Security News

Trends in online fraud detection often act as the canary in the coal mine when it comes to understanding and combating the next generation of online scams, fraud and cybersecurity threats. As deepfakes and other AI-powered scams trick users into sharing their private information, a privacy-centric approach to fraud prevention - one that doesn't rely on sensitive user data to authenticate a user or transactions - makes good business and technological sense.

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements."Without an FCC rule requiring breach notifications for the above categories of PII, there would be no requirement in Federal law that telecommunications carriers report non-CPNI breaches to their customers," the FCC said.

A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud. The filing claims customers would approach Charleron with a name and home address, plus a payment in the region of $25 sent either via cryptocurrency or other digital means, and in return they would receive the PII necessary to take out credit cards in a victim's name.

For selling off old hardware devices online, including thousands of disk drives, that were still loaded with personally identifiable information belonging to its clients. Strictly speaking, it's not a criminal conviction, so the penalty isn't technically a fine, but it's "Not a fine" in much the same sort of way that car owners in England no longer get parking fines, but officially pay penalty charge notices instead. Also, strictly speaking, Morgan Stanley didn't directly sell off the offending devices itself.

The Federal Bureau of Investigation warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information and deepfakes to apply for remote work positions. The public service announcement, published on the FBI's Internet Crime Complaint Center today, adds that the deepfakes used to apply for positions in online interviews include convincingly altered videos or images.

In this Help Net Security video, Nong Li, CEO at Okera, talks about the challenges of using and managing consumer data and PII. As consumer and PII data get tracked more and more, businesses can drive value and transform how they operate by leveraging some of that data. What is essential for organizations is that, while leveraging this data, they must make sure to follow data compliance regulations.

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.

A former Department of Homeland Security official pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information. 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG as an employee and a former acting inspector general between February 2008 and December 2013.

The survey reinforces the need for healthcare organizations to integrate digital technology and solutions into all areas of the business ecosystem, including secure payment technology to provide peace of mind and ensure patients enjoy secure and seamless payment experiences. Between large hospital networks, private practices, specialists, and urgent care, the survey found that 44% of respondents felt that private practices handled payment and personally identifiable information most securely, and large hospital networks were rated by even fewer at 33%. With a 25% increase in healthcare data breaches year over year and reports of hospitals accounting for 30% of all large data breaches, patients have a heightened sense of awareness and interest in the processes their providers take to protect their information.

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, a Constella Intelligence report reveals. The research analyzed the value of personally identifiable information, drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.