UPS Hacked!

UPS hacked!

“It was the best of times, it was the worst of times.”

 

This famous quote from Charles Dickens’ classic novel, A Tale of Two Cities, gives insight into how two forces, like good and evil, are equal rivals contending for survival. The same goes for the world of cyber security. We have a world of information, convenience, and entertainment at our fingertips, and yet, in that world, there are dangers and possibilities to have valuable information stolen.

 

In Alex Roger’s time.com article, “UPS: We’ve Been Hacked,” Roger’s reports on the newest breach within The UPS. “The United Parcel Service announced Wednesday that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised.” Rogers continues, “The malware began to infiltrate the system as early as January 20, but the majority of the attacks began after March 26.” Even though the breach was wide ranging, UPS assured that on August 11 the threat  was resolved.

 

UPS issued a public statement, “The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. Not all of this information may have been exposed for each customer. Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident.” UPS went on to say that it is safe to shop at all of the UPS branches.

 

As fiction continually tells us in pros and verse, good and evil will always be at odds with each other, just as Dickens foreshadows in A Tale of Two Cities. So what can we do about it? Well, our job is twofold. We need to be sure to follow the Password Best Practices (PBP) and petition applications and companies that we use on a daily bases to start supporting Two-factor.

 

Password Best Practices

 

Password Best Practice (PBP) is the easiest way to accomplish login security to your applications and portals to access private information. PBP gives practical advice on how to strengthen your password, how often to change your password, what not to do with your password, and much more. By enforcing and educating users on PBP, you are on your way to achieving stronger passwords and making logins more secure. PennState has done a great job outlining the Password Best Practices on their site. The article is a great resource and reminder of what we should be doing with our passwords.

 

What you can do to about Two-factor Authentication

 

You may ask yourself what you can do to ensure that private and person information is protected with two-factor. There are two things that one can do. First, if you have the sway and influence, there are identity management providers that provide usable two-factor, protecting against network attacks. Secondly, if you are only a user and have no influence in the IT Department, there is a great site that contains a Two-factor Authentication list. From this list you can send a direct request to those that are not currently supporting Two-factor Authentication. The list is a great way to see if your favorite applications and websites are doing their part in protecting your personal information from network attacks worldwide.

 

Even though we seem to be living in a constant state of “the best of times, it was the worst of times,” we can do our best to fight against the evil of stolen identities and by educating ourselves on Password Best Practices and petitioning companies to support Two-factor Authentication.

The IT Professional vs. The Deadly Data Breach

IT Professional vs. Deadly Data Breach

 

The Deadly Data Breach

We know it well, the Deadly Data Breach! So many people have felt the effects of a data breach, and so many companies are scrambling to protect the personal information they have on file. I am sure data breaches are on the minds of every IT professional that has kept up with the most recent breaches. No one goes unscathed by The Deadly Breach: P.F. Changs, Goodwill, Home Depot, and numerous schools.

Home Depot’s recent data breach reaches all the way back to April first of this year. According to Steven Weisman’s blog article, “Important Home Depot Update,” Weisman reports that “along with the credit card numbers and debit card numbers, the hackers also are selling the state and zip code for the particular cards.  This enables the hackers to defeat some fraud detection programs that pick up charges made from areas far from the home of the card holder.” This just covers up and prolongs agencies from discovering a security breach sooner. The Deadly Data Breaches just keep getting more deadly!

 

The Cost of The Deadly Data Breach

The cost of the deadly data breach doesn’t stop at the yearly budget meeting. There are many different costs when a breach strikes: the cost of private information, the cost of an organization’s reputation, and the actual monetary cost. Target’s data breach cost them $148 million dollars so far, and having more stores than Target, Home Depot will most likely exceed that number. At this moment in time, I do not envy the IT Professional and truly feel for them; thankfully, there are some great resources for IT Professionals. For example, Liisa Thomas’s book, Thomas on Data Breach: A Practical Guide to Handling Data Breach Notifications Worldwide, is a great resource for the IT Professional contending with The Deadly Data Breach.

 

What Can Anyone Do?

There are many things that both the IT Professionals and the end users may do to proactively protect themselves from having their identity stolen. In reference to the Home Depot breach, Weisman gives practical tips on protecting yourself from identity theft. Weisman’s blog Scamicide is a great resource on daily technical news and practical tips to protect against hacktivists.

 

  • Password Best Practices: These are a great place for the IT Professional to start in their fight against the Deadly Data Breach. Password Best Practices are common sense protocols for passwords and a great place to start creating a healthy password environment for your organization. PennState has a great article on Password Best Practices that I found very helpful.

 

  • Speak Up: For the end user, there is a great website that was featured in the NYTimes that has a list of applications supporting two-factor authentication. The end user is also able to send a request to their favorite website/application requesting that they support two-factor.

 

 

We are in an age where logins are a part of life and the gateway to private and confidential data. As the tsunami of data breaches continues to destroy and damage the cyber world, it is time to look towards stronger authentication to reduce the impact on organizations worldwide.

 

 

http://scamicide.com/2014/09/11/scam-of-the-day-september-11-2014-important-home-depot-update/