Friday, June 3, 2011

Data Security Reforms Move Forward

Perhaps there’s a silver lining in the aftermath of the recent cyberattacks on Sony’s PlayStation Network and online marketing firm Epsilon in that lawmakers are working toward data security reform.

Executives from both companies told lawmakers at a Congressional hearing on data security Thursday that they support proposed federal legislation that would require companies to promptly notify consumers if their personal information is stolen or exposed by a data breach.

Previously, Sen. Richard Blumenthal (D-Conn.) had criticized Sony executives in published reports for the "egregious inadequacy" of their efforts to notify customers about the April data breaches.

"When a data breach occurs, it’s essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised."

Recent studies have shown that organizations that are subject to PCI, HIPAA (Health Insurance Portability and Accountability Act) or HITECH (Health Information Technology for Economic and Clinical Health) Act requirements generally have many data protection measures in place.

Big Breaches

Sony's breaches last month as well as one on email marketing powerhouse Epsilon in March jeopardized millions of customers’ personal information, e-mail addresses and passwords.


According to The Huffington Post, hackers have repeatedly targeted Sony over the past several weeks, compromising the personal information of more than 100 million users in what is likely the largest attack of its kind. And even as Sony has attempted to reassure its users and encourage people to return to its services, the company's executives had admitted that risks remain.

"It's a realization that we all had, that no system is 100 percent safe," said Kazuo Hirai, chairman of the board of directors. "This requires constant monitoring and constant vigilance."

Mike Prusinski, Senior Vice President of Corporate Communications for LifeLock identity theft protection, said the issue is much bigger than Sony.

"There have been more than 230 data breaches (in the United States) so far this year," he said. "For every one of Sony, there are probably 10 to 20 others that never get reported at all. Consumers need to understand that information could already be compromised and they would never know about it."

Reducing Your Risk

The following steps have been recommended for Sony victims and can reduce the risk of information being compromised further:

* Change your passwords and secret answers. If you're like most people, you probably use the same password across multiple services. If you’re a victim of the Sony breach and you had the same username and/or password as is on other online accounts, those could be hacked as well.
* Check your online accounts. Login to your other online accounts to check for any suspicious activity.
* Track your financial accounts closely. Watch for mysterious bank or credit card transfers and purchases in the coming weeks. Officials have also recommended canceling the credit card used with the Sony PlayStation service. It’s also a good idea to report the hack to your credit card companies.
* Get a credit report check. The Wall Street Journal explains, "With the sort of data compromised it is possible for criminals to commit identity theft and use your details to open bank accounts, take out mobile phone contracts, and even re-direct your mail." Sony notes that U.S. residents can get a free credit report at www.annualcreditreport.com or call toll-free (877) 322-8228.
* Keep an eye out for scammers. Spammers might hit Facebook, Twitter and email inboxes with phishing and other scams.
* Consider identity theft protection software. Should anyone try to use compromised information, identity theft protection software such as LifeLock can prevent it. LifeLock uses proactive technology and peer-to-peer networks to determine if personal information is being used online, alerts you to the activity and has systems in place to help deal with the aftermath of identity theft should it occur


More @ http://aolproductcentral.aol.com/article/11020?icid=maing-grid7|main5|dl14|sec1_lnk2|67770

No comments: