Blog

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Foul ball: Cardinals under investigation for hacking Astros

Foul ball: Cardinals under investigation for hacking Astros
June 16, 2015

By Bryon Acohido, ThirdCertainty

The FBI and Justice Department are investigating the St. Louis Cardinals for allegedly hacking into the internal networks of the Houston Astros. Cardinals officials are suspected of breaking into the Astros’ team databases to gain access to information on statistics, scouting reports and trades. The FBI has served the Cardinals and Major League Baseball with subpoenas. Authorities suspect that Cardinals employees hacked the Astros partly to sabotage Astros general manager Jeff Luhnow, who previously was a Cardinals executive. Source: Sports Illustrated

sh_judge_400

Tell it to the judge

Belgium’s national privacy watchdog is taking Facebook to court, arguing that the way the social network tracks the behavior of members and nonmembers is illegal under Belgian and European law. “Facebook’s behavior is unacceptable,” said Willem Debeuckelaere, president of Belgium’s Commission for the protection of privacy. It’s the first time a national privacy watchdog in Europe sued Facebook for not complying with privacy law. The basis for the case is research requested by the privacy commission, which noted that Facebook tracks user behavior on non-Facebook websites by default until they opt-out, instead of after seeking permission. Source: EU Observer

Should’ve seen it coming

In prepared testimony about the cybersecurity breaches at the Office of Personnel Management, an investigative official said the agency has a history of failing to meet basic computer security requirements. Michael Esser, assistant inspector general for audit, said that for years, many people running the information technology unit had no IT background. He also said the agency had not disciplined anyone for failure to pass several cybersecurity audits. Officials fear that China will seek to gain leverage over Americans with access to secrets by pressuring their overseas relatives, particularly if they live in China or another authoritarian country. Source: The Associated Press via ABC News

sh_wolf in sheeps clothing_400

Wolf in sheep’s clothing

The latest version of malware known as Duqu used digital certificates from contract manufacturer Foxconn Technology Group to mask its activity. Kaspersky Lab says a 64-bit driver within the malware used a digital certificate signed by Hon Hai Precision Industry, also known as Foxconn. Digital certificates are used for encrypting data and verifying the legitimacy of websites and applications. Using a digital certificate issued to a trusted organization makes it less likely that an application is going to be detected as harmful. Source: Computer World

Testing, testing

The IRS has a pilot program in Georgia, Florida and Washington, D.C., providing taxpayers with what the IRS calls an Identity Protection PIN instead of a Social Security number to file yearly income taxes. Those locations were chosen because the IRS says they have higher levels of tax-related identity theft. Sources: Cleveland.com; IRS.gov

sh_locked medical records_500

Not tough enough

Prying into health records would bring tougher penalties under legislation to be introduced this fall, Ontario Health Minister Eric Hoskins says. After privacy breaches involving the identities of new mothers at a hospital, Hoskins will introduce a bill that would double fines and make it easier to prosecute offenders. The bill would amend the Personal Health Information Protection Act to remove the six-month limitation on prosecutions following an offense, mandate the reporting of health privacy breaches to the Information and Privacy Commissioner, and increase fines to a maximum of $100,000 for individuals and $500,000 for organizations. Source: The (Port Elgin, Ontario) Shoreline Beacon

Across the nation

A Haverhill, Mass., man was sentenced to up to five years in prison after pleading guilty to 15 counts of identity fraud, as well as credit card fraud, among other charges. Vincent Leo, who also pleaded guilty to uttering a false prescription, would sometimes impersonate a physician during phone calls, authorities said. … High school teachers from across the country are at James Madison University in Harrisonburg, Va., for the GenCyber: Cyber Defense Boot Camp for High School Technology Teachers. The National Science Foundation and National Security Agency helped pay for the program. Organizers hope to get more students interested in cybersecurity. … A server with information from North Dakota’s workers compensation agency was breached, but it’s unlikely any personal information was stolen, state officials said. Mike Ressler, of the state Information Technology Department, said unusual activity was found on a server with data from the state Workforce Safety and Insurance agency. Anyone affected will get free identify-protection services for a year. Sources: The (Newburyport, Mass.) Daily News; WHSV, Harrisonburg, Va.; Insurance Journal

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started