Data Breach Incidents: Don't assume a breach has happened before an investigation has been done
August 2007
University Business
By Alan Brill and Jim Leonard
Summary: While reports of university network hacking are becoming more prevalent, the reality is not always what it seems. In the past year, a number of schools have determined that hacker-related incidents they thought had happened in fact had not. What follows is one such incident, a cautionary tale that ultimately saved untold time and expense.
http://www.universitybusiness.com/viewarticle.aspx?articleid=836
Botnets and Hackers and Spam (Oh, My!)
June 2007
OnGuard Online
Summary: Hackers and spammers find a way to invade computers secretly and hide software to get access to the information on your computer, including your email program. Once on your computer, they can spy on your Internet surfing, steal your personal information, and use your computer to send spam to other computers without your knowledge. Computers that are taken over this way are referred to as “botnets”. There are ways to help reduce your risk of becoming part of a bot, including limiting access into your computer. This article provides ways to help you secure your computer.
http://onguardonline.gov/docs/onguardonline_botnet.pdf
Keeping Laptops from Getting Lost or Stolen
June 2007
OnGuard Online
Summary: You may have taken steps to secure the data on your laptop, but what about the laptop itself? A minor distraction is all it takes for your laptop to disappear. If it does, you may lose more than just an expensive piece of equipment. If your data protections are not quite secure enough, you could be subject to identity theft. OnGuard Online suggest tips to keep in mind when taking your laptop out and about.
http://onguardonline.gov/docs/onguardonline_laptopsecurity.pdf
Recommended Practices on Notice of Security Breach Involving Personal Information
February 2007
California Office of Privacy Protection
Summary: Identity theft has been called the crime of the 21st century, favored, according to law enforcement, for its low risks and high rewards. Not only do identity theft victims have to spend money out of their pocket to clear up their records, but they also must devote their time to doing so. Precisely how most identity theft occurs and the role of information security breaches is not clear. One academic study found that in over half of the crimes, insiders in organizations were involved. This article outlines recommendations that can serve as guidelines for organizations, to assist them in providing timely and helpful information to individuals whose personal information has been compromised while in the organization’s care.
http://www.privacyprotection.ca.gov/recommendations/secbreach.pdf
Data Security Breaches: Context and Incident Summaries
January 29, 2007
CRS Report for Congress, CRS Web
Summary: Personal data security breaches are being reported with increasing regularity. During the past few years, there have been numerous examples of hackers breaking into corporate, government, academic, and personal computers and compromising computer systems or stealing personal data, as well as medical and student records. These breaches occur not only because of illegal or fraudulent attacks by computer hackers, but often because of careless business practices, such as lost or stolen laptop computers, or the inadvertent posting of personal data on public websites. A recent infamous example occurred in May 2006, when a Veterans Affairs data analyst took home a laptop computer containing personal data of 26.5 million veterans, which was later stolen in a burglary. This report catalogs the U.S. data breaches recorded between 2000-2007 in the following industries: financial services, education, healthcare, government and other business areas.
http://www.fas.org/sgp/crs/misc/RL33199.pdf
Phishing Exposed
by Sunbelt Software
WHITE PAPER: Posted: 29 Sep 2006 | Published: 01 Sep 2006
SUMMARY: Phishing and information security expert Lance James exposes the world of undercover phishing operations in this white paper. Learn about the sophisticated techniques used by phishers and how to protect your data from phishing attacks.
http://wp.bitpipe.com/resource/...
Remarks of Chairman Deborah Platt Majoras
Prepared by the Federal Trade Commission
September 20, 2006
http://www.ftc.gov/speeches/majoras/060920exchequerclub.pdf
Identity Theft Task Force Announces Interim Recommendations
US Federal Trade Commission; September 19, 2006
WHITE PAPER: Recommendations for government policies and goals with respect to id theft and data security breaches.
http://www.ftc.gov/opa/2006/09/idtheft.htm
The Red Flags Rule, Project No. R611019
California Credit Union League
Response to the Interim Recommendations issued by the FTC
September 18, 2006
http://www.ftc.gov/os/comments/redflags/523455-00025.pdf
Internet Data Brokers and Pretexting: Who has Access to Your Private Records?
