For those of you who have downloaded the face editing app FaceApp, please note that the Federal Bureau of Investigation (FBI) has classified FaceApp as a counterintelligence threat because of its Russian origins. According to the FBI, “[T]he FBI considers any mobile application or similar product developed in Russia, such as FaceApp, to be a … Continue Reading
If, like me, you travel a lot, listen up—the Los Angeles District Attorney’s Office has issued an advisory as part of its fraud education campaign warning travelers not to use free USB charging stations offered in airports, hotels and other public places. According to the warning, “juice jacking” occurs when hackers have loaded malware into … Continue Reading
Biometric information is unique to each of us, including our fingerprints, voice, face, iris, and DNA. We can’t replace our biometric data like we can a credit card. If it is compromised, it is compromised forever. It is uber sensitive. Yet, many people give it away without a second thought. Luckily, there are privacy advocates … Continue Reading
Reporter Kashmir Hill from The New York Times (NYT) published an informative piece this week about our secret consumer scores. We all know that retail companies monitor our clicks on their websites, sell our data not protected by law, and aggregate, slice and dice the data so they can target us with ads. But we … Continue Reading
The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information on shared drives by employees who did not have authorization to view the information. According to the audit, sensitive information … Continue Reading
As most of you know, I rarely download an app. However, here’s one I just downloaded and here’s why. The Jumbo Privacy app, available in the App Store, is all about providing consumers with a way to audit their privacy and learn whether and how their information might have been compromised. A cool thing about … Continue Reading
Everyone should be aware that October is National Cybersecurity Awareness Month. TechNewsWorld is urging all users to “Own IT,” which “means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of their data and their online presence as part of daily safe cyber … Continue Reading
WhatsApp has announced that it has patched a vulnerability that would have allowed hackers to access with malware the chat history of users. Android 8.1 and 9 could have been susceptible to the attack. However, WhatsApp is urging all users to update their app. Although WhatsApp says it has patched the vulnerability and does not … Continue Reading
Everyone knows how I feel about those home genetic testing kits—most people don’t understand that when they send their DNA to a private company that it is not protected by HIPAA or any other law, and the company can legally use and disclose it, including selling it to other companies. Understand what companies are doing … Continue Reading
While on a plane this week, I read a great Wall Street Journal (WSJ) article called “How to Keep Your Mobile Banking Safe.” Although I question whether anyone can keep their online bank account completely safe, it was a good article and had some great tips that I want to pass along to those of … Continue Reading
I am not a big fan of putting all of one’s passwords in one place, but many people use password managers. If you use Last Pass (see previous blog posts about Last Pass here and here), be aware that it was recently advised by a Google Project Zero researcher that there was a vulnerability that made … Continue Reading
I haven’t written about digital assets in a while [view related posts] and I was reminded of the importance of putting digital assets into your estate plan this week in a conversation with a colleague. After my experience of serving as the executor of three estates, it became clear to me how important it is … Continue Reading
Spam is invading all aspects of our online life, and of late, even our online calendars. I hadn’t thought about embedded malware in calendar invites until I read an informative krebsonsecurity.com blog article this week. I think this is something everyone should know about and be mindful of when receiving calendar invites. Calendar invites are … Continue Reading
There are a numerous subscription based services available to consumers that allow us to provide our debit or credit card numbers to obtain a subscription for services. Providing a debit or credit card number for these services for an automatic charge means that the company has your number and it can be exposed, putting you … Continue Reading
I have the great pleasure to present annually to doctors who are in their fellowship (which means they are post-med school and continuing their training in a particular specialty) about lawyerly things before they go out into the real world. I have been doing it for years for an old friend of mine who is … Continue Reading
As cryptocurrency becomes more popular with investors, CipherTrace recently issued its Q2 2019 Cryptocurrency Anti-Money Laundering Report, which finds that “[O]utright thefts as well as scams and other misappropriation of funds from cryptocurrency users and exchanges continued apace, netting criminals and fraudsters approximately $4.26 billion in aggregate for 2019.” Yikes—that’s billion with a “b”. The … Continue Reading
I once again had the pleasure of presenting Cybersecurity for Tax Professionals at the IRS Nationwide Tax Forum today. The conference is designed for tax professionals in small- to medium-sized businesses. It is always a lively bunch, but following the afternoon session, a crowd of folks got in line to chat more, and they were … Continue Reading
Many readers have reached out to learn about the Capital One data breach and how it affects us. If you haven’t been watching the story unfold as closely as I have, here is a summary of what happened, what information was included, and what to do about it. Capital One announced on July 29 that … Continue Reading
Fireeye published research last week that it has identified a phishing campaign by APT34, which is known to be a hacking group out of Iran, that all LinkedIn users should be aware of when considering adding a LinkedIn contact. In particular, if you receive a LinkedIn request from someone named Rebecca Watts from Cambridge University, … Continue Reading
The U.S. government continues to be wary of cryptocurrency, and presently, no cryptocurrency exchange is protected by the FDIC. When you put your money in a FDIC-insured bank, if the bank becomes insolvent customers will not lose their deposits, usually up to a maximum of $250,000 per depositor per insured bank. But if you deposit … Continue Reading
Yesterday, I was honored to again have the opportunity to participate as a speaker at the Internal Revenue Service’s Nationwide Tax Forum 2019 in Washington, D.C. Through a generous grant provided by the American Coalition for Taxpayer Rights to the Pell Center of Salve Regina University, we are able to educate small- and medium-sized tax … Continue Reading
In my 25 years in the data privacy and cybersecurity profession, this is the first time that I believe a medical device has been recalled because of a cybersecurity risk. This week, Medtronic recalled its 508 Insulin pumps because of cybersecurity vulnerabilities. The FDA urged the recall, saying in a notice: “The FDA is concerned … Continue Reading
Part of the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (which amended the Fair Credit Reporting Act) included a provision requiring credit reporting agencies (CRAs) to provide free electronic credit monitoring services to active duty military personnel. CRAs are required by law to notify active duty military consumers about any “material” additions or … Continue Reading
If you use Evite for e-invitations or social planning purposes, be aware that it announced last week that the account information for up to 10 million users has been compromised and is for sale on the Dark Web. According to Evite, the information compromised included users’ names, usernames, passwords, dates of birth, telephone numbers, mailing … Continue Reading
