2010 Data Breach Prevention and Response:
|
|
- Richard Reynolds
- 8 years ago
- Views:
Transcription
1 (DLP and SIEM) June 2010
2 Audience: Financial institutions, credit and debit card issuers, card networks, security vendors, DLP vendors, SIEM vendors, healthcare organizations, merchants. Author: Robert Vamosi, Fraud and Security Analyst Contributors: Mary Monahan, Managing Partner and Research Director Tom Wills, Senior Analyst, Risk, Fraud and Compliance John Kenderski, Research Associate James Van Dyke, President and Founder Publication Date: June 2010 Price: $1,200 Length: 37 pages 17 charts/graphs Overview Data breaches have become commonplace 26% of U.S. consumers have received data breach notifications. Global criminal networks continue to evolve quickly to develop more sophisticated capabilities. Data loss and breach containment will be an ongoing challenge for businesses. Layered defenses such as data loss prevention (DLP) and security incident and event management (SIEM), covered in this report, can help. This report lists best practices for organizations before, during, and after a data breach. Should an incident occur, the organization needs to take specific actions quickly to minimize losses and curtail the impact to customer relationship. Long term, organizations need to provide not just notification but a complete resolution process. Primary Questions How do customers react to data breaches? What increased risks of identity fraud do data breach victims have? How does a notification letter affect a consumer s relationship with a financial institution? How are data breaches being perpetrated? How does a security reissue affect consumer use of a credit and/or a debit card? What steps should an organization take in advance of a data breach? Are there services for monitoring sensitive data? What steps should any breached company take first? Are there companies that provide data breach services?
3 Methodology This report is based on data collected online from a random sample panel of 3,294 online consumers collected in November 2009, with an overall margin of sampling error of ±1.71 percentage points at the 95% confidence level. Data from a September 2009 telephone survey with 5,000 U.S. adults, including 703 identity fraud victims, was also used in this report. For questions answered by all 5,000 respondents, the maximum margin of sampling error is +/ 1.4% at the 95% confidence level. For questions answered by all 703 identity fraud victims, the maximum margin of sampling error is +/ 3.7% at the 95% confidence level. For questions answered by a proportion of all identity fraud victims, the maximum margin of sampling error varies and is greater than +/ 3.7% at the 95% confidence level. The surveys targeted respondents based on representative proportions of gender, age, ethnicity and income compared to the overall U.S. online population. Rounding (in the underlying numbers) in the figures included in this report accounts for the slight differences in totals. Secondary data from publicly available online sources have also been included in this report.
4 Table of Contents Overview... 5 Primary Questions... 5 Key Findings... 5 Methodology... 7 Introduction: How Data Breaches Impact Financial Institutions and their Customers... 8 Data Breach Notification Laws...12 How Criminals Use Breached Data impacts Overall Fraud Rates...15 Prevention: Have an Incident Response Plan Handy...18 Limit Access to Sensitive Data...18 Where the Data Lives...19 DLP Solutions Vendors...21 Cisco IronPort...21 CheckPoint...21 RSA...21 Trustwave...22 WebSense...22 McAfee Data Loss Prevention...22 Sophos...22 Symantec Data Loss Prevention...22 Trend Miro DLP...22 Create a Data Breach Response Plan...23 Detection: Monitor for a Data Breach...24 SIEM Vendors...26 ArcSight...26 Cisco...26 elqnetworks...26 IBM...26 McAfee...26 RSA...26 Splunk...26 Symantec...26 Trustwave...27 Enact Your Incident Response Plan...27 Determine the Point of Compromise and Secure it...28 Breach Assessment Vendors...28 Resolution: Notification and Resolution...29
5 Table of Contents contnued... Notification and Resolution Vendors...29 Affinion Data Breach...29 Experian...29 Equifax...30 ID Experts...30 Intersections...30 Identity Theft Kroll...30 LifeLock...30 TrustedID...30 Resolution: How Different Companies Handle Data Breaches...31 The Blame Game: Who Customers Blame for a Data Breach...31 Disconnect Between Actual Fraud Caused By Data Breach and Consumer Understanding...32 Case Studies...33 Recommendations...34 Appendix...35 Related Research Companies Mentioned... 37
