At a glance.
- Dead tree data breach.
- Indian telco reacts to reports of data breach.
- DriveSure client data exposure.
- US Federal Trade Commission advocates awareness of identity theft risk.
Vermont labor department accidentally discloses data on 1099 forms.
A printing error has led to a massive data exposure at the Vermont Department of Labor, VTDigger reports. Approximately 180,000 1099 tax forms bearing the private information of other individuals were mailed to recipients. Though Labor Commissioner Michael Harrington said he believes the mistake is likely restricted to forms connected with the department’s lost wage assistance and short-term supplemental benefits programs, they will reissue all of the forms to be on the safe side. This is the second time recently the labor department has accidentally compromised private data, as last March they sent unemployment claims bearing the wrong social security numbers to area employers, and then nearly exceeded the legal notification time in informing the impacted parties. Determined not to make that mistake again, Harrington contacted reporters the same day that this 1099 issue was detected.
Bharti Airtel denies apparent hack.
Hackers have exposed the data of approximately 2.5 million customers of Indian telecommunications giant Bharti Airtel, the Business Standard reports. After discovering the leaked data published online by the hacking group Red Rabbit Team, researcher Rajshekhar Rajaharia shared the database (in masked form) on Twitter, along with a video of an interview he conducted with the hackers in which they take responsibility for the breach and state that the published data represented just a fraction of what they acquired. They also state that they informed Bharti Airtel of the breach and demanded a ransom back in December, but Bharti Airtel continues to deny that a breach ever occurred. A company spokesperson stated, "The claims made by this group reveal glaring inaccuracies and a large proportion of the data records do not even belong to Airtel."
DriveSure Client Data Exposed.
Researchers at Risk Based Security have discovered a hacker has published stolen data from car dealership service provider DriveSure on the dark web. The company, based in the US state of Illinois, supports dealership training and retention programs and as a result handles a great deal of personal data belonging to its clients’ customers and employees. The leaked information included automobile VIN numbers and service records, text and email messages, and over 93,000 hashed passwords. Of particular interest was an SQL database containing over 3 million email addresses, many of which were linked to government accounts or associated with organizations on the S&P 100.
Identity Theft Awareness Week with the FTC.
The US Federal Trade Commission (FTC) announced it is hosting a series of free events in recognition of Identity Theft Awareness Week (February 1 - 5) in which the head of the FTC’s Identity Theft Program will partner with the Identity Theft Resource Center to discuss how the pandemic has impacted identity theft. As the need for government support has increased for those experiencing financial hardship during the pandemic, cybercriminals have been targeting individuals or organizations in an attempt to steal government benefits like unemployment claims, government-sponsored loan programs, and stimulus checks. In 2020 the FTC saw 394,280 reports of benefits fraud, a massive increase over the 12,900 reports received in 2019.
Stephen Maloney, executive vice president and chief revenue officer at Acuant, commented on the situation with respect to identity theft the FTC is addressing:
“The FTC found the number of identity theft reports has doubled during 2020 when compared to 2019. This is largely due to the influx of new ways for fraudsters to game systems related to the COVID-19 pandemic. The surge to digital transactions for businesses, healthcare and governments created new targets for cyber criminals.
"With COVID-driven unemployment claims, criminals may be taking advantage of non-existent or outdated identity verification systems, such as knowledge based authentication or social security numbers, using real and synthetic identities to steal what could be billions of dollars’ worth of unemployment benefits.
"Financial elder abuse – when someone illegally or improperly uses a vulnerable senior’s money or other property – has also seen an uptick of 30-40% since the start of the pandemic. In many cases, this is the result of doctoring identity documents or using manipulated verification photos to beat an online identification process.
"There’s little doubt that fraudulent and criminal activities will increase as we continue to rapidly shift to digital and remote transactions. The key is utilizing forward thinking technology to stay ahead of fraudsters. This involves the ability to quickly adapt, utilizing AI for more holistic views of identities and employing solutions that are accessible to all demographics.”