Data Breach Alert: T-Mobile 100 Million Impacted

Data Breach Alert: T-Mobile 100 Million Impacted

The Associated Press reported yesterday that communications giant T-Mobile confirmed there was unauthorized access to ‘some T-Mobile data’ but that the company is still determining the scope of the breach and who was affected. T-Mobile is actively investigating the leak after someone took to an online underground forum offering to sell personal information from more than 100 million cellphone users.

 

According to Vice’s Motherboard report, the data came from T-Mobile servers and “includes social security numbers, phone numbers, names, physical addresses, unique IMEI (International Mobile Equipment Identity) numbers, and driver license information.” Motherboard also reported that they had seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

 

The seller on the underground forum was asking for 6 bitcoin, which is about $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The hacker said that they are privately selling the rest of the data at the moment. For more in-depth details about the hack, you can read the KrebsonSecurity article HERE.

 

A statement on the T-Mobile website reads “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency.” The statement also included that the company takes the protection of their customers very seriously and that T-Mobile is “conducting an extensive analysis alongside with forensic experts to understand the validity of these claims, and are coordinating with law enforcement.”

 

If you or a family member has been a T-Mobile customer and suspect your data has been compromised, please contact us as soon as possible. We are always available for you 24/7/365 at 888.966.GUARD (4827). Our Member Services can also be emailed at memberservices@guardwellid.com.

 

Photo credit: John Tuesday on unsplash.com

University of California and StreetEasy: Dark Web Fraud Alert

University of California and StreetEasy: Dark Web Fraud Alert

Our teams have discovered extremely large sets of compromised data on the Dark Web. The latest two websites involved are University of California and StreetEasy.com.

 

The University of California (UC) is the world’s leading public research university system. Like several hundred other institutions throughout the country, including universities, government institutions and private companies, UC has been using a vendor service called Accellion File Transfer Appliance (FTA) to transfer information. Accellion was the target of an international cyberattack where the perpetrators exploited a vulnerability in Accellion’s program and attacked roughly 100 organizations. The attackers are now attempting to get money from organizations and individuals.

 

The breach origination date was March 31, 2021. Information stolen includes names, addresses, SSNs, as well as some email addresses and medical IDs.

 

StreetEasy.com is New York City’s leading local real estate marketplace on mobile and the Web, providing comprehensive listings and market data. The approximate breach size is 990,290 and originated in June of 2016. Data exposed includes passwords, first and last names, email addresses, and user IDs.

 

Be vigilant. Be strong. Stay in the know. If you have visited these websites in the past or have done business with them, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo credit by Erfan Parhizi via unsplash.com.

The Steps We Take to Protect Your Identity

The Steps We Take to Protect Your Identity

Identity theft is inevitable. If it hasn’t already, it will victimize you, a family member, or an employee’s life in the near future. ‘Data Harvesting’ has become a major threat to identity protection. Browsing history, online shopping, and messaging data is being used against you.

 

The statistics are overwhelming. Cyber attacks, malware, and phishing scams have increased over 1000% since Covid-19 began. There are 3.5M Google searches every minute and 4.4B Facebook messages each day … all of that information is collected, stored, and sold. Essentially, your data is being stolen then sold back to you.

 

As a leader in the identity protection space, we are advocating for laws to protect the American consumer from Data Harvesting. Additionally, of the 8.5 billion IP addresses worldwide, 3.5 billion of them are malware. It is our hope that stronger IT security efforts are implemented in America (and worldwide) to block the thieves from stealing your information.

 

Protecting identity includes five main steps:

 

1. Implementing proactive safeguards with Guard Well fraud specialists.

2. Protecting personal identifying information (PII), such as social security number, date of birth, driver’s license ID number, financial institution account numbers, passport number, IP addresses, passwords, etc. Remember that even the smallest amount of stolen PII can be used against you.

3. Browsing in incognito or private mode, deleting unused email accounts, using two-factor authentication whenever possible, changing your passwords every 60 days, and removing your information from ‘people finder’ sites.

4. Monitoring credit and identity to quickly detect theft/fraud when it occurs.

5. Resolving all theft/fraud issues completely and continuously monitoring for recurrence.

 

Finally … we always strongly recommend that you DO NOT CLICK on any online link that you are not 100% certain is safe, secure and legit.

 

For more information on how to protect your employees by providing this must-have voluntary benefit, please click on the flyer: GW_Flyer_070821_OnePageMktgPiece

 

Our team at Guard Well Identity Theft Solutions is available 24/7/365. Contact us at 888.966.GUARD (4827) or email memberservices@guardwellid.com if you suspect fraud or have any concerns.

