Identity theft hits over 15 million victims in 2016, the most ever

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Some 15.4 million consumers were victims of identity theft or fraud last year, says a report from Javelin Strategy & Research. That’s up 16 percent from 2015, the highest figure recorded since the firm began tracking fraud instances in 2004. Card-not-present fraud—transactions made online or via phone where the cardholder does not need to present the physical card to complete the purchase—rose the most, increasing 40 percent compared with 2015. Account takeover fraud—in which thieves used stolen log-in information to access a consumer’s accounts—rose 31 percent, and instances where fraudsters opened new accounts in a consumer’s name were up 20 percent. In all, thieves stole $16 billion, the report found—nearly $1 billion more than in 2015. However, consumers spot fraud more quickly, minimizing the financial damage. The fraud amount per victim was $1,038, down from $1,165 in 2015. Source: CNBC

Shall we play a game? Only if you want your data exposed

sh_xbox_280A data breach of Xbox and PSP gaming forums exposed the account details of 2.5 million users, potentially opening up their other online accounts to attack by hackers. The Xbox 360 and PSP ISOs, which host game download files, were hacked in September 2015. Even if users didn’t have financial details stored on the sites, the information could be used to break into other sites if users have the same password for different accounts. Source: CNet

Hackers can reach out and touch Netgear routers

Security researchers said nearly a million Netgear routers are vulnerable to password hijacking. Criminals can exploit these vulnerabilities remotely, assuming the device’s remote management feature is turned on. The vulnerabilities also can be exploited through physical access to the device. This vulnerability allowed two exploits in the router that Netgear knew about since 2014. Although the company patched these flaws after they were disclosed, it appears some loopholes still exist. Source: The Merkle

Czech Republic checking hacked email accounts

sh_czech_280Hackers breached dozens of email accounts at the Czech Foreign Ministry in an attack resembling one against the U.S. Democratic Party that the former Obama administration blamed on Russia, Foreign Minister Lubomir Zaoralek said. He said experts told him the cyber attacks were likely conducted by a foreign state. Zaoralek, whose email account also was hit, did not name any countries he thought might be responsible for the attack. Source: Reuters

Russia charges three with treason in cyber case

Russian authorities charged two former officers in the Federal Security Service and an employee of cybersecurity firm Kaspersky Lab with committing treason in the interests of the United States, according to a lawyer representing one of the three. Ivan Pavlov identified the three as Kaspersky employee Ruslan Stoyanov and FSB officers who specialized in cybersecurity, Sergei Mikhailov and Dmitry Dokuchayev. Source: al-Jazeera

Computer maker to pay fine in data breach case

sh_acer_280Following a breach, computer manufacturer Acer will pay $115,000 and improve its security practices in a settlement with New York. The breach, first reported in June 2016, included personally identifiable information—including names, addresses, email addresses, card numbers, expiration dates, security codes and user names and passwords. The PII of more than 35,000 Acer customers was compromised. Source: SC Media

Not so sunny in Florida identity theft case

U.S. Attorney Wifredo Ferrer announced federal charges against more than 100 suspects involved in schemes to steal personal information from tens of thousands of victims in Florida—and using that data in an attempt to steal more than $60 million. Among those charged is a former secretary for Jackson Health System, accused of playing a key role in a scheme that stole more than 24,000 patient records. Source: The Sun-Sentinel

IRS could do a better job in identity theft cases

sh_irs_280The IRS should improve its handling of identity-theft cases, the Government Accountability Office said. The IRS has improved some aspects of its customer service and has shrunk its backlog of cases. However, the GAO found that the IRS has inefficiencies in its file-retrieval and scanning processes that could delay tax refunds to legitimate taxpayers. The report also found that the IRS doesn’t have good enough data to track whether IRS employees are releasing refunds before ID-theft cases associated with those refunds are closed. Source: The Hill

Hack group Anonymous tells followers to hack Trump’s phone

Hacktivism group Anonymous published a guide on how to hack President Donald Trump’s phone on a Twitter account with more than 1.68 million followers. Some commentators believe Trump still uses the same mobile he owned before taking office, which The New York Times described as an “old, unsecured Android phone.” … A community radio station in South Carolina that normally plays oldies and beach music said it had been hacked to play an anti-Trump song. The station, which covers 10 miles of Salem, South Carolina, was the latest noncommercial radio station to unintentionally broadcast YG’s “FDT (F*** Donald Trump).” The apparent hack followed similar “FDT” broadcasts on small stations in other states. Sources:; BuzzFeed

Foul ball: Cardinals strike out in Astros hacking case

sh_cardinals_280Major League Baseball ordered the St. Louis Cardinals to pay $2 million and two future draft picks to the Houston Astros after a former executive admitted to hacking the team’s database. Chris Correa, former director of baseball development for the Cardinals, admitted that he illegally accessed the Astros’ database, downloading scouting reports for eligible players in the 2013 draft, notes on trade talks, and evaluations of college and international players. Source: Consumer Affairs

Google gets bad prognosis from British health service

Britain’s National Health Service staff members are being advised to swap Google for another search engine after the thousands of employees on its computer systems triggered a shield commonly used to prevent cyber attacks. The website activated a shield for NHS staff that is designed to stop cyber attacks from flooding Google with traffic. It means whenever an NHS employee wants to use one of Google’s internet services, such as search or Gmail, they have to check a box to confirm they are “not a robot.” Source: The Telegraph