Archives for category: Uncategorized

I won’t even begin to list all of the latest hacks of major systems (e.g., Lord & Taylor; PanaraBread’s online ordering system; Delta Airlines).  It seems as if these major breaches are being reported on a daily basis and often months or years after the hacks have been discovered — but corporate responsibility (or irresponsibility) is a topic for another day.

Today I want to share the latest reporting means that the Federal Trade Commission (FTC) and the IRS have developed for consumers. This new online method is important during tax season as well as year round —stolen personal and financial information happens year round and can create tax-related problems beyond tax season.

Tax-related identity theft happens when the thief uses the stolen SSN to file a fraudulent tax return  and get any refund that might be due to the individual.

Report any stolen personal and financial to the IRS using the site.

Anyone who booked travel in 2016 and 2017 using Expedia-owned Orbitz needs to be concerned. The company has announced that hundreds of thousands of people who used their credit cards to book travel using the Orbitz site might have had their credit card information hacked.

And it’s not just people who booked directly through Orbitz —the company said that people who used companies Orbitz services could also be included. Those companies include anyone who used American Express ( book travel.

What might have been stolen from consumers? Hackers might have stolen consumers’ names, their phone numbers, addresses and dates of birth — any and all of which can be used by thieves for an array of illegal scams.

What can consumers do? Keep vigilant about all of their financial information —that means credit card statements, bank statements and any other kind of financial information.

Brian Krebs has written an important and timely article reminding anyone — and everyone — impacted by the Equifax breach to check their credit report ASAP. In his article, Mr. Krebs cites a recently done consumer survey that found that many Americans haven’t yet done so although their personal and financial information was among that hacked by the Equifax breach.

Here’s the summary blurb from, and the link to, Mr. Krebs article:

A recent consumer survey suggests that half of all Americans still haven’t
checked their credit report since the Equifax breach last year exposed the
Social Security numbers, dates of birth, addresses and other personal
information on nearly 150 million people. If you’re in that fifty percent,
please make an effort to remedy that soon.

Credit reports from the three major bureaus — Equifax, Experian and Trans
Union — can be obtained online for free at — the only
Web site mandated by Congress to serve each American a free credit report
every year.

Please follow his great guidance and check your credit reports to see what, if any, malicious and illegal financial schemes might have been done using your personal and financial information.

The Equifax breach just got worse for consumers. Yes, worse if that’s even possible. When it first announced the breach, Equifax said that the hacker or hackers had gotten “only” (Equifax’s word, not mine) gotten consumers’ names, SSN, birth dates, addresses and the numbers of driver’s licenses and credit cards for some, but not all, of the consumers.

So what’s gotten worse? First, rather than alert the public, the new details about the broader scope of the breach was contained in a document Equifax gave to the Senate Banking Committee. In that document, Equifax revealed that its forensic investigation uncovered the hackers got even more information — including consumers’ tax identification numbers, email addresses, phone numbers, credit card expiration dates and the States that issued the driver’s licenses.

While claiming they didn’t mislead consumers, the reality is that Equifax did just that. And that’s just added to their cavalier handling of the magnitude of consumers’ most sensitive information.

Peter Holley has an important article in the January 16th Washington Post. He’s written about the clauses in many car lease agreements and/or service agreements that authorize the car maker to collect customer data from the car itself (; “Cars collect reams of information on owners”; Page A1).

As Mr. Holley highlights, customers may be unaware of the magnitude of personal information that can be collected by agreeing to this “tracking provision”.  It’s information not just about the way in which the customer uses her car (e.g., the speed at which the car’s driven) but even more detailed information about such personal preferences as where the customer shops, what the customer likes to eat and even down to such details about where the customer parks her car.

It’s hard to read the lengthy service and/or lease agreements but customers should make the effort to do so when buying a new car. While the car manufacturers might claim they only collect customer information with their explicit permission, they can assume such permission when a customer doesn’t read and object to this kind of “tracking” provision that’s buried in small print in a multi-page document.

Geoffrey Fowler reviews tech issues for The Washington Post ( I regularly read his columns because he provides insightful expertise. He’s written a column about the Amazon Key that I urge everyone to read (“Amazon wants a key to your house. I did it. I regretted it”; Sunday, December 10; page 1, Business).

Mr. Fowler’s first-hand  assessment is very objective notwithstanding that Jeff Bezos owns The Washington Post and is also Amazon’s Chief Executive.

His cautionary tale is important for anyone considering buying the $250.00 Amazon Key that allows Amazon delivery personnel access, via an Internet-connected lock, to Amazon Key users. Sounds like a good anti-theft device, right? As Mr. Fowler writes, that initial appeal pales in comparison to the reality that using the Amazon Key means giving Amazon  the ability to become the operating system for the user’s entire house.

Mr. Fowler provides details about using the Amazon Key, his reactions and those of his family and — ultimately — their decision to stop using Amazon Key.

Uber not only sustained a breach of 57 million accounts but it hid that information for over a year — outrageous!! The accounts hacked included payment information, names and other personal and financial information. The hacked data comes from accounts of Uber customers and drivers.

In announcing this massive breach, Uber said — as if this would be great news — that no Social Security Numbers were included in the data that was stolen.

Seriously, that’s cold comfort to the millions of people whose accounts were breached.

Uber customers and drivers must pay especially close attention to your financial accounts to see if your data’s being used by the hackers. That is particularly important with all the holidays during which so much spending with credit and debit cards happens.

Over the last week or so, there have been articles (i.e., New York Times) about disturbing and inappropriate YouTube videos aimed at young children. Sarah Buhr has published a very informative article summarizing the situation in TechCrunch (“YouTube implements new policy to flag inappropriate videos targeted at children”;; November 10).

As Ms. Buhr writes, YouTube is now implementing a new process that will — hopefully — stop young children from being able to access in the main YouTube app these types of videos. The videos have ranged from just being odd or strange to truly disturbing. As she writes, the videos have been targeted at young children using key words as well as children’s characters that are popular with them.

Parents with young children will need to double-check any YouTube videos being accessed by their children to make sure the new policy/process is in place — and more importantly, that’s it’s working.

As I’ve written in prior blogs, the EU General Data Protection Regulation (GDPR) is going to impose significant privacy and security requirements on U.S. companies that might fall within its reach. I was recently interviewed by Allison Proffitt, an editor and reporter for several health related publications.

One of the significant implications that I raised with her is the GDPR’s impact on U.S. based clinical trials. She quoted me at length in her recent article about this very issue. Her October 24th article is titled “What Europe’s New Privacy Regulations Mean for US Trials” and can be found at

This will come as no surprise given the way Yahoo has handled the 2013 data breach.

Yahoo announced yesterday (October 3rd) that all –yes ALL — 3 billion of its 2013 user accounts were breached. Originally, Yahoo had announced that it was only (!!) 1 billion user accounts that had been hacked.

Yahoo keeps saying that no credit card information or unencrypted passwords for these hacked accounts “appear” to have been stolen by the hackers. Okay, so let’s hope the next Yahoo announcement isn’t one that changes their hedging their liability language of “appear to have been stolen” to “uh, sorry folks but this information was stolen.”

As much as I dislike raising the specter of worse potential news to come, Yahoo’s assertions about this breach doesn’t engender much trust.