Category Archives: The Coming Storm

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Posted on by

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court. And now she’s celebrating a small but symbolic victory after a small claims court awarded her $600 in damages stemming from the 2017 breach. Continue reading Librarian Sues Equifax Over 2017 Data Breach, Wins $600

FBI: Kindly Reboot Your Router Now, Please

Posted on by

The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to r… Continue reading FBI: Kindly Reboot Your Router Now, Please

Why Is Your Location Data No Longer Private?

Posted on by

The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details. In the wake of … Continue reading Why Is Your Location Data No Longer Private?

Mobile Giants: Please Don’t Share the Where

Posted on by

Your mobile phone is giving away your approximate location all day long. This isn’t exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your lo… Continue reading Mobile Giants: Please Don’t Share the Where

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

Posted on by

T-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber’s account in an elaborate scheme to steal the customer’s three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken steps recommended by the mobile carrier to help minimize the risks of account takeover. Here’s what happened, and some tips on how you can protect yourself from a similar fate. Continue reading T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers in Real Time Via Its Web Site

Posted on by

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards. Continue reading Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers in Real Time Via Its Web Site

Security Trade-Offs in the New EU Privacy Law

Posted on by

On two occasions this past year I’ve published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it. Continue reading Security Trade-Offs in the New EU Privacy Law

Secret Service Warns of Chip Card Scheme

Posted on by

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account. Continue reading Secret Service Warns of Chip Card Scheme

San Diego Sues Experian Over ID Theft Service

Posted on by

The City of San Diego, Calif. is suing big three consumer credit bureau Experian, alleging that a data breach first reported by KrebsOnSecurity in 2013 affected more than a quarter-million people in San Diego but that Experian never alerted affected consumers as required under California law.

The lawsuit, filed by San Diego city attorney Mara Elliott, concerns a data breach at an Experian subsidiary that lasted for nine months ending in 2013. As first reported here in October 2013, a Vietnamese man named Hieu Minh Ngo ran an identity theft service online and gained access to sensitive consumer data held by Experian’s subsidiary by posing as a licensed private investigator. Continue reading San Diego Sues Experian Over ID Theft Service

Survey: Americans Spent $1.4B on Credit Freeze Fees in Wake of Equifax Breach

Posted on by

Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state.

The figures, commissioned by small business loan provider Fundera and conducted by Wakefield Research, surveyed some 1,000 adults in the U.S. Respondents were asked to self-report how much they spent on the freezes; 32 percent said the freezes cost them $10 or less, but 38 percent said the total cost was $30 or more. The average cost to consumers who froze their credit after the Equifax breach was $23.

A credit freeze blocks potential creditors from being able to view or “pull” your credit file, making it far more difficult for identity thieves to apply for new lines of credit in your name. Continue reading Survey: Americans Spent $1.4B on Credit Freeze Fees in Wake of Equifax Breach