Guard Well Awarded Top Identity and Access Management 2021 Solution Provider

Guard Well Awarded Top Identity and Access Management 2021 Solution Provider

Enterprise Security Magazine has once again recognized Guard Well Identity Theft Solutions in their CIOReview as a top Identity and Access Management Solution Provider for 2021. In previous years, the publication featured Guard Well’s Founder and CEO, E. Allan Hilsinger, in Guard Well Identity Theft Solutions: Shifting a Liability and Expense Into Profit and Protecting Your Employees and Company Bottom Line.

 

Located in Cincinnati, Ohio, Guard Well is celebrating ten years of protecting the American workforce. “We have successfully implemented comprehensive identity management and protection programs for over a decade,” Hilsinger states. Employers partner with Guard Well to protect their employee population from the damages of identity theft. “Every program includes complete fraud resolution, thus allowing victimized employees to concentrate on core work responsibilities instead of spending countless business hours trying to resolve the problem on their own.”

 

The article also discusses how Guard Well partners with benefit brokers, third-party administrators (TPAs), insurance companies, and financial institutions … not just employers. “We have also disrupted the enterprise data risk mitigation space with a new solution that wipes and certifies IT hard drives at no fee, repurposes the gear, which is the ‘greenest’ solution available, and then share the profit with the client.” To learn more about the Data Risk Mitigation solution, visit the Guard Well website.

 

To read the article, Comprehensive Identity Management, Protection and Resolution in full, click HERE.

 

Guard Well is available 24/7/365 at 888.966.GUARD (4827) and memberservices@guardwellid.com.

Fraud Trend Alert: End-of-life IT Gear

Fraud Trend Alert: End-of-life IT Gear

There is a new fraud trend we are seeing that almost victimized a client of ours who is a very large, well-known employer in the Cincinnati, Ohio tri-state region. We highly suggest that you share this blog to your company IT contact or a company team member whose duties include data security – IT security – technology security and/or IT gear and infrastructure protection.

 

One of our Guard Well product offerings is Enterprise Data Risk Mitigation. It is a program we developed to help organizations by purchasing their end-of-life IT gear, wipe and certify the drives … at no cost … then repurpose the gear. Essentially we turn a data risk and pending expense into a liability shift and a profit. It’s a very effective … and popular program.

 

Last week we were preparing to pull a large lot of gear from one of our clients when two individuals, claiming to be hired by a third party, showed up on the campus insisting they needed to pick up any used IT gear for “processing.” Luckily our client sensed something was incorrect and reached out to Guard Well asking us if we had sent two men to pick up the gear. We informed them that we did not send these individuals and by the time our phone call ended both men had left the campus.

 

What these men were attempting to do is steal the IT gear, most likely to harvest the sensitive company data and sell it to hackers or hold it for ransom until the company paid them to return the data. Due to the large security concerns, we highly suggest that your organization verifies steps taken to protect the sensitive data stored in end-of-life IT gear. Guard Well will partner with any organization looking for a safe, reliable way to manage the proper decommissioning of this gear and turn a profit from its remaining, but depreciating, value.

 

We can work anywhere in the USA, so please let us know how we can help. Be vigilant. Be strong. If you have any concerns or think you have been a victim of fraud, please contact our Member Services immediately so we can fully resolve the issue for you. We are always available 24/7/365 at 888.966.GUARD (4827).

 

Photo credit: Malachi Brooks via unsplash.com

Guard Well Introduces Three Bureau Credit Report & Score Center

Guard Well Introduces Three Bureau Credit Report & Score Center

Now more than ever, having the right identity theft protection in place is critical. “Cyberattacks, especially phishing scams, are on the rise and that means that identity theft rates are increasing as well,” remarks E. Allan Hilsinger, Founder and CEO of Guard Well Identity Theft Solutions. “Although identity theft is not preventable, it is key to be proactive and identify issues swiftly. This is why we developed the Guard Well Credit Report and Score Center.”

 

In order to assist Guard Well Members and the general public in being cyber smart, Guard Well’s new ‘a la carte’ feature will help save time and identify issues before they could potentially turn into huge problems.

 

To obtain your three-bureau credit reports and score, please visit the Guard Well website and click on the red button in the upper right-hand corner that says Get My Credit Report and Score. Or, visit www.guardwellcredit.com to view your reports and scores within seconds.

 

 

You do not have to be a Guard Well member to utilize this special feature. For a one-time fee of $19.95, you have access to all of your credit reports and scores within seconds. The process is clearly explained with easy to understand instructions to walk you through the activity quickly.

 

First, you will enter your personal information and then agree to Terms and Conditions. Then you will verify your identity by accurately answering the questions provided. On the next page, you will enter your credit/debit card payment information. Once submitted, all three credit bureau reports and scores (Experian, Equifax and TransUnion) will appear in seconds for you to review and print.

