Due to a technical error, this update was published yesterday without the body of the blog.

——————————

I previously shared Brian Krebs’ story about a major data breach at numerous hotels under the InterContinental Hotels Group (IHG). Mr. Krebs reported that on Friday, February 3rd, IHG confirmed that the breach had happened at 12 hotels around the United States. As he reported, IHG said the data that was stolen is from credit cards used at the restaurants and bars at these hotels but not from credit cards used at the front desks of the hotels.

Mr. Krebs has included a list of the 12 hotels in his article which I urge everyone to read since the IHG parent company includes Holiday Inns among many other brands (https://krebsonsecurity.com/2017/02/intercontinental-confirms-breach-at-12-hotels).

Anyone who has stayed at one of the listed hotels needs to be extra diligent in checking credit card statements for any suspicious activities.

Due to a technical error, this update was published yesterday without the body of the blog.

——————————

I previously shared Brian Krebs’ story about a major data breach at numerous hotels under the InterContinental Hotels Group (IHG). Mr. Krebs reported that on Friday, February 3rd, IHG confirmed that the breach had happened at 12 hotels around the United States. As he reported, IHG said the data that was stolen is from credit cards used at the restaurants and bars at these hotels but not from credit cards used at the front desks of the hotels.

Mr. Krebs has included a list of the 12 hotels in his article which I urge everyone to read since the IHG parent company includes Holiday Inns among many other brands (https://krebsonsecurity.com/2017/02/intercontinental-confirms-breach-at-12-hotels).

Anyone who has stayed at one of the listed hotels needs to be extra diligent in checking credit card statements for any suspicious activities.

 

 

The University of Texas at Austin created the Center for Identity (CID) several years ago. It’s a very creative enterprise that pulls together faculty, staff, ideas and projects that cut across departments as well as drawing in people outside the university. Full disclosure: I’ve attended and spoken at a few of the CID’s Global Privacy Summits and found them to be among the most innovative conferences.

CID has recently pulled together several resources that I want to share with you. They’ve developed the CID ID Protection toolkit that is well written with concrete, practical tips. The toolkit can be found at: https://identity.utexas.edu/toolkits/id-protection-toolkit.  It’s worth taking a look at CID’s other tips and projects as they are doing research on “real world” privacy issues. That general site is: https://identity.utexas.edu.

 

Netflix users need to read David Bisson’s article about the credit card phishing scheme that’s been unearthed. His excellent article can be found on Graham Cluley’s website. That link is: https://www.grahamcluley.com/netflix-users-targeted-credit-card-phishing-scheme/.

This is a “must read ASAP” for Netflix users so that their financial information isn’t captured and used by the scammers behind this latest phishing scheme.

 

I’ve written before about ransomware which is an especially vicious attack by thieves and scammers. They capture a consumer’s computer, infect it and then demand payment before the consumer can regain use and/or control of it. There are differing views on what a consumer should or shouldn’t do if she finds herself in this terrible situation.

Graham Cluley has posted an excellent article by David Bisson on what a consumer should and should not do when confronting a ransomware situation. I strongly encourage everyone to read Mr. Bisson’s article since he provides a well thought out approach which is helpful to know about before trying to undo this type of terrible dilemma. The article can be found on Mr. Cluley’s website at: https://www.grahamcluley.com/how-to-respond-to-a-ransomware-infection/.

I hope no one ever needs this information but better to be educated about it then trying to figure it out when hit with a ransomware infection.

Bah humbug! 2016 is ending with more bad news about data breaches — this one involving a major hotel chain. Brian Krebs just reported about a possible credit and debit card breach at one of the brands operated by the Inter-Continental Hotels Group. He was alerted by security experts about a pattern of fraudulent credit and debit card transactions particularly with cards used by consumers at Holiday Inn and Holiday Inn Express at U.S. locations (https://krebsonsecurity.com/2016/12/holiday-inn-parent-ihg-probes-breach-claims/).

This is very worrisome as Mr. Krebs reports since the Inter-Continental Hotels Group is the parent corporation for over 5,000 hotels in the United States and around the world. Some of their other brands include Kimpton Hotels, Crowne Plaza and the Inter-Continental Hotels.

Mr. Krebs notes that consumers whose credit and debit cards are fraudulently used are not responsible for those charges but consumers must report such unauthorized transactions ASAP to their respective credit and debit card companies.

So anyone who’s stayed at a Holiday Inn or Holiday Inn Express — or any other the other Inter-Continental Hotels Group brands — must be vigilant about checking bank and credit card statements.

I’ll end 2016 on a possibly foolishly optimistic note — here’s hoping 2017 brings better protections for consumers and fewer privacy and data breaches.

Anyone who has had a Yahoo account since 2013 needs to change his user name and password ASAP! Yahoo just announced that 1 billion user accounts were hacked in 2013. What was stolen by hackers includes such personal and financial information as a user’s name, phone numbers, date of birth and even more.  All of this is information that thieves can use for a wide-range of damaging identity theft schemes.

So Yahoo account users should not — I repeat not! — wait to get the email notification that Yahoo says it’s sending to affected consumers. Sending that magnitude of emails could take more time than a Yahoo customer can safely wait. Who knows what personal and financial damage has already been done or could be done by the time the emails are sent and received.

Be pro-active and protect yourself—change your user name and password ASAP!

The Federal Trade Commission (FTC) ran a 3 part technology series this Fall. On December 7th, they held their final workshop on the timely topic of SmartTV. I listened to the workshop and found the information presented both informative and chilling.

The informative part comes from the insights offered by the various experts — FTC privacy attorneys, technologists working for companies developing the new SmartTV and related technologies and developers working for companies that want to collect and monetize the increasing flow of information.

SmartTV is the catch term for the types of new apps and streaming services being offered now and developed for the near future. The new technologies will, very succinctly, pose the real possibility of more information being captured about a consumer’s viewing habits. That is a rich data source for entities wanting to build and send more ads and ever more specialized customized ads to consumers.

SmartTV is not some far off technology. It’s here and consumers need to be ever more aware of the kinds of information these new devices are capable of collecting and sharing before making a purchase.

Why do I think this SmartTV workshop was so timely? It came right in the midst of the holiday shopping season when consumers are buying, among other items, new TVs and other devices. A good time for consumers to really examine a device before buying it.

Attorneys need to be alert for a phishing scam that is happening around the country. An email comes from what claims to be either a local bar association or a State disciplinary counsel. The message falsely states that a disciplinary action has been filed against the attorney.

The recipient will be told to either click on a link or open an attachment to get more information. DO NOT DO THIS! Delete this email ASAP!

The links and attachments likely contain malware or a virus that will infect the recipient’s computer and capture all sorts of personal and financial information.

Any attorney who gets this type of email should contact her local bar association to alert them about the scam.