6 Table of Figures Figure 1: Data Breach Incidents vs. Records Breached... 8 Figure 2: Percentage of Consumers who had Cards Replaced Due to Security Concerns... 9 Figure 3: Consumers with More than One Debit Card or Credit Card Replaced due to Security Issues Figure 4: Number of U.S. Consumers Reporting Card Replacement Due to Security Concerns Figure 5: Consumers Likely Reaction toward Bank after Receiving a Data Breach Notification Letter Figure 6: How Consumers Use of Credit or Debit Cards Is Affected by Security Reissue Figure 7: Victims Top Breached Personally Identifiable Information (PII) Figure 8: New Account Fraud Compared with Existing Non card and Card Account Frauds Figure 9: Fraud Rate Past 12 Months for Consumers Who Received Breach Notification Letters vs. Did Not Receive Breach Notification Letters vs. All Consumers Figure 10: Mean Consumer Costs and Fraud Amounts for Victims Notified vs. Not Notified Figure 11: How Data is Lost Figure 12: Incidents (Cases) vs. Records Reported for Data Breaches Figure 13: Comparison of Detection Internal vs. External Sources Figure 14: Layering Protection with SIEM and DLP Figure 15: Consumers Assignation of Fault in a Data Breach Figure 16: Actual Fraud Rates Among Data Breach Victims Last 12 months vs. Fraud Attributed to the Data Breach by Those Notified of Data Breach Last 12 Months Figure 17: Breach Victims (Notified Last 12 Months) Fraud Rate vs. All Consumers Fraud Rate... 35
7 Companies Mentioned Companies Mentioned Affinion Kroll ArcSight Lifelock BNY Mellon McAfee Check Point RSA Cisco Sophos CVS/ Pharmacy Splunk Early Warning Services Symantec eiqnetworks TJX Equifax Trend Micro Experian TrustedID Heartland Payment Solutions Trustwave IBM USPS ID Experts Verizon Identity Theft 911 Intersections Websense Windows
8 INTRODUCTION: HOW DATA BREACHES IMPACT FINANCIAL INSTITUTIONS AND THEIR CUSTOMERS One thing is clear: Despite new laws, new standards, and new technology, data breaches remain a problem year after year. When looking at data breach numbers it is important to distinguish between the numbers of incidents (data breaches) vs. customer records (potential victims affected by the data breach 1 ). The two statistics can be very different. For example, one data breach incident (a lost laptop) disclosed in 2009 at Continental Airlines resulted in the loss of 230 records. 2 Another data breach incident (a web hack), was disclosed that same SAMPLE PAGE month at Heartland Payment Systems that resulted in 130 million records exposed. 3 These two January incidents went on to account for 58% of all records lost in 2009; clearly a single event can skew the total number of customer records exposed. Thus the total number of incidents for a given year may rise and fall and be independent of the total number of records breached. It is important to look at both the number of incidents and the number of records breached to see the entire picture. Data Breaches Continue to Increase Figure 1: Data Breach Incidents vs. Records Breached Category /Year Number of reported breaches Records breached 222, 477,043 35,691, ,725,343 Accessed May 25, Note: Adjusted Heartland from 30 million to 130 million as per alleged in Justice Dept. documentation Javelin Strategy & Research 1 It is possible for one victim to have multiple accounts breached, so there is not a one to one correlation between numbers of records and numbers of victims, although it is a good estimator. 2 laptop stolen from office containing finger prints names social security numbers addresses dates of birth and other information 3 malicious software hack compromises unknown number of credit cards at fifth largest credit card processor Copyright 2010 Javelin Strategy & Research. All rights reserved. It is protected by copyright and other intellectual property laws. You may display or print the content available for your use only. You may not sell, publish, distribute, re transmit or otherwise provide access to the content of this report. 8
