Industry News

Response to Equifax Security Breach

A response from SMP on the recent Equifax security breach - 

Credit bureaus consolidate lots of information about you that can be used to steal your identity, which can turn your life into a nightmare for a long time (average is 7 years).

Equifax, one of the 3 largest consumer credit bureaus in the US, was just hacked. Per their own statement, the data of 143 million individual US consumers is compromised. Equifax is offering free credit monitoring to all US consumers (but no compensation for any consequences of the breach on consumers’ lives). You must enroll before Tuesday, November 21, 2017 to get one year of their credit monitoring service. Be mindful that they have set up a date before which you may not enroll. To find out, go to their special website at https://www.equifaxsecurity2017.com - be sure to read the FAQ.

Equifax allegedly discovered the breach on July 29 (unauthorized access may have started mid-May) and they only made it public on September 7. 

At some point soon, your identity data will be sold for next to nothing (the going rate is about $0.02 per 10,000 records) to all takers and it is very likely that someone will try to use it, possibly to obtain credit cards, buy a car, file fraudulent tax returns or get loans in your name. Once that happens you will be held responsible for the balance of the accounts until you can prove that you were not the person responsible (that can be difficult and quite time-consuming). You will have to fight to defend your good name and...creditworthiness. Yes, that is absurd, but that’s what happens to millions in the US each year.

To protect yourself, we recommend that you do the following:
        1.  Contact Equifax, Experian and Transunion to put a credit freeze on your account.
        2.  Sign up for Equifax’s free credit report monitoring offer (they make it complicated to sign up and there is a deadline on November 21.
        3.  Actively monitor your future credit reports and keep an eye out for abnormal activity (new loans, credit cards, etc.).

This Wikipedia article is a good summary:
https://en.wikipedia.org/wiki/Identity_theft_in_the_United_States

The Federal Trade Commission publishes facts & statistics about identity theft.
https://www.ftc.gov/news-events/media-resources/identity-theft-and-data-security

If you have any questions, please contact SMP

NJBIZ Special Report: Cybersecurity

Don't have a good cybersecurity plan in place? Then don't plan on getting a lot of business in the future says this NJBIZ article featuring commentary from SMP's own Peter Bamber. A follow up to a May 17 event, the article explores current cybersecurity trends. 

For more on this topic, as well as what organizations can do to protect their information, join SMP on June 13 for a special cybersecurity panel discussion at the Hyatt Regency in New Brunswick, NJ. Additional details and registration is available here: http://www.smpone.com/june-13-cybersecurity-workshop.

From NJBIZ - Another attack is coming — here's the No. 1 thing to do (and not to do)

AR-170519888.jpg

The worldwide ransomware attack over the weekend was halted before it could cause the global shutdown many feared.

The biggest question in the aftermath: Did the U.S. simply dodge a bullet?

Peter Bamber, the vice president at Security Management Partners, said it doesn’t really matter either way.

“Dodging a bullet?” he asked. “The guns are loaded — they are still shooting; that’s the way I look at it. They are going to come right back at us with this. They’ll just tweak it a bit.”

Read the full article at NJBIZ: http://www.njbiz.com/apps/pbcs.dll/article?AID=/20170515/NJBIZ01/170519888/nj-cyberexperts-another-attack-is-coming--heres-the-no-1-thing-to-do-and-not-to-do

#InformationSecurity News - China Stole Data From Major U.S. Law Firms

A series of security breaches that stuck prestigious law firms last year was more pervasive than reported and was carried out by people with ties to the Chinese government, according to evidence seen by Fortune.

The incidents involved hackers getting into the email accounts of partners at well-known firms, and then relaying messages and other data from the partners’ in-boxes to outside servers.

In the case of one firm, the attacks took place over a 94 day period starting in March of 2015, and resulted in the hackers stealing around seven gigabytes of data, according to information obtained by Fortune. That figure would typically amount to tens or hundreds of thousands of emails.

Read the exclusive story at Fortunehttp://fortune.com/2016/12/07/china-law-firms

#InformationSecurity News - iPhones Secretly Send Call History to Apple

Apple emerged as a guardian of user privacy this year after fighting FBI demands to help crack into San Bernardino shooter Syed Rizwan Farook’s iPhone. The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption.
But private information still escapes from Apple products under some circumstances. The latest involves the company’s online syncing service iCloud.
Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.
“You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.

Read the full story at The Intercept: https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says