 

After you complete this process, reach out to us immediately if you notice anything unusual in your reports. Be smart. Be vigilant. Be strong. We are always available 24/7/365 if you ever have any questions or concerns. Call us at 888.966.GUARD (4827) or email memberservices@guardwellid.com.

 

Photo credit: Photo by Dylan Gillis via Unsplash.com.

 

 

 

 

COVID-19 Unemployment Identity Theft Cases on the Rise

COVID-19 Unemployment Identity Theft Cases on the Rise

The COVID-19 pandemic has changed the entire employment image in America. Have you or a loved one needed to reach out to your state unemployment office due to being out of work (or experiencing a massive reduction in work hours)? As if that process wasn’t difficult enough! Unfortunately, many have experienced the shock and dismay when their unemployment claim is turned down for benefits due to a duplicate application. It is happening … and way too often. Hackers live for mankind’s vulnerability, especially during trying times like this.

 

We understand that it’s hard to know what you need to know especially during immense stress. The following are the five most common unemployment scams that we would like for you to be aware of:

 

Phishing email scams. Be wary of a sender you don’t know even if there are familiar logos visible in the email. Just because the email says it’s coming from your former employer’s CEO, doesn’t mean that it is legit. Verify the sender via phone before you trust the information that they are providing. If no one is available to verify it via a call … it’s a scam.

 

Debit and direct deposit card scams. Hackers know that states may use debit cards or payments via direct deposit to deliver benefits to you. If you are asked to provide personal identifying information (PII), such as date of birth, social security number, and/or bank account information before you actually apply for a card … it’s a scam. We have seen unemployment debit card scams that end up charging the victim for inactivity.

 

Fake phone call scams. The Department of Labor suggests to only use official government websites and phone numbers to file a claim for unemployment benefits. If someone calls you before you reach out for help … it’s a scam.

 

Jobseeker scams. If anyone is interested in hiring you immediately because you are the “perfect” candidate for a position you haven’t sought out … it’s a scam.

 

Fake job board website scams. If a website asks you to pre-register and give them your bank account information for your first paycheck … it’s a scam.

 

Here are some tips to help avoid unemployment benefit scams:

 

– Do not respond to unsolicited emails and texts. A state will not try to reach you and certainly won’t via text message.

 

– Do not click any type of website link even if it looks like it’s from one of your financial institutions. Scammers are really sneaky. Read our blog Do Not Click! for more information.

 

– Monitor your accounts closely. If an identity thief has enough information to apply (and receive) your benefits, it’s a pretty solid bet that they have information on your other accounts. Update your passwords, which is a step to take even not during a pandemic.

 

– Help keep your PII safe by making sure you’re dealing with a legitimate government representative.

 

 

Interested in learning how to file unemployment benefits in your state? Check this map, select the state where you worked, and you will be directed to the appropriate contact information. Be smart. Be vigilant. Be strong. Please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 1.888.966.GUARD (4827) and memberservices@guardwellid.com.

 

The Quick Rise of Phishing Scams – Do Not Click!

The Quick Rise of Phishing Scams – Do Not Click!

Many of us have been experiencing much more free time on our hands, which is great if you enjoy the sport of fishing, have a pile of books to read or Netflix shows to catch up on. Unless you are on the front line, life, as we know it during this pandemic, has forced the majority of us to slow down.

 

Our ‘new normal’ environment is a breeding ground for scammers to take advantage of you and your identity. Last month we wrote several blogs that specifically discussed the various types of coronavirus scams we had been witnessing. Check out Coronavirus Scams Are on the Rise, And More Coronavirus Scams, and Working From Home Cybersecurity Tips if interested in a quick refresher course or two.

 

Over the last two weeks we have seen a 70% increase in email phishing scams during this pandemic, which has undoubtedly touched every facet of our lives. These phishing scams may come across as emails and/or posts promoting coronavirus awareness. These messages will often offer prevention tips on how to stay well, what the symptoms of the virus may include and what to do in case you or a family member feel ill. Some are even creating fake “cases” of COVID-19 in your neighborhood so you feel more inclined to help out. They also may be asking you to donate to victims, offering advice on unproven treatments, or contain malicious email attachments. Don’t fall for any of it … but, in case you do, we suggest that you read our blog from October 2019 Accidentally Clicked on a Phishing Link – Now What?.

 

Today our advice is very simple: If you are not 100% certain of the origin of the email and/or link that you are being asked to click on … DO NOT CLICK. If for some reason you accidentally do click, there are some imperative steps to take to alleviate harm to you and/or the network you may be connected with:

 

– Try not to panic. This happens to everyone. Antivirus and anti-malware will come into play and you will need to have a full system scan. But first …

 

– End the session immediately by turning off Wi-Fi, unplugging from an ethernet cable or completely shutting down all of your devices.

