Blog

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Credit where it’s not due, lawsuit says

Credit where it’s not due, lawsuit says
July 23, 2015

Credit bureau Experian is the target of a class-action lawsuit alleging that the company negligently violated consumer-protection laws when it failed to detect that a customer of its data broker subsidiary was a scammer who sold data to identity thieves. The lawsuit follows the imposition of a 13-year jail sentence against Hieu Minh Ngo, who ran an ID theft service variously named Superget.info and findget.me. Ngo admitted hacking into or otherwise illegally gaining access to databases belonging to such data brokers as Court Ventures, a company that Experian acquired in 2012. He got access to some 200 million consumer records by posing as a private investigator. Source: Krebs on Security

sh_credit card debt_400

No, they won’t cut your credit card debt

A federal court has halted a nationwide debt-relief telemarketing operation that the Federal Trade Commission and Florida’s attorney general’s office claim swindled millions of dollars from debt-laden consumers. According to the complaint, the scammers called consumers with credit card debt and claimed to be able to negotiate with their credit card companies to lower interest rates and save them thousands. The complaint says the telemarketers would sometimes claim to be affiliated with an individual’s lender, provide a license or badge number and tell consumers they knew how much debt the person carried. Consumers were charged upfront fees during the call, ranging from around $500 to $1,500, according to the FTC. Most credit card companies do not negotiate interest rates or work with third parties on consumers’ accounts. Source: CNN Money via WQAD, Moline, Ill.

sh_beach rental_400

That’s no way to treat a guest

Orlando, Fla., Police say they have made arrests in a large identity-theft ring based out of a Winter Park vacation club. A Preferred Guest Resorts employee is accused of stealing customer information and selling it, the police said. Since December, two people purchased credit card information for more than 1,855 customers, officials said, with the total loss estimated at $927,000. Source: The Orlando (Fla.) Sentinel

We’ll get you coverage—eventually

Nearly two weeks after announcing that more than 21.5 million people had their information hacked from Office of Personnel Management servers, the Obama administration is moving to hire a contractor to notify and provide identity-fraud-protection services to affected individuals. But one won’t be hired until at least mid-August. OPM has promised at least three years of credit-monitoring and identity-theft protection to the affected people. The General Services Administration has notified potential contractors about the scope of work the government will expect and solicited information from the interested companies. Source: The National Journal

sh_Homeland Security_400

Bulking up their defenses

A bipartisan group of senators that wants to give the Department of Homeland Security more power to repel cyber attacks introduced the FISMA Reform Act, which would update the 12-year-old Federal Information Security Management Act and formalize the DHS role in protecting networks and websites. The department has taken on this task through the years, but its authority has never been fully codified. “While the Department of Homeland Security has the mandate to protect the .gov domain, it has only limited authority to do so,” said Sen. Susan Collins, R-Maine. The FISMA Reform Act would lower some barriers preventing the DHS from inspecting other agencies’ networks and kicking out hackers. Currently, it needs permission to investigate or monitor networks. Source: The Hill

sh_facebook_750

Facebook gives bulk warrant ruling a thumbs-down

In a setback for privacy advocates, an appeals court ruled that law enforcement can order tech companies to hand over data on hundreds of users—and the companies can’t challenge the warrant or warn users about the search. The case involves an investigation by New York prosecutors into state employees who scammed the disability system. The investigation was partly based on scanning Facebook for posts by suspects. Instead of applying for individual search warrants, prosecutors used a single affidavit to demand Facebook go through the accounts of 381 users. To avoid tipping suspects, prosecutors also asked for a gag order to prevent Facebook from telling users about the search. The ACLU, Google and Microsoft joined Facebook in asking a judge to declare the bulk warrants an unconstitutional search and seizure. The judge rebuffed Facebook, and forced the company to hand over the information. The current ruling saw a state appeals court confirm that Facebook didn’t have a right to challenge the warrants. Source: Fortune

sh cost vs benefit_400

Post-breach coverage is going to cost you—big

Getting cybersecurity insurance after a breach can be tough, says Guy Fogel, agent for Argo Group. The primary underwriter could either drop the company for commercial insurance coverage or not offer cybersecurity insurance moving forward, Fogel said. Rates for post-cybersecurity breach insurance will become cost-prohibitive, with very high deductibles that can be in the millions. A company most likely will stack several cybersecurity insurance policies to achieve full coverage due to the higher risk to insurance companies. For instance, to have $20 million of cyber-insurance protection, a company will need four policies that may have a $1 million deducible for each $5 million policy. If a second breach occurs, the covered company would pay $4 million out of pocket, and the four policies would pay the remaining $16 million, provided the company was in 100 percent compliance of policy provisions and exclusions. Source: Enterprise Tech

sh_surgeon_400

Talk about a violation

Canada’s College of Physicians and Surgeons has disciplined a Victoria, Canada, urologist for photographing an unconscious patient in 2013 for the purpose of ridicule, suspending his privileges for up to six months and issuing a $20,000 fine. Dr. John Francis Joseph David Kinahan admitted to engaging in unprofessional conduct by taking a photograph on his personal cell phone of an unconscious patient’s urinary catheter site without the patient’s consent. “He further violated patient privacy by forwarding the photograph in a text message, along with a joke, to a third party who was not involved in the patient’s care,” the college found. The text was sent to multiple people, one of whom reported it. Source: The Times Colonist of British Columbia

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started