9 DETECTION: MONITOR FOR A DATA BREACH Action Items Monitor logs and current activity in real time. Meet at least annually to review internal procedures in the event of data breach and discuss adding new team members to reflect changes in the data landscape at the organization. For data loss attributed to hacking and malware, monitoring the network through the use of security information and event management (SIEM) security information managers (SIMs) or other network monitoring systems can help. One important distinction is that while your company may experience several security events they are not all security incidents. An event can be defined as an anomalous activity detected on the system. For this, individual security tools, such as a firewall or an IDS, may not be adequate. SIEMs monitor a variety of security tools, SAMPLE PAGE collating events to create a real time picture of what is happening on the network. In looking at the information below, physical loss of data often results in fewer records lost than the online loss of data. Misuse, deceit (social engineering) and physical theft are categorized as physical thefts that result in fewer records stolen. Hacking and malware are online threats that result far greater numbers of records lost, and thus are more profitable to thieves. Hacking and Malware Account for Most of the Records Lost Figure 12: Incidents (Cases) vs. Records Reported for Data Breaches Hacking 64% 94% Malware 38% 90% Misuse Deceit 2% 6% 12% 22% Physical 2% 9% Error Enviromental 0% 0% 0% 67% % of Cases % of Records 0% 20% 40% 60% 80% 100% Percent of Consumers Source: Verizon Business RISK Team 2010 Javelin Strategy & Research Copyright 2010 Javelin Strategy & Research. All rights reserved. It is protected by copyright and other intellectual property laws. You may display or print the content available for your use only. You may not sell, publish, distribute, re transmit or otherwise provide access to the content of this report. 24
10 Customers Don t Connect Breach Notifications with Fraud Among consumers who received a data breach notification in the past 12 months, 19% suffered fraud, yet only 2% attributed their fraud to a data breach. It seems as if consumers are not connecting the dots on data breach notifications to fraud events. They are aware, in the abstract, that their personal records have been compromised, but when they become a victim of fraud they do not make the connection to the earlier breach notification. SAMPLE PAGE The implications of this finding, if true, are shocking. While the idea of notification is to provide an opportunity for consumers to take action to protect themselves, apparently they do not. This suggests that notification is not working. Consumers apparently do not understand that the data breach puts them at increased risk for other types of fraud. It also suggests that consumers who are explicitly notified are at increased need for identity protection services such as fraud alerts, security freezes, credit monitoring, and identity monitoring. Identity protection services vendors need to assist in fully educating consumers about the potential consequences of receiving a data breach notification letter. A Disconnect Exists Between Actual Fraud Caused By Data Breach and Consumer Understanding Figure 16: Actual Fraud Rates Among Data Breach Victims Last 12 months vs. Fraud Attributed to the Data Breach by Those Notified of Data Breach Last 12 Months 25.0% Data breach victims (notified in the last 12 months) who experienced any fraud in the last 12 months 20.0% 19.5% 20.4% Fraud victims who received a data breach notification (within past 12 months) who selfidentified that their information was obtained through a data breach 15.8% 15.0% 10.0% 5.0% 0.0% 1.9% 0.6% 0.4% October 2008, 2007, 2006, n= 105,109, 97 Base: Data breach victims in the last 12 months Javelin Strategy & Research Copyright 2010 Javelin Strategy & Research. All rights reserved. It is protected by copyright and other intellectual property laws. You may display or print the content available for your use only. You may not sell, publish, distribute, re transmit or otherwise provide access to the content of this report. 32
11 Place Your Order as Follows: 1) Call us at (925) Ext. 31 2) us at 3) Fax or Mail using the form below: Report Title Publication Date Price Name: Organization: Title: Division or group: Phone: Fax: Address: Signature to confirm your order: Payment Method: [ ] Payment card [ ] Check Enclosed [ ] Invoice me Visa, MC, AE or Disc. card #: Exp date: / Name on Card: Signature: For invoicing, provide PO number: (Invoicing is available to financial institutions or publicly owned firms) Note: Reports are provided in electronic PDF form only. Javelin reports are subject to standard terms and conditions, as described on our web site. Javelin will contact you in the future to provide our free research newsletter or other mailings. If you do not wish to receive our newsletter or other mailings, you may advise us of this. Your contact information will not be sold to other organizations.
