MyCRA Specialist Credit Repair Lawyers

Tag: data breach

  • Update on mandatory data breach notification laws

    mandatory data breach notificationThe long-awaited amendments to the Privacy Act 1988 making reporting of serious data breaches mandatory, has been passed in the House of Representatives and had its second reading in the Senate yesterday. We  cover what this Bill will mean if it is passed, and what it means for your credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    If passed by both houses, the Privacy Amendment (Privacy Alerts) Bill 2013 will be implemented as part of amendments to the Privacy Act in March next year, alongside other amendments.

    The amendments will force businesses and government agencies covered by the Privacy Act 1988, to notify people when a serious data breach affecting their privacy occurs.

    The notification requirements do not apply to all data breaches, only breaches that give rise to a risk of serious harm. Serious harm could include physical and psychological harm, as well as injury to feelings, humiliation, harm to reputation and financial or economic harm.

    The Commissioner will be able to seek civil penalties if there is serious or repeated non-compliance with the notification requirements and the Information Commissioner will be able to direct agencies and business to notify individuals of data breaches.

    The legislation has been introduced following criticism of the current voluntary reporting system. It seems when faced with a choice, many entities think of the bottom line or other publicity concerns rather than the security of people’s personal or financial information.

    A bit about how data breaches can threaten your credit file

    Personal information in the wrong hands can lead not only to identity fraud, but the misuse of the victim’s credit file, which can have significant long term consequences.

    A lot of identity fraud is committed by piecing together enough personal information from different sources in order for criminals to take out credit in the victim’s name. Often victims don’t know about it right away – and that’s where their credit file can be compromised.

    Once the victim’s credit rating is damaged due to defaults from this ‘stolen’ credit, they are facing some difficult times repairing their credit rating in order to get their life back on track.

    These victims often can’t even get a mobile phone in their name. It need not be large-scale fraud to be a massive blow to their financial future – defaults for as little as $100 will stop someone from getting a home loan.

    Once an unpaid account goes to default stage, the account may be listed by the creditor as a default on a person’s credit file. Under current legislation, defaults remain on the credit file for a 5 year period.

    What is not widely known is how difficult credit repair following can be – even if the individual has been the victim of identity theft, there is no guarantee the defaults can be removed from their credit file. The onus is on them to prove their case and provide copious amounts of documentary evidence.

    Unfortunately data breaches are difficult for individuals to have any control over, and the only way people can ensure their details are safe are to demand that the companies they deal with have strong IT systems before disclosing that information.  People should adopt the philosophy of a need-to-know basis for disclosing their personal information. They should always question the need for it to be handed over. If it is not essential, they shouldn’t do it.

    Image: Stuart Miles/ www.FreeDigitalPhotos.net

  • Mandatory data breach notification Bill before Parliament

    data securityThe Attorney-General has put before Parliament a mandatory data breach notification bill, which will require businesses and government agencies to notify people when a data breach affecting their privacy occurs. In our view this long overdue legislation is imperative to protect individuals who have their personal information unsecured in some way.  This will allow those individuals affected to take swift steps to secure their own records and personal information from identity crime. We look at why these laws are so important and how a data breach can impact a person’s credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Remember when Sony was hacked? Thousands of Sony Australia customers were kept in the dark about it for some time – and there wasn’t a thing our Privacy Commissioner could do after the fact, due to there being no legal requirement in Australia on businesses or other entities to notify individuals when a data breach in their business could impact their personal information.

    Events like that – along with a long list of other breaches – have inspired changes within our legislation.

    The Attorney-General Mark Dreyfus QC handed over The Privacy Amendment (Privacy Alerts) Bill 2013, for its first reading in parliament yesterday. If passed, amendments will be implemented along with other major amendments to the Privacy Act 1988, on March 12, 2014.

    The new laws will require notification of data breaches to the Office of the Australian Information Commissioner, on all entities covered by the Privacy Act 1988, including many businesses.

    The notification requirements do not apply to all data breaches, only breaches that give rise to a risk of serious harm. The Commissioner will be able to seek civil penalties if there is serious or repeated non-compliance with the notification requirements.

    “To make sure that the new laws have teeth, the Information Commissioner will be able to direct agencies and business to notify individuals of data breaches,” Mr Dreyfus said in a statement to the media on Tuesday.

