Posts

If you follow tech news, you may still get shivers up your spine from the buzz surrounding one of the most dangerous ransomware attacks in recent history. The May 2017 WannaCry attack made headlines for months due to the high volume of victims and the high-profile companies who were targeted. Within a short time, this self-replicating cryptoworm had infected more than 300,000 computers, locking up their systems and demanding payment from the victims in the form of Bitcoin.

As with all headlines, though, the story can fade fast when other news takes its place. And just like most other news stories, that doesn’t mean this one is gone just because people aren’t talking about it.

In fact, antivirus and security suite developer Kaspersky Lab issued recent findings that more than 75,000 new cases of WannaCry infections were discovered between July and September of 2018. Yes, only a couple of months ago, new victims were suffering from a well-known form of ransomware and having to decide whether or not to pay the criminals in order to regain access to their computers.

One of the major issues surrounding WannaCry is that a patch was available for it even before the initial attack. Consumers and businesses who were using older computers or older operating systems may have been more vulnerable, along with individuals who haven’t been installing recommended updates regularly.

Another issue some victims faced was not having a strong, up-to-date security suite with antivirus and anti-malware protection. A number of large-scale data breaches have been traced back to inadequate protection for a computer or network, and in some cases, the original victim was not the major corporation who was ultimately the target.

One of the best courses of action against WannaCry or any other form of ransomware is to create scheduled, automatic backups of all your files. These backups can be stored in a cloud-based subscription or an external storage device, and they’ll mean you can still access all of your files if someone targets your system. Paying the ransom might be cheaper than a new computer—the typical WannaCry ransom was $300, but other ransomware attacks have demanded more—but there’s no guarantee the hackers will release your files upon payment. That money can be put towards newer equipment instead of lining a cyberthief’s pockets.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

The term “data breach” serves as a catch-all word for any kind of event in which someone entrusted with information—usually for large groups of people, like one’s customers or patients—allows that information to be exposed. While some data breaches are the work of highly-skilled hackers who can access a billion email accounts at once, others could be something as simple as an electrician leaving his work phone behind on a job site, possibly exposing customers’ info.

However, no matter how it happened, who was at fault, or what information was exposed, all data breaches are serious. They carry the potential for someone to misuse information or harm others.

A recently reported data breach of the United States Postal System’s website appears to be accidental, but since about 60 million users’ information were exposed for at least a year, there’s no telling what damage could have occurred…or has already occurred.

This breach involves the website’s API, or “application program interface.” API is computer lingo for the set of parameters that help legitimate users interact with a website. The API was connected to the USPS “Informed Visibility Mail Tracking & Reporting” service, a mail tracking preview program, where the weakness was found. Unfortunately, by exploiting any security holes found in the tracking service, hackers can interact with the API, too.

Here’s what security researchers found: the USPS website was accidentally left “unlocked,” meaning anyone with an account could change the search parameters and find other users’ accounts and information. They could even make changes to those accounts in some cases.

Think of it like this example: pretend you went to a major retailer’s website to look up a pair of socks you ordered two years ago. You go to your order history, type in your name and zip code, and then your order history appears. Now pretend that you could simply change the zip code or the last name, or your city or street address. What would you do if all of the information for every person in your zip code, last name, city, or street address appeared? What if it showed you every single item those people had ever ordered?

That’s similar to what happened here, and there are a few unfortunate issues with this breach. First, the information was never secured in the first place. It was only a matter of time before someone decided to test out different data points. Also, the USPS was supposedly informed of this website problem a year ago. Recently, the person who informed them then contacted Krebs on Security to report that the matter had still not been resolved, and Brian Krebs reached out to the postal service. After he contacted them, the USPS patched the problem and made it stop.

This certainly isn’t the first time a government agency has suffered a data breach. The Office of Personnel Management, reported in June 2015, and the US State Department, reported in September 2018, for example, have both endured exposures of users’ sensitive information. However, that doesn’t make the issue any easier for the consumers who now need to monitor their USPS accounts and make sure that nothing out of the ordinary has taken place.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert