Remember when it seemed like every day we were reading about ID theft and tax refund fraud schemes involving rogue employees of tax preparation firms? Yeah, well it’s still a thing. Here’s a story about a former rogue employee at Jackson Hewitt in McKinney, Texas. If you or someone you know may have used that…
Category: Commentaries and Analyses
Is your airline’s e-ticketing system putting your data at risk?
Liarna LaPorta of Wandera reports: Wandera’s threat research team has discovered a vulnerability affecting a number of airline e-ticketing systems that can expose passengers’ personally identifiable information (PII). This vulnerability can expose passenger data by using links that are easily intercepted by hackers. The intercepted and unencrypted links enable unauthorized third parties to view, and…
Schools Suffered at Least 122 Cybersecurity Incidents Last Year
Benjamin Herrold reports: The nation’s K-12 schools experienced 122 publicly reported cybersecurity incidents in 2018, more than half of which were caused or carried out by staff or students, and nearly 60 percent resulted in students’ personal data being compromised. And that’s likely just the tip of the iceberg, according to a report released Thursday by…
Cybersecurity for small business: Email authentication
Andrew Smith, Director, FTC Bureau of Consumer Protection, writes: As a business person, you know about phishing, of course. At first glance, the email looks like it comes from a recognized company, complete with a familiar logo, slogan, and URL. But it’s really from a cyber crook trying to con consumers out of account numbers,…
Stolen Credit Card Data from City Parking Systems Sold on the Dark Web
Bruno reports: The hackers of the city parking fine system in Saint John, Canada have been selling sensitive data on the dark web for over a year. The security breach in the system was not spotted for 15 months after the initial attack, which ultimately allowed the hackers to gain personal information and credit card…
Insurance Data Security Model Law Picks Up Steam
Andreas Kaltsounis and Shea M. Leitch of BakerHostetler write: Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance…