Comparitech

How many times has your #SSN been part of a data breach this year? It's likely that most US residents have had their SSN exposed in a data breach at least 1 time in 2023. Last week, 133k people associated with Great Plains Regional Medical Center added at least 1 SSN exposure to their 2024 totals, bringing the total number of attacks on US healthcare institutions up to 121 this year. This is a rare situation, however, as GPRMC says it suffered a ransomware attack, though no cybercriminal group has claimed responsibility yet. GPRMC is to be applauded both for the timeliness of its response. While the organization noted that an unknown person accessed and encrypted files on its systems between September 5, 2024, and September 8, 2024, the disclosure came *before* any threat actors made it public on the dark web. Quite often, companies will sit on this information until they're forced to acknowledge it. However, GPRMC was far more proactive than we typically see following ransomware attacks. Learn more about this attack: https://bit.ly/4hVhOs9

One person's trash is still a criminal's treasure ?? Many organizations focus on digital defenses but overlook a critical vulnerability: dumpster diving attacks. This tactic involves criminals sifting through discarded materials (while avoiding baggies of dog poo) to extract sensitive information, leading to data breaches and financial losses. This may sound like yesterday's news, but it's still a problem --- and an expensive one. In what reads like a Hollywood heist script, the?Internet Crime Complaint Center’s 2023 Report?details how a California accounting firm’s careless trash disposal turned into a tax fraud nightmare. The criminals didn’t hack any systems or crack any passwords. They simply waited for tax season, collected discarded documents, and filed fraudulent returns to the tune of $1.7 million. "The irony?" notes FBI Special Agent Marcus Chen, “These companies spend millions on cybersecurity while literally throwing their clients’ identities in the trash.” Prevention here is simple: ?? Shred sensitive documents: Always shred confidential papers before disposal. ??? Secure disposal bins: Use locked containers for discarding sensitive materials. ?? Educate employees: Train staff on proper disposal methods and the risks of dumpster diving. By implementing these measures, you can safeguard your business against low-tech data breaches. Learn more about dumpster diving attacks right here: https://lnkd.in/gp29T6DU #InformationSecurity #DataProtection #CyberSecurity #DumpsterDiving #BusinessSafety

Weak economies tend to produce two things: 1. More people turning to independent contract work and freelancing to supplement their income. 2. An increase in scams targeting people desperate for work. Many people using popular freelance platforms such as?#upwork?and?#fiverr?have noted a growing or persistent issue with scam job postings. Both platforms have implemented different methods to reduce scams, but AI services like #chatGPT have allowed scammers to deliver far more sophisticated scams. We've dug into 10 of the most common types of scams targeting freelancers and how to avoid them, with real-life examples that members of our own team have experienced. https://lnkd.in/gFM635QY

Can data breaches be HIPAA violations? The answer is: It depends. And the BianLian ransomware group seems hellbent on making healthcare providers test the limits of that question. South West Family Medicine Associates in #Dallas, Texas recently reported a massive data breach. In this case, "massive" wasn't the number of people affected (just shy of 37,000), but the amount of data that the ransomware group obtaints: Names Social Security numbers Driver’s license numbers Dates of birth Mailing addresses Medications Lab results Diagnoses and conditions Passwords Personal ID numbers Access codes Numbers or info used to access financial resources Passport numbers Mother’s maiden names Private keys used to authenticate or sign electronic records Tax ID numbers Health insurance policy numbers Whether or not the healthcare provider is in violation of HIPAA depends on how the PHI was being handled. This makes it the 119th confirmed ransomware attack on US hospitals, clinics, and medical businesses this year, with a combined 117.2 million records stolen. Get the full details: https://bit.ly/3UHsvVk

For #outboundsales teams, scraped data has been a goldmine for prospecting, but they're often a headache for prospects. Data brokers make millions each year scraping, storing, and selling data, which comes from far more locations than most people realize. As Comparitech writer Ray Walsh explored recently, there are over two dozen places online where data brokers can find information on just about anyone. These include: ?? Public forums and discussion boards ?? Government databases? ?? Vehicle licensing databases ?? Utility records and service providers ?? Charity and nonprofit donor lists The problem isn't just data brokers making $ off selling this info to sales teams. Identity thieves can get this information as well and utilize it to hack accounts, launch more convincing scams, or engage in blackmail attempts. (And as North Carolina Lieutenant Governor Mark Robinson recently found out, it's data that can be used to derail your political campaign completely.) The good news is that this most of this data can be removed upon request, even if you're a resident of the U.S. in a state that doesn't specifically have data protection laws in place. Check out our detailed post on websites that list your personal information and how to remove as much of it as possible: https://lnkd.in/gjXPZcmF

