Archive

Posts Tagged ‘data breach’

Scammers are phishing for tax refunds

W2At least a dozen companies have recently been tricked into sending employees’ W-2 Forms to unknown third parties in response to email requests that appeared to be from others within the corporate network.   The immediate goal of the scammers is apparently to file fraudulent tax returns in the name of the victims and seek large refunds. W-2s contain almost all the information they need.

Tax refund fraud a growth business. The FTC has indicated that it is largely responsible for last year’s dramatic increase (nearly 50%) in complaints of consumer identity fraud.  Scammers seeking fraudulent tax refunds even stole sensitive data of about 330,000 people from the IRS’s own website. Read more…

Life science companies face increased risk of cyber exposure

November 3, 2015 Leave a comment

life_sci

Cyber hackers frequently target life sciences companies due to the amount of sensitive data that they possess. Vulnerabilities within the industry often include outsourcing information technology services, limited data storage protection, and inadequate IT policies and procedures. A PwC survey was recently conducted and revealed that almost 50 percent of pharmaceutical and life science organizations have experienced a security breach in the past year; and the biggest threats to these two industries are sophisticated viruses such as Advanced Persistent Threats (APTs) and malware exploits. Read more…

Concerns after hackers target corporate data to commit securities fraud

August 25, 2015 Leave a comment

stock_arrowsOn Wednesday August 12, both The Wall Street Journal and New York Times reported on what most believe is the first case in which hackers used stolen corporate data to initiate securities fraud in conjunction with stock traders. More troubling are concerns that it’s likely just the tip of the iceberg, and that it came from a five-year long “unholy global alliance” between overseas hackers and U.S. based traders.

As Paul Fishman, the U.S. District Attorney for New Jersey notes, “This is the intersection of hacking and securities fraud. The hackers were relentless and patient.” It’s estimated that 32 traders and hackers took in over $100M in illegal proceeds via this highly sophisticated and bold scheme. Those involved gained a big advantage over others in the stock market by securing access to news releases, then trading on their information before they hit the wires.  Read more…

Marital affair website demonstrates new dimensions of personal data risk

man_computerCyber risk for most organizations has a focus on the personal data of customers.  Primarily this means social security numbers, date of birth, address, credit card numbers and the like.  All of that is bad enough when lost in connection with a data breach, but companies must now also be aware of growing threats of cyber extortion schemes.

The recent announcement that Ashley Madison, the marital-affair-promoting website, has been hacked and subject to extortion takes these problems to a new level.  Disapproving hackers have told Ashley Madison to shut down the site or the extortionists will release customer data.  Reports say that despite Ashley Madison’s policy that private data can be scrubbed from the site for $19, the data is still available to hackers.  The motives of the hackers are still unclear, but what is unusual is that it is not a demand for money. Read more…

The New York Stock Exchange network crash — a false sense of (cyber) security?

stocksMost people were relieved when investigators determined that the recent electronic disruptions at the New York Stock Exchange and United Airlines were caused by internal glitches and not by hackers. The NYSE system crash, caused by a faulty software upgrade, and the United Airlines outage, caused by a faulty router, received great attention as pictures of (and tweets by) idle traders and travelers appeared seemingly everywhere.

Because they involved computers and networks, these outages were discussed by the media with the vocabulary normally used to describe “cyber” events. That’s not surprising, given the initial fear that the NYSE crash in particular was caused by hacking. Read more…

Report cites criminal attacks as primary cause of healthcare data breaches

healthbreachIn the fifth annual Ponemon Institute privacy and security report, cyber attacks were listed as the top cause of healthcare breaches. Officials studied privacy and security trends for healthcare covered entities and their business associates. Over the course of the five years Ponemon has been publishing its annual breach report, criminal activity has grown 125 percent. Officials at the institute discovered 69 percent of healthcare organizations uncovered the breach via an audit or assessment. Forty four percent were discovered by an employee, while another 30 percent were found after a patient complained.

Ponemon stated, “Historically, the main cause of the data breach was the negligence or incompetence or system glitches within the organization, not necessarily criminal activity. This year, criminal activity was the number one cause.” Forty-five percent of respondents in the report claimed criminal attacks were directly responsible for Read more…

Significant data breach hits Partners HealthCare

health_passwordPartners HealthCare, a non-profit health care organization which includes Brigham and Women’s Hospital, Massachusetts General Hospital, North Shore Medical Center, and Newton-Wellesley Hospital, released a statement that it suffered a major data breach after a group of employees received phishing emails on November 25, 2014. Phishing scams usually strike in the form of fraudulent email messages that direct people to a website infected with malware in an attempt to obtain private information such as passwords and credit card numbers. The hackers gained unauthorized access to the email accounts of employees within the Partners HealthCare network. Read more…