CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Go tell the Spartans—and all Greeks—of possible tax hack

Go tell the Spartans—and all Greeks—of possible tax hack
July 28, 2015

Greece’s former finance minister was ready to hack into the country’s tax-collection system as part of contingency planning for a possible exit from the euro. The hacking was part of a “Plan B” hatched by Yanis Varoufakis to create a parallel currency in case Greece was unable to agree on a new bailout with its creditors. Varoufakis resigned on July 5 as the financial crisis spiraled out of control. He described the plan during a teleconference with investors earlier this month. A recording of the call has been made public. By enabling taxpayers to access money and make electronic payments through the tax-collection website, Greece could continue to function, even with the banks closed. “We decided to hack into my ministry’s own software program in order to be able to copy the code of the tax system’s website so that we can work out how to design and implement this parallel payment system,” Varoufakis said. “It would be euro-denominated, but at the drop of a hat, it could be converted to the new drachma.” Source: CNN

Coverage where coverage is due

Sen. Barbara Mikulski (D-Md.) plans to introduce two amendments to the Financial Services & General Government Appropriations Bill, one of which would give federal workers whose personal data were affected by data breaches at the Office of Personnel Management much more identity theft protection than what OPM has offered thus far. Mikulski’s amendment would provide 10 years and $5 million worth of ID theft insurance to any individual who was affected by data breaches. OPM said the data of 21.5 million individuals, including Social Security numbers, fingerprints and other personal data related to conducting background checks, was exposed. Source:

sh_damaged credit_400

A seemingly never-ending story

In 1999, Martina Henry discovered unfamiliar credit cards had been taken out in her name. She reported the fraud to the credit bureaus, the creditors and the police. “I thought (the situation) would be resolved quickly,” she says. Instead, 16 years later, she’s still struggling to have 11 fraudulent accounts—and the thousands of dollars owed—removed from her credit reports. Henry says her damaged credit score has left her unable to secure a mortgage, auto loan or credit card. “I have had to pay everything in cash.” She’s also had to make court appearances, since creditors sued to collect on the debts. The cases were dismissed once the courts found no evidence to suggest Henry had opened the cards, but the creditors still refused to remove the accounts from her credit reports. She has sued the three credit bureaus, two debt-collection companies and four banks. Henry is seeking punitive damages and hoping to get the accounts off her credit report. “I just want to get my credit report cleaned up” to move on with life, she says. “I could apply for a loan for a home, (and) maybe a credit card or two.” Source:


From the tool box

Chinese language Internet search provider Baidu has launched Android app DU Privacy Vault, a mobile app focused on protecting people’s privacy. The free-to-download app lets users secure all apps, photos and videos on their phones. In a 2015 study, the Pew Internet Research Center reported that more than half of all U.S. smartphone owners use their phones for online banking and to look up medical information. “How can I make sure my phone is totally safe from prying eyes? That’s the question on everyone’s mind. And we realized that there wasn’t a great answer out there,” said DU Privacy Vault team leader Pan Jinfeng. “That inspired us to make a complete privacy solution.” Source: MarketWatch

With six, you get … a possible big breach

Six vulnerabilities have left 95 percent of Google Android phones open to an attack delivered by a simple multimedia text, a mobile security expert says. The vulnerabilities are said to be the worst Android flaws ever uncovered. Joshua Drake, from Zimperium zLabs, said while Google has sent patches to its partners, he believes most manufacturers have not made fixes available to customers. “All devices should be assumed to be vulnerable,” Drake said. In some cases, the exploits are silent, and the user would have little chance of defending data. Drake believes as many as 950 million Android phones could be affected. Only Android phones below version 2.2 are not affected, he said. The weaknesses reside in Stagefright, a media playback tool. Source: Forbes

sh_justice scales_400

Call out the law

As lawyers position themselves as experts who can advise companies on cybersecurity threats, many law firms are being targeted and are experiencing data breaches. “Our law firm clients report being extorted or threatened with denial of service and being held hostage,” said Mark Greenwood, managing director with Aon Risk Solutions, which sells cyber insurance to several dozen law firms. Greenwood said the minimum cost of hiring a consultant to identify the hole in a cybersecurity system, then fix it, is $500,000. He further estimated that the largest law firms are paying for $5 million to $40 million in coverage, midsize firms are purchasing up to $10 million in coverage, and smaller firms are buying up to $5 million in coverage. The insurance provides firms with a “coach” who can take the lead if a breach occurs, crisis communication and PR specialists, as well as online training and support from IT professionals, Greenwood says. In the past year, his group has signed up 30 law firms for cyber insurance, he said. Source: Bloomberg BNA

A teachable moment

Responding to growing parental fears that hackers will steal their children’s personally identifiable information, or that companies will sell such data or use it to target advertising to kids, legislators in 30 states have passed laws dealing with the issue since last year. They either spell out procedures for collecting, storing and using student data or prohibit the gathering of certain types of sensitive data, such as information related to health, religion or political affiliations. Many argue that the 40-year-old Family Educational Rights and Privacy Act, which safeguards the privacy of student records, should be updated to reflect educational software makers vying for a piece of the estimated $8 billion market. But although President Obama has called student data privacy a priority, federal progress has been slow, and states are filling the void. Source: MIT Technology Review

neiman marcus_217x153

You better shop around

A federal appeals court says injuries that victims of a data breach at Neiman Marcus allegedly sustained are sufficient to entitle them to pursue their putative class-action lawsuit against the retailer. Neiman Marcus learned in December 2013 that fraudulent charges had shown up on the credit cards of some customers, according to the ruling by the 7th U.S. Circuit Court of Appeals in Chicago. It found potential malware in its computer systems on Jan. 1, 2014, and sent notices to customers who had incurred fraudulent charges nine days later, according to the ruling. To pursue the case, the plaintiffs’ complaints must satisfy the requirements established in the U.S Supreme Court’s 2013 ruling in Clapper v. Amnesty International USA, in which the high court held that alleged injuries must be “concrete, particularized and actual or imminent,” according to the ruling. A three-judge panel held plaintiffs have met this standard. “At this stage in the litigation, it is plausible to infer that the plaintiffs have shown a substantial risk of harm from the Neiman Marcus data breach. Why else would hackers break into a store’s database and steal consumers’ private information?” said the ruling. Source: Business Insurance

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started