 

– Initiate a back up of your files. Since you won’t be connected to the internet at this point, you won’t be able to accomplish this to the cloud. Having an external drive, DVD or thumb drive are always nice to have on hand during times like these.

 

– Change your login/password to email account(s) and enable two-factor authentication if this hasn’t already occurred.

 

– If you are employed by a company or organization, reference your manual and let your network administrator know of the potential issue.

 

– After all is said and done, check your antivirus/anti-malware software and run a full scan.

 

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does. Be smart. Be vigilant. Be strong. Please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 1.888.966.GUARD (4827) and memberservices@guardwellid.com.

Cybersecurity Trends in Store for 2020

Cybersecurity Trends in Store for 2020

Did you know that the first documented ransomware attack was more than 30 years ago in 1989? That was around the time when a mobile phone was called a bag phone because it sat in a big black bag in your passenger seat … and that curly cord was wound so tight it hardly let it extend to your ear. If you were lucky, you could store about 30 numbers in it. But back then, that was pretty amazing storage. Then flip phones started to make our lives easier in later years. It was pretty simple but the fact that it could actually fit in your pocket made it truly mobile. There was rarely a thought that anyone was listening in on your conversations or tracking your locations (which they probably were but the average person didn’t think doing so was devious). Boy, have times changed.

 

Attacks involving ransomware, which were originally designed to target individuals, are occurring every 14 seconds now. Shocking isn’t it. After you read this sentence, focus on how long it takes you to breathe … inhale and exhale. Your full circle breathing process is likely anywhere from six to eight seconds, which is how long hackers are trying to increase the speed of ransomware attacks by this time next year.

 

Dave Wallen discussed some of the expected 2020 cybersecurity trends in a blog last week for Security Boulevard so we all can be “better prepared against the ever-evolving nature of cyber threats.” He wrote, “With today’s pervasive use of the internet, a modern surge in cyberattacks and the benefit of hindsight, it’s easy to see how ignoring security decades ago was a massive flaw.” It’s not just the speed of the attacks that is alarming, it is the variety of them that are going to keep things interesting for 2020.

 

So what are some of the trends we will be seeing in 2020?

 

Fear will drive spending. Gartner forecasts that worldwide spending on cybersecurity is going to reach $133.7 billion in 2022. The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have pushed businesses and government agencies to a more sophisticated cybersecurity infrastructure than ever. Wallen noted that 76% of organizations plan to increase their cybersecurity budgets this year.

 

The cybersecurity labor market will continue to experience labor shortages. There are many reasons for this skills gap. Not only are there more cybercriminals, but there are also more places for scammers to hide with our ever-expanding reliance on technology. Also, there still needs to be a balance of expanding skills in a very specific area with teaching broad skills that can be useful across many sectors. Think of those with titles such as chief information officer (CIO) and chief information security officer (CISO) – they are currently undervalued.

 

Cloud security will require a more pragmatic approach. The assumption that our data is secure on ‘the cloud’ in applications such as Microsoft and Google will be a thing of the past. In 2019, we saw massive attacks against Office 365 and G Suite that can bypass two-factor authentification making shared accounts exceptionally vulnerable.

 

Mobile devices will become even a greater target. As the number of mobile users increases, so will the amount of business data stored in them. Wallen wrote, “It’s a compelling reason why mobiles are seen as the primary cyberattack vector in 2020.”

 

Election security will be off the charts. With over 70 elections globally planned in 2020, there will be an intense focus on the spreading of disinformation.

 

5G, the fifth-generation wireless technology, will cause an increase in loT-based (Internet of Things) attacks. There will need to be a higher level of security which many current vendors are not able to provide yet. Hackers will take advantage of this gap to “sneak in malware and steal large volumes of your SaaS data at breakneck speed.”

 

AI (Artificial Intelligence) will become even more two-faced. While the benefits of AI are countless and help to protect our security, defakes (fake videos) that can spread misinformation will become more prominent and new types of cyberattacks will result because of them.

 

Organizations will continue to see their biggest asset, their employees, become their biggest threat. As reported in Governing.com, “The problem is that now our most important information, whether it’s sales prospects or customer lists or source code … is spread across the organization and is highly portable on a thumb drive or e-mail … information is less ‘siloed.'” Their study shows that “63 percent of people admit that they took data from their last job and brought it to their current job.”

 

We will also continue to see more fake apps and shopping cart viruses, new account fraud, apps that share our data along with phishing scams (and whaling scams if you’re a high-ranking executive or banker). Identity theft will also be rampant through social media. Lastly, child identity theft will continue to rise. It is suggested that every child have a credit freeze on their file. If you would like more information about how to do so, please reach out to our Member Services team at memberservices@guardwellid.com or call 1.888.966.4827. We are here to help 24/7/365.