This year might be winding down, but identity thieves, hackers, and cybercriminals show no sign of slowing down. In today’s post, we’ll take a closer look at some of the challenges facing state and local governments, as well as one industry’s surge in data breaches.
Let’s get started.
Millions of Microsoft customer records compromised
On January 22, 2019, Microsoft announced a security incident that exposed around 250 million customer service records and support logs. Microsoft says personally identifiable information (PII) was redacted prior to the incident. However, there are a few exceptions — like when data entries contained a non-standard format (e.g. an email address containing spaces).
Still, security experts fear criminals might use victims’ case details from the customer service records and support logs to more successfully perpetrate fraud. For tips on identifying and avoiding Microsoft technical support scams, you can view this article.
Facebook users’ data found on the dark web
On December 14, the personal details of 247 million Facebook users were discovered in a public database. The sensitive data included users’ names, phone numbers, and user IDs — which cybercriminals can decode to reveal a victim’s username and other sensitive profile information.
According to the researchers who discovered the database, the data was accessible for nearly two weeks before Facebook restricted access. They believe it was enough time for hackers to upload its content to at least one dark web forum.
A Facebook spokesperson says the company is actively researching the breach, though the data was likely harvested prior to changes the company made to better protect user information.
This marks the latest in a long line of Facebook incidents involving user data, including the Cambridge Analytica breach, a Facebook API loophole that exposed the personal details of more than 50 million Americans, and the alleged logging of some users’ texts and calls.
Cybercriminals targeting state and local governments
Earlier this year, the state of Louisiana was forced to make two emergency declarations due to widespread cyberattacks causing outages that disabled many government agencies and services. Now, there's been a third incident.
Last week, New Orleans' emergency alert twitter account, "NOLA ready," warned that there had been "suspicious activity" on city networks. The city has activated its Emergency Operations Center and is working with the FBI, Secret Service, and National Guard to investigate. It's unclear how widespread this attack is or which local agencies and services have been affected, but additional tweets from the "NOLA ready" account confirm emergency services and emergency communications have not been affected.
Ransomware attacks on local governments also continue to occur, with evidence of previous attacks this year in Atlanta, Baltimore, Tallahassee, and other major cities. These ransomware attacks often involve cybercriminals using tools to lock computer networks, affect city services, and demand a ransom from state or local governments.
Telcom breaches are on the rise
Earlier this month, a contractor for a major cell phone provider reportedly exposed hundreds of thousands of customers' cell phone bills from multiple cell phone carriers.
Over 261,300 documents, dated as far back as 2015, were held online in cloud storage without password protection, making the contents accessible to anyone online. The bills were stored as part of a promotion to encourage users to switch to a new cell phone service.
The exposed information included account holders’:
- Bank statements
- Cell phone account PINs
What can you do?
For tips on protecting your online privacy, you can download Protecting Your Privacy: Best Practices for Mobile, Social, and Search Settings. If you’re a PrivacyArmor participant, be sure to activate critical features like credit monitoring within your portal.