Saturday, August 25, 2012

State & National Data Breach Reports

2012 National Data-Breach Count -- Breaches: 284 Exposed Records: 9,143,028

To date this year, according to the Identity Theft Resource Center there have been 284 reported data breaches by US based firms.  Health-care and private-sector business each represent 1/3 of all breaches, with the remaining third mainly consumed between educational institutions, government, and the military sectors.  Financial institutions are running 3 percent of all breaches (but showing a much higher percent of total exposed records).  Full report.

US States with available online data-breach reports include:

State Data Breach Requirements & Statutes:
Handy State-by-State Links to Data-Breach Statutes (National Council of State Legislatures)

Wednesday, June 27, 2012

5 Dirty Tricks For Using Your Stolen LinkedIn Password

(In response to the LinkedIn spill of 6.5 million passwords into the wild.  Here are five actions your password's new owners might take for personal enrichment.)

1) Use your liberated password to cull your LinkedIn account for the people who know things, like for instance: your confidential sources, your Department of Defense contacts (if you have any), your IT admins, your client contacts, and the people you know in other compartmentalized aspects of projects.
2) Use it to get to know who you know: to sell to and steal from the people you know in business - to review your correspondence for tips on what you share and with whom, as prep for trick #3.
3) Use password to lock you out of your own account while corresponding with other people in your network to set up spear-phishing attacks -- use correspondence to create a very passable facsimile of you.  You've just been cloned.  
4) Get into other accounts on other sites using your password . . . in other words, use this 6.5 million password database when conducting brute-force attacks on other sites across the web.
5) Add your password to help grow black-market databases kept on individuals from data spilled, scraped, stolen, and subpoenaed from across the web.  In other words, resell it in association with other related data on you.

Please add your own dirty trick to comments back on Associated Blogs.