Posts Tagged ‘technology and cyber risk’

Scammers are phishing for tax refunds

W2At least a dozen companies have recently been tricked into sending employees’ W-2 Forms to unknown third parties in response to email requests that appeared to be from others within the corporate network.   The immediate goal of the scammers is apparently to file fraudulent tax returns in the name of the victims and seek large refunds. W-2s contain almost all the information they need.

Tax refund fraud a growth business. The FTC has indicated that it is largely responsible for last year’s dramatic increase (nearly 50%) in complaints of consumer identity fraud.  Scammers seeking fraudulent tax refunds even stole sensitive data of about 330,000 people from the IRS’s own website. Read more…

Autonomous cars on the move

carGoogle reported Monday that it is partly to blame for an accident involving one of its autonomous vehicles hitting a municipal bus in California. This is the first accident that Google has taken blame for in the past six years; there have been 17 minor accidents during that time, however none have held Google at fault.

Driverless cars are fast becoming the trend in the next layer of technology. The Tesla Model S is one of those cars that is fast becoming a known name. The Tesla allows for autonomous driving while the actual driver is in the car to observe. The driver is still responsible and in control, putting the layer of risk back on the driver and not the company, unlike the situation with the Google car. Read more…

Wyndham settlement validates FTC authority in cyber security

laptop_binaryThe very well-known Wyndham Hotel and Resorts data breach is once again in the news. This time the company has agreed to settle with the Federal Trade Commission (FTC). In 2014, the payment card information (PCI) data of thousands of customers was hacked in three separate instances due to poor cyber security. With this settlement, Wyndham has agreed to develop a sophisticated data security program that will protect PCI and other payment methods while also conducting annual audits to ensure the safety of customer information.

According to the FTC’s press release, the hotel chain must institute secure networks so hackers cannot gain access again. In addition, Wyndham is required to perform formal risk assessment procedures with a certified auditor. These two measures have been put in place to minimize the possibility of any future hacks.  Read more…

Wind farms act as an entry point for grid hackers

December 8, 2015 Leave a comment

clean-energy-hackCyber-attacks are often thought of with the association of some large breach such as Target or Anthem. However, hackers are not just targeting credit card information and social security numbers; some are persistently targeting our nation’s infrastructure.

What many people may not know is that grid power control systems are interconnected, via the web. While the grid has various cyber protection mechanisms in place, any vulnerability within a single wind farm’s cybersecurity can serve as a gateway for hackers to systems that control larger portions of the grid. For example, high voltage power lines transfer enormous amounts of power over large distances, making them a prime target for hackers to infiltrate. Read more…

Insurance unicorn cut in half

November 13, 2015 Leave a comment

healthcareMAUnicorns, private, VC-backed firms with valuations over $1 billion had been growing by leaps and bounds this year.  But, now those valuations are under pressure.  The most dramatic of these in insurance is Zenefits, an online health insurance broker.  Press reports today say that Fidelity cut its valuation for Zenefits by 48% from its May round, still a unicorn but a much smaller one at a reported $2.34 billion.  That cannot be making shareholders happy.

The report also says that turnover is high and telephone sales representatives in Arizona are being paid $30,000 per year. No surprise at those low wage levels. Read more…

Safe Harbor exchange between EU and US data deemed invalid

p2pThe European Union’s highest court, the Court of Justice (CJEU), ruled on October 6, 2015 that the EU-US Safe Harbor Agreement is invalid, effective immediately. The agreement was a voluntary self-certification system that permitted over 4,000 eligible U.S. companies to receive the personal data of Europeans if they publicly agreed to treat the data according to the Safe Harbor Principles. After being deemed invalid, however, the agreement no longer provides a basis for transferring personal data from the EU to the U.S.

While data protection advocates praised the court’s decision, industry executives and trade groups claim that it left a lot of uncertainty for companies that rely on access to this data for lucrative businesses such as online advertising. Read more…

Energy cyber concerns are real, report reveals hacks

September 11, 2015 Leave a comment

powergridIt was reported this week that cyber attackers compromised the security of U.S. Department of Energy computer systems over 150 times between 2010 and 2014. The information came from a review of federal records and confirms what many of us have long feared was the case, that the cyber attacks against our energy infrastructure are a reality and could be potentially devastating.

USA Today, with the help of various reporters across the country, obtained access to federal energy records and found that nearly every four days, part of the nation’s power grid is struck by a cyber or physical attack, potentially leaving millions in the dark. The records obtained by USA TODAY through the Freedom of Information Act, confirm the vulnerability of such an attack on our critical energy infrastructure. Read more…