When over 50% of a city's population has its data compromised, is 2 years of worth of credit monitoring enough compensation? That's what residents of #Columbus, Ohio, will be asking themselves this week after the city finally acknowledged to its residents that it suffered a serious ransomware data breach that impacted 500,000 people. With around 913,000 residents, this breach impacts over 50% of the #CBUS population. Some residents may have questions, particularly: Why did it take so long to report the breach? In July, Comparitech's Head of Data Research Rebecca Moody published an article detailing the attack from ransomware group #Rhysida (over 3 months ago). The stolen data reportedly consisted of: ? Names ? Social Security numbers ? Bank account info ? Dates of birth ? Addresses ? City employee login info (username and passwords) ? Emergency services applications ? Access to city video cameras While city employees (hopefully) learned of the attack early enough to secure accounts, residents were seemingly left in the dark for 3 months. That's more than enough time for someone with access to SSNs, bank account info, birth dates, and addresses to spoof identities, hack accounts, and create financial mischief. Find the full details of this attack in the comments.

57% of U.S. election websites can easily be spoofed, according to a recent Comparitech study, a situation that may complicate the political landscape even further following the 2024 presidential elections. A few days ago, Nelson Spencer wisely advised leaders to prepare to "?to remind employees of their mental health benefits and available resources." Our study finds that business leaders may need to re-up their employees' online fraud and phishing training. The troubling state of insecurity within election websites includes: ? 57% have non-.gov registered domains (with 548 using ".us" sites and 97 using ".net" for official information. ? 55% of counties in the seven swing states have non-.gov registered domains (72% of Michigan’s do not). ? 85 websites don’t have a Secure Sockets Layer (SSL) certificate, which authenticates the owner of the website and encrypts the connection ? 41% of email addresses displayed on the above websites have no DMARC authentication ? A further 99 email addresses were from generic domains such as @gmail.com In a year where voting security is a top concern, it appears many local governments may be failing in their duty to protect U.S. voters against election misinformation leading up to the 2024 election. The stakes are high this year, meaning local governments should be taking nothing to chance. That, however, does not appear to be the case. Read our full study right here: https://bit.ly/40qmNuB -

What was your first encounter with #cryptography? For Comparitech team member Samuel Cook ??, it was the classic (and irreverent) movie, "A Christmas Story." Cryptography is critical to our modern cybersecurity landscape, but it's not often clear to new cybersecurity analysts what the full breadth of their relationship with ciphers should be. In this post, we help answer the question, "How do cybersecurity analysts use cryptography?" with some take-away examples and suggested learning materials to boost your understanding of and experience with cryptography. https://lnkd.in/gNZNYd6S

75% of governments within the top 100 most populated countries are now using facial recognition technology (FRT) in some capacity. Our latest study shows a troubling trend with #FRT: More countries than ever are starting to adopt FRT, including countries that often score high on the Cato Institute Human Freedom Index, increasing privacy concerns for people worldwide. We explored FRT usage in the top 100 most populated countries globally, looking for evidence of FRT usage within those countries within government, police, airports, schools, banking, workplaces, and on buses and trains. Each category was scored from 0 to 5. 0 = Invasive use (use that severely encroaches upon citizens’ privacy) 1 = Widespread use 2 = Growing use or some evident use 3 = Testing the technology and/or have restrictions in place 4 = Discussing the technology but no tests or installations in place 5 = No evidence of use Explore some data snapshots below, and check out our full report here: https://bit.ly/3UnrGRk There are benefits and risks to wider adoption of facial recognition technology. Key among those risks is racial bias, an area that has been under the microscope of scholarly study and debate for several years. Gideon Christian PhD, C.Dir. of the University of Calgary, for example, explained that: "Technology has been shown (to) have the capacity to replicate human bias. In some facial recognition technology, there is over 99 per cent accuracy rate in recognizing white male faces. But, unfortunately, when it comes to recognizing faces of colour, especially the faces of Black women, the technology seems to manifest its highest error rate, which is about 35 per cent.” ? And, as Mozilla writer Xavier Harding wrote earlier this year, confirmation bias can make it easier for law enforcement to put too much trust in the results of FRT, leading to wrongful arrests. Is FRT, much like the AI systems behind it, a genie that can't be put back in the box?

Read more insights on this #cybersecurity incident from Chris Hauk, Pixel Privacy; James W. Doggett, Semperis; Jim Routh, Saviynt; Paul Bischoff, Comparitech: https://lnkd.in/dVBsTxMD