New Breach Unseats Equifax as Biggest Ever

So, we’ve just learned that Exactis may have exposed over 340 million records. What? Never heard of them? We hadn’t either, until now. This marketing and data aggregation firm reportedly holds over 3 billion personal records that include everything from name and address to religious preferences, smoking habits and even if you like cats. Yup, we know who you are.

This breach unseats Equifax as the largest in history and includes records of both 240 million people and over 100 million businesses. That’s almost everyone in the US. According to Exactis, credit card and social security information wasn’t revealed, but the level of detail exposed is still a big concern for identity theft and safety. And now we all know about you and “Whiskas.”

Not So FastBooking

If you’ve stayed at a hotel in France or Japan (or one of up to 1,000 other hotels across the globe), you’ll want to read this one twice. Last week, Paris-based hotel software provider, FastBooking, announced that hackers had breached its system and gotten away with personal information and, in some cases, payment details. FastBooking has said that the breach was contained within 3 hours of being discovered, but that wasn’t until the hotel-bandits had roamed their servers for 5 days before being caught.

I’ve Got Good News and Bad News

In a recent study by cybersecurity company Webroot, over 600 IT decision makers were surveyed…and the results showed that there’s still lots of work to be done. While 100 percent of the respondents said that they had conducted some sort of employee cyber training, 79 percent also said they weren’t really ready for serious cybersecurity threats. Research also showed that the average cost of attacks is decreasing (526K in the US) and that leading types of attacks are shifting from malware to phishing. Bottom line? Keep educating, remember device-level security, watch for phishy emails and… plan for the worst. We know, not fun…but important.

7 Cyber Tips for Summer

Well, we’re hoping you’re enjoying the long summer days, sitting by the pool and maybe even a little umbrella drink or two. But as we’re soaking in the lazy days of summer, we’ve got to remember not to let ourselves or our teams get lazy when it comes to cybersecurity. So, in honor of the longest days of the year, here’s a list of 7 cyber basics. Take them down and pass them around.

  1. We are all targets. Don’t think “it won’t happen to me.”
  2. Eight characters isn’t enough. Mix it up and don’t use the same password on multiple sites. Yeah, we see you.
  3. Secure devices. Don’t leave devices unlocked. If you walk away, lock up the screen.
  4. Double check before clicking. Be especially wary of any attachments or links in emails. That’s a favorite front door for the bad guys.
  5. Browse at your own risk. If you’re on a public wi-fi just keep in mind that your data could be copied or stolen.
  6. Back it up, baby. Don’t forget to keep your important data backed up and keep your anti-virus software up to date.
  7. Don’t share too much. Be careful with how much info you share on social media. Think twice before telling everyone you’re on your way to Cancun with a house full of data back at home.

There are plenty of other cyber basics but these will help you stay safer during the summer.

CEOs are Getting in the Game

The big dogs are finally getting in the cyber game. And that’s a really good thing. According to a recent study by Accenture, CEO’s and boards of directors are stepping up to the plate to take more control over cyberthreats and attacks. The study reports that nearly two-thirds of CEOs and boards now have direct oversight over cybersecurity strategy and budgets. And it seems to be working seeing that even though the average number of attacks has doubled but the detection and response times are getting faster and more efficient.

Speaking of CEO’s and cyber, did you know that the NCC is hosting a special training for CEOs and boards of directors? Check out for all the details.

Olympic Destroyer Won’t Go Away

Remember the ‘Olympic Destroyer‘ cyber attack? That was the name of the hackers that targeted the  Winter Olympic Games earlier this year. Well, the group whose name sounds like a Transformer is apparently still alive and well and has recently been found targeting banks in Russia as well as biological and chemical threat prevention laboratories in the Ukraine.

And apparently, the group has also attempted to gain access to computers in other countries, including France, Germany and Switzerland. It’s not yet known exactly who is behind the attacks but rest assured that our global cyber avengers are closing in on them.

World Cup…of Cyber

The 2018 FIFA World Cup kicked off in Russia this week, with more than a million people expected to travel to Moscow to witness the biggest sporting event in the world. But if you’re heading to the Cup, you can count on more than the usual soccer hooligans. According to U.S. counter-intelligence, FIFIA fans could face myriad of cyber-punks.

William Evanina, the Director of the US National Counterintelligence and Security Center, warned World Cup travelers. “If you’re planning on taking a mobile phone or laptop with you – make no mistake – any data on those devices may be accessed by the Russian government or cybercriminals.” While it’s impossible to be 100% digitally secure and none of us can realistically disengage from our devices for any length of time, use special caution at all times but especially at airports, when using public wi-fi and in hotel rooms.

Oh, and cheers to The Three Lions…go get em!

About Your Long-Lost Uncle in Nigeria

Unless you live under a rock (or in a weird commune), you’ve probably seen your fair share of “Nigerian” email scams. You know, “my uncle just gave me 1M and I need to transfer it to a (random and naive) US citizen.” Don’t trust those, by the way. Well, the more sophisticated bad guys have been able to scam millions of dollars from major corporations using the same tactics, otherwise known as business email compromise (BEC).

The most recent wave of email attacks have targeted Fortune 500 companies with scams designed to trick victims into fraudulent wire transfers. The bad news is that these attacks are already up 45 percent over 2017. Good news is that in a recent sweep, authorities from the US and other counties worked together to snag 74 malicious actors (from Nigeria, Canada, Mauritius, and Poland) and recover millions of dollars. Be suspicious of unusual email and if it looks to good to be true, well…

Periscope Up!

When you’re the US military and you’ve got a $300 million clandestine project with a name like Sea Dragon, you pretty much don’t want anyone getting their hands on the top-secret briefcase. That’s basically what happened when the Chinese government made off with a trove of undersea military secrets. OK, so maybe it wasn’t exactly a briefcase — it was the computer networks of a Navy contractor.

Early this year, massive amounts of sensitive data flowed into the hands of the Chinese after they torpedoed the vulnerable network, including “secret plans to develop a supersonic anti-ship missle for use on U.S. submarines by 2020” Not good. Not good at all. As far as anyone can tell at this point, the vulnerability was due to basic security hygiene. Seems the critical data was being housed on the contractor’s unclassified network.

Yup, that simple and a reminder of how important it is to know exactly what and where your sensitive data is stored, both on site and in the hands of trusted third parties. Even in the corporate environment where you don’t have top secret military plans, the aggregation of a bunch of non-sensitive stuff can open the window to things you may not want others to know about like strategic marketing plans, intellectual property, or personnel information.

Genetic Testing Site Hacked

So, we think there are a few things we sort of want to keep private. You know, things like your weekend binge of an entire season of The Bachelor or your Blue Bell Butter Crunch ice cream addiction (trust us, it’s a thing). Oh, and also our genetic and DNA information. That seems kinda personal.

Last week, MyHeritage, a web-based genealogy and DNA testing platform, revealed that last year hackers stole emails and hashed passwords belonging to over 92 million users. Fortunately, the company insists that there is no evidence that DNA data was stolen. The company says that it does not store DNA information on the same system where it stores user email addresses. Whew. Believe me, you do not want a cloned version of me walking around.