uc logo white
Text Size

Data Breach

What Information Is Hidden on Your Airline Boarding Pass? You Might Be Surprised

Based on a report from Krebs on Security, we should all think twice before tossing that old airline boarding pass in the trash. In fact, from this point forward I wouldn’t even consider doing that. Even though most airlines don’t print everything about you and your trip in plain English on boarding passes, much of that information can apparently be found in the QR or bar codes that do appear on the documents.Based on a report from Krebs on Security, we should all think twice before tossing that old airline boarding pass in the trash. In fact, from this point forward I wouldn’t even consider doing that. Even though most airlines don’t print everything about you and your trip in plain English on boarding passes, much of that information can apparently be found in the QR or bar codes that do appear on the documents. According to Krebs, his investigation into boarding passes began when one of his readers got curious about the information stored in the bar code on a boarding pass that was pictured on Facebook. As it turns out, that bar code contained the ticketholder’s name, frequent flyer number and destination information. Using that information, the reader was able to gain access to the ticketholder’s online account with the airline – in this case, Lufthansa – and to his Star Alliance account. From there, he was able to see other trips that the ticketholder had scheduled, and could have made itinerary changes and/or cancellations. If you think about that, it’s pretty frightening. Just imagine a burglar casing your house. If that burglar could gain access to your future travel plans, then he’d know exactly when you wouldn’t be home so that he could commit his burglary with minimal risk of getting caught. Now, just imagine that you have a wife or a daughter who has attracted a stalker. Do you really want to provide that stalker with a means to avoid running into you?
These are just a couple of plausible scenarios.
If you are flying and have a smart phone, you may want to consider using an electronic boarding pass. That way, you don’t have to worry about a discarded pass falling into the wrong hands. Nor do you have to worry about some airline employee collecting your pass and then having the information on it falling into the wrong hands. If you do choose to print your boarding pass, then you should seriously consider shredding any portion of it that you are able to keep when boarding. Throwing it in the trash can really isn’t a very good option any more.   _________________ Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit www.GuardMyCreditFile.org

How to prepare for Digital Disasters

It is September and that means National Preparedness Month: an ideal time to get involved in your community’s safety. Make plans to stay safe, and this includes keeping ongoing communications alive. National Preparedness Month culminates September 30th with National PrepareAthon! Day.It is September and that means National Preparedness Month: an ideal time to get involved in your community’s safety. Make plans to stay safe, and this includes keeping ongoing communications alive. National Preparedness Month culminates September 30th with National PrepareAthon! Day. I can’t believe that people who heavily rely on a computer for business will still suddenly report to clients, “My computer crashed; can you resend me all the files?” What? Wait! Why aren’t these people backing up their data on a frequent basis? If your computer is central to your business you should back up your data a minimum of once a day to protect against the following threats:
  • Computer hack
  • Unintentional deletion
  • Theft
  • Water or fire damage
  • Hard drive crash
To make daily data backups less daunting, carefully sift through all of your files to rid old, useless ones and organize still-needed ones. A mess of files with a common theme all over the desktop can be consolidated into a single folder. Protecting your data begins with keeping your computer in a safe, secure, locked location, but this is only the first (and weakest) layer of protection. The next step is to automatically back up data to the cloud. The third layer is to use local backups, ideally use sync software that offers routine backups to multiple local drives. It’s also important to use antimalware security software to prevent attacks from hackers. Additional Tips for Small Businesses Make de-cluttering a priority by deleting unnecessary digital files. This will help the computer run faster and help your daily backups run more quickly. Take some time to sift through your programs and delete the useless ones. It’s also a good idea to clean up your disk regularly. Windows users can find the disk cleanup tool by going to the Performance Information and Tools section under the Control Panel. Go to the control panel and hit “Hardware and Sound.” Then click “Power Options.” Choosing the recommended “balanced” power setting will benefit the hard drive. Every two to three years, reinstall your operating system to keep your hard drive feeling like a spring chicken. The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.” ____________________ #1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.

Quick Quiz: Has Your Personal Information Been Hacked?