    In a Computerworld article ‘Proposed mandatory data breach notification bill read in Parliament’, Privacy Commissioner, Timothy Pilgrim, reportedly said he has supported the introduction of mandatory data breach notification laws in Australia since they were first proposed by the Australian Law Reform Commission in 2008.

    “The last couple of years have seen a number of high-profile data breaches and subsequent own motion investigations initiated by me, and research suggests that the frequency of data breaches in Australia has continued to grow over the past three years,” he said.

    Despite this upward trend, the Office of the Australian Information Commissioner (OAIC) received 46 data breach notifications in the 2011–12 financial year, an 18 per cent decrease from the previous year.

    “I am concerned that we are only being notified of a small percentage of serious data breaches that are occurring,” Pilgrim said. “Many critical incidents may be going unreported and consumers may be unaware when their personal information could be compromised.”

    Up to now, whilst organisations are encouraged to disclose data breaches to the Commonwealth Privacy Commissioner, it has not been mandatory to do so. There has been much criticism over companies “holding out” on their customers following a data breach, and waiting days or up to a week or so to notify customers that their personal information may be at risk.

    During this time, it has been argued that hackers have had free access to this personal information without the customer doing anything to minimise their own risk, such as cancelling accounts, changing passwords and flagging their credit accounts and credit file.

    We agree this is an area which is overdue for legislation, especially going in hand with other new Privacy Amendments already passed.

    We can’t take lightly the possibility that any company that keeps data on its customers could be exposed to data breaches. Identity theft is becoming more prevalent, and personal information is lucrative for fraudsters.

    Unfortunately it seems everywhere people turn some company has been hacked – and it seems every entity with a computer is vulnerable. It is still extremely scary the level of risk peoples’ personal information undergoes these days when it is stored online.

    Personal information in the wrong hands can lead not only to identity fraud, but the misuse of the victim’s credit file, which can have significant long term consequences.

    A lot of identity fraud is committed by piecing together enough personal information from different sources in order for criminals to take out credit in the victim’s name. Often victims don’t know about it right away – and that’s where their credit file can be compromised.

    Once the victim’s credit rating is damaged due to defaults from this ‘stolen’ credit, they are facing some difficult times repairing their credit rating in order to get their life back on track.

    These victims often can’t even get a mobile phone in their name. It need not be large-scale fraud to be a massive blow to their financial future – defaults for as little as $100 will stop someone from getting a home loan.

    Once an unpaid account goes to default stage, the account may be listed by the creditor as a default on a person’s credit file. Under current legislation, defaults remain on the credit file for a 5 year period.

    What is not widely known is how difficult credit repair following can be – even if the individual has been the victim of identity theft, there is no guarantee the defaults can be removed from their credit file. The onus is on them to prove their case and provide copious amounts of documentary evidence.

    Unfortunately data breaches are difficult for individuals to have any control over, and the only way people can ensure their details are safe are to demand that the companies they deal with have strong IT systems before disclosing that information.  People should adopt the philosophy of a need-to-know basis for disclosing their personal information. They should always question the need for it to be handed over. If it is not essential, they shouldn’t do it.

    The fact that our country is attempting to legislate this important area is a big step in the right direction. Forcing companies to act quickly would minimise the harm which could occur to the victims’ financial identity and credit file information. Whilst it won’t prevent all data breaches, it will encourage better security. A requirement to disclose potentially harmful breaches would mean a company’s bad security is thrown right into the limelight. And not even the big wigs would want that.

    Image: David Castillo Dominici/ www.FreeDigitalPhotos.net

  • Fraudsters cashing in on public fear over password security

    fake password checking siteAustralians are warned to be aware of a scam which is targeting public uncertainty following publicised hacking events or data breaches. People are being sent links to fake sites which ‘test’ your logon details for popular sites such as Twitter, LinkedIn, Facebook, Hotmail and Gmail. But be warned, many of these are fake password checking sites, or similar and are phishing for your user name, password and other personal information. We look at this scam in more detail, and how it could impact you and your credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Giving away your details to these sites could put you at risk of identity theft and credit fraud– so the message from Australia’s ‘Stay Smart Online’ is – always be suspicious of sites asking for your user name, password or personal information. If you’re not sure – don’t take the chance.