Data Breaches and Buyer Behavior: Moving PCI Compliance from Costly Burden to Competitive Advantage
Moving PCI Compliance from Costly Burden Unfolding TJX Saga Reveals Consumer Differentiation Opportunity within Merchants Security Implementation March 2007 Overview In light of the TJX saga, issuers will
More informationE Commerce Platform Review:
November 2010 Audience: Treasury personnel and payment specialists for online retailers or multichannel retail organizations with an online presence; merchant acquirers, e commerce platform providers,
More informationSecuring the Enterprise: Leveraging Authentication for Effective Identity and Access Management. September 2007. Syndicated Report Brochure
September 2007 Overview What are the future forms of authentication systems that have been implemented primarily for compliance reasons? How can financial institutions (FIs) fully utilize these solutions
More informationConsumer Credit Card Preferences:
Using Rewards Programs Linked to Interest Rates to Drive Usage and Profitability May 2006 Using Rewards Programs Linked to Interest Rates to Drive Usage and Profitability Overview New Javelin consumer
More informationOnline Storage Vaults The Electronic Safe Deposit Box Brings Opportunities for Loyalty and Fees, but Can It Overcome Daunting Challenges?
October 2008 Audience: Financial institutions: Online banking and e-commerce and billers such as utilities. Vendors of online storage vault vendors, online-banking platforms, bill-pay services and data-storage
More informationTelephone Banking Authentication Practical Approaches to Securing a Popular yet Vulnerable Channel
Telephone Banking Authentication yet Vulnerable Channel March 2007 Overview Financial institutions (FIs) must implement effective authentication solutions that address specific, often mutually exclusive
More information2011 Online Account Opening:
2011 Online Account Opening: Faulty Process Hobbles FIs in the Battle for Customer Acquisition, Profitability and Retention October 2011 Audience: Financial institutions: E commerce, mobile banking, credit
More informationEmail Marketing and Online Communication: Using Multiple Interaction Methods to Drive Channel Adoption and Usage
February 2007 Overview This report provides recommendations as to how financial institutions should alter their email and online communication strategies to create a customer-centric, multi-pronged approach
More informationPCI Compliance: Finding Value beyond Fine Avoidance
November 2007 Overview Safeguarding customer data is a necessary component of good business practice, yet the numbers of data breached accounts are at an all time high. Data security has not been given
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE
More informationEVERY TWO SECONDS. The Financial Institution s Guide to Protecting Customers from Identity Crimes
EVERY TWO SECONDS The Financial Institution s Guide to Protecting Customers from Identity Crimes Don t lose your customers to identity crimes. Every 2 seconds, an identity fraud occurs in the United States.*
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationPrepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc.
Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc. Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on
More informationSecurely Yours LLC Top Security Topics for 2013. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC Top Security Topics for 2013 Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps
More informationHOME DEPOT DATA BREACH
HOME DEPOT DATA BREACH This notice contains important information about the data breach announced by Home Depot, affecting some debit and credit cards used at Home Depot stores beginning April 2014. Data
More informationWe are writing to you because of a recent security incident which may have resulted in unauthorized access of your personal information.
