Identity theft hits over 15 million victims in 2016, the most ever

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Some 15.4 mil­lion con­sumers were vic­tims of iden­ti­ty theft or fraud last year, says a report from Javelin Strat­e­gy & Research. That’s up 16 per­cent from 2015, the high­est fig­ure record­ed since the firm began track­ing fraud instances in 2004. Card-not-present fraud—transactions made online or via phone where the card­hold­er does not need to present the phys­i­cal card to com­plete the purchase—rose the most, increas­ing 40 per­cent com­pared with 2015. Account takeover fraud—in which thieves used stolen log-in infor­ma­tion to access a consumer’s accounts—rose 31 per­cent, and instances where fraud­sters opened new accounts in a consumer’s name were up 20 per­cent. In all, thieves stole $16 bil­lion, the report found—nearly $1 bil­lion more than in 2015. How­ev­er, con­sumers spot fraud more quick­ly, min­i­miz­ing the finan­cial dam­age. The fraud amount per vic­tim was $1,038, down from $1,165 in 2015. Source: CNBC

Shall we play a game? Only if you want your data exposed

sh_xbox_280A data breach of Xbox and PSP gam­ing forums exposed the account details of 2.5 mil­lion users, poten­tial­ly open­ing up their oth­er online accounts to attack by hack­ers. The Xbox 360 and PSP ISOs, which host game down­load files, were hacked in Sep­tem­ber 2015. Even if users didn’t have finan­cial details stored on the sites, the infor­ma­tion could be used to break into oth­er sites if users have the same pass­word for dif­fer­ent accounts. Source: CNet

Hackers can reach out and touch Netgear routers

Secu­ri­ty researchers said near­ly a mil­lion Net­gear routers are vul­ner­a­ble to pass­word hijack­ing. Crim­i­nals can exploit these vul­ner­a­bil­i­ties remote­ly, assum­ing the device’s remote man­age­ment fea­ture is turned on. The vul­ner­a­bil­i­ties also can be exploit­ed through phys­i­cal access to the device. This vul­ner­a­bil­i­ty allowed two exploits in the router that Net­gear knew about since 2014. Although the com­pa­ny patched these flaws after they were dis­closed, it appears some loop­holes still exist. Source: The Merkle

Czech Republic checking hacked email accounts

sh_czech_280Hack­ers breached dozens of email accounts at the Czech For­eign Min­istry in an attack resem­bling one against the U.S. Demo­c­ra­t­ic Par­ty that the for­mer Oba­ma admin­is­tra­tion blamed on Rus­sia, For­eign Min­is­ter Lubomir Zao­ralek said. He said experts told him the cyber attacks were like­ly con­duct­ed by a for­eign state. Zao­ralek, whose email account also was hit, did not name any coun­tries he thought might be respon­si­ble for the attack. Source: Reuters

Russia charges three with treason in cyber case

Russ­ian author­i­ties charged two for­mer offi­cers in the Fed­er­al Secu­ri­ty Ser­vice and an employ­ee of cyber­se­cu­ri­ty firm Kasper­sky Lab with com­mit­ting trea­son in the inter­ests of the Unit­ed States, accord­ing to a lawyer rep­re­sent­ing one of the three. Ivan Pavlov iden­ti­fied the three as Kasper­sky employ­ee Rus­lan Stoy­anov and FSB offi­cers who spe­cial­ized in cyber­se­cu­ri­ty, Sergei Mikhailov and Dmit­ry Dokuchayev. Source: al-Jazeera

Computer maker to pay fine in data breach case

sh_acer_280Fol­low­ing a breach, com­put­er man­u­fac­tur­er Acer will pay $115,000 and improve its secu­ri­ty prac­tices in a set­tle­ment with New York. The breach, first report­ed in June 2016, includ­ed per­son­al­ly iden­ti­fi­able information—including names, address­es, email address­es, card num­bers, expi­ra­tion dates, secu­ri­ty codes and user names and pass­words. The PII of more than 35,000 Acer cus­tomers was com­pro­mised. Source: SC Media

Not so sunny in Florida identity theft case

U.S. Attor­ney Wifre­do Fer­rer announced fed­er­al charges against more than 100 sus­pects involved in schemes to steal per­son­al infor­ma­tion from tens of thou­sands of vic­tims in Florida—and using that data in an attempt to steal more than $60 mil­lion. Among those charged is a for­mer sec­re­tary for Jack­son Health Sys­tem, accused of play­ing a key role in a scheme that stole more than 24,000 patient records. Source: The Sun-Sen­tinel

IRS could do a better job in identity theft cases

sh_irs_280The IRS should improve its han­dling of iden­ti­ty-theft cas­es, the Gov­ern­ment Account­abil­i­ty Office said. The IRS has improved some aspects of its cus­tomer ser­vice and has shrunk its back­log of cas­es. How­ev­er, the GAO found that the IRS has inef­fi­cien­cies in its file-retrieval and scan­ning process­es that could delay tax refunds to legit­i­mate tax­pay­ers. The report also found that the IRS doesn’t have good enough data to track whether IRS employ­ees are releas­ing refunds before ID-theft cas­es asso­ci­at­ed with those refunds are closed. Source: The Hill

Hack group Anonymous tells followers to hack Trump’s phone

Hack­tivism group Anony­mous pub­lished a guide on how to hack Pres­i­dent Don­ald Trump’s phone on a Twit­ter account with more than 1.68 mil­lion fol­low­ers. Some com­men­ta­tors believe Trump still uses the same mobile he owned before tak­ing office, which The New York Times described as an “old, unse­cured Android phone.” … A com­mu­ni­ty radio sta­tion in South Car­oli­na that nor­mal­ly plays oldies and beach music said it had been hacked to play an anti-Trump song. The sta­tion, which cov­ers 10 miles of Salem, South Car­oli­na, was the lat­est non­com­mer­cial radio sta­tion to unin­ten­tion­al­ly broad­cast YG’s “FDT (F*** Don­ald Trump).” The appar­ent hack fol­lowed sim­i­lar “FDT” broad­casts on small sta­tions in oth­er states. Sources:; Buz­zFeed

Foul ball: Cardinals strike out in Astros hacking case

sh_cardinals_280Major League Base­ball ordered the St. Louis Car­di­nals to pay $2 mil­lion and two future draft picks to the Hous­ton Astros after a for­mer exec­u­tive admit­ted to hack­ing the team’s data­base. Chris Cor­rea, for­mer direc­tor of base­ball devel­op­ment for the Car­di­nals, admit­ted that he ille­gal­ly accessed the Astros’ data­base, down­load­ing scout­ing reports for eli­gi­ble play­ers in the 2013 draft, notes on trade talks, and eval­u­a­tions of col­lege and inter­na­tion­al play­ers. Source: Con­sumer Affairs

Google gets bad prognosis from British health service

Britain’s Nation­al Health Ser­vice staff mem­bers are being advised to swap Google for anoth­er search engine after the thou­sands of employ­ees on its com­put­er sys­tems trig­gered a shield com­mon­ly used to pre­vent cyber attacks. The web­site acti­vat­ed a shield for NHS staff that is designed to stop cyber attacks from flood­ing Google with traf­fic. It means when­ev­er an NHS employ­ee wants to use one of Google’s inter­net ser­vices, such as search or Gmail, they have to check a box to con­firm they are “not a robot.” Source: The Tele­graph