    “Links to password checking sites often circulate on social media and email after publicised hacking events or breaches – such as the hacking of the Associated Press’s Twitter account – a time when checking the strength or security of your own account might seem appealing,” Stay Smart Online warned in an alert yesterday.

    SSO advises never to enter your username and password anywhere except on the site it is intended for:

    Don’t use links in emails or social media messages that take you to a log in page. Navigate there yourself independently to make sure you are on the legitimate site’s logon page.

    Make sure the addresses of the websites you use are correct.

    When logging on to a website, check for HTTPS (or a padlock) in the address bar. This is the secure form of HTTP. Websites that don’t offer HTTPS at logon are unsecured.

    Always be suspicious of unsolicited emails, especially those seeking personal or financial information.

    SSO says there are some legitimate password-checking sites out there, and some of the legitimate sites have been copied.

    Legitimate sites can use minimal information supplied by you, such as your email address (not your password!) to check your address against lists of stolen information found in data dumps on hacker sites. Other legitimate sites may offer to simply test the strength of your password. But trying to distinguish the real from the fake may not be worth the risk.

    SSO warns fake sites may be very difficult to distinguish from legitimate ones, and will simply collect your details.

    “…someone then has everything they need to access to your account,” SSO states.

    The danger in clicking on any link from an unknown source is not only that the personal information that you give out could be directly warehoused for future purposes of identity theft for fraud, but you could also end up downloading malware or a virus which takes that information from your computer.

    Recently MSN Money commented on this latest scam in its story Avoid Password-Checking Sites:

    Given that most people still use simplistic passwords and use them across multiple sites — as has been shown in a variety of data breaches and surveys — there’s a lot at stake when you give yours away. Imagine losing control of not only your social networks, but also access to your email, online banking and other personal and financial information.

    Even if you catch the breach quickly, it will still be a colossal pain to get everything back to normal.

    What can fraudsters do if they can get their hands on your personal information?

    They can steal passwords to your bank or credit accounts and they can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents, and apply for credit in your name.

    Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties – the victim can have a stack of credit defaults against their name by the end of their ordeal – and sometimes no proof it wasn’t them that didn’t initiate the credit in the first place.

    Recovery can be slow, and in some cases victims have had no way to prove they weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity crime happening long before the fraud took place.

    New laws coming through in March 2014 are aimed at protecting your credit file following an incidence of identity theft. If you know you have been scammed, you will be able to put a ‘ban’ on your credit file – so no one will be able to access your credit information – therefore protecting your credit information from misuse.

    But if you don’t know you have been scammed until it’s too late, or if you can’t pinpoint what’s happened to you, it may be still be difficult to protect your credit rating. So you have to be sure you protect all of that, by staying ahead of scams such as this, and by keeping strong passwords.

    MSN Money provides some tips from Microsoft about password security to consider when creating — or changing — a password:

    • Make your password at least eight characters long

    • Mix up the characters with capitals, lower case, numbers, symbols and punctuation marks

    • Change your passwords regularly

    • Use different passwords on different sites

    If you think you might have entered details into a fake site…

    * Change your password immediately. If you use the same logon information elsewhere you should also change these passwords, ensuring you create a unique password for each service.

    * Contact the Police – as well as your bank – especially if you have given over personal information to fraudsters. Don’t be embarrassed – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place. You should also contact the credit reporting agencies that hold your credit file and inform them that you may be at risk of identity theft.

    * Order a copy of your credit report. If there are any inconsistencies on your credit report – change of address, strange credit enquiries and credit you don’t believe you’ve accessed, then you may already be a victim – and should do all that’s possible to follow up on each account so as not to accrue defaults on your credit file that should not be there.

    Credit file defaults are difficult for the individual to remove and generally people are told by creditors they remain on our file for 5 years, regardless of how they got there.

    Although it seemed so easy for the fraudster to use your good name in the first place, you are now faced with proving the case of identity theft with copious amounts of documentary evidence.

    If you have neither the time nor the knowledge of our credit reporting system that you may need to fight your case yourself, you can seek the help of a credit repairer. A credit repairer can help you to clear your credit file and restore the financial freedom you rightly deserve.

