At a glance.
- Identity theft from the victim's point of view.
- Robin Sage, call your office.
- Singapore fines travel service for data breach.
- Updates on Newfoundland healthcare system attack.
A case of stolen identity.
What does it feel like to be on the receiving end of identity theft? WeLiveSecurity gives a firsthand account of a German man who had his identity stolen. The scammers used his data to sign mobile phone contracts, television streaming subscriptions, and even insurance agreements. By the time the target was tipped off by a suspicious bill sent to a former address, there were so many unauthorized charges to his bank account that he was forced to close it. Matters were further complicated by the pandemic, which made filing a report with the police difficult, and it was up to the victim to prove to the many companies involved that he’d been the victim of scammers. In the end, all of the charges were reversed, but the story is evidence that victims will never recoup the time and stress such ordeals can cost.
Fake LinkedIn profiles: too real to be true.
Intelligence blogger @hatless1der discovered an operation in which fraudsters are taking advantage of the implicit trustworthiness of professional networking platform LinkedIn. Scammers create profiles that seem aboveboard at first glance by using AI-created photos, a tagline involving consulting or hiring, recognizable employment history, believable endorsements, and a realistic network of connections. The giveaway is that many of the bios use exactly the same, generic, wording. What, exactly, the scammers are after is unclear, but users should be wary of connection requests from unfamiliar accounts.
Singapore administers fine for largest-ever data breach.
The Register reports that the Singapore Personal Data Protection Commission (PDPC) has come to a decision for the largest breach in its history, the 2020 breach of travel booking website RedDoorz that exposed the data of 5.9 million customers. The PDPC has fined RedDoorz operator Commeasure SG$74,000 ($54,456) for “failing to put in place reasonable security arrangements to prevent the unauthorised access and exfiltration of customers' personal data hosted in a cloud database.” RedDoorz is a budget hotel booking aggregator for select Southeast Asian cities, and the breach was the result of an Amazon Web Services access key that was mistakenly labeled as a test key and embedded into an Android application package (APK) available to the public on the Google Play Store. The data exposed included names, contact numbers, email addresses, dates of birth, encrypted account passwords, and booking information, which the thief subsequently put up for a sale on the dark web.
Updates on Newfoundland healthcare system attack.
As we noted recently, the healthcare system of the Canadian province of Newfoundland suffered a cyberattack in late October that disrupted operations and exposed the private data of patients and healthcare workers. As the province struggles to recuperate, a data privacy expert gives his opinion on how the stolen data might be used. St. John's privacy consultant David Morgan told CBC News that identity theft is a likely threat, especially for the impacted healthcare staff: “If you have a social insurance number, date of birth, that's a really good starting point. Somebody's name, middle name, if you throw in a mother's maiden name, that's some really good data on which to start a fake identity.”
Meanwhile, Don Davies, a British Columbia member of parliament and the New Democratic Party’s health critic, is calling out the Canadian Prime Minister Justin Trudeau’s administration for being tight-lipped about the incident. "We've had radio silence from the Trudeau government and from Liberal MPs, and that's extremely concerning given that this is a serious breach of Canadians' personal data," Davies told CBC News. Indeed, Labrador Premier Andrew Furey stated that officials are heeding advice to avoid revealing details about the attack as the investigation is still underway.