There is a major breaking news story about a data breach at the Starwood Hotels chain. More details are just emerging but what is currently known is that the systems containing guests’ credit card information were breached. It appears that the breach started sometime in 2015 and continued until its recent discover.
Starwood Hotels is the parent corporation for a wide-range of hotels located in the United States and abroad. The Starwood Hotels chain includes Marriott, Westin and Sheraton hotels. The data breach was reported to potentially include guests at many of these hotels.
Consumers who stayed at any of these hotels over the last year should be even more alert to any suspicious charges on their credit cards.
I’ll post updates as more information is reported.
The European Union (EU) is launching an important study that is worth noting. On July 13th, the European Union Agency for Network and Information Security (ENISA) announced that it is going to create a comprehensive list of the various cybersecurity policies and tools and standards and measures that can be used to strengthen security in the next-generation of cars.
The ENISA initiative was the subject of an informative article by Winston Maxwell and Timothy Tobin, attorneys with Hogan Lovells, an international law firm (www.hldataprotection.com/2016/07/articles/international-eu-privacy-enisa-jumpstarts-con; “ENISA Jumpstarts Connected Car Cybersecurity Study for EU”). In their article, Mr. Maxwell and Mr. Tobin note that the ENISA study was generated by the EU’s recognition of the ever increasing interconnection between and among cars. These advances means a corresponding increase in concerns about the global repercussions from a security perspective.
The ENISA study writers will issue recommendations following the conclusion of their work. The recommendations will focus on measures that will help enhance smart car security for EU consumers. When issued, the study’s findings and recommendations should be studied by U.S. federal, State and local agencies and policy makers with responsibility for these car and cybersecurity issues.
The U.S. should gain the benefit of the ENISA report so that our next-generation cars are as safe as possible from cybersecurity issues.
Brian Krebs published an article alerting consumers that the Kimpton Hotel chain is investigating a data breach at its hotels (www.krebsonsecurity.com/2016/07/kimpton-hotels-probes-card-breach-claims). It appears that thieves have stolen credit card information from multiple locations of this hotel.
So this is a “heads up” alert for anyone who has stayed at a Kimpton Hotel over the last few months. Read Mr. Krebs article and — as always in these situations — keep a very close tab on your credit card charges.
The Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) has issued a new fact sheet providing guidance to entities that have patient medical records covered under the Health Insurance Portability and Accountability Act (HIPAA). The fact sheet identifies the types of information security measures that these entities should have in place to prevent a cyber or ransomware attack (www.hhs.gov; “FACT SHEET: Ransomware and HIPAA”).
Although not addressed to consumers, the FACT SHEET is worth reading for educational purposes. For example, the OCR HHS fact sheet underscores the notification obligations of an organization that experiences a ransomware breach.
Reading the OCR HHS FACT SHEET will help consumers understand the kinds of security safeguards OCR HHS recommends for their medical providers as well as others in the health industry. That way, in case of a breach, consumers can know what information they should receive and be pro-active if they haven’t gotten timely notification.
Yes, the primary tax season has been over for several months. And no, that doesn’t mean the IRS scams have are also over. How do I know this? From first-hand knowledge in addition to the various news reports and alerts.
I got robo calls on two consecutive days. Each was clearly a robo call with a woman — with a flat and menacing voice — announcing — “this is your final IRS notice.” The robo call likely said much more but I hung up immediately after just hearing the first few seconds.
And you should do the same. These scams are meant to scare individuals by sounding as if this is an official IRS call and the recipient’s being warned that she or he or they owe taxes. And how to fix this problem? By simple sending the stated dollar amount via prepaid debit card or wire transfer to the site that’s given in the rest of the message.
I’ve said it before but it’s worth repeating: the IRS does NOT make these kinds of calls to taxpayers. So hang up ASAP if you get one of these robo calls. What else can you do? Well, I went to the website of the Treasury Inspector General for Tax Administration (TIGTA) and hit the red “IRS Impersonation Scam Reporting” box that’s on the right hand side. I entered all the needed information and submitted my complaint. I first tried their “800” scam reporting hotline but that line had gotten so many calls about these IRS impersonation scams that the recording urged individuals to go to the TIGTA website unless the individual had actually suffered a financial loss.
