Kroll Cyber Security Blog – A Dialogue on Data Security

For most individuals, a password is something of a nuisance – we’re cautioned to avoid writing them down or storing them electronically, which necessitates something that is easy to remember. And it’s not at all unusual to use the same password for multiple personal accounts including those accessed at work.

If we’ve just described your habits, don’t feel too bad – it’s only human nature, as evidenced by the increasingly common lists of passwords that come out from time to time. But it’s still a highly risky practice. When it comes to password cracking, hacker capabilities have grown by leaps and bounds.  

It’s not too late to register for Navigating HIPAA/HITECH Security and Privacy Rules: What to expect when HHS is inspecting, scheduled for Wednesday, December 12, 2012 at 2:00 p.m. Eastern (1:00 p.m. Central). This live, interactive webinar will feature panelists Jason Straight and Danny Creedon from Kroll, as well as:

• Cynthia Snyder, Director, Information Privacy, Health Net, Inc.
• David Szabo, Edwards Wildman Palmer LLP

Kroll Advisory Solutions has released its annual Global Fraud Report, an international survey of more than 830 senior executives in 10 different industries worldwide.

Now in its sixth year, the 2012/2013 study explores the impact of fraud on businesses around the world.  More than half of respondents, 53%, occupy C-Suite positions.   The industries covered include financial services, natural resources, retail, healthcare and pharmaceuticals, travel, construction, consumer goods, technology (including media and telecommunication) and professional services.

After the death of a family member or a loved one, it may be unfathomable to think that identity theft could still occur, but sadly, decedent identity theft is a very real problem. The identity theft of deceased individuals occurs when an imposter uses the Personal Identifying Information of the decedent to commit fraudulent acts, such as obtaining credit or medical benefits, setting up utilities, and filing taxes.

The hacker group known as GhostShell reports having compromised the networks at dozens of top universities potentially exposing many hundreds of thousands of personal records.  To validate its claim, the group has apparently posted more than 120,000 personal records to the internet site Pastebin, a popular site used by hackers to post stolen data.  Initial reports indicate that the attackers exploited a well-known vulnerability in Microsoft SQL to carry out the attack.  As alarming as these claims may be, what may be of greater concern is the group’s statement that it observed many instances of injected malware in the systems it accessed, which suggests that other attackers may also be inside or at least have access to sensitive network information, including credit card data.