Ransomed Beauty: Is Your Identity Being Held for Ransom?

Ransom

As a woman, I know all too well how much time and money we spend on beauty supplies. Whether buying the “next best thing” in the cosmetic department or trying the newest home remedy from your favorite blog, it all requires you to spend some cash or use a credit/debit card. But how much are you willing to pay: ten, twenty, fifty dollars? What about your identity? With the growing number of businesses reporting breaches in their databases, it is no surprise that Sally Beauty became a target to the black market hacktivists.

 

The breach at Sally Beauty happened sometime in late February, but according to Consumerist, Sally Beauty “had detected a network intrusion in late February, but neither Sally’s IT folks nor an outside forensics firm could find evidence that customer card data had been stolen.” But alas, Sally Beauty’s customer card data had been stolen, and not long after, a large amount of credit card information showed up on the black market.  According to KrebsonSecurity, “On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store.” After that, the banks of the corresponding credit cards bought back the stolen cards of the black market. Once cards and banks were reunited, the banks could then determine where the breach had taken place based on what they call a “common point of interest purchase” (a test that checks whether there is a common store/website purchased from within a same time period across the ransomed cards).

 

There is no doubt that many identities as of late have been ransomed on the black market, and besides using cash and checking your card activity often, there is not much that you as an individual can do. On the other hand though, companies and websites can implement a stronger turnkey authentication to protect the personal information of their customers from the black market hacktivists. That is why many have secured the identity of their customers by turning to the authentication experts at PortalGuard: an affordable, all-in-one, turnkey solution.

 

 

http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/#more-25179

http://consumerist.com/2014/03/05/sally-beauty-may-be-latest-credit-card-hack-victim/

Two More Colleges Exposed: Indiana University and North Dakota University

collegeThere seems to be a rise lately in the number of campuses that are being subject to data breaches. Today it was brought to light that North Dakota University’s database was compromised exposing around 300K current and former student’s information along with some of their staff as well. Last week, Indiana University informed nearly 146,000 recent graduates and students that their seven-campus data system had accidentally exposed.

This news comes on the heels of the recent University of Maryland breach that effected over 300,000 students, staff, and faculty.

Indiana University

In the case of the Indiana University breach, the accidental exposure to the general public was carried out via three automated search engine web crawlers and was apparently indexed three times over the past year.

The exposed information included all of the needed information to steal a person’s identity easily, including names, addresses, and social security numbers.  This data was all being contained in an unsecure location that was easily accessed by the data-mining applications.

The three web crawlers have not been identified at the time of this article, but the University noted that the actions were carried out in a non-malicious way, by regular search engine web crawlers. The good news to report is, no servers or systems were compromised during this data mining.

Education Link Banner

James Kennedy, the school’s Associate Vice President of Student Services and Systems said; “This is not a case of a targeted attempt to obtain data for illegal purposes, and we believe the chance of sensitive data falling into the wrong hands as a result of this situation is remote…”

“At the same time, we have moved quickly to secure the data and are conducting a thorough investigation into our information handling process to ensure that this doesn’t happen again.”

North Dakota University

North Dakota University came forth with news that nearly 300K current students, former students, and faculty may be at risk due to a recent hacking. The effected student’s and faculty’s personal information, including names and social security numbers, were exposed during the breach.

North Dakota University came forth with a notification for all that were possibly impacted on their website this past Wednesday. Their IT service provider, Core Technology Services, had been tipped off about the intrusion on February 7, with the initial intrusion taking place back in October of 2013. It would appear that the attack was made by using compromised credentials that had been obtained by an unauthorized user. Once this discovery was made they immediately shut down the affected server.

The tipster in this case was actually a victim of identity fraud rooting back to the breach.

What is this world coming to?

Back twenty years ago, data breaches did happen; people would steal files from offices or files would mysteriously go missing. Fast forward to current day; with so much of our personal information being held on networks, it is now easier for thieves to steal your personal data without even being on the same continent.

This is why it is now more important than ever to make sure that you are doing everything to protect your network from an attack.

One of the best ways to defend your campus against these types of attacks is to deploy a two-factor authentication solution. This would prevent a user’s credentials from being stolen because there would be a required one-time password needed in order to access the account. This one-time password could be provided a number of secure ways including sending a text-message to a preregistered cell phone.

Many colleges and universities trust their sensitive information to be protected via a web portal that can only be accessed by authorized users. These entry points need to be protected by strong authentication, which more and more campuses are trusting to the authentication experts at PortalGuard.

Sources:

http://www.scmagazine.com/north-dakota-university-system-hacked-roughly-300k-impacted/article/337181/?DCMP=EMC-SCUS_Newswire&spMailingID=8110983&spUserID=Nzc0OTgzMDQ3NzMS1&spJobID=260600201&spReportId=MjYwNjAwMjAxS0

http://www.scmagazine.com/web-crawlers-tap-data-put-about-146k-indiana-univ-students-at-risk/article/336198/

Price vs Cost: One Man's Opinion

Dollar_symbol

With the economic state of the country, you always hear folks talking about the price of an item or how much it cost them. Being in the security industry and a home owner, I can identify with the struggles that come with sticking to a budget and finding a solution.

However, with security it can truly be a gamble that all too often plays out in a negative way. One comparison we threw around a lot here in the office is a home security system. You constantly see on the news or hear from others stories about homes being robbed and the uneasy feeling of violation that comes with it. It makes you think about yourself, your home, and that could happen to me!

But then your subconscious says those famous last words, “It can’t happen to me.”

Sadly, this is the approach a lot of businesses can take on the stance of cyber security too. Recently, we have all seen the public spectacle that comes with being hacked and the consequences associated with cutting corners on security. In a couple of previous articles, I know that I have touched on this topic in previous articles, but we still hear of companies being breached.

This brings me to my point; when looking at a solution, sometimes we look for the cheapest fix and do not think any further than the price tag associated with the item. But let’s say you don’t even make it that far, you ignore the problem and hope it does not get worse. Then when you go to make the repair, it costs far more money than just addressing the problem from the start. To combat these types of situations, many companies that are working with a tight budget turn to the affordable authentication that PortalGuard offers.  

So when faced with the complex decision of price versus the cost, it is always best to consider the big picture and the cost or consequence of all that could happen if you are not proactive in preventing security breaches.