Social Security Administration

Senate investigation finds agencies ‘unprepared’ to protect Americans’ data

Posted on June 25, 2019 by Sean Lyngaas

Federal agencies are “failing to implement basic cybersecurity standards” needed to protect Americans’ personal data and keep the nation’s secrets safe from hackers, a Senate investigation has concluded. The report, which drew on 10 years’ worth of inspector general reports at eight agencies, paints a picture of persistent neglect of standard network defense measures. It comes more than four years after the breach of the Office of Personnel Management, in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees. Lessons from that sweeping compromise of American security clearances still haven’t been heeded, according to the report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. “Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyberthreats of today,” laments the report, which covered the departments of Agriculture, Education, Health and Human Services, Homeland […]

The post Senate investigation finds agencies ‘unprepared’ to protect Americans’ data appeared first on CyberScoop.

Continue reading Senate investigation finds agencies ‘unprepared’ to protect Americans’ data→

FTC says taxpayer voice phishing scams are up nearly 20x

Posted on March 11, 2019 by Lisa Vaas

The real Social Security people will never call to threaten your benefits or tell you to wire money, send cash, or put money on gift cards. Continue reading FTC says taxpayer voice phishing scams are up nearly 20x→

Registered at SSA.GOV? Good for You, But Keep Your Guard Up

Posted on January 26, 2018 by BrianKrebs

KrebsOnSecurity has long warned readers to plant your own flag at the my Social Security online portal of the U.S. Social Security Administration (SSA) — even if you are not yet drawing benefits from the agency — because identity thieves have been registering accounts in peoples’ names and siphoning retirement and/or disability funds. This is the story of a Midwest couple that took all the right precautions and still got hit by ID thieves who impersonated them to the SSA directly over the phone.
In mid-December 2017 this author heard from Ed Eckenstein, a longtime reader in Oklahoma whose wife Ruth had just received a snail mail letter from the SSA about successfully applying to withdraw benefits. The letter confirmed she’d requested a one-time transfer of more than $11,000 from her SSA account. The couple said they were perplexed because both previously had taken my advice and registered accounts with MySocialSecurity, even though Ruth had not yet chosen to start receiving SSA benefits. Continue reading Registered at SSA.GOV? Good for You, But Keep Your Guard Up→

The Limits of SMS for 2-Factor Authentication

Posted on September 8, 2016 by BrianKrebs

A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code. Continue reading The Limits of SMS for 2-Factor Authentication→