EQUIFAX AUTHORIZATION CODE July, 2012 Dear [insert name]: We are writing to you because of a recent security incident which may have resulted in unauthorized access of your personal information. On or
More informationWith Cloud Defender, Alert Logic combines products to deliver outcome-based security
With Cloud Defender, Alert Logic combines products to deliver outcome-based security Analyst: Javvad Malik 13 Nov, 2014 Security has typically been a technology-driven area. If a company puts up a website,
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY
More informationHow To Understand The Security Posture Of Home Internet Users In Australia
AusCERT Home Users Computer Security Survey 2008 Kathryn Kerr Manager, Analysis and Assessments 1 Agenda Scope Purpose Methodology Key findings Conclusion Copyright 2007 AusCERT 2 Survey scope Random sample
More informationState of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION OF A SECURITY BREACH
State of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION Effective August 31, 2007 Publication Name(s): Version #(1): ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES
More informationStatement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the
Statement of Carlos Minetti Discover Financial Services Before the Subcommittee on Oversight and Investigations of the Committee on Financial Services United States House of Representatives July 21, 2005
More informationResponding to New Identity Theft Laws
Responding to New Identity Theft Laws March 2011 Privacy Expectations Today, there is increasing recognition that an individual has a legitimate interest in controlling the collection, use and disclosure/dissemination
More informationBusiness Identity Fraud Prevention Checklist
Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business
More informationThis notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen.
RECENT DATA BREACHES This notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen. Data security is a number one priority at Northwest. We take every
More informationHow To Find Out If You Were Hacked By An Employee Of Ancient.Com
Updated 2/6/2015 Anthem and its affiliated brands was the target of a very sophisticated external cyber-attack. These cyber attackers gained unauthorized access to Anthem s information technology (IT)
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationNews Release Date: 11/23/15
News Release Date: 11/23/15 Identity Theft Cross References www.irs.gov IRS Pub 4557, Safeguarding Taxpayer Data IRS Pub 5027, Identity Theft Information for Taxpayers IRS Pub 5199, Tax Preparer Guide
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationREPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?
REPORT Perimeter Security Defenses State of Perimeter Security Defenses, Time to Think Different? Table of Contents Introduction 3 Key Findings 4 Implications 6 REPORT State of Perimeter Security Defenses
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationIdentity Theft Repair Kit
Identity Theft Repair Kit The Identity Theft Repair Kit contains a resolution checklist and resolution worksheets. The checklist will help you keep track of the companies and organizations you should contact
More informationWith the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.
With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more
More informationDATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union 3/18/2015
DATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union TABLE OF CONTENTS Data Breach Trends Financial Institutions Impact How First Citizens
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationHow to Get Rid of Identity Theft
January 22, 2016 NOTICE OF DATA BREACH (For California Residents) What Happened? On November 20, 2015, Starwood Hotels & Resorts Worldwide, Inc. ( Starwood ) announced that a malware intrusion affected
More informationEnd to End Encryption, Tokenization & EMV in the U.S. Vendor Analysis of Emerging Technologies and Best Hybrid Solutions
Brochure More information from http://www.researchandmarkets.com/reports/1206263/ End to End Encryption, Tokenization & EMV in the U.S. Vendor Analysis of Emerging Technologies and Best Hybrid Solutions
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationChild Identity Theft Study
Child Identity Theft Study Conducted by Javelin Strategy & Research October 2008 2008 Javelin Strategy & Research All Rights Reserved Executive Summary Rarely do parents or guardians consider the possibility
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationIdentity Theft Packet
BOULDER POLICE DEPARTMENT 1805 33 rd Street Boulder, CO 80301 Identity Theft Packet ** Use this packet when the crime involves the stealing of someone's identity, such as when a victim finds out that someone
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More information2011 Data Breach Notifications Report
2011 Data Breach Notifications Report December 2011 2011 Report on Data Breach Notifications History, Laws and Regulations On October 31, 2007, the Commonwealth s Data Security Breach Law, Mass. Gen. Law
More information2006 Identity Fraud Survey Report
2006 Identity Fraud Survey Report January, 2006 Consumer Version (abridged from the full 61-page report) Telephone: 925.225.9100 Fax: 925.225.9101 Address: 4309 Hacienda Drive, Suite 380 Pleasanton, CA
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationCYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015
12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationSafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)
SafeBiz Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB) 1 About Us Since 2003 we have helped victims of identity theft recover fully from this devastating crime, and continue
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationYour Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation
Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationProtecting Yourself from Identity Theft. Charlene L. Esaw Chief, Outreach and Student Programs Central Intelligence Agency (CIA) May 2009
Protecting Yourself from Identity Theft Charlene L. Esaw Chief, Outreach and Student Programs Central Intelligence Agency (CIA) May 2009 How Many of You...? use an ATM machine use your credit card online
More informationDeterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.
