Smear campaign: Identity thieves file oil spill claims

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A federal grand jury indicted seven people after authorities say they filed fraudulent claims totaling more than $2 billion related to the 2010 Deepwater Horizon oil spill. The defendants were indicted on 95 counts of conspiracy, mail and wire fraud, identity theft, and aggravated identity theft, the Justice Department says. The indictment alleges that the defendants got the names and personal data of more than 40,000 residents of areas affected by the spill to submit claims on their behalf without contacting them. “The defendants in this case are accused of exploiting a disaster relief program set up to help those who were injured or suffered an economic loss as a result of the BP oil spill—the worst environmental disaster in American history,” U.S. Attorney Gregory Davis said. Source: AL.com

A real concession on Facebook policy

sh_Facebook_280Facebook is modifying the terms of its controversial “real name” policy, which demands that users go by their “authentic name” when on the social network rather than a pseudonym. The trans and Native American communities have protested the policy, citing its use by trolls as a weapon of harassment. The announcement comes in response to an open letter written by advocacy groups including the ACLU. The site will let users provide context for using a name when confirming accounts. Facebook also will require users who flag others for using alternate names to provide additional detail and data in their complaint. The company hopes this step will dissuade people from frivolously flagging profiles, which locks the user out until they can confirm they are who they say they are. Additionally, Facebook will tweak both the name confirmation process, no longer requiring government-issued IDs, as well as provide a “more robust” and transparent appeals process for users locked out of their accounts. Source: Engadget

Data vs. privacy case could cause wide ripples

The Supreme Court is set to hear a clash between privacy laws that protect consumers and the desire of online data providers to avoid potentially crippling lawsuits if they post inaccurate information. Monday, the justices are to take up the case of Thomas Robins, who sued Spokeo, a tech company that calls itself a “people search engine.” Spokeo sells profiles of people drawn from data available online. When the company produced a profile of Robins, he was surprised to see himself described as married with children, in his 50s, with a graduate degree and a professional job. None of that was true. He was 29, unmarried and unemployed. Robins sued, hiring Jay Edelson, an attorney who brought the case as a class action on behalf of “millions of individuals” whose profiles appear on Spokeo. The suit is based on the federal Fair Credit Reporting Act of 1970. Corporate America is watching the case closely. “If you have automatic damages for statutory violations, it is a ticket for class actions to sue for millions and even billions on behalf of people who didn’t suffer any harm,” said lawyer Roy Englert, who represents the U.S. Chamber of Commerce. Source: The Los Angeles Times

TalkTalk information is cheap for some

sh_stolen data_280Reports say Britain’s TalkTalk customers’ bank details are for sale for about $2.50 following a massive online hack. Eastern European criminal gangs are said to be the main buyers of such stolen financial data, which includes the 21,000 customer bank account numbers and sort codes that phone and broadband provider TalkTalk acknowledged had been hacked. One hacker says he could make 150,000 pounds ($232,000) by selling data to many members or organized crime, who then use the information to burgle homes after phoning ahead to see if they are empty, sending bogus emails to defraud someone, and threatening to delete data unless paid a ransom. Source: The Daily Mail

Yeah, we like more business, but maybe not this

Massive data breaches are the best advertising for cyber insurance, convincing many companies—especially in the retail and health care industries—to consider policies. But for insurers, the losses are causing insurance firms to question the underwriting some of the largest companies because any breach can result in massive damages. Target estimates its losses from the 2013 breach will exceed $250 million, with $90 million covered by insurance. The company had to work with several insurers to build a policy with such a high payout. Called a “tower” in the insurance industry, such techniques are in more demand. Breaches are causing policy premiums to rise substantially for larger companies. Some reported estimates put the year-over-year increase at more than 30 percent. Source: eWeek

Some Vodafone customer accounts accessed

sh_vodafone_280Hackers may have accessed the bank details of nearly 2,000 Vodafone customers, the company has said. The mobile phone provider said 1,827 accounts were accessed, potentially providing criminals with customers’ names, mobile numbers, bank sort codes and the last four digits of their bank accounts. “This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way,” the company said. No credit or debit card details were accessed and the information obtained by the criminals “cannot be used directly to access customers’ bank accounts,” the company said. Source: The Guardian

Shadow hunters: Customer data said to be on Dark Web

British mobile payments company Optimal Payments said it was investigating allegations that some customers’ personal data had been compromised and was available in the public domain. The company said the allegations were that the data breaches had occurred at two units in 2012 or earlier. The data consists of names and email addresses of customers and is available for purchase on the Dark Web, a source with knowledge of the hack told Reuters. The units had suffered data breaches as a result of cyber attacks in 2009 and 2010, but none of its customers lost any money as a result, the company said. Source: Business Insurance

Anglo-American test checks cybersecurity

sh_U.S. and U.K._230The U.S. and British governments will hold a joint exercise to test cybersecurity and information sharing arrangements involving global financial institutions, according to the U.K. National Computer Emergency Response Team. The initiative will not be a “war game” involving live testing but instead will check communication and coordination links between governments, authorities and companies. The exercise is part of ongoing engagement between the U.K. and U.S. after President Obama and Prime Minister David Cameron said in January the two countries would deepen cybersecurity ties. Source: Bloomberg

Here’s a new debit card! Cause, uh, we got hacked

A large data breach at an unidentified national business has prompted First National Bank of Omaha to reissue new debit cards to customers in seven states. First National’s security was not compromised in the incident, a spokesman said. Its connection to the breach is limited to customers who may have done business with the company that was the target. “We recently issued new debit cards across our seven-state service area to customers whose cards may have been compromised through a nationwide breach that has not yet been announced,” First National said. The bank has operations in Nebraska, Iowa, South Dakota, Kansas, Colorado, Texas and Illinois, and in a letter to customers explained that fraud monitoring determined those customers’ cards were at risk of being compromised because of the breach of an outside company. Source: The Omaha-World Herald

Class-action suit may check into Trump Hotels

sh_trump_750The hotel chain that bears Donald Trump’s name is facing a data breach class-action suit after systems were hacked in two hotels in New York and other locations in Chicago, Miami, Las Vegas, Waikiki and Toronto. According to the proposed data breach lawsuit, malware was found in the Trump Hotel Collection’s systems. Customers of the Trump Hotel Collection who might have used their credit cards from May 19, 2014, to June 2 of this year may have been hacked. According to the data breach lawsuit, “the root cause of the data breach was defendants’ failure to fix elementary deficiencies in their security systems, abide by industry regulations and respond to other similar data breaches directed at retailers,” the lawsuit contends. Source: Lawyers and Settlements

Authorities track postings on Facebook of Russia

When Russia’s Yekaterina Vologzheninova shared links about the war in Ukraine with online friends on VKontakte, the Facebook of the Russian-speaking world, officers from the Investigative Committee, an FBI-style law enforcement agency answerable only to President Vladimir Putin, were tracking her online. Investigative Committee officers, accompanied by agents from the Federal Security Service, the successor agency to the KGB, seized her computer and her 12-year-old daughter’s tablet. They also informed Vologzheninova that she was being charged with “inciting hatred” of Russian “volunteers” fighting in Ukraine, as well as of Russian authorities. She was placed on a list of “terrorists and extremists” and her bank account and credit cards have been frozen. Vologzheninova faces up to four years in jail if found guilty. Opposition bloggers say the persecution is part of an ongoing bid to silence Russia’s vibrant online community. “Cases like Vologzheninova’s are intended to frighten others,” says Andrei Malgin, one of Russia’s most influential opposition bloggers. Source: Newsweek