    The reason a credit repairer is usually so successful in removing your credit file defaults, is their relationships with creditors, and their knowledge of current legislation.

    Visit www.mycra.com.au  for more information on identity theft or how to repair bad credit.

    image: foto76/ www.FreeDigitalPhotos.net

     

  • Stay safe on Australia’s biggest day of online commerce

    Media Release

    Stay safe on Australia’s biggest day of online commerce

    Buying presents online is bigger than ever this year, and it has been announced by online commerce experts that Sunday December 9 2012 is predicted to be the biggest day of online retail in Australia’s history.

    With this in mind a consumer advocate for accurate credit reporting is warning Australians to be vigilant with their personal information, as credit card fraud is not the only way unsuspecting consumers can be ripped off online.

    CEO of MyCRA Credit Rating Repair, Graham Doessel says those consumers buying online should be careful giving out not only banking details but other pieces of personal information to unfamiliar online retailers, as this information may be used or stored for purposes of identity theft.

    “If you are caught out with bank fraud, your bank may be able to monitor your accounts and in many cases reimburse you for stolen funds, but identity fraud is not so simple.”

    “Identity theft is about building up a profile on the victim, and if fraudsters are able to do this they can request replacement copies of identification in your name and gain access to your credit rating, so it may be your personal details that the crooks are really after,” he says.

    Ebay, Paypal and Australia Post recently predicted Sunday December 9, 2012 will be Australia’s biggest online retail day, with 2.3 million Australians expected to visit Ebay alone on this day.[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][i] Whilst these retailers are familiar and trusted companies, some retailers are not always what they seem.

    The Australian Federal Police released a statement on Monday warning all consumers they need to keep close their personal information as they would if they were physically at the store.

    AFP National Manager High Tech Crime Operations Neil Gaughan:

    “Consumers need to ensure they protect their personal and financial information. Following basic security measures will prevent fraud and the disappointment and stress of financial loss when goods thought purchased are not received.” [ii]

    NSW Fair Trading, independent organisation Internet Fraud Watchdog and Western Union also launched the “Be Vigilant, Verify and Be Vocal” campaign against fraud in Sydney on Wednesday.

    Their campaign features Olympian Giaan Rooney, who was herself a victim of fraud earlier in the year when fraudsters racked up $17,500 on her credit card.

    “Fraud transcends the whole community. No-one is immune, it cuts across all Australians immaterial of age or status,” she says.[iii]

    These warnings seem fitting in light of security company McAfee’s recent survey on Australian online retail transactions.

    McAffee’s study featured a survey of 1005 Australians and found that one in three did not know how to recognise a secure web address. Over half also said they would provide their name and age, and 38% say they’d give their phone number to online retailers.[iv]

    But Mr Doessel says these basics of safe online commerce need to become common knowledge, as consumers can not only face a loss of money, but can potentially end up identity theft victims. He says this starts with two important points:

    “If the web address does not start with https:// your personal or financial details may not be safe – and the website may not be legitimate. Verify this before you proceed with entering your details,” Mr Doessel says.

    He also says people are giving away too much information to online retailers and there is a risk of that information going to identity thieves – whether that be due to a data breach or via a fraudulent retailer.

    “You have to think – does this store really need my date of birth? Only give information that is necessary for the transaction – and if your date of birth is one of them, I would be questioning why,” he says.

    Mr Doessel says identity theft can happen to anyone, and the victim may not always know the exact circumstances leading to debts in their name.

    “Sometimes the actual identity theft can have happened years ago, and it’s not until the victim applies for credit and is refused that they find out. The victim will have five to seven years of being blacklisted from credit unless they are able to prove they didn’t initiate the credit in the first place,” he says.

    He says if people worry they may have fallen victim to identity theft they should check their bank and credit card statements thoroughly and should also order a copy of their credit report – which would indicate if their credit file had been misused.

    “Contact Police immediately and also alert your Creditors and the Credit Reporting Agencies which hold your credit file if you are at all suspicious of identity theft before it leads to fraud,” he says.

    Victims can also use the services of a credit rating repairer to recover their good name following identity theft.

