Tag: data breach

September 14, 2017

Equifax Data Breach

The personal data of up to 44 million British consumers was feared stolen by hackers in a massive cyber attack on Equifax.

The information commissioner said it was investigating how the hack on Equifax, a US credit rating firm, affected UK customers, many of whom will be unaware their data is held by the company.

Equifax and its UK subsidiary companies state on their websites that they represent British clients including BT, Capital One and British Gas.

The Information Commissioner’s Office has urged Equifax to alert affected UK customers as soon as possible, and said it will work with the relevant overseas authorities on behalf of British citizens.

Equifax admitted hackers had exposed the personal data of 143 million customers in the US, which was stolen between mid-May and July this year due to a vulnerability on its website. The hack was not made public until recently.

The stolen information includes names, social security numbers, dates of birth, addresses and, in some instances, driver’s license details. It is also thought that around 209,000 credit card numbers were stolen.

Equifax said: “limited personal information” from British and Canadian residents had been compromised.

A spokesman for BT said: “We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”

Lenders rely on the information collected by credit bureaus such as Equifax to help them decide whether to approve financing for homes, cars and credit cards.

Equifax chief executive Richard Smith said in a statement “I apologise to consumers and our business customers for the concern and frustration this causes.”

How to check if you are affected – go online to https://trustedidpremier.com/eligibility/eligibility.html and type in your last name and last 6 digits of your social security number and it should tell you if you have been affected by the data breach.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

January 4, 2017

Update on Yahoo Breach

In November 2016, Yahoo realised it had suffered a data breach back in 2013. Yahoo released information on what had happened and informed everyone who may have been affected by this.

See blog post https://fightback.ninja/test/the-yahoo-data-breach-reported-december-2016/ for more information.

Yahoo has now released more information concerning how this happened.

Yahoo say they called in outside forensic experts to examine what happened and there has been the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, the outside forensic experts have identified user accounts for which they believe forged cookies were taken or used in 2015 or 2016.

The company is notifying the affected account holders, and has invalidated the forged cookies. They have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016.

If you have not been contacted by Yahoo specifically about this, then your account will not have been affected.

However, if you have a Yahoo account then you should have changed your password and security questions and answers recently. If you haven’t done this then you should ASAP and also any other accounts that use the same login and password.

It is wise to review all of your accounts for suspicious activity and be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.

Yahoo are doing everything they can to protect their customers data.

For further information go to https://help.yahoo.com/kb/account/SLN27925.html

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

December 19, 2016

The Yahoo Data Breach Reported December 2016

If you are a registered user of Yahoo then you will have received an email from Yahoo explaining what happened in the data breach that has been reported on TV and in newspapers this month. Someone collected a huge amount of information from Yahoo without their knowledge in August 2013 and it was only in December 2016 that Yahoo found out it’s security had been breached.

Yahoo believe the data copied contains name and email address, telephone numbers, date of birth and in some cases hashed passwords and security questions and answers. But does not include any financial information or credit card numbers etc.

Yahoo only found out about this when asked by Law Enforcement to examine some data that turned out to be from Yahoo and their investigation proved what had happened three years previously.

As a Yahoo User What Must I Do?

If you have not changed your Yahoo password recently then do so quickly and make sure to set a safe password [https://fightback.ninja/test/how-to-keep-your-passwords-safe/]. You should also change your security questions.

Check your accounts for any suspicious activities and remember that scammers sometimes only take small amounts for a period of months, hoping to be ignored.

What About Other Online Logins and Passwords?

If you have other accounts that use the same login and password as Yahoo then you should change them quickly. Once scammers have your login and password they will check other websites to see if you’ve used the same information.

Ideally you should use different logins and passwords for each website you’re registered with. However, that may be impractical for people with lots of such logins but you should at least use a set of logins and passwords and not the same one for every web site.

Note: If you receive an email or call from someone claiming to work for Yahoo – be suspicious and do not divulge any confidential information even if they seem to have your information already.