Deterring Identity Theft The evolving threats of Identity Theft The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Identity theft complaints
More informationIdentity Theft Repair Kit
Identity Theft Repair Kit The Identity Theft Repair Kit contains a resolution checklist and resolution worksheets. The checklist will help you keep track of the companies and organizations you should contact
More informationMay 11, 2015. Re: Data Security Breach at Honig s Whistle Stop
May 11, 2015 New Hampshire Office of the Attorney General Consumer Protection and Antitrust Bureau 33 Capitol Street Concord, NH 03301 DOJ-CPB@doj.nh.gov Re: Re: Data Security Breach at Honig s Whistle
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationCal Poly PCI DSS Compliance Training and Information. Information Security http://security.calpoly.edu 1
Cal Poly PCI DSS Compliance Training and Information Information Security http://security.calpoly.edu 1 Training Objectives Understanding PCI DSS What is it? How to comply with requirements Appropriate
More informationHow To Protect Yourself From Identity Theft
Learn about identity theft Investor education Protecting a vital asset: Your identity A 2013 report on identity theft by Javelin Strategy & Research found that more than 12 million Americans were the
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationImportant Customer Notice. Information Concerning Data Security Incident at Some Staples Stores
Important Customer Notice Information Concerning Data Security Incident at Some Staples Stores Staples wants to make customers aware that we have confirmed a data security incident involving customer payment
More informationDRAFT National Rural Water Association Identity Theft Program Model September 22, 2008
DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More information2007 Identity Fraud Survey Report Consumer Version How Consumers Can Protect Themselves
2007 Identity Fraud Survey Report Consumer Version February 2007 Telephone: 925.225.9100 Fax: 925.225.9101 Address: 4309 Hacienda Dr., Suite 380 Pleasanton, CA 94588 E-mail: inquiry@javelinstrategy.com
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationSecurity Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.
IDENTITY THEFT Security Breaches Our economy generates an enormous amount of data. Most users of that information are from honest businesses - getting and giving legitimate information. Despite the benefits
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationThe City of West Linn Identity Theft Prevention Program
Identity Theft Prevention Program Implemented January 1, 2009 Updated: July 20, 2009 Updated: December 18, 2009 I. PROGRAM ADOPTION The City of West Linn ("Utility") developed this Identity Theft Prevention
More informationPrivacy and the Internet AUSTRALIAN ATTITUDES TOWARDS PRIVACY IN THE ONLINE ENVIRONMENT
APRIL MAY 2011 2012 ISSUE ISBN 40 978-1-922017-02-4 ISBN XXX-X-XX-XXXXXX-X Privacy and the Internet AUSTRALIAN ATTITUDES TOWARDS PRIVACY IN THE ONLINE ENVIRONMENT Key Findings 85% of online Australians
More informationFINAL // FOR OFFICIAL USE ONLY. William Noonan
FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States
More informationReclaiming your identity
Reclaiming your identity A resource for victims of identity theft If you think you are the victim of identity theft, use this resource guide to assist you in reclaiming your identity. You will find a checklist
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationPCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv
PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationUsing Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015
www.encari.com Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015 www.encari.com 2 The Problem Cyber attacks are not just a risk, they are a reality.
