Federal Employees May Be At Risk For Identity Theft

The Social Security numbers of every current, former and retired federal employee was allegedly hacked, asserts The American Federation of Government Employees in regards to a December data breach of the Office of Personnel Management (OPM). The breach was possibly carried out by the Chinese government.

This accusation was made by AFGE president J. David Cox to OPM director Katherine Archuletta in a strongly worded letter obtained by The Associated Press.

“We believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous,” Cox said in the letter. He called the occurrence “an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”

On Monday, the OPM released a statement explaining that in April 2015, the agency became aware of an incident affecting its information technology systems that may have compromised the personal information of current and former Federal employees. For security reasons, the OPM says they will not discuss the specifics of what types of data was targeted in the breach. Why the extent of damage from this particular infiltration was not made public sooner has not been addressed by Archuletta or The White House.

The AFGE believes that the OPM’s central personnel data file, which contains up to 780 separate pieces of information about an employee, was the target of the theft. This file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs. It includes data about military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; along with age, gender and race data, explains Cox. This will significantly affect blacks working in Federal government as more than 17% of the federal workforce is African American.

Though OPM denies this, data containing background investigations of employees and contractors applying for security clearances may have also been targeted.

Since the incident was identified, OPM claims that it immediately implemented additional security measures to protect the sensitive information it manages. OPM also partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team, and the Federal Bureau of Investigation to determine the impact to Federal personnel.

Beginning June 8, the agency started sending emails and letters via the U.S. Postal Service to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident. The email will come from opmcio@csid.com and it will contain information regarding credit monitoring and identity theft protection services being provided to those employees impacted by the data breach. Notifications will end June 19.

Additionally, OPM is offering affected individuals a free, 18-month membership with CSID, a company that specializes in identity theft protection and fraud resolution in order to mitigate the risk of fraud and identity theft.

The comprehensive service includes immediate credit report access, credit monitoring, identity theft insurance and recovery services.

Visit the company’s website, www.csid.com/opm or call toll-free 844-777-2743 (International callers: call collect 512-327-0705) for more information.

Cyber Risks a Growing Concern for Businesses

Cyber risks was a growing area of concern among the top American businesses of all sizes and industries, according to a new study.

[Related: Is Your Small Business Protected from Cyber Attacks?]

The second annual Travelers Business Risk Index, which polled more than 1,200 business decision makers at companies of varying sizes, found that cyber risks were the second-biggest concerns for all businesses—behind only the inflation of medical costs and a significant worry for 58% of businesses, up from 53% in 2014.

Businesses are most concerned with malicious or criminal attacks on their websites and data—55%—but also expressed concerns over human error (24%) and system glitches (21%)

According to a release, small businesses are often the targets of hackers, with 1 in 5 small businesses (those defined as having less than 250 employees) attacked by hackers. But this group is also the least likely to worry about cyber-related attacks—45% versus 70% of large companies and 60% of midsize companies.

Some other key findings from the study:


  • 57% of businesses worry their computer systems will be infected with a virus
  • 50% worry their systems will be hacked
  • 51% worry about having their computers damaged or crashing
  • 59% of large businesses worry about employees putin information or systems at risk through unsafe computing practices or using personal devices for business
  • 33% of businesses have a cyber data breach response plan
  • 39% say they have employee data protection or education practices in place

Cybercrime is expected to become an even costlier problem for businesses—projected to set them back collectively more than $2 trillion in 2019. It’s also one reason why the Department of Homeland Security recently announced it would open up an office in Silicon Valley.

But with more transactions taking place online and with more consumer data being collected by companies big and small, the adage is becoming it’s not a matter of if one’s business is attacked, it’s a matter of when. And consumers and businesses could be spending more time recovering in the aftermath of those breaches, with the businesses potentially losing the trust of customers and being shut down.

Consumer Tip: Protect Your Financial Information

In light of the record number of data breaches last year, you might feel a bit uneasy about the vulnerability of your financial information. If you’re fearful of the consequences of a data breach, don’t wait to take action until you discover you’re one of the victims. Here are three things you can do proactively:

1. Update your password. This makes it harder for crooks to access your online accounts. But don’t use the same user name and password for every website.

2. Be on the alert for scam emails. Some consumers received emails from thieves pretending to be from a department store they shopped at recently, offering free credit-monitoring services—in exchange for sensitive personal financial information.

