Tag Archives: Cyber Security

Marriott Announces One of Largest Data Breaches in History

Marriott recently announced that hackers stole information on as many as 500 million guests over a four-year span, obtaining credit card and passport numbers and other personal data. This breach is one of the largest breaches in history.

What We Know

When the Marriott-Starwood merger was first announced in 2015, Starwood had 21 million people in its loyalty program. The company manages more than 6,700 properties across the globe, most in North America.

The affected hotel brands were operated by Starwood prior to the merger in 2016. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points. Starwood-branded timeshare properties were also affected. None of the Marriott-branded chains were affected. Continue reading Marriott Announces One of Largest Data Breaches in History

5 Top Cybersecurity Myths Revealed! Protect Your Organization Today!

How much do you know about cyber risks? If the answer is, “Less than I should,” then your company may be at risk. A data breach can be costly. To minimize your cyber risks, learn the reality behind these cybersecurity myths!

Myth 1: IT is responsible for cybersecurity.

Reality: Everyone is responsible for cybersecurity.

IT may create and enforce cybersecurity policies and procedures, but everyone plays a role in keeping a company safe from cyber attacks. For example, phishing email attacks present a big risk. Effective employee training can reduce the chances of this type of breach and also reduce the harm it causes.

Myth 2: My organization doesn’t have anything of value to hackers.

Reality: Every organization is a target. Continue reading 5 Top Cybersecurity Myths Revealed! Protect Your Organization Today!

Air Canada – The Latest Company Compromised by Data Breach

Air Canada, the largest airline of Canada by fleet size and passengers carried, has reported a massive data breach of its app, putting thousands of passenger passport details, among other personal information, at risk.

Air Canada’s Response

The airline issued a warning to mobile app users that their personal data may have been compromised in a cyberattack. This may placs those who entered their details at risk of identity theft. It is believed approximately 20,000 customers may have had their data stolen. All Air Canada app users have been asked to change their passwords.

Profile data, such as names, email addresses, passport numbers, genders and dates of birth, among others, can all be stored in the airline’s app – making this stored data a potential target in the attack. Continue reading Air Canada – The Latest Company Compromised by Data Breach

DOJ Unveils Cyber-Digital Task Force Report

The Justice Department’s new Cyber-Digital Task Force has issued a report (Report) highlighting its comprehensive assessment of the Department’s work in the cyber area and an identification of how federal law enforcement can even more effectively accomplish its mission in the cyber world.

The Task Force, established by Attorney General Jeff Sessions in February 2018, will also focus on other cyberthreats facing the U.S., including attacks on infrastructure and privacy.

Unveiling the Report

Deputy Attorney General Rod Rosenstein unveiled the report, outlining a new policy for responding to foreign influence operations ahead of the midterm elections in November.

Speaking at the Aspen Security Forum in Aspen, Deputy Attorney General Rosenstein said, “Every day, malicious cyber actors infiltrate computers and accounts of individual citizens, businesses, the military, and all levels of government.” Continue reading DOJ Unveils Cyber-Digital Task Force Report

What the IRS Breach Can Teach Us About Authentication

Beginning in February and continuing through mid-May 2015, irs logoThe Get Transcript service allows taxpayers to review tax account transactions, line-by-line tax return information, or wage and income reported to the IRS for a specific tax year. It is expected that the accounts of the transcripts were accessed with the intention of using the information for identity theft during the next tax season.

Weakness of Knowledge-Based Authentication

The IRS used knowledge-based authentication (KBA) techniques, which require responses to personal questions to authenticate the identity of users accessing their Get Transcript application. The answers to the questions are based on public and private information the IRS collects, like marketing data, credit reports, and transaction history.

The IRS said that hackers likely used personal information obtained from outside sources to correctly respond to the KBA questions. Some cybersecurity experts are considering the possibility that the personal information might have come from other data breaches.

With the widespread availability of personal information via social media, knowledge-based authentication has become an outdated technological safeguard.

Alternative Strategies

While it’s not recommended in practice, if an organization does use KBA to authenticate users, it should also implement multi-factor authentication tools. Multi-factor authentication combines two or more independent credentials: what the user knows (password), what the user has (token), and what the user is (biometric verification). The goal is to create a layered defense, if one factor is compromised the attacker still needs to jump through another hoop before breaking in.

Multi-factor strategies include:

  • Logging into an account and being requested to enter an additional one-time password that the host sends to the user’s phone.
  • Downloading a virtual private network client with a valid digital certificate and logging into the VPN before being granted access.
  • Swiping a card, scanning a fingerprint, and answering a security question.
  • Attaching a USB hardware token to a desktop that generates a one-time passcode and using it to log into a VPN client.

For more information on multi-factor authentication and how it can apply to your organization, contact us at (559) 577-1248 or droberts@eplaceinc.com.

NY DFS Releases New Cyber Security Examination Process

The New York Department of Financial Services (the Department) released a letter on December 10, 2014 outlining its future efforts to promote stronger cyber security in the financial services industry. The letter is aimed at all New York chartered or licensed banking institutions. The Department revised its examinations to include new, relevant topics and questions. In the future, cyber security examinations will follow comprehensive risk assessments of each institution.

For a full list of the topics and questions announced in the letter, click here