In one look.
- Identity theft from the victim’s perspective.
- Robin Sage, call your office.
- Singapore fines travel service for data breach.
- Updates on the attack on Newfoundland’s health care system.
A case of identity theft.
How does it feel to be a victim of identity theft? WeLiveSecurity given first-hand testimony from a German who had his identity stolen. The crooks used his data to sign mobile phone contracts, streaming TV subscriptions, and even insurance contracts. By the time the target was alerted with a suspicious invoice sent to an old address, there were so many unauthorized debits to his bank account that he was forced to shut it down. Things were further complicated by the pandemic, which made it difficult to file a report with the police, and it was up to the victim to prove to the many companies involved that she had been the victim of scammers. In the end, all charges were quashed, but history is proof that victims will never recoup the time and stress that such ordeals can cost.
Fake LinkedIn Profiles: Too Real to Be True.
Intelligence Blogger @ hatless1der discovered an operation in which fraudsters take advantage of the implicit reliability of the professional networking platform LinkedIn. Scammers create profiles that appear flawless at first glance using photos created by AI, a slogan involving counseling or hiring, recognizable work history, credible recommendations, and a realistic network of connections. The giveaway is that many bios use the exact same generic wording. It is not clear what exactly crooks are looking for, but users should be wary of login requests from unknown accounts.
Singapore administers a fine for the biggest data breach on record.
The register reports that the Singapore Personal Data Protection Commission (PDPC) has made a ruling for the biggest breach in its history, the 2020 breach by travel booking site RedDoorz that exposed the data of 5.9 million customers. The PDPC fined operator RedDoorz Commeasure SG of $ 74,000 ($ 54,456) for “failing to put in place reasonable security arrangements to prevent unauthorized access and exfiltration of personal data customers hosted in a cloud database ”. RedDoorz is a low-cost hotel booking aggregator for certain cities in Southeast Asia, and the violation was the result of an Amazon Web Services access key that was mistakenly labeled as a test key and integrated into an Android application package (APK) available to the public on the Google Play Store. The data exposed included names, phone numbers, email addresses, dates of birth, encrypted account passwords, and reservation information, which the thief then put up for sale on the dark web.
Updates on the attack on Newfoundland’s health care system.
As we noted recently, the healthcare system in the Canadian province of Newfoundland suffered a cyberattack in late October that disrupted operations and exposed the private data of patients and healthcare workers. As the province struggles to recover, a data privacy expert gives his opinion on how the stolen data could be used. David Morgan, St. John’s Privacy Consultant Recount CBC News that identity theft is a likely threat, especially for affected healthcare workers: “If you have a social insurance number, a date of birth, that’s a great place to start. Someone’s name, their middle name, if you add a mother’s maiden name, that’s really good data to start a fake identity on.
Meanwhile, British Columbia Member of Parliament and New Democratic Party health critic Don Davies denounces the administration of Canadian Prime Minister Justin Trudeau for being quiet about the incident. “We have had radio silence from the Trudeau government and Liberal MPs, and this is extremely concerning given that this is a serious breach of the personal data of Canadians,” Davies Recount CBC News. Indeed, Labrador Premier Andrew Furey said authorities were following advice to avoid revealing details of the attack while the investigation is still ongoing.