2017 was the busiest year in U.S. history in terms of security issues, and there have been no signs of slowing down two months into 2018. Despite this, people are not thinking about them the same way. Many seem immune, tuned out, fatigued, or not paying attention to the incidents and risks that are impacting so many. For some of us, though, these are still top of mind. Here are a few of the top-of-mind information security news stories from February.
- Equifax is back in the information security news again. It was reported by the Wall Street Journal that an additional 2.4 million people were found to be affected by the 2017 breach. This brings the total to an alarming’ 147.9 million people and remains the largest personal information breach in history.
- Tax scams are not new. However, people are finding new and creative ways to target taxpayers. In a new twist on an old tax scam, social engineers are depositing incorrect funds into real taxpayers’ accounts and then conning them into turning the funds over. This will be more prevalent as tax season continues.
- A data mix-up at the Massachusetts State House caused some companies to view other business’s names, federal employer identification numbers, tax payments, and other data. While only one social security number was affected, 39,000 business taxpayers had vulnerable data exposed.
- This time of year is often when people share documents online that they use in tax preparation. Naturally, criminals are aware of this and ready to take full advantage of the unwary through social engineering. One scam that’s up and running involves an email inviting the victims to go to Google Docs and download a document that will give them “Federal Tax Refund Information.”
- The popular dating app, Tinder experienced a recent breach. A computer programmer found a vulnerability in the software that made it possible to bypass password prompts and log in to people’s accounts with just a phone number.
- Not only is Facebook a tool for you to connect with friends, but it has also become a useful business tool. Some people have taken advantage. Sergio Moutela, the owner of Melovino Meadery, woke up to 100s of one-star reviews on his Facebook page, courtesy of bots.
- As more and more devices become connected to the internet, risk continues to increase. Fitness tracking apps have gained steam in recent years, but that comes with challenges. Strava is a fitness app that’s considered the “social network for athletes”, but its ability to recognize “route patterns” poses a significant threat, specifically near military bases.
- If you have a TV in your home, there’s a good chance it’s a smart TV. It was reported that millions of these internet-connected TV set could have security vulnerabilities that hackers can exploit. Thankfully, hackers were unable to retrieve sensitive data like credit card information, but they were able to manipulate people’s televisions and play offensive videos, install unwanted apps, or suddenly scroll through channels.
- Insurer Health Net of California, which provides health benefits to federal employees, has been cited for refusing a security audit by the Office of Personnel Management (OPM). OPM alleges that Health Net will not allow the Office of Inspector General (OIG) to perform vulnerability and configuration management testing.
- Iliana Peters has left the Department of Health and Human Services’ Office for Civil Rights (OCR). Peters was the OCR’s new HIPAA enforcer. While the OCR has been one of the few good enforcers for both consumers/patients and the regulated industry, this departure will definitely cause uncertainty.
- Fresenius Medical Care North America agreed to one of the largest HIPAA penalties in history, and the first HIPAA settlement of 2018. The Massachusetts-based healthcare organization reported five breaches in 2012, which affected roughly 521 individuals. OCR’s investigation of the breaches found that Fresenius facilities repeatedly failed to implement policies and procedures to keep equipment and patient information safe from theft. Federal regulators signed the $3.5M settlement on February 1.
Information Security in Government
- Russians used social media to influence the 2016 elections, and are likely to make similar attempts for the 2018 midterms. FRSecure CEO Evan Francen spoke about the topic in mid-February on WCCO Radio. While talks of meddling have surged, the government’s actions surrounding it have not. It was reported that of the $120B granted to the State Department for 2018 for anti-meddling measures, they’ve allocated none of the funds. This shows a lack of confidence in the department’s ability to combat the meddling attempts and to spend its allocated money wisely.
- New York has begun efforts to become the nation’s cybersecurity hub. This is a $30M initiative that has already attracted several firms. Ideally, this will bring an additional 10,000 cybersecurity jobs to the city over the next decade and allow the New York to house a ‘Cyber Center’ to be used for growing startups.
- The SEC has released updated cybersecurity guidance, aimed at assisting public organizations in disclosing cybersecurity risks and incidents, while also sending a message to corporate executives that they must take responsibility for cybersecurity. While the updated guidance attempts to reinforce the importance of policies and procedures, it has already faced backlash and will likely continue to be evolved.
These headlines (and many more) point to 2018 being another packed year of information security news . Check out FRSecure’s Twitter or LinkedIn feeds to stay in the loop about these events and topics, as it will help you discover trends and know what to look out for.