOJ") as part of a civil litigation matter" supported by GMA.

The purpose and target of the DOJ's civil litigation are unknown. A Justice Department representative did not return a request for comment. 

GMA stated that individuals that were notified of the data breach are "not the subject of this investigation or the associated litigation matters," adding that the cyberattack "does not impact your current Medicare benefits or coverage.” 

“We consulted with third-party cybersecurity specialists to assist with our response to the incident, and we notified law enforcement and the DOJ. We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024,” the firm noted. 

GMA notified victims that "your private and Medicare data was likely affected in this incident," which included names, dates of birth, home addresses, some medical and health insurance information, and Medicare claim numbers, including Social Security numbers.

It remains unknown why GMA took nine months to discover the scope of the incident and notify victims. GMA and its outside legal counsel, Linn Freedman of Robinson & Cole LLP, did not immediately respond to a request for comment.
Read more »
Social Security Number
AT&T Data Breach Data Hacking Mobile Numbers ShinyHunters Social Security Number

AT&T Denies Involvement in Massive Data Leak Impacting 71 Million People

 


AT&T has categorically denied any involvement in a significant data breach affecting approximately 71 million individuals. The leaked data, disseminated by a hacker on a cybercrime forum, allegedly originates from a 2021 breach of the company's systems. Despite assertions made by the hacker, known as ShinyHunters, and subsequent releases by another threat actor named MajorNelson, AT&T maintains its position, asserting that the leaked information did not originate from its infrastructure.

While the authenticity of the entire dataset remains unconfirmed, the verification of some entries suggests potential accuracy. This includes personal data that is not readily accessible for scraping, such as names, addresses, mobile phone numbers, encrypted dates of birth, encrypted social security numbers, and other internal details.

Despite refuting claims of a breach within its systems, AT&T has not provided definitive evidence to support its stance. Speculation persists regarding the involvement of third-party service providers or vendors, with AT&T yet to respond to inquiries seeking clarification on this matter.

While the leaked data purportedly includes sensitive personal information, such as social security numbers and dates of birth, decryption efforts by threat actors have rendered this data accessible. However, the precise origin of the leaked information remains elusive, fueling speculation and concern among affected individuals and cybersecurity experts alike.

For individuals who were AT&T customers before and during 2021, caution is advised, as the leaked data could potentially be exploited in various forms of targeted attacks, including SMS and email phishing, as well as SIM swapping schemes. Users are urged to exercise heightened caution and verify the authenticity of any communications purportedly from AT&T, refraining from disclosing sensitive information without direct confirmation from the company.

As investigations into the origins of the leaked data continue, the implications for affected individuals underscore the importance of robust cybersecurity measures and heightened awareness of potential threats. The incident serves as a telling marker of the ever-present risks associated with the digital realm and the imperative for proactive measures to safeguard personal information.

While AT&T denies any involvement in the data leak, concerns regarding the security and privacy of affected individuals persist. The unprecedented nature of cyber threats necessitates ongoing vigilance and collaborative efforts to combat risks and ensure the protection of personal data in an increasingly interconnected world.


Read more »
Social Security Number
Cyber Security Data data security Investigation IRS Safety Social Security Number

The IRS is Deploying Four Investigators Across the Globe to Combat Cybercrime

 


Starting this summer, the Internal Revenue Service (IRS) intends to dispatch four cybercrime investigators to Australia, Singapore, Colombia, and Germany. These four new jobs indicate a major boost in the IRS's global efforts to combat cybercrime, such as cryptocurrency, decentralized finance, and bitcoin laundering services. 

In recent years, IRS-CI agents have played a key role in investigating crimes on the dark web as part of landmark international operations such as the shutdown of the drug and hacking services marketplace AlphaBay and the arrest of its administrator, the bust of the internet's largest child abuse website, and the takedown of a marketplace for stolen Social Security numbers, among others.