    Please contact:

    Graham Doessel – CEO Ph 3124 7133

    Lisa Brewster – Media Relations media@mycra.com.au

    Ph 07 3124 7133 www.mycra.com.au www.mycra.com.au/blog

    246 Stafford Rd, STAFFORD Qld

    MyCRA Credit Repairs is Australia’s number one in credit rating repairs. We permanently remove defaults from credit files.

     

    ——————————————————————————–

    [i] http://auspost.com.au/about-us/biggest-online-shopping-day.html

    [ii] http://www.afp.gov.au/media-centre/news/afp/2012/december/stay-safe-during-the-festive-season.aspx

    [iii] http://www.tradingroom.com.au/apps/view_breaking_news_article.ac?page=/data/news_research/published/2012/12/340/catf_121205_143800_0813.html

    [iv] http://www.smartcompany.com.au/internet/052956-virus-experts-warn-beware-of-the-12-online-scams-of-christmas.html?utm_source=SmartCompany&utm_campaign=6debdba9e3-Friday_16_November_201216_11_2012&utm_medium=email

    Image: Naypong/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • How Can You Prevent a Data Breach in Your Small Business?

    If we can learn anything from recent reports of more Australian cyber-crime victims, we must learn that personal information is so important to keep safe. Not only is today’s cyber-crook or scammer after your money – they are after the money you can borrow – through obtaining credit in your name. The recent arrests of seven Romanian people in Australia’s largest credit card data theft investigation in which those criminals had access to 500,000 Australian credit cards is a chilling reminder to all Australians that we are not immune to fraud and identity theft. The fact that these criminals were able to gain this information by hacking the databases of 100 Australian small businesses prompts us to look into what Australians can do to protect their customer information within their business network and keep their customer’s personal information and credit files safe.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    On Thursday, the Australian Federal Police announced in a joint release to the media, that they have arrested seven people in Romania in Australia’s largest credit card data theft investigation.

    The criminal syndicate had access to 500 000 Australian credit cards and approximately 30 000 credit cards have been used for fraudulent transactions amounting to more than $30 million…

    Stolen credit card data was being used to create false credit cards, enabling thousands of counterfeit transactions to be carried out in numerous overseas locations including Europe, Hong Kong, Australia and the United States.

    After the AFP identified the cause of the data compromise, the investigation grew to involve numerous international law enforcement partners and the Australian banking and finance sector also provided strong support…

    No Australian credit card holders lost money as a result of these fraudulent transactions. Australian financial institutions reimbursed the financial losses of cardholders…

    Abacus Australian Mutuals CEO Louise Petschler said today’s developments show that cyber crime is a global enterprise.

    “It underlines how a coordinated approach by law enforcement agencies, financial institutions, merchants and consumers can help fight card fraud. We all have a role to play to ensure credit card transactions are safe and secure,” Ms Petschler said.

    “Policing is only one part of the solution to stop data compromises – credit cards should be kept in a secure place, ATMS should be checked for any unusual attachments, personal details including PIN numbers should be protected, financial statements should be checked continuously, mail boxes should be secured and if possible, ‘chip and pin’ security implemented on credit cards,” Commander McEwen said.

    The ABC ran a story the same day on this issue, ‘Australian small businesses targetted by data theft syndicate.’

    It featured IT security expert, Nigel Phair from the Centre for Internet Safety at the University of Canberra. He says it proves that many small businesses are not taking data security seriously enough.

    While he’s surprised at the scale of the operation, Nigel Phair isn’t surprised Australia was a target.

    ”We are susceptible. We are a good economy, we are ripe for the picking for these international criminals,” Nigel Phair says.

    He says the issue for small businesses, is they spend next to no money on any IT security.

    He says it is relatively simple for criminals to get hold of those credit card details if a company doesn’t have any such security.

    “It really is a matter of just hacking into the organisation, finding where their credit card details are stored and then stealing them and then transacting them yourself, you know. And then the next question coming out of that is after you do a transaction with a small to medium enterprise, there’s no reason for them to retain your data,” he says.

    “In the small to medium category I would suggest most [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][small businesses] aren’t adhering to it [best practice when it comes to credit card data].”

    Preventing Data Breaches in Small Businesses

    Following the introduction of amendments to Australia’s Privacy Laws in the form of the Privacy Amendments (Enhancing Privacy Protection) Bill 2012, there will be more protection for individuals in regards to their personal information.

