Year in review: Insecurity over ID theft
High-profile hack of Paris Hilton's phone and a huge credit-card leak brought worries over ID theft to the fore.
Year in Review: DATA SECURITY
Insecurity over ID theft
Paris Hilton was just one of millions of people whose privacy was breached this year.
"The Simple Life" diva became the victim of a scam that combined hacking with old-fashioned con tricks. It resulted in some of the contents of her cell phone--including racy pictures and phone numbers for her celebrity pals--being published on the Web. A Massachusetts teen was sentenced to 11 months in a juvenile facility for the crime.
The Hilton case may have been one of a youth looking to boast about hacking exploits, but in many other cases, the culprits are simply hard-core criminals looking for cash.
"Phishing," a term previously reserved for the security in-crowd, went mainstream. "Pharming" and "keystroke logging" are also now commonly recognized threats and used by criminals in their hunt for valuable data.
Phishing scams got more sophisticated and more targeted. Perpetrators picked smaller financial institutions as targets and expanded their fraud attempts outside the United States. And some cons took advantage of the generosity of Americans for victims of Hurricane Katrina.
Still, the Anti-Phishing Working Group said in October that the efforts to stem online scams may be working. Possibly the largest data security breach to date happened this summer. Intruders exploited software security vulnerabilities to install a rogue program on the network of CardSystems Solutions, a credit card payment processor. Information on more than 40 million credit cards may have been stolen, MasterCard International said in June.
The CardSystems breach was one of several high-profile incidents in 2005 that may have exposed American consumers to identity fraud. Data leaks were reported by financial institutions Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.
Consumers might never have heard about the incidents if it hadn't been for a spate of data breach notification laws. Such laws went into effect in many states this year, and several proposals for a federal notification law are now making their way through Congress.
In the CardSystems case, however, individual consumers were not notified that their personal details had been exposed because Visa and MasterCard maintain that notification responsibility falls with the banks that issue credit cards and have direct relationships with the affected customers. There is an ongoing lawsuit in a California state court over the matter.
Since February, more than 50 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
Possibly in response to the many headlines about identity fraud, consumers became more worried about data protection, according to the results of several studies. In June, the Cyber Security Industry Alliance reported that nearly half of U.S. voters in a survey said fear of identity theft was keeping them from conducting business online.
Experts questioned whether the threat of identity theft was being overblown. A leak of personal information--whether via data tapes falling off a truck or a laptop being stolen--doesn't always translate into fraud, experts said.
Nevertheless, Washington is expected to work next year on data breach notification and anti-spyware legislation. And one prediction for 2006: The ongoing race between security companies and criminals will result in increasingly smarter scams.
--Joris Evers
ChoicePoint data theft widens to 145,000 people
Database break-in affects far more consumers than originally acknowledged. Factor in 750 cases of identity theft.
Paris Hilton's cell phone hacked
The contents of the socialite's cell phone are posted on the Net, including celebrities' phone numbers and e-mail addresses.
Bigger phishes ready to spawn
Phishing attacks may have slowed, but their sophistication is increasing at a rapid pace.
Phishers get personal
Spammers and online fraudsters are exploiting Web site features to learn more about their victims and better hone their attacks.
Credit card breach exposes 40 million accounts
Security vulnerability lets intruder enter network and nab info on millions of credit card holders.
Details emerge on credit card breach
Payment processor didn't meet guidelines, MasterCard says, as details come out about the break-in that exposed 40 million accounts.
Hacking for dollars
These days, attackers are motivated more by money than the desire to write disruptive worms like Sasser.
DNS servers--an Internet Achilles' heel
Scan finds that hundreds of thousands of the servers that act as the white pages of the Net are vulnerable to attack.
Hilton hacker sentenced to juvenile hall
Teen gets 11-month sentence for hacking T-Mobile and posting data from Paris Hilton's Sidekick on the Web.
Another data security bill in the works
A new proposal expected this week would require businesses that handle sensitive info to secure their data.
Phishing fight may be paying off
Though the number of phishing sites has hit a new high, swift action is making it tougher to launch attacks.
Separating myth from reality in ID theft
Despite big leaks and public perception of threat, few people whose personal information is exposed are ever victimized.
Tens of thousands mistakenly matched to terrorist watch lists
Nearly 30,000 airline passengers must ask the TSA to remove their names from watch lists.
Behind the headlines
- Microsoft, eBay join antiphishing initiative
- Bank of America loses a million customer records
- Perspective: Making the wrong move against spyware
- Phishing attacks take a new twist
- FBI probes network breach at Stanford
- Group pools data to trap phishers
- Phishers going after small fry
- Survey: Congress falling down on data protection
- Web shopping thrives amid phishing fears
- Consumers, retailers grapple with data theft
- Data leaks denting Web shoppers' confidence
- Survey: ID theft hard to shake off
- Study: Keystroke spying on the rise
Year in Review: DATA SECURITY
Insecurity over ID theft
Paris Hilton was just one of millions of people whose privacy was breached this year.
