Posts

3 Key Protections for Anthem Breach Victims

,

What’s the Anthem breach?

  • More than 80 million patient records were stolen out of Anthem’s servers.
  • If you are an Anthem, Blue Cross or Blue Shield customer, now or in the past, you are probably affected by the breach.
  • The data stolen included at least Social Security numbers, birthdates, addresses, email addresses and employment information.
  • Not included in the breach (or at least disclosed as being part) were credit card numbers or medical data.

Why is the Anthem breach so serious?

  • When breach includes so much data on each victim, especially your Social Security number, it makes it fairly easy for cyber criminals and identity thieves to create new accounts in your name or takeover existing financial accounts. In other words, they can bank as you, borrow as you and pose as you in order to financially exploit you.
  • The loss of medical ID can be devastating, as criminals can potentially cash out your medical benefits, append your medical records with dangerous information (e.g., a different blood type) or apply for loans or services in your name.

What STEPS SHOULD I TAKE RIGHT NOW to protect myself?

1. Monitor the breach and take advantage of the two years of ID theft monitoring they are providing at www.AnthemFacts.com.

2. Monitor your credit reports for free on www.AnnualCreditReport.com.

3. Freeze your credit to keep criminals from taking advantage of your buying power. This is the most powerful step you can take, but it does make it slightly less convenient when you apply for new credit.

4. Call all financial institutions you work with and have them put a “phone-password” on your account so that the thieves can’t simply use your SSN to gain access.

5. Turn on Two-Factor Authentication on all financial accounts to further protect your account.

6. Monitor your financial accounts and health insurance Explanation of Benefits (EOB) for transactions you don’t recognize. Alert the provider if you suspect foul play.

John Sileo delivers keynote speeches designed to make security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact The Sileo Group directly on 800.258.8076.

Anthem Phishing

Data security breach attacks intensify as banks’ websites are struck

Several major American banks saw hackers take over their websites recently. We’re not talking covert fraud or spying here, but an explicit data security breach disabling official websites. It’s debilitating, it’s devastating-and it’s becoming more prevalent.

American Express and JP Morgan have been the targets of sophisticated strikes that resulted in their websites being disastrously compromised. Even if the effects were only temporary, the fact that hackers were able to accomplish such a significant breach should serve as a major warning to corporations and government officials alike.

A data security breach is always an alarming state of affairs, but this current rash of criminal activity seems to focus more on aggressive tactics than is usually the case. And these data security breaches may be the result of nationally sponsored efforts. According to the New York Times, one group, known as “Izz ad-Din al-Qassam Cyber Fighters” seems to have come forward in relation to these attacks. The U.S. isn’t the only one to be the subject of such nasty attention: South Korea lost access to thousands of computers last month, and the European web protection group known as Spamhaus has been the target of an attack of staggering proportions.

It is a critical time for those concerned about online security. The amount and intensity of threats in the digital world have never been more apparent. While it’s refreshing that government agencies are taking increased notice of these instances, it will take more than awareness to prevent important information from falling into the hands of outside forces: the fact that these events have occurred so close to each other is not exactly encouraging. For now, it’s worth remembering that a data security breach can have a wide range of effects, and leave your business and your identity in shambles.

John Sileo is a cyber security expert and keynote speaker on data security, privacy and identity theft. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Embarrassing hack has movie studio turning fifty shades of red

A hack doesn't always target your personal secrets or your bank account. If you're a celebrity, sometimes a rumor does enough damage on its own.

Ever since the naughty bestseller "Fifty Shades of Grey" arrived on the scene, the public has been wondering about the inevitable film adaptation. A recent announcement that former Harry Potter star Emma Watson would be the film's heroine must have come as a shock to many…including Watson herself. Because she hasn't actually been cast.

The news comes courtesy not of an official press release but a data security breach into German studio Constantin films that resulted in the leaking of documents, among them one confirming Watson's involvement. But the studio has denied that this is true, claiming that the compromised information is outdated.

Watson herself took to Twitter to address the incident, saying "Who here actually thinks I would do 50 Shades of Grey as a movie? Like really. For real. In real life." At least she's still got her social media reputation intact.  

These days, a studio has to be as concerned about its data security as its casting choices. It's just a good thing they figured this out before the wrong movie got made.    

John Sileo is a cyber security expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  

Spotlight: When will we wake up and recognize threats to online security?

Cyber attacks are a danger we face on a grand scale, not just as individuals, but as a country.

The past few years, America has been quietly (and not-so quietly) hit by one wave after another of devastating hacks. Last week, as this blog discussed, the government gave a long-overdue response to the matter of cyber-security. During his State of the Union address, President Obama announced that he had signed an executive order taking action against digital security breaches.  