    How this will flow through to small business procedures is still to be officially outlined, as they will be exempt from some of the new laws.

    Small businesses looking to comply as much as possible with best practice guidelines for personal information security right now, should consult the Privacy Commissioner’s guidelines, found on the OAIC website.

    The Privacy Commissioner, Timothy Pilgrim says appropriate security safeguards for personal information need to be considered across a range of areas. This could include maintaining physical security, computer and network security, communications security and personnel security. To meet their information security obligations, agencies and organisations should consider the following steps:

    Risk assessment – Identifying the security risks to personal information held by the organisation and the consequences of a breach of security.

    Privacy impact assessments – Evaluating, in a systemic way, the degree to which proposed or existing information systems align with good privacy practice and legal obligations.

    Policy development – Developing a policy or range of policies that implement measures, practices and procedures to reduce the identified risks to information security.

    Staff training – Training staff and managers in security and fraud awareness, practices and procedures and codes of conduct.

    The appointment of a responsible person or position – Creating a designated position within the agency or organisation to deal with data breaches. This position could have responsibility for establishing policy and procedures, training staff, coordinating reviews and audits and investigating and responding to breaches.

    Technology – Implementing privacy enhancing technologies to secure personal information held by the agency or organisation, including through such measures as access control, copy protection, intrusion detection, and robust encryption.

    Monitoring and review – Monitoring compliance with the security policy, periodic assessments of new security risks and the adequacy of existing security measures, and ensuring that effective complaint handling procedures are in place.

    Standards – Measuring performance against relevant Australian and international standards as a guide.

    Appropriate contract management – Conducting appropriate due diligence where services (especially data storage services) are contracted, particularly in terms of the IT security policies and practices that the service provider has in place, and then monitoring compliance with these policies through periodic audits.

    He goes on to say that in in seeking to prevent data breaches, agencies and organisations should be considering their other privacy obligations to do with data collection and retention. Some breaches or risks of harm can be avoided or minimised by not collecting particular types of personal information or only keeping it for as long as necessary.

    Consider the following:

    What personal information is it necessary to collect? – …“Personal information that is never collected, cannot be mishandled,” he says.

    How long does the personal information need to be kept? –…”destruction or de-identification of information that this no longer required will usually be a reasonable step to prevent the loss or misuse of that information).”

    For a full and complete picture of the OAIC Privacy Guidelines, including the relevant Privacy Principles and obligations you may be subject to, we recommend you read the above information in its full context, in this article: the Office of the Australian Information Commissioner, Data breach notification: a guide to handling personal information security breaches – April 2012.

    Image: cooldesign/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Gamers need to know identity theft risks

    The massive increase in gaming popularity comes with a price, as gamers unknowingly expose themselves more and more to identity theft. The cyber-crime world is alert to any potential places where personal information can be extracted easily and used to steal money, identities, and ultimately take advantage of good credit ratings.

    By GRAHAM DOESSEL Founder and CEO of MyCRA Credit Repairs and www.fixmybadcredit.com.au.

    We like to alert readers to any places where their personal information may be at risk.

    Recently, a security expert, Michael Sentonas warned ABC’s gaming readers of the need to keep their personal information safe. In the article ‘Cyber threats a reality in online gaming.’ One area of threat he identifies is data breach. He says the Sony Playstation data breach was a major example of how gamer’s personal information can easily be compromised.

    Sony Australia confirmed in April last year that the personal information of all PlayStation Network account holders worldwide had fallen into the wrong hands. All users were at grave risk of identity theft with the hackers having access to all names, addresses, email addresses, birthdates, usernames, passwords, logins, security questions and more. The NSW Police fraud squad said it was enough information for the hackers to even take out loans on the vicitms’ behalf. Luckily, there were no Australian cases of credit card or identity fraud eventuating from the attack.

    Aside from data breaches, Sentonas pinpoints some of the ways individual gamers can be put at risk:

    “Gamers who mainly engage in massively multiplayer online role-playing games (MMORPG) such as World of Warcraft, Guild Wars 2 and Final Fantasy XIV and social networking games via Facebook have several common threats to watch out for including gold keylogging, phishing and gaming bots.