The New York Times has a quick online interactive quiz so individuals can see how much, and which types, of their personal information has been hacked (“How Many Times Has Your Personal Information Been Exposed to Hackers?” by Josh Keller, K.K. Rebecca Lai and Nicole Perlroth; July 29th.The New York Times has a quick online interactive quiz so individuals can see how much, and which types, of their personal information has been hacked (“How Many Times Has Your Personal Information Been Exposed to Hackers?” by Josh Keller, K.K. Rebecca Lai and Nicole Perlroth; July 29th. The authors clearly state certain caveats including:
  1. They’ve included many, but not all, of the most recent major hacks (e.g., OPM, Neiman Marcus, health insurers);
  2. There are likely hacking attacks that are still undiscovered; and
  3. The resulting score should be seen as a minimum, not maximum, given the above caveats.
I took the quiz and wasn’t surprised to find that my personal information has been exposed and potentially stolen.  What parts of personal identity are listed in the quiz?   There are the obvious parts such as address, birthday, credit or debit card, and SSN.  The less obvious but also included are employment history, fingerprints, password and medical information.  I’m angry about the parts of my identity that were exposed while relieved about the parts that have not yet been hacked. The authors also provide very useful concrete information about the steps individuals can take once they discover that some of their personal information has been hacked.  Taking the quiz might seem scary but not knowing, and then not taking pro-active steps, will be even worse. __________________ Ms. Diener is now an independent consultant on privacy, identity management, information protection and risk management. She served in senior managerial, legal, policy and legislative positions in all three branches of the Federal government. In addition to her privacy expertise, Ms. Diener played a lead role on such important domestic and international issues as criminal justice/law enforcement and financial services. She speaks frequently at industry and governmental conferences and meetings.

The Aftermath Survey: What Victims Have to Say about Identity Theft

Each year, the ITRC provides countless hours of victim assistance to help those who’ve been affected by identity theft. This help is intended to let victims regain some semblance of control over their personal identifiable information.Each year, the ITRC provides countless hours of victim assistance to help those who’ve been affected by identity theft. This help is intended to let victims regain some semblance of control over their personal identifiable information. As part of that effort, the organization also compiles the annual Aftermath report based on extensive voluntary victim surveys. This report provides the industry with a clear picture of how identity theft affects individuals and what steps consumers take to recover their lives. It’s unfortunate that one of the key findings of the report each year is that very little headway is being made in actually stopping the perpetrators of this type of crime. For every new security measure and every new piece of legislation—both of which do all they can to thwart and address identity theft—the thieves seem to stay one step ahead. While some of the tried and true methods of identity theft and scamming are still just as viable as ever, thieves continue to find new ways to wreak havoc with other people’s information. What is hopeful, though, is the broader understanding of identity theft measures and the ways that consumers are paying closer attention to their PII. The days of blindly handing over one’s Social Security number or financial account information are limited, as more and more consumers are beginning to ask, “What do you need it for, and how will you protect it?” These types of preventive measures not only go a long way towards making a person seem like a less enticing target, but they’re easily shared through social media, blog posts, and news reports. Unfortunately, what cannot be smoothed over so easily is the emotional toll that identity theft has on its victims. This is one of the crucial parts of the Aftermath survey, as the feelings of loss, mistrust, and violation are no small matter. Victim responses have been shockingly high in terms of explaining how hard it is to trust anyone again, and how helpless they feel just knowing that someone out there has access to their identities and can do practically anything they want with them. The ITRC is currently conducting its Aftermath study on victims helped by the center in 2014.  Victims who have been assisted by the center are being asked to give their voice to this crime.  The findings will be used to further educate the industry on just what identity theft victims go through when dealing with the crime. Once the study is complete, a whitepaper will be released with the findings, which will be available on the ITRC website. _______________ Identity Theft Resource Center® (ITRC) is a nonprofit, nationally respected organization dedicated exclusively to the understanding of identity theft and related issues. The ITRC provides victim and consumer support, public education, and advisory services to governmental agencies, legislators, law enforcement, and businesses.  Victims may contact the ITRC toll-free at 888-400-5530.

Grand Theater Shooting

Fake charities are popping up requesting “donations” for victims of the tragedy in Lafayette.Fake charities are popping up requesting “donations” for victims of the tragedy in Lafayette. Scam: Grand Theater Shooting Who Is It Targeting: Anyone What Is It: The Louisiana Attorney General has issued a warning about scams revolving around the recent shooting at the Grand Movie Theater in Lafayette, Louisiana.  Individuals are receiving phone calls, emails and social media contacts from fake organizations asking for donations to help the families of the victims of the shooting. The organizations involved in these scams are not legitimate and funds donated will not reach the families or help the victims in any way. What Are They After: Direct payments in the form of “Donations” How Can You Avoid It: You should be very cautious about which organizations you donate to after a major tragedy. If you are contacted by an organization asking for donations, you should research them.  A quick Google search with the name of the organization with the word scam attached should provide you with information.  You may also look at their profile on Guidestar, a website dedicated to help consumers know about the non-profit organizations they support. While an organization’s lack of a profile on Guidestar does not mean they are fraudulent, it may mean that the organization is either new, or has not filed for non-profit status.  If you still have questions about an organization you can contact the Louisiana Attorney General's Office at 1-800-351-4889 or go to the Attorney General's website. _________________ Identity Theft Resource Center® (ITRC) is a nonprofit, nationally respected organization dedicated exclusively to the understanding of identity theft and related issues. The ITRC provides victim and consumer support, public education, and advisory services to governmental agencies, legislators, law enforcement, and businesses.  Victims may contact the ITRC toll-free at 888-400-5530.