I’ve had dozens of media requests for interviews and countless more email inquiries from people concerned about the Target data breach. At first, everyone just wanted to know details of how it happened, how big the breach was, and what they should do about it if their credit cards were at risk. Now that the initial shock of it is over, we are on to a bigger question:
How do we keep breach from negatively affecting so many Americans?
Breach will always happen. If it’s digital, it’s hackable. It’s coming to light that the Target breach may have been due to the computer access an HVAC WORKER (no, not an entire company, an individual WORKER) had to Target’s systems. While there is no guaranteed way of preventing fraud, there is a pretty reliable answer out there, and it’s been around for decades. That answer is for the US to finally catch up to more than 80 countries around the world and start using chip and PIN enabled credit cards, also known as EMV, smart cards, or microchip cards.
It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
Do you ever delete the words you type on Facebook before you hit post?
Have you ever started to type a status update that you thought was hilarious…until you realized your boss might not appreciate your 8th-grade humor? So what’d you do? You quickly hit the delete key and watched your comment disappear forever, right? Not exactly.
What if you are ready to make a snarky comment to Greg, the upperclass jerk who stole your high school girlfriend (and is about to get a divorce, ha ha), but decide to take the high road just before hitting the “post” button and instead, wish him well on his pending journey of love (despite the fact that it’s bound to fail)?
No harm done, right? You never hit the post button, so no one ever saw it! Well, it turns out that’s not quite how it works in Facebook Land.
I got my start as an identity theft speaker. I write and speak on the importance of being vigilant about protecting yourself from identity theft and online fraud from many angles: the stress of trying to reestablish your credibility, rebuilding relationships, regaining control of your personal information, perhaps even fighting to stay out of jail as I had to do. So while I’m an identity theft speaker, my motivation is always completely human. We as humans make flawed decisions about how we fail to prepare for things like identity theft. We as humans are the ones that make the difference in fighting this crime. As it turns out, our wealth is at risk.
If you are one of the 40 million customers who have used a credit or debit card at Target stores in the United States between November 27 and December 15, you’d better start checking your accounts for fraudulent activity. Target confirmed that the data stored on the magnetic strip of cards (customer names, debit or credit card numbers, and card expiration dates) were taken, along with the three-digit security codes (CVVs) often imprinted on the backs of cards.
The type of data stolen would allow thieves to create counterfeit credit cards and, if pin numbers were intercepted, would also allow thieves to withdraw cash from ATM machines. Only in store purchases are at risk, so online shoppers need not worry.
Target spokeswoman Molly Snyder would not comment on how customers’ data were stored or encrypted prior to the attack, saying that would be part of the ongoing investigation. Target immediately notified law enforcement authorities and financial institutions, and the issue is being investigated by the Secret Service and a third-party forensics firm.
As you head into the holiday season, one of the best steps you can take to protect your bank account is to eliminate the use of your debit card. While delivering a keynote speech in Washington DC last week, someone asked me if I could name ten times when you should NOT use a debit card. I replied, “It’s a trick question because the answer is NEVER!” I seriously do feel that way, but I know there are people who either need to or prefer to use a debit card rather than a credit card or cash, so I want you to be informed about how to use it wisely.
Anthony Weiner is notorious for a gaffe made on Twitter, but will his online reputation recover?
I’m sure everyone remembers the infamous 2011 incident when Representative Weiner became something of a national punchline for lewd tweets that revealed his “private data,” so to speak.
Or do we remember?
At the time, Weiner’s indiscretions left him a laughingstock and a near-disgrace in one fell swoop. Now, as he ramps up a possible New York City mayoral campaign, he’s returned to the same social platform that almost cost him his political career. Is it possible that we will forget and forgive so soon?
A natural byproduct of our 140-character driven world is that everything is always old news. By the time the next tweet or Facebook post appears, we have forgotten the last one. Our online reputation, on the other hand, never disappears. And at some point, we will again value character in our public figures – making digital reputation a permanent, if often inaccurate, representation of that character.
Online reputation services have a special responsibility to keep clients safe. How can you protect yourself when the very company you rely on is breached?
Would you trust a site with your personal information after it suffered a breach? What if that site’s sole purpose is to protect your reputation?
Reputation.com helps its members maintain a reputable online profile, but the site’s own profile was damaged by a recent data breach that led to the exposure of customer information. Although no Social Security numbers or financial information was lost, names, email addresses, and physical addresses were exposed. It’s been reported that some dates of birth, phone numbers, and occupational information were also lost. A “small minority” of customer accounts had hashed and salted passwords stolen.
‘Hashing’ passwords is the process of using algorithms to change customers’ passwords to a unique data string. The ‘salt’ adds more characters to produce a unique data fingerprint. The company has notified all customers of the breach and reset passwords to protect them. But Reputation.com is not alone in being hacked recently. LivingSocial, a daily-deal website, was breached, affecting 50 million customers.
Maintaining our online reputation is important to us and the internet, social media and mobile technology are great tools that give us a competitive advantage. However, we cannot ever take our online privacy for granted. Three tips to keep you ahead of identity theft are:
Use a password protection program that makes it easy to use highly-encrypted passwords
Get monthly strategies and tips for protecting yourself and your business delivered right to your Inbox. Signup now and you'll immediately receive John's 7 Survival Strategies for Starving Data Spies!