This warning is a bit late, but since this is an
annual event everyone should already be on guard.
As this site has done in 2016 and 2017,
DataBreaches.net will maintain a list of entities that disclose that
they have become victims of a W-2 phishing or business email
compromise (BEC) attack. For 2016,
we compiled 175 incidents (although some of them didn’t become
public knowledge until 2017), and for 2017,
we had 204 incidents – a number that very closely matches what the
government subsequently reported from their records.
How many incidents will we find in 2018, and how
many individuals will potentially be at risk of tax refund fraud from
this type of scam?
As in past years, the list will be alphabetized,
which loses the chronology but makes it a bit easier for me to search
for specific entities as I’m updating the list. Links are to media
coverage or reports of the breach, and the number affected, if
revealed, is in parentheses for the entry.
Throughout the season, look for Steve Ragan of
Salted Hash to provide some summary updates on how many are
being affected.
If you become aware of any W-2 incidents
that I don’t have on this list, please let me know via the Comments
section for this post, Twitter (@pogowasright) or email me at
breaches[at]protonmail[dot]ch.
So here we go…… THE 2018 LIST:
Probably not a technique any teenager could
employ. I wonder if we could borrow an ATM for my Ethical Hacking
class?
ATM makers
warn of 'jackpotting' hacks on U.S. machines
Diebold Nixdorf Inc and NCR Corp, two of the
world’s largest ATM makers, have warned that cyber criminals are
targeting U.S. cash machines with tools that force them to spit out
cash in hacking schemes known as “jackpotting.”
The two ATM makers did not identify any victims or
say how much money had been lost. Jackpotting has been rising
worldwide in recent years, though it is unclear how much cash has
been stolen because victims and police often do not disclose details.
… Diebold Nixdorf’s alert described steps
that criminals had used to compromise ATMs. They include gaining
physical access, replacing
the hard drive and using
an industrial endoscope to depress an internal button required to
reset the device.
We will likely continue to ratchet up these laws a
bit at a time because we don’t seem able to agree on where we
should be.
Erin Jordan reports:
Data security breaches at big corporations, including Equifax and Target, spurred the Iowa Attorney General’s Office to seek changes to Iowa law to further protect consumers.
House Study Bill 526, discussed in a Judiciary subcommittee Tuesday, would update Iowa’s data breach notification act, which requires businesses, nonprofits and other entities hit by hackers to alert consumers and the state.
The update adds new categories of data, such as medical records. And although the law already requires reporting of information breaches “without reasonable delay,” the bill would add a 45-day maximum on reporting.
Read more on The
Gazette.
One of the things the bill would change, although
not mentioned in this article, is that it would apply to personal
information in any form, and not just computerized data.
And it significantly expands the definition of personal information.
Do take a look at it. I hope we have more state attorneys general
proposing such bills in the wake of Equifax, when state legislatures
may be more inclined to actually pass stronger legislation.
It seems to have taken well over a year for social
media to realize what was happening and locate some of the evidence.
I wonder if anyone has asked the social sedia firms if they are ready
for the next election?
Twitter
Says Russian Bots Retweeted Trump 470,000 Times
Russian-linked Twitter bots shared Donald Trump’s
tweets almost half a million times during the final months of the
2016 election, Twitter
Inc. said in a submission to Congress.
The automated accounts retweeted the Republican
candidate’s @realDonaldTrump posts almost 470,000 times, accounting
for just more than 4 percent of the re-tweets he received from Sept.
1 to Nov. 15, 2016. Hillary Clinton’s account got less than 50,000
retweets by the Russian-linked automated accounts during the same
period of time, the company said in documents posted
Friday by the Senate Judiciary Committee.
Not much in the video (more like a Ford
commercial) but something for my students to consider. Should it be
armed?
Ford’s
Autonomous Police Car Could Ticket You Without a Human
So far it's just a patent.
Anyone want to write “The Ethical Algorithm?”
Two new
books focus on the injustice of algorithms
The
difficulty with talking about the technology industry is that it’s
increasingly hard to define. “A tech company can be a giant
data-mining operation turned advertising platform, like Facebook or
Google. But it can also be a design-heavy producer of phones,
computers and software. Or perhaps it’s a transportation
company pretending it’s just a marketplace, nothing to see
here. Maybe it’s Amazon?..
A pair of recent books survey these issues, as they play out on
social networks and in the wider world, in systems many Americans are
not even aware of…”
Dilbert neatly summarizes all sides of the wage &
salary debate.
No comments:
Post a Comment