3. Ask your bank to change your credit card number. Simply changing your debit card PIN won’t be good enough since debit cards can be used without a PIN at most retailers.

Cyber Crimes Top Consumers’ List of Fears

All the news of financial data breaches have many consumers on edge. In fact, the Better Business Bureau notes a Gallup study which finds that consumers fear getting their identity hacked more than any other crime they were asked about. An overwhelming 69% of consumers share this fear. In light of the recent hacks at Target and Home Depot, this number is not surprising.

In addition, consumers are also exhibiting anxiety in response to programming glitches such as the Shellshock/Bash Bug and Heartbleed.

In response to these widespread fears, the Better Business Bureau shares some tips on how to guard against attacks such as the Shellshock/Bash Bug. The BBB describes this as a system flaw affecting machines that use Unix-based systems such as Linux and Mac OS X.

Steve J. Bernas, president and CEO of the BBB serving Chicago and Northern Illinois said in a statement that these system flaws have existed for roughly 25 years, but have just been discovered. “The real concern for everyone is that this bug allows hackers to not only take control of the computer or device, but to tell it or others what to do,” says Bernas.

The BBB offers these tips:

  • Make sure to install a firewall.
  • Apply patches for routers, computers and other devices as they are available.
  • Run updated security software on all devices.
  • Contact your manufacturer with specific questions
  • Monitor all credit and debit card accounts.
  • Change your passwords to protect your personal and financial information and to restrict access to those accounts.

For more information, visit the Better Business Bureau website.

Consumer Alert: Malware Threat at Hotel Business Centers


(Image: Thinkstock)

If you travel a lot, you might occasionally make use of the facilities at a hotel business center. However, security website Krebs on Security, says the U.S. Secret Service and the Department of Homeland Security recently issued a warning about a potential security threat.

Hotels in Texas were alerted by the government agencies, who reported that Texas law enforcement officers apprehended people who were said to be participants in data breaches affecting hotel business centers in areas including Dallas and Fort Worth.

The Houston Chronicle reports the Houstonian Hotel suffered a data breach that lasted six months between Dec. 28, 2013, and June 20, 2014. Roughly 10,000 people were affected.

Hotel industry managers are being warned to monitor computers that have been accessed by guests in their business centers. Fraudsters in some of these centers have been installing keylogger malware as a means to steal personal and financial data.

Your best bet is only use public computers for conducting a basic web search. Don’t do your banking or any other activity that could expose personal financial information.

Says Krebs on Security, “If you’re on the road and need to print something from your email account, create a free, throwaway email address at yopmail.com or 10minutemail.com and use your mobile device to forward the email or file to that throwaway address, and then access the throwaway address from the public computer.”

Sam’s Club Offers New EMV Card

Sam’s Club recently announced that it will issue cash-back credit cards with an EMV chip. The  credit card cash back program enables members to earn 5% cash back on fuel, 3% cash back on dining and travel, and 1% cash back on all other purchases, up to $5,000 annually. The EMV chip cards will be available to Sam’s Club members starting June 23.

“We have worked closely with Sam’s Club to enhance the shopping experience for Sam’s Club members, such as launching this 5-3-1 credit program,” says CEO of GE Capital Retail Finance’s Retail Cards platform, Tom Quindlen, in a written statement. “This new program provides enhanced rewards for co-branded cardholders, who can manage their account and shop in-club, online and on the go, with easy to use rewards and greater savings.”

The cards are issued through the retailer’s relationship with GE Capital Retail Bank. This new card comes at a time when many consumers are concerned about financial security. The recent data breaches at stores such as Michaels, and Neiman Marcus have shoppers on edge.

According to the Unisys Security Index Report, there has been a steady increase in the number of consumers who are concerned about their financial security. Approximately 35% expressed concern, compared with 28% this time last year.

“MasterCard has taken a strong stance on the need for the U.S. market to make the transition to chip-enabled credit cards for the benefit of cardholders and merchants alike. This move by Sam’s Club makes them a trailblazer in getting chip cards in the hands of businesses and consumers, and leading the push toward a safer and more secure customer experience. This will no doubt help drive chip-enabled technology forward here in the U.S. as it gains more traction,” says Chris McWilton, president North America, MasterCard, in a written statement.