Go to http://yahoo.com/security-update for further information from Yahoo.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

December 1, 2016

Major Organisations Hacked in the UK in 2016

There have been a lot of company data breaches in 2016 in the UK but the three biggest known such breaches are

Three mobile phone company
Tesco bank
Sage business software company

Three Mobile

Three, one of Britain’s largest mobile operators revealed it’s had a major data breach that could put millions of its customers at risk. Hackers accessed Three’s customer upgrade database via using an employee login. They didn’t get access to any financial data but did access names, phone numbers, addresses and dates of birth of its customers.

Tesco Bank

Tesco Bank which is part of Tesco supermarkets, had to freeze the online accounts of online customers as 20,000 people had money stolen from their accounts.

You can imagine what the customers thought of suddenly finding their bank cards were rejected. Everywhere and then for some that money had disappeared from their accounts.

Tesco Bank, which has over seven million customer accounts, has said it will cover any financial costs of the breach.

Sage

Sage is a business software company and is part of the FTSE-100 index.

Sage said their data breach could have compromised the personal data of 280 businesses that use Sage.

Attitudes to Data Breaches

A recent survey into attitudes towards organisations that have experienced data breaches shows that 84 percent of respondents would reduce or stop using an organisation’s products or services following breaches, and only 16 percent of respondents would continue to use an organisation’s products or services as usual.

Respondents were asked: “If you found out an organisation whose products or services you use had multiple data breaches, which of the following best describes how you would react?”

16 percent – I would continue to use their products or services as usual

27 percent – I would limit my usage of their products or services

37 percent – I would only use their products or services if I had no alternatives

20 percent – I would stop using their products or services completely

Businesses (especially those in the public eye such as FTSE-100 companies) need to understand that if their online security is not up to standard and they are hacked – that has a chilling effect on their customers and it will be hard to repair their reputation.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

October 13, 2016

Warning: We have Your Private Information

The Internet Crime Complaint Centre in America receives a lot of reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details, will be released to the recipient’s social media contacts, family, and friends if a ransom is not paid. The recipient is instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions. The recipients are typically given a short deadline. The ransom amount ranges from 2 to 5 bitcoins (up to £1,000). This problem is not confined to just America.

The following are some examples of the extortion e-mails:

“Unfortunately your data was leaked in a recent corporate hack and I now have your information. I have also used your user profile to find your social media accounts. Using this I can now message all of your friends and family members.”

“If you would like to prevent me from sharing this information with your friends and family members (and perhaps even your employers too) then you need to send the specified bitcoin payment to the following address.”

“If you think this amount is too high, consider how expensive a divorce lawyer is. If you are already divorced then I suggest you think about how this information may impact any ongoing court proceedings. If you are no longer in a committed relationship then think about how this information may affect your social standing amongst family and friends.”

“We have access to your Facebook page as well. If you would like to prevent me from sharing this dirt with all of your friends, family members, and spouse, then you need to send exactly 5 bitcoins to the following address.”

Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign. In many cases, the extortionists don’t have access to your confidential information – but in some cases they do.

TIPS TO PROTECT YOURSELF:

Use strong passwords i.e. ones that are difficult to guess or to crack
Use multiple passwords rather than one for everything.
Do not open e-mail or attachments from unknown individuals.
Monitor your bank account statements regularly, as well and as your credit report at least once a year for any fraudulent activity.
Do not respond to unsolicited emails.
Do not store sensitive or embarrassing photos of yourself online or on your mobile devices.
Never provide personal information of any sort via e-mail. Be aware, many e-mails requesting your personal information appear to be legitimate.
Ensure security settings for social media accounts are turned on and set at the highest level of protection.
When providing personally identifiable information, credit card information, or other sensitive information to a website, ensure the transmission is secure by verifying the URL prefix includes https, or the status bar displays a “lock” icon.