Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA BREACH SIMULATION TRAINING JANUARY 12, 2017

Published byElijah Bradley Modified over 6 years ago

Similar presentations

Presentation on theme: "DATA BREACH SIMULATION TRAINING JANUARY 12, 2017"— Presentation transcript:

1 DATA BREACH SIMULATION TRAINING JANUARY 12, 2017

2

3

4

5 A new kind of ransomware comes with its own "referrals" program, one that you probably wouldn't want to join. The malware dubbed "Popcorn Time" locks your Windows computer's files with strong AES-256 encryption, until you a pay a ransom of one bitcoin (or $780 at the time of writing) But this ransomware comes with a twist. The lock screen will let victims unlock their files the "nasty way" by sharing a link with two other people -- presumably ones the victim doesn't like. If they become infected and pay, then the original victim will receive a free decryption key. Otherwise, infected users have seven days to pay the bitcoin ransom to an anonymous wallet.

6

7 Steve Ragan | December 13, 2016

8

9 “The “Gooligan” hackers infected 13,000 phones on average each day.”
Robert Hackett Updated: Nov 30, 2016 “The “Gooligan” hackers infected 13,000 phones on average each day.”

10

11

12

13

14

15

16 Defenseless against Hackers…
11/18/ In late September, Springfield Armory received a report from a payment card network that it had noticed a pattern of unauthorized charges occurring on payment cards after they were used to make a purchase on its website. Following an investigation by the Company, it was determined that an unauthorized person gained access to the web server and installed code that was designed to copy information entered during the checkout process. Such information included order ID, name, address, address, phone number, payment card number, expiration date and card security code, from orders placed between October 3, 2015 and October 9, 2016…

17 Don't click! Lawyers get fake emails about a complaint; hyperlink installs malicious software
By Debra Cassens Weiss Posted Dec 05, 2016 Officials in multiple states are warning that s inviting lawyers to click on a hyperlink to view a complaint will open a website that installs malicious software or on the lawyer’s computer, if the link is clicked. Officials in New York, Texas, Pennsylvania, Maryland and Florida are among those warning about the scam. Lawyers who received such an should delete it immediately and should not click on the link, according to a press release by New York Attorney General Eric Schneiderman. Schneiderman’s press release and the Texas Bar Blog provide an example of one of the phishing s. The “from” header lists “The Office of the State Attorney at The subject lists “The Office of the State Attorney Complaint.” “Dear bar member,” the begins. “A complaint has been filed against your business. Enclosed is a copy of the complaint which requires your response. You have 10 days to file a rebuttal if you so desire. You may view the complaint at the link below.”

18 The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/ debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format. The ITRC will also capture breaches that do not, by the nature of the incident, trigger data breach notification laws. Generally, these breaches consist of the exposure of user names, s and passwords without involving sensitive personal identifying information. These breach incidents will be included by name but without the total number of records exposed. There are currently two ITRC breach reports which are updated and posted on-line on a weekly basis. The ITRC Breach Report presents detailed information about data exposure events along with running totals for a specific year. Breaches are broken down into five categories, as follows: business, banking/credit/financial, educational, Government/Military and medical/healthcare. The ITRC Breach Stats Report provides a summary of this information by category. Other more detailed reports may be generated on a quarterly basis or as dictated by trends. It should be noted that data breaches are not all alike. Security breaches can be broken down into a number of additional sub-categories by what happened and what information (data) was exposed. What they all have in common is they usually contain personal identifying information (PII) in a format easily read by thieves, in other words, not encrypted. The ITRC currently tracks seven categories of data loss methods: Insider Theft, Hacking/ Skimming/Phishing, Data on the Move, Subcontractor/Third Party/BA, Employee error/ Negligence/Improper disposal/Lost, Accidental web/Internet Exposure and Physical Theft. In some cases, there may be more than one category checked. For example, in the case of employee error which occurred with the Subcontractor The ITRC currently tracks seven categories of data loss methods: Insider Theft, Hacking/ Skimming/Phishing, Data on the Move, Subcontractor/Third Party/BA, Employee error/ Negligence/Improper disposal/Lost, Accidental web/Internet Exposure and Physical Theft.

19 Trouble in Paradise? Customers’ Payment Information Compromised …
On November 23, 2016, Atlantis, Paradise Island (the “Resort”) confirmed that malware on its computer systems may have captured customers’ data (e.g. the card number, expiration date, CVV and in some instances, cardholder name). Following reports of unusual activity from its credit card processor, the Resort engaged a cybersecurity firm and discovered suspicious files on its computer systems that indicated a potential compromise of customers’ data for some credit and debit cards used at food and beverage and retail locations at the resort between March 9, 2016 and October 22, 2016…

20

21 France passes bill allowing class actions for data protection violations

22 German company fined for DPO conflict of interest

23 U.S. indicts three Romanians over $4 million cyber fraud
By Nate Raymond | Sat Dec 17, 2016

24 German privacy authorities launch coordinated audit of international data transfers
Ten German data protection authorities (“DPAs”) will conduct a coordinated audit of cross-border data transfers at 500-randomly selected German companies. The audit was announced by the Data Protection Authorities of Bavaria and Berlin on behalf of other DPAs on 3 November The audit is aimed at raising awareness among the companies on the outbound transfers of personal data they process and data processing operations outside the European Economic Area. This includes intra-group data transfers, cloud solutions and any other transfers to third parties. The audit results can lead to a more thorough investigation and enforcement actions by the DPAs.

25 Thank You

Download ppt "DATA BREACH SIMULATION TRAINING JANUARY 12, 2017"

Similar presentations

Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Cyber Crimes.

Cyber Crimes.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Arkansas State Law Which Governs Sensitive Information…… Part 3B

Arkansas State Law Which Governs Sensitive Information…… Part 3B
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
SPH Information Security Update September 10, 2010.

SPH Information Security Update September 10, 2010.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Similar presentations

Ads by Google