Target Switches to Chip-and-PIN Cards after Data Breach

Target has announced that it will start to issue chip-and-PIN cards early next year. The reason for the upgrade is to improve the security of its debit and credit cards. This change comes on the heels of the retailer’s recent data breach, which affected as many as 70 million customers.

Target says it plans to replace its entire REDcard portfolio, in addition to all Target-branded debit and credit cards. These cards will be swapped out with cards that have a computer chip and require the cardholder to enter their personal PIN. This will all be made possible with MasterCard’s chip-and-PIN solution. As a result, Target will become one of the first retailers in the U.S. to adopt this technology.

Says Target in a written statement:

“Earlier this year, Target announced an accelerated $100 million plan to move its REDcard portfolio to chip-and-PIN-enabled technology and to install supporting software and next-generation payment devices in stores. The new payment terminals will be in all 1,797 U.S. stores by this September, six months ahead of schedule. In addition, by early next year, Target will enable all REDcards with chip-and-PIN technology and begin accepting payments from all chip-enabled cards in its stores.”

Furthermore, Target confirmed that the company has hired a new chief information officer to assist with the data security efforts. Bob DeRodes will oversee Target’s technology team and operations.

Verizon Report Shows How Criminals Breach Your Data

scamNine types of attacks have caused about 92% of 100,000 data breaches over the past 10 years, according to the Verizon 2014 Data Breach Investigations Report. Among these attacks are cyber espionage, point of sale intrusions, and web app attacks.

Web app attacks, the most common breach, were to blame for 35% of data breaches last year. And you have another compelling reason to make sure you change your password on a regular basis. The report found that about two-thirds of data breaches involved stolen passwords. (So once you’re finished reading this riveting article, go change your password.)

Even though retail data breaches have been saturating the headlines lately, the top targets for a data breach are accommodation and food services, administrative and support services, construction companies, educational institutions, entertainment, and financial companies.

Says the Verizon 2014 Data Breach Investigations Report, “Certain sectors will always skew higher in the victim count given their attractiveness to financially motivated actors — i.e., those that store payment card or other financial data. But even discounting that, we don’t see any industries flying completely under the radar. And that’s the real takeaway here — everyone is vulnerable to some type of event. Even if you think your organization is at low risk for external attacks, there remains the possibility of insider misuse and errors that harm systems and expose data.”

Other report findings

  • 65% of the cyber attacks were done for fun.
  • About 33% of attacks were done because the hackers were just plain greedy–they were hoping for financial gain.

2.6 Million Cards Affected in Data Breach at Michaels Stores

Michaels Stores announced that approximately 2.6 million cards may have been affected in a security breach. In addition, the corporation says Aaron Brothers, its subsidiary, was also hacked by criminals using malware. About 400,000 cards may have been affected.

Warning of a possible security threat first surfaced in January. Data that may have been compromised includes payment card numbers and expiration dates. Michaels says they can find no evidence that other customer personal information, such as name, address or PIN, was at risk.

Michaels says they will assist customers affected by the breach by providing fraud assistance, identity protection and credit monitoring services for 12 months at no cost. They also state that the malware is no longer a threat to shoppers at Michaels or Aaron Brothers.

In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers.”

For more information about the investigation, visit the Michaels and Aaron Brothers websites at www.michaels.com and www.aaronbrothers.com.

Proposed Bill Could Make Retailers Liable for Data Breach

The impact of the recent Target data breach continues to be felt, as state lawmakers attempt to make retailers take responsibility for damages, as opposed to the financial institutions. As of now, banks and credit card companies have been footing the bill for the damages that have resulted from hacked data.

A bill has been introduced by two California legislators that could take a significant stand on retailer responsibility in the event of a consumer data breach.

Assemblyman Roger Dickinson and Assemblyman Bob Wieckowski introduced AB 1710, which has the goal of increasing consumer privacy, providing adequate fraud and identity theft protection, and keeping personal information safe.

Says the Credit Union Times, “AB 1710 would make a person or business liable for the reimbursement of the costs of providing notice of a breach to any California resident whose personal information was, or is believed to have been, acquired by an unauthorized person, and for the reasonable and actual cost of card replacement as a result of a breach, to the owner or licensee of the information.”

The legislation is a variation of one that has been vetoed in two different forms by former Governor Arnold Schwarzenegger.