Security News

FCC orders telecom carriers to report PII data breaches within 30 days
2024-02-12 21:50

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements."Without an FCC rule requiring breach notifications for the above categories of PII, there would be no requirement in Federal law that telecommunications carriers report non-CPNI breaches to their customers," the FCC said.

Accused PII seller faces jail for running underground fraud op
2024-01-23 16:00

A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud. The filing claims customers would approach Charleron with a name and home address, plus a payment in the region of $25 sent either via cryptocurrency or other digital means, and in return they would receive the PII necessary to take out credit cards in a victim's name.

Morgan Stanley fined millions for selling off devices full of customer PII
2022-09-23 18:07

For selling off old hardware devices online, including thousands of disk drives, that were still loaded with personally identifiable information belonging to its clients. Strictly speaking, it's not a criminal conviction, so the penalty isn't technically a fine, but it's "Not a fine" in much the same sort of way that car owners in England no longer get parking fines, but officially pay penalty charge notices instead. Also, strictly speaking, Morgan Stanley didn't directly sell off the offending devices itself.

FBI: Stolen PII and deepfakes used to apply for remote tech jobs
2022-06-28 14:41

The Federal Bureau of Investigation warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information and deepfakes to apply for remote work positions. The public service announcement, published on the FBI's Internet Crime Complaint Center today, adds that the deepfakes used to apply for positions in online interviews include convincingly altered videos or images.

The challenges of consumer data and PII usage
2022-04-04 06:08

In this Help Net Security video, Nong Li, CEO at Okera, talks about the challenges of using and managing consumer data and PII. As consumer and PII data get tracked more and more, businesses can drive value and transform how they operate by leveraging some of that data. What is essential for organizations is that, while leveraging this data, they must make sure to follow data compliance regulations.

Microsoft Azure Developers Awash in PII-Stealing npm Packages
2022-03-24 20:21

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users. That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.

Former DHS official charged with stealing govt employees' PII
2022-01-14 20:22

A former Department of Homeland Security official pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information. 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG as an employee and a former acting inspector general between February 2008 and December 2013.

How healthcare providers handle safeguards to protect payment and PII
2021-12-15 05:30

The survey reinforces the need for healthcare organizations to integrate digital technology and solutions into all areas of the business ecosystem, including secure payment technology to provide peace of mind and ensure patients enjoy secure and seamless payment experiences. Between large hospital networks, private practices, specialists, and urgent care, the survey found that 44% of respondents felt that private practices handled payment and personally identifiable information most securely, and large hospital networks were rated by even fewer at 33%. With a 25% increase in healthcare data breaches year over year and reports of hospitals accounting for 30% of all large data breaches, patients have a heightened sense of awareness and interest in the processes their providers take to protect their information.

The value of PII and how it still fuels malign activities in the digital ecosystem
2021-08-10 03:00

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, a Constella Intelligence report reveals. The research analyzed the value of personally identifiable information, drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.

‘I’m Calling About Your Car Warranty’, aka PII Hijinx
2021-08-04 21:34

Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts. Researchers created 300 fake identities, signing them up on 185 legitimate websites ranging from Target to Fox News, with each identity used on a single website.