Presented before the House Committee on Energy and Commerce subcommittee on Oversight and Investigations by the Federal Trade Commission
September 6, 2006
http://www.ftc.gov/os/2006/09/P065409internetdatabrokers09292006.pdf
Secure the Trust of Your Brand: Assessing the Security Mindset of Consumers
byCMO Council
WHITE PAPER: Posted: 16 Aug 2006 | Published: 01 Aug 2006
SUMMARY: Consumers' concerns are rising throughout the U.S. and Europe, enough to have a major impact on consumer loyalty and business relationships, according to the "Secure the Trust of Your Brand" consumer study.
http://wp.bitpipe.com/resource/org_1087482373_918/...
Protecting Your Assets: The Impact of Security Violations in the Global Financial Services Industry
byEMC Corporation
WHITE PAPER: Posted: 31 Jul 2006 | Published: 01 Apr 2006
SUMMARY: This Financial Insights white paper, sponsored by EMC in June 2006, provides high-level insights on ensuring the security of financial services organizations.
http://www.bitpipe.com/detail/RES/1154349684_158.html
Vets: Delete Unsolicited Offers by Email; Don’t Disclose Personal Information to
Unsolicited Callers
FTC Consumer Alert
Federal Trade Commission
June 5, 2006
Written in response to the data breach that occurred at the Department of Veterans’ Affairs
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt166.htm
How Companies - and Consumers - Can Protect Themselves
by Alan Brill and Troy Allen
WHITE PAPER: Identity theft has become one of the fastest-growing white collar crimes in the world-it is a problem that nobody can afford to ignore. While there are no absolute solutions, there are many well-documented methods to reduce risk and handle incidents effectively. For every company, the risks will be slightly different. But with preparation, planning, and the recognition that a wide range of skill sets are needed to thwart this crime, any company can meet the challenge.
http://www.krollfraudsolutions.com/pdf/Kroll_Brill2006.pdf
Phishing: 21st-Century Organized Crime
byCipherTrust, Inc.
WHITE PAPER: Posted: 06 Feb 2006 | Published: 01 Jan 2005
SUMMARY: Phishing is on the rise! Learn the scope of the phishing problem and the process by which the information harvested in phishing attacks is passed from one cybercriminal to the next.
http://www.bitpipe.com/detail/RES/1139250181_327.html
How Not to Get Hooked by a “Phishing” Scam
September 2005
OnGuard Online
Summary: When internet fraudsters send spam or pop-up messages to lure personal information from unsuspecting victims, it is referred to as “phishing”. According to OnGuard Online, phishers send emails or pop-up messages claiming to be from a business or organization that you may deal with. The messages may ask you to “update”, “validate”, or “confirm” your account information, and some emails may threaten a consequence if you don’t respond. This article offers tips to help you avoid getting hooked by a phishing scam.
http://onguardonline.gov/docs/onguardonline_phishing.pdf
Data Breaches and ID Theft
Prepared by the Federal Trade Commission
June 16, 2005
Senate Committee on Commerce, Science, and Transportation
http://www.ftc.gov/os/2005/06/050616databreaches.pdf
Online Banking Authentication and Fraud Detection A Vendor Comparison
Submitted by: RSA (The Security Division of the EMC)
https://rsasecurity1.rsc03.net/servlet/...
The Impact of Strong Authentication on Usability: Keys to Positive Online User Experience for Financial Institutions Utilizing the Web
Submitted by: RSA (The Security Division of the EMC)
https://rsasecurity1.rsc03.net/servlet/...
Fast Facts
We have compiled data from eight well-respected organizations that speak to the scope of identity theft and the cost incurred by organizations and consumers dealing with the aftermath.
Your Identity Is Your Business. Protecting It Is Ours.