More information$22k. Payment Card Data Breaches: What You Need to Know About Your Risk and Liability. First Data Market Insight
Need to Know About Your Risk and Liability Many small merchants are surprised to learn that they can be held liable for tens of thousands of dollars in fines and other expenses when a card data breach
More informationIdentity Theft: Take Control of the Inevitable Reality I T A D V I S O R Y
Identity Theft: Take Control of the Inevitable Reality I T A D V I S O R Y Discussion Topics Why ID Theft is a significant problem? What is an Identity? Identity Lifecycle Why ID theft occurs? Common means
More informationInsider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage CERT Insider Threat Center April 2011 NOTICE: THIS TECHNICAL DATA IS PROVIDED PURSUANT TO GOVERNMENT CONTRACT
More informationIdentity Theft. Today s Goals. Identity Theft Statistics 03/26/2013. Joel Jacobsen Information Security Officer
Identity Theft Joel Jacobsen Information Security Officer Today s Goals Definitions and Statistics Identity Thief Tactics Warning Signs Prevention Tips Identity Theft Statistics #1 complaint to the Federal
More informationThe Home Depot Provides Update on Breach Investigation
The Home Depot Provides Update on Breach Investigation Breach confirmed Investigation focused on April forward No evidence of debit PIN numbers compromised No customers liable for fraudulent charges Customers
More informationProtecting personally identifiable information: What data is at risk and what you can do about it
Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most
More informationData Security Breach Notice Letter
View the online version at http://us.practicallaw.com/3-501-7348 Data Security Breach Notice Letter DANA B. ROSENFELD & ALYSA ZELTZER HUTNIK, KELLEY DRYE & WARREN LLP A letter from a company to individuals
More informationWhite Paper: Are there Payment Threats Lurking in Your Hospital?
White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep
More informationSECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH...
SECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH... CONTAINMENT AND CONTROL... INVESTIGATING A SECURITY
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationPayment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
More informationIdentity Theft Victim s Packet
Identity Theft Victim s Packet Information and Instructions This packet is to be completed once you have contacted the Lafayette County Sheriff s Department and obtained a report number related to your
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationProtecting Yourself from Identity Theft
identity theft unit new york county district attorney s office Protecting Yourself from Identity Theft cyrus r. vance, jr. district attorney 5 / 2010 questions and answers Dear Friends, cyrus r. vance,
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationOakland Family Services - Was Your Email Hacked?
Oakland Family Services Information Breach FAQs 1. What happened? An unauthorized individual remotely gained access to the email account of one Oakland Family Services employee July 14, 2015 resulting
More informationSECURITY FREEZE INFORMATION
SECURITY FREEZE INFORMATION Any consumer in North Dakota may place a security freeze on his or her credit report by making a request by mail to each consumer reporting agency. If the consumer reporting
More informationPROTECTION GUIDE Learn the Essentials & Immediate Steps to Protect Your Identity
PROTECTION GUIDE Learn the Essentials & Immediate Steps to Protect Your Identity Identity fraud occurs anytime your personal information is used without your authority and is more than just credit card
More informationTo all GRSB debit and credit card customers:
To all GRSB debit and credit card customers: A data breach at the Target Corporation may have exposed 40 million credit/debit cards to potential fraudulent activity. If you made purchases in a Target store
More informationSECURITY BREACH FACT SHEET FOR DEPARTMENT OF ADMINISTRATION CALL CENTER
PRICE WATERHOUSE COOPERS SECURITY BREACH FACT SHEET FOR DEPARTMENT OF ADMINISTRATION CALL CENTER Who is affected by the breach? Participants in the Public Employees Retirement System and the Teachers Retirement
More information2011 NATIONAL SMALL BUSINESS STUDY
2011 NATIONAL SMALL BUSINESS STUDY The National Cyber Security Alliance has conducted a new study with Symantec to analyze cyber security practices, behaviors and perceptions of small businesses throughout
More information