    Gold keylogging aims to steal “gold” (the currency and valuables a gamer accumulates within a game) and often manifests itself as a Trojan disguising itself as a normal application. A keylogging Trojan tracks the keys typed on a keyboard while the person using the keyboard is unaware. This allows the hacker to obtain your login and password information. A keylogging virus fulfils the same aim however it is designed to replicate itself and spread from computer to computer.

    Phishing on the other hand is a much more direct form of cybercrime that occurs via email or instant messaging. The email or instant message looks identical to the game’s official service and will pop up during a game or appear in your email inbox for example. Phishers attempt to acquire people’s personal information, such as banking details or logins and passwords. They pretend to be an honest business distributing an apparently official electronic communication. A typical phishing email asks you to ‘renew your registration / account’. Reputable businesses will not send you random emails or pop ups asking for your personal or financial information.

    While gaming bots may not be a direct cyber threat in terms of stealing personal information or attacking bank accounts, they have a clear advantage over real life players in online gaming. Most bots usually play with far higher accuracy than most real life players which essentially constitutes cheating. Players also use gaming bots to control their character while they are away from their computer or console. This allows them to keep the account running to enable the player to accumulate money, objects and experience without having to be in front of the screen,” Sentonas says.

    He also warns about the security threats ensuing from mobile devices, which are virtual portable PC’s, at risk of the same if not more security threats than people’s actual computer. Sentonas explains how gamers can be at risk from their smartphone:

    “Users should mainly be looking out for malicious mobile apps and games. Some apps are specifically designed with malicious components to secretly track users’ phone calls, text messages and emails to gather potentially sensitive data. Dangerous apps are usually offered for free and masquerade as fun applications. For example, last year 4.6 million Android smartphone users downloaded a suspicious wallpaper app that collected and transmitted user data to a site in China,” he says.

    He recommends a couple of vital ways gamers can protect themselves against these threats. Gamers should only install apps and games from official stores from their platforms of choice. He also says a little research such as reading user reviews and checking into the developer would go a long way in protecting against identity theft.

    “To help protect your disc-based games, we recommend making reliable backup copies of your saved games (using a USB flash drive) to protect your investment. Avoid storing personal information on the gaming device and consider using security software that protects PCs, tablets and smartphones as well. If children play online games, we recommend parents educate their children to not play with strangers over the internet. Parents should also consider activity-monitoring tools and utilising built-in parental controls,” Sentonas says.

    The threats and ramifications of identity theft are real and debilitating. Currently it is the fastest growing crime in Australia, with 1 in 6 people reporting being affected by it. If credit is taken out by fraudsters in the victim’s name, they can end up with their bank accounts emptied or at worse, defaults on their credit file – and this is not easy to recover from. First the victim has to prove they didn’t initiate the credit themselves. This would require documentary evidence and Police reports. But the identity theft victim would be virtually banned from obtaining credit until they are able to wade through the mess that has been created for them on their credit report, and clear their good name.

    For help with credit repair following identity theft, contact MyCRA Credit Repairs on 1300 667 218 or visit our main website www.mycra.com.au.

    Image: David Castillo Dominici/ Freedigitalphotos.net

  • Telstra’s at it again. And this time it may affect YOU.

    Your credit file could be affected by errors in the telecommunications industry…here is a media release we sent out last month about a significant data breach which occured with Telstra’s customer files. We are eager to see what the Privacy Commissioner’s findings will be on this incident.

    Media Release

    12 December 2011

    A massive data breach of Telstra’s customer database has potentially put around 800,000 of its customers at grave risk of having their passwords stolen and their personal information pilfered by identity thieves.

    The data breach which occurred last Friday, saw detailed personal information which was supposed to be available to Telstra customer service agents only, exposed and openly accessible on the internet.

    The Sydney Morning Herald reported on Friday a user of the Whirlpool forum stumbled upon the “Telstra bundles request search” page after doing a Google search for a Telstra customer support phone number they were told to contact.[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][i]

    SMH reported the information of any Telstra customer was searchable even by last name, bringing up the customer’s account number, what broadband plan they were on, what other Telstra services they were signed up to and notes associated with the customers’ accounts including in many cases their usernames and passwords.

    There were also other details about technician visits, SMS messages sent to private mobile numbers and credit check details.