The President went on to identify key areas of our infrastructure that might come under attack, saying, "our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems."

If it still sounds far-fetched, consider that just this past year has seen an astounding number of attacks on oil, natural gas and electricity structures in the U.S. Hackers raided these systems for information, and the number of strikes was up more than 50 percent higher than what it was in 2011, according to the Department of Homeland Security (DHS).  

Having spent the last eight years speaking around the world on how mission critical information is exposed through technology and human carelessness, I've learned one disturbing rule of thumb: In the world of prevention, change only happens in the wake of disaster. 

We are so desperately in love with the convenience of the internet and addictive connectivity that we don't even consider the risks until we have been struck across the face by them. We don't watch our cholesterol until after the first heart attack. We don't allow a substantive conversation on gun control until after Sandy Hook (and Columbine and Aurora and Virginia Tech and dozens of others). And we won't take the threat of cyber terrorism, extortion, warfare or even personal online privacy seriously until an equivalent disaster wakes us from our dreamy affair with our iPad. 

You may be wondering, "Why hasn't something been done about this already?" Well, ask Senator John McCain. There were efforts made last year to pass legislation that would allow the DHS to put security standards into effect, but in November, McCain and other Senate Republicans defeated the bill. This undoubtedly was part of the reason the President took it upon himself to spotlight this issue.

Again, businesses won't see that this type of protection is actually in their long-term interests until after they have lost billions of dollars due to a data security breach. I bet the Wall Street Journal and New York Times understand those costs now much better than they did a month ago. But are they acting on that change in cyber-view?

We are like teenagers who refuse to wear seat belts because "if we crash, we'll die anyway." We use the excuse that our best efforts won't be enough to justify doing nothing. To be realistic, here's how legislative change will have to happen:

1. The U.S. will experience the digital equivalent of a terrorist catastrophe (imagine hackers shutting down air traffic control over NYC for a day).

2. Powerful non-technical influencers (movie stars, billionaires, unsullied politicians, beloved media figures) will take up the cause and demand change (imagine Justin Bieber organizing a Cyber Awareness Concert after his Facebook Profile is taken over – I'm not really kidding here)

3. Technical cyber professionals and privacy experts will already have a 10-point implementation plan designed and ready to implement to take advantage of America's 140character attention span and 

4. Popular opinion will pressure Congress and the President to take concrete steps to begin protecting our vital infrastructure. 

 A devastating cyber attack will occur, but will the post-event campaign be ready on the day after? America is looking for a clear, resonant voice who can make that happen.

John Sileo is a data security expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business. 

Obama Finally Takes Charge on Cyber Security with Executive Order

It took getting bit in public, but the President has finally taken a firm stance on online privacy protection with a brand new initiative.

Only weeks ago cyber hackers attacked the New York Times, Wall Street Journal and a bevy of massive corporate behemoths. Taking over their systems was a bit like taking candy from a candy factory (China manufacturers much of the security infrastructure that’s used to keep the bad guys out – so there are lots of back doors when they want to dip into the cookie jar). 

In the past, certain pieces of proposed anti-piracy legislation like SOPA and CISPA have come under fire for being too restrictive and allowing private entities too much access to personal data. President Obama has expressed disapproval for those acts in the past, and in his State of the Union address Tuesday, he finally announced a cyber security executive order aimed at securing America’s infrastructure. Thank the gods of security that he is finally taking charge.

“We know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets,” Obama said. He also urged Congress to pass legislation to enforce security measures, saying it must be a bipartisan effort.  

The order calls for greater dissemination of cyber threat info, consultation of privacy experts, and an identification of which sectors are at greatest risk of potential data security breaches. Another key section asserts that privacy and civil liberties will be taken into consideration by the agencies involved. 

In doing this, the President has publicly acknowledged the dangers that threaten anyone who uses the internet, and the steps we need to take to fight against them. The cat is out of the bag (officially), though it escaped years ago for those of us who watch this sort of thing. As usual, it took getting stung where it counts (our news agencies) before anyone was willing to act on the threat.

Hopefully, this will come as a wake-up call to all those still in the dark about the realities of digital identity theft. It’s a real threat that poses risks not just on an individual level, but on a global scale as well.

Businesses should read the executive order online and then talk to a data security and online privacy expert to learn more about how they can safeguard their interests. Staying up-to-date on the latest regulations is crucial to maintaining robust security – after all, you can’t play the game if you don’t know the rules. 

John Sileo is an online privacy expert and keynote speaker on cyber security and online privacy. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.