Car conveniences come with cautions

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Automakers plan to bring e-commerce to the dashboard. Ford Motor has an app that lets drivers dictate an order to Domino’s Pizza using voice controls and a smartphone. General Motors is offering AtYourService, which alerts drivers to deals at Dunkin’ Donuts or lets them book a hotel room on using voice commands. By 2020, as many as 40 percent of new vehicles sold worldwide will let drivers shop from behind the wheel, predicts Thilo Koslowski, vice president of the auto practice at Gartner, an information technology research and advisory firm. Connected cars present a rich target that hackers can troll for credit card numbers, home addresses, email information and all the other personal details required for identity theft. “Today the motivation for hacking a car is mischief, with an objective of hurting people or car companies,” Koslowski said. Once drivers can shop with impunity as they roll down the highway, “the car will definitely be viewed as a vulnerable device.” Source: Insurance Journal

This is when we want IRS to get more money

sh_IRS money_170The Internal Revenue Service is having trouble assisting identity fraud victims because of budget constraints imposed by Congress, says the Treasury Inspector General for Tax Administration. In testimony at a Senate Budget Committee hearing, Inspector General J. Russell George said to provide relief to victims of identity theft, the IRS began issuing Identity Protection Personal Identification Numbers to eligible taxpayers in fiscal 2011. The identity theft victim uses the PIN for tax filing to prevent further misuses of the person’s Social Security number. The IRS also decided to assign a dedicated employee to work with each identity theft victim. However, with Congress slashing the agency’s budget, the IRS couldn’t afford to assign a single employee for each identity theft victim. Because of that, George told the committee, TIGTA found that not all eligible individuals are receiving a PIN. Specifically, in September 2014, the IRS did not provide a PIN to 532,637 taxpayers who had an identity theft indicator on their tax account. Source: Fierce Government

Breach could haunt you for years

While breach reports fixate on the number of records stolen, accounts compromised and people affected, the real question is what will hackers eventually do with the data they’ve taken. “When you look at it today … almost 80 percent of [hackers] are in the business for profit,” said Al Berman, president of New York’s Disaster Recovery Institute International. People with security clearances and sensitive information, combined with verified extramarital affairs, could rank as a blackmailer’s easiest target. With a billion records stolen by hackers in 2014 and likely more in 2015, cross-referenced data breaches may become the norm, exploding months or even years after the initial hack. Source: ZDNet

An ironic act of revenge

sh_lizard_280Hackers have attacked the website of the U.K.’s National Crime Agency in revenge for the arrests of six people who purchased an illicit tool designed to … take websites offline. The NCA’s website was unresponsive Tuesday, though there is no indication any secure servers or operational information has been compromised. The hacking group Lizard Squad claimed responsibility for the hack on Twitter. The NCA made its arrests in August as part of Operation Vivarium, which is designed specifically to attack Lizard Squad and people who purchased its code to run denial-of-service (DDoS) attacks on websites. The same code, known as Lizard Stresser or Stressed Out, was reportedly used to run attacks on Sony’s PSN and Microsoft’s Xbox Live gaming networks in December 2014. Source: Wired

Driven to distraction

Minnesota officials say driver’s license information on 18 residents was accessed after a password-protected portal was inadvertently opened online. The Department of Public Safety said the breach happened when a server update accidentally removed the authentication process to access the state’s driver’s license database. Two individuals used the portal 55 times from Aug. 2 through 24. The department says they’re sending letters to the 18 residents whose data was accessed. That information includes pictures, names, addresses and dates of birth. The state says Social Security numbers weren’t involved in the breach. The faulty access site has been disabled. Source: KARE, Minneapolis

Lack of contract delays OPM contact

sh_delay_260The 21.5 million federal employees, contractors and others exposed in the Office of Personnel Management security clearance data breach have yet to receive official notification of their exposure, credit monitoring and other identity protection services, and until a contractor gets the award for those services, they’ll continue to wait. Initial estimates said that a contract would be out by Aug. 21. The agencies charged with awarding the contract for the notification job—the General Services Administration and the Naval Sea Systems Command—are missing self-imposed deadlines. Quotations from vendors were due Aug. 14. Source:

From the tool box

sh_Qualcomm Snapdragon_170Mobile chipmaking giant Qualcomm is hoping to tamp down worries about the Android ecosystem with Snapdragon Smart Protect, which keeps tabs on how apps are behaving. The software only works for Android phones equipped with Qualcomm’s Snapdragon processor. (With the exception of Samsung’s latest phones, nearly every high-end phone uses Snapdragon processors.) It will be available in Qualcomm’s upcoming Snapdragon 820 chip due out in Android phones sometime next year. Qualcomm is partnering with antivirus software developers and phone makers to take advantage of the product. So far, three antivirus app makers have signed up for Smart Protect: Lookout, AVG and Avast. Source: Qualcomm

States step up for students

sh_student records_280States are getting serious about protecting students’ privacy. The nonprofit Data Quality Campaign reported that 182 bills were introduced in 46 states this year, aiming to protect student data. Of those, 15 states passed 28 laws. Georgia passed a bill in May that prohibits selling students’ personal data or using data to target ads to students. Using the data to improve teaching or for companies to improve how their software works is fine, according to the legislation. Some parents are nervous about the shadow of data that could follow students, including information on social-emotional issues. Source: EdSurge