    Telstra has reportedly reset approximately 60,000 customer passwords as a precaution.[ii]

    Telstra bundle customer, Graham Doessel is one of those potentially at risk.

    He also happens to be the CEO of a company dealing in credit repair for people who have been unlawfully blacklisted from borrowing facilities. He says as much as 50% of his clientele who present with credit file errors and inconsistencies are Telco customers, and many of those are Telstra customers.

    “This data breach is a crucial example of how errors occur so easily in the Telco industry. Unfortunately they have the potential to severely damage someone’s financial future.”

    “Every day we deal with customers who can’t get a home loan, because their credit rating is damaged by improper execution of policies and procedures in the Telco industry,” Mr Doessel, of MyCRA Credit Repairs says.

    Mr Doessel is concerned he is amongst those Telstra customers whose personally identifiable information may have been viewed, and copied for purposes of fraud during the time the information was readily available on the internet.

    “The issue is about both our possible stolen passwords, and our possible stolen personal details – a huge commodity for fraudsters. What’s to say fraudsters haven’t jumped on the internet while this information has been available and copied it?”

    “Personal details are the building blocks for constructing a fake identity. Once someone has fake ID documents, they can take out significant amounts of credit in the victim’s name. Often people don’t find out about it straight away and that can result in defaults from creditors and massive long term credit issues,” he says.

    Mr Doessel recommends anyone who feels they may be at risk by this data breach take a few precautionary steps to ensure their credit file is protected:

    1. Change passwords. Even if Telstra hasn’t advised you otherwise, go in and change your password. If you have that same password for unrelated accounts, change that as well.

    2. Contact creditors and advise them you may be at risk of identity theft. This will allow them to ‘flag’ your accounts and halt any suspicious activity.

    3. Check your credit file. Obtain a free copy of your credit file and check there is nothing suspicious already present on your credit file.

    4. Alert credit reporting agencies. They can put an alert on your credit file which informs you of any changes to contact details, or suspicious credit enquiries you may not have initiated.

    The Privacy Commissioner, Timothy Pilgrim made a statement yesterday:

    “I have opened a formal investigation into the Telstra data breach. At a briefing today Telstra has assured our office that the immediate problem has been rectified and that personal data is no longer accessible.

    I have asked that Telstra also provide me with a detailed written report on the incident, including how it occurred, what information, if any, was compromised and what steps they have taken to prevent a reoccurrence. I will consider all the information provided by Telstra and hope to be in a position to issue an investigation report in late January 2012,” Mr Pilgrim says.

    It is uncertain exactly what and or how much the Privacy Commissioner could determine Telstra would be liable for.

    A recent decision handed down by the Privacy Commissioner only last week, saw one individual complainant awarded $7500 in compensation after a Leagues Club was found to have breached their privacy.[iii]

    This is not the first time a major data breach has occurred with Telstra. In October 2010, a mailing error saw around 60,000 letters containing personal customer information sent to other customers.

    The Privacy Commissioner found the privacy of Telstra customers was only breached in 2010 due to human error, and did not occur due to any systemic failure of Telstra’s processes or procedures, therefore they were not required to pay damages in this instance.[iv]

    /ENDS.

    Please contact:

    Lisa Brewster – Media Relations media@mycra.com.au

    Graham Doessel – Director info@mycra.com.au

    http://www.mycra.com.au/ 246 Stafford Road, STAFFORD QLD. Ph: 07 3124 7133 www.fixmybadcredit.com.au

    MyCRA Credit Repairs is Australia’s leader in credit rating repairs. We permanently remove defaults from credit files.

    [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Sony dangles a carrot to entice users back to its system

    Sony has offered a sweetener in the hope that most of its 17 million users will be enticed back to using its services after the PlayStation data breach last month.

    Sony has offered its customers a ‘welcome back’ package that includes 30 days of free access to PlayStation Plus, 30 days of free access to Music Unlimited by Qriocity, as well as free identity theft monitoring from Debix, and a promise of free downloads in the future.

    In the video message below to customers, Executive Deputy President of Sony, Kazuo Hirai says all PS3 customers must change their PSN and Qriocity account passwords upon their return.

    “Your new password can only be changed on the same PS3 in which your account was activated or through validated e-mail confirmation,” Hirai said. Customers will also have to update their PS3 firmware to receive the latest security patches,