I received 2 notices in 2 weeks about hacks that got my email address and other personal information. This after not one, but 2 huge hacks at Yahoo that affected me also. It is not a question of IF but WHEN you will be hacked -- and what you must do about it.
"Only two months into 2017 and already 13 million people have had personal information compromised. Attackers breached 15 companies in February alone. Among them, the biggest names included popular music festival Coachella, restaurant chain Arby's, and the InterContinental Hotel Group."
I was one of 393,430,309 people pwned in the River City Media Spam List data breach. The Compromised data consisted of Email addresses, IP addresses, Names, Physical addresses.
"In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data." [source]
This warning came with the notice: "When financial information is in question, it's important that data breach victims monitor their bank accounts and credit cards for fraudulent activity. Contact your bank or credit provider if you see anything that looks odd." But I didn't get a notice of the breach from River City Media or anyone. I got the notice from a monitoring system I signed up for.
Also with the notice: "Why are you only hearing about this now? Whilst the breach occurred in January, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly." Like Yahoo or any of the EMR systems.
I just found out about the September 2016 breach to NetProspex. "In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them. It contained extensive personal and corporate information including names, email addresses, job titles and general information about the employer." The Compromised data: Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses. Did D&B or NetProspex contact me? NO!!
Currently there is a successful GMAIL phishing scam going on. See more at LifeHacker. We need more user training on how to handle email and data.
One Tampa firm, BayCare, did an assessment of their workers' knowledge of scam email. It went sideways. But you SHOULD be checking to see if workers follow safe email procedures, since that is the Number 1 way that hacks occur!
There is more:
Privacy hawks in Congress call on Homeland Security to warn Americans of SS7 hacking threat.
For its 2016 Verizon Data Breach Investigations Report (available for download here), Verizon used a final data set of 64,199 security incidents and 2,260 data breaches.
The problem with selling cyber-security solutions is (A) the cost; and (B) no one thinks it will happen to them. You have to sell it like Life Insurance. Sir, one day you will die. Then what?
No one is immune.
From VZE: "Take a look through the list of published data breaches and one thing will immediately strike you: no location, industry or organization is immune from attack. Even with the strongest defenses, you can't bank on not being breached. But you can deter the criminals."