So please don’t be taken in if you get one of these calls or a phishing email. Go to the “Scams and phishing” link at the IRS website (www.irs.gov) where you’ll find helpful contact information for TIGTA, the Federal Trade Commission and other agencies to contact about these and other scams.
I’ve been following the Federal Communications Commission’s (FCC) proposed broadband privacy regulations. While well intended, the scope of the FCC’s proposed regulations is much too narrow. I am concerned that their final regulations will create confusion and inconsistency in online consumer protections.
I wrote an article about my concerns that TechCrunch published on June 23rd. The article is titled New FCC Regulations May Not Give Consumers True Online Privacy Protection. It can be found at: https://techcrunch.com/2016/06/23/new-fcc-regulations-may-not-give-consumers-true-online-privacy-protection/.
There is yet another alert about the Adobe Flash Player. Brian Krebs has posted a very helpful article about it so I’m sharing the link to his site.
He explains the problem and what needs to be done. As always, Mr. Krebs has provided a most timely and useful article.
Unfortunately, increasing numbers of extortion email schemes is one of the results of the recent high-profile data breaches. The FBI issues a June 1st alert warning about these schemes (www.ic3.gov/media/2016/160601.aspx; “Extortion E-Mail Schemes Tied to Recent High-Profile Data Breaches”).
The FBI alert is very helpful as it provides five different extortion emails that consumers have reported to them. These extortion messages all want the consumer to send money in bitcoins or dollars. If the consumer doesn’t comply, the or thieves will share the consumer’s personal and financial information with other people, including employers; or send all of the information to the people on the consumer’s Facebook page.
I urge you to read the full FBI alert so that you’re familiar with the specific examples and the tips provided to try and protect yourself. Anyone who has received an extortion email should contact your local FBI field office and file a complaint with the FBI’s Internet Crime Complaint Center (www.ic3.gov).
Consumers already need to be careful when using their credit cards at various stores due to data breaches. That happened at Walmart and now Walmart shoppers have another reason to be extremely careful when shopping there.
Brian Krebs has posted a timely and important blog about Walmarts. He writes that skimmers have been found in some of the self-checkout lanes at some Walmart stores. So consumers using their credit cards at those locations may be at risk at having their credit card information stolen and used by criminals. (http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/).
Mr. Krebs notes that he had seen sales ads for skimmers built for the very same types of card terminals. Yes, that makes his blog even more important to read.
It also emphasizes the need for consumers to be ever more vigilant in checking for skimmers whenever they use credit or debit cards — whether in ATMs or in self-checkout lanes.
Parents are more and more aware of the need to help protect their kids online activities. But what to do? Yes, they can talk with their kids about being careful online; and yes, there are different types of software that they can install.
I just read Sarah Perez’s article about a new approach that I want to share — it’s called Bark and part of its appeal is that its genesis came from a founding team composed of parents (http://techcrunch.com; “Bark helps parents keep kids safe online without invading their privacy”; May 10, 2016).
Ms. Perez’s article provides a thorough description of Bark. In brief, she writes that Bark differs from current types of software or net nanny-type applications. Parents enroll on Bark’s website, add their kids and then Bark provides the means for parents to work with their kids to connect their social accounts. How is this different? Because, as Ms. Perez writes, parents who use Bark are “..giving the software access to read and view information from those accounts, but you’re not giving Bark permission to store that social data on its own servers indefinitely.”
Even more important for parents, Ms. Perez notes the Bark technology uses “machine learning techniques” so that it can scan and detect any dangerous activity or incidents (e.g., cyberbullying, or even signals indicating that a child might be going through a mental health concern).
I can’t vouch for Bark. However, it has features that parents might find very appealing to allow them to work collaboratively with their kids so the latter can travel and use the web and social media more safely.