Cybercrimes and data breaches make personal info vulnerable

Beware of online scam artists

Merdies Hayes | 8/23/2019, midnight
In our fast-paced, online-obsessed world, it may be easy to forget how...

In our fast-paced, online-obsessed world, it may be easy to forget how simple it is to have your private information exposed to nefarious purposes. A common worry among consumers these days is the threat of a data breach which could result in financial havoc and years of personal turmoil if your private information is exposed for the world to see and exploit.

A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion. Data breaches may involve personal health information, personally identifiable information, trade secrets or intellectual property.

Common data breach exposures include—but are not limited to—personal information such as credit card numbers, Social Security numbers and healthcare histories, as well as corporate information (e.g. customer lists, manufacturing processes and software source codes). Data breaches can be particularly harmful to business because if anyone who is not specifically authorized to view sensitive information disseminates such classified details, the organization charged with protecting that data could easily lose millions—or billions—of dollars.

Exploiting weak passwords

Data breaches can be brought about by weak passwords, missing software patches that are exploited, or the most common occurrence among the public, a lost or stolen laptop computer or mobile device. As well, users connecting to rogue wireless networks that capture log-in credentials or other sensitive information in transit can also lead to unauthorized exposures.

While hackers and cybercriminals often cause data breaches, there are also incidents where enterprises or government agencies may inadvertently expose sensitive or confidential data on the internet. These are commonly called “accidental data breaches” usually involving organizations misconfiguring cloud services, or failing to implement the proper “access controls” such as password requirements for what are termed “public-facing” web services or applications.

In May, Rep. Elijah Cummings (D-Baltimore) introduced H.R. 2545, also known as the Data Breach Prevention and Compensation Act of 2019. The bill was written to help create an Office of Cybersecurity at the Federal Trade Commission for supervision of data security at consumer reporting agencies. It would also establish standards for effective cybersecurity at these consumer reporting agencies, and impose penalties on credit reporting agencies for cybersecurity breaches that put sensitive consumer data at risk. A similar bill, S.1336, was introduced in May by Sen. Elizabeth Warren (D-Massachusetts).

Use commonsense security practices

There really is no definitive security product or control that can prevent a data breach. The most reasonable means for preventing data breaches involve commonsense security practices. This includes well-known security basics, such as conducting ongoing vulnerability and penetration testing, applying proven malware protection, using strong passwords/passphrases, and consistently applying the necessary software patches on all systems. A “patch” is a piece of software designed to update a computer program—or its supporting data—to fix or improve it.

Most data breaches occur in the banking industry, followed by the healthcare sector and the public sector. A report this year issued by Verizon Data Breach Investigations found that incidents reported from Nov. 1, 2017 through Oct. 31, 2018 revealed that the financial industry was hit with 927 incidents of which 207 were confirmed cases of data disclosure. In healthcare—where most of the breaches were attributed to internal factors—466 incidents were reported with 304 confirmed cases of data disclosure. In the public sector—where a reported 79 percent of breaches were blamed on state-affiliated “bad actors” (basically foreign government spies)—there were 23,399 incidents of which 300 were determined to be confirmed data breaches.

About five years ago, Sony Pictures Entertainment’s corporate network was shut down when so called “threat actors” that had previously breached the company executed malware that disabled workstations and servers. A hacker group known as Guardians of Peace claimed responsibility for the data breach. The group leaked unreleased films that had been shown from Sony’s network, as well as confidential emails from company executives.

U.S. government offices breached

In 2015, the U.S. Office of Personnel Management announced that it had been breached by threat actors, giving up the personal information and government records of more than 21 million current and former federal employees. The exposed data included personal information, such as Social Security numbers and dates of birth, while the government records included highly restricted forms for security clearance, as well as some fingerprint scans.

NAACP speaks out on data breaches

In March, press reports revealed that Cambridge Analytica, a British big data firm, gained access to the personal information of 87 million Facebook users without the user’s consent. Facebook founder and CEO Mark Zuckerberg had testified before congress about a month earlier about the ongoing worry of data breaches and the numerous privacy mishaps that the tech giant has encountered in recent years. Because millions of African-Americans use Facebook daily, the NAACP spoke to these and other cybercrimes which can—and do—affect this population in disproportionate numbers.

“The breach and misuse of the data of 87 million users was negligent at best and exploitative at worst,” said NAACP President and CEO Derrick Johnson. “Sixty-seven percent of African-Americans who use the internet are on Facebook. A significant amount of them may have been affected by the breach. Privacy—whether offline or online—is an unquestionable civil right, and Facebook has a duty to protect its users from any malicious attacks, and inform them on any failures in protecting them from such attacks.”

Johnson said that while the net neutrality issue may pose a challenge to African-American internet users, his and other civil rights organizations cannot “stay silent” on any further exploitation of the Black body politic. Johnson was referring to a ruling by Federal Communications Commission Chairman Ajit Pai who reversed Obama administration rules that would prevent internet services providers like Comcast and Verizon from discriminating against content on the internet by charging content providers higher fees for faster access to their material. Now, with the new ruling, content providers can specifically permit broadband carriers to block media content which, effectively, can make it more difficult for civil rights organizing in the 21st century to utilize the necessary tools to spread their message.

Your bank can be a target

Recently, Rep. Maxine Waters (CA-43), chairwoman of the House Committee on Financial Services, commented on the shocking revelation by Capital One of a major data breach. She noted that while big technology companies and credit reporting agencies (i.e. Equifax) are vulnerable to hacking and data breaches, your bank or savings and loan can be targeted as well.

“[These] data breaches underscore how important it is that the consumer credit reporting bills that the Financial Services Committee recently passed become law so that any consumer affected by a data breach is not further harmed,” Waters said. “Among other things, the bills the Committee passed ensure that consumers can get a free copy of their credit score, provide better tools for victims of fraud, and make it easier for consumers to get errors on their reports corrected.”

Last month, the Financial Services Committee passed a series of consumer credit reporting bills, including: H.R. 3642, the “Improving Credit Reporting for All Consumers Act,” and H.R. 3618, the “Free Credit Scores for Consumers Act of 2019.” These bills were drafted and introduced to address burdens consumers may experience when removing errors from their consumer reports, including providing a new “right to appeal” the results of initial reviews about the accuracy or completeness of disputed items on the report. As well, H.R. 3642 is said to empower consumers by clarifying that injunctive relief is available to ensure reporting errors are actually fixed when a customer is harmed.

Helpful security tips

Regardless if your personal information has been compromised by the Equifax or Capital One data breaches—or if your bank or financial institution has alerted you of unauthorized access to your account—there are measures one can take to help minimize the personal and financial harm potentially done to you and your family:

—Review your credit report. You can obtain a free credit report every 12 months at AnnualCreditReport.com. Many of the credit bureaus also offer a “3-in-1 credit report” for about $40.

—Monitor your financial accounts. Review statements for any suspicious activity. If you find suspicious transactions, report them immediately.

—Use caution when giving out your personal information. Scam artists “phish” for victims by pretending to be banks, stores or government agencies. This is frequently done over the phone, in emails and by postal mail.

—Treat your trash carefully. Shred or destroy papers containing your personal information including credit card offers and “convenience checks” that you do not use.

—Protect your computer. Guard personal information on your computer by following good security practices such as using strong, hard-to-guess passwords (a combination of letters, numbers and CAPS). Use firewall, anti-virus and anti-spyware software that you update regularly.