"The Simple Life" diva became the victim of a scam that combined hacking with old-fashioned con tricks. It resulted in some of the contents of her cell phone--including racy pictures and phone numbers for her celebrity pals--being published on the Web. A Massachusetts teen was sentenced to 11 months in a juvenile facility for the crime.
The Hilton case may have been one of a youth looking to boast about hacking exploits, but in many other cases, the culprits are simply hard-core criminals looking for cash.
"Phishing," a term previously reserved for the security in-crowd, went mainstream. "Pharming" and "keystroke logging" are also now commonly recognized threats and used by criminals in their hunt for valuable data.
Phishing scams got more sophisticated and more targeted. Perpetrators picked smaller financial institutions as targets and expanded their fraud attempts outside the United States. And some cons took advantage of the generosity of Americans for victims of Hurricane Katrina.
Still, the Anti-Phishing Working Group said in October that the efforts to stem online scams may be working. Possibly the largest data security breach to date happened this summer. Intruders exploited software security vulnerabilities to install a rogue program on the network of CardSystems Solutions, a credit card payment processor. Information on more than 40 million credit cards may have been stolen, MasterCard International said in June.
The CardSystems breach was one of several high-profile incidents in 2005 that may have exposed American consumers to identity fraud. Data leaks were reported by financial institutions Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.
Consumers might never have heard about the incidents if it hadn't been for a spate of data breach notification laws. Such laws went into effect in many states this year, and several proposals for a federal notification law are now making their way through Congress.
In the CardSystems case, however, individual consumers were not notified that their personal details had been exposed because Visa and MasterCard maintain that notification responsibility falls with the banks that issue credit cards and have direct relationships with the affected customers. There is an ongoing lawsuit in a California state court over the matter.
Since February, more than 50 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
Possibly in response to the many headlines about identity fraud, consumers became more worried about data protection, according to the results of several studies. In June, the Cyber Security Industry Alliance reported that nearly half of U.S. voters in a survey said fear of identity theft was keeping them from conducting business online.
Experts questioned whether the threat of identity theft was being overblown. A leak of personal information--whether via data tapes falling off a truck or a laptop being stolen--doesn't always translate into fraud, experts said.
Nevertheless, Washington is expected to work next year on data breach notification and anti-spyware legislation. And one prediction for 2006: The ongoing race between security companies and criminals will result in increasingly smarter scams.
--Joris Evers
ChoicePoint data theft widens to 145,000 people
Database break-in affects far more consumers than originally acknowledged. Factor in 750 cases of identity theft.
Paris Hilton's cell phone hacked
The contents of the socialite's cell phone are posted on the Net, including celebrities' phone numbers and e-mail addresses.
Bigger phishes ready to spawn
Phishing attacks may have slowed, but their sophistication is increasing at a rapid pace.
Phishers get personal
Spammers and online fraudsters are exploiting Web site features to learn more about their victims and better hone their attacks.
Credit card breach exposes 40 million accounts
Security vulnerability lets intruder enter network and nab info on millions of credit card holders.
Details emerge on credit card breach
Payment processor didn't meet guidelines, MasterCard says, as details come out about the break-in that exposed 40 million accounts.
Hacking for dollars
These days, attackers are motivated more by money than the desire to write disruptive worms like Sasser.
DNS servers--an Internet Achilles' heel
Scan finds that hundreds of thousands of the servers that act as the white pages of the Net are vulnerable to attack.
Hilton hacker sentenced to juvenile hall
Teen gets 11-month sentence for hacking T-Mobile and posting data from Paris Hilton's Sidekick on the Web.
Another data security bill in the works
A new proposal expected this week would require businesses that handle sensitive info to secure their data.
Phishing fight may be paying off
Though the number of phishing sites has hit a new high, swift action is making it tougher to launch attacks.
Separating myth from reality in ID theft
Despite big leaks and public perception of threat, few people whose personal information is exposed are ever victimized.
Tens of thousands mistakenly matched to terrorist watch lists
Nearly 30,000 airline passengers must ask the TSA to remove their names from watch lists.
Behind the headlines
- Microsoft, eBay join antiphishing initiative
- Bank of America loses a million customer records
- Perspective: Making the wrong move against spyware
- Phishing attacks take a new twist
- FBI probes network breach at Stanford
- Group pools data to trap phishers
- Phishers going after small fry
- Survey: Congress falling down on data protection
- Web shopping thrives amid phishing fears
- Consumers, retailers grapple with data theft
- Data leaks denting Web shoppers' confidence
- Survey: ID theft hard to shake off
- Study: Keystroke spying on the rise