Until now, the IRS has only one cyber investigator abroad, in The Hague, Netherlands, who has been mostly working with Europol since 2021. Guy Ficco, the IRS's executive director for worldwide operations policy and IRS-CI support, initially mentioned the expansion during a panel discussion at the Chainalysis Links conference on April 4.

“Starting really now we’re going to be piloting for additional posts, putting dedicated cyber attaches in Bogota, Colombia, in Frankfurt, Germany, in Singapore, and in Sydney, Australia,” Ficco said. “I think the benefits have been — at least with the Hague and with Europol posts — have been very tangible.”

In an email, IRS spokesperson Carissa Cutrell explained that the four new positions are part of a pilot program that will run for 120 days, from June to September 2023, and are designed "to help combat the use of cryptocurrency, decentralized finance, and mixing services in international financial and tax crimes." Following the 120-day pilot program, the IRS will decide whether to keep the agents in the new countries.

“Success will hinge on the attachés’ ability to work cooperatively and train our foreign law enforcement counterparts, and build leads for criminal investigations,” Cutrell said.

According to Chris Janczewski, a special agent in the IRS-CI Cyber Crimes Unit, expanding the IRS's presence abroad is crucial to expediting foreign investigations.

“The U.S.-based case agent can’t always travel to coordinate with foreign partners on investigative needs and the cyber attaché has to act as the proxy for the case agent,” Janczewski told TechCrunch in an email. “Their expertise on knowing what questions to ask, what evidence can reasonably be obtained, and the impact of any cultural or legal implications.”

Janczewski handled the investigation of the largest dark web child abuse site, Welcome to Video. He is presently the worldwide investigations director of TRM Labs, a blockchain intelligence firm. He explained that depending on the countries with whom the IRS is dealing, there may be different legal methods to gather evidence, "but often informal information in real-time is needed in fast-moving investigations."

“In these situations, it comes down to professional relationships, knowing who to call and what to say,” he said.

Aside from the five cyber investigators, the IRS maintains 11 attaché locations around the world, including Mexico, Canada, Colombia, Panama, Barbados, China, Germany, the Netherlands, the United Kingdom, Australia, and the UAE.

“These partnerships give CI the ability to develop leads for domestic and international investigations with an international nexus. In addition, attachés provide support and direction for investigations with international issues, foreign witnesses, foreign evidence, or execution of sensitive investigative activities in collaboration with our international partners,” the IRS-CI wrote in its 2022 annual report. “Attachés also help uncover emerging schemes perpetrated by promoters, professional enablers, and financial institutions. These entities facilitate tax evasion of federal tax obligations by U.S. taxpayers, as well as other financial crimes.”

Read more »
User Privacy
Data Breach Hackers Social Security Number Unauthorized User Privacy

Data Exposed at County of Tehama, Here's All You Need to Know

As per the announcement made by the County of Tehama in California, a data security breach that allowed unauthorized access to files on its systems was handled. 

The County of Tehama started mailing to individuals whose data may have been linked to the event on November 17, 2022. The County of Tehama is giving free credit monitoring and identity theft prevention services to anybody whose Social Security numbers or driver's licence numbers were involved.

In addition, the organisation opened an investigation and alerted law authorities. After conducting an investigation, the County of Tehama came to the conclusion that between November 18, 2021, and April 9, 2022, an unauthorised person had gained access to its IT network.

Further findings from the inquiry revealed that the unauthorised user had accessed files on the County of Tehama Department of Social Services' computer systems.

A special, toll-free incident response line has also been set up by the County of Tehama to address any queries people may have. Call 855-926-1376 between 6:00 a.m. and 3:30 p.m., Pacific Time, Monday through Friday if anyone has any questions about this incident or thinks their information may have been compromised.

The County of Tehama advises those whose information may have been compromised to stay alert to the danger of fraud by examining their financial account statements and promptly informing their financial institution of any suspicious activity.
 
 
Read more »
Subscribe to: Posts (Atom)