Welcome To McDonalds, May I Take Your Data?

Welcome To McDonalds, May I Take Your Data?

I am certain that we have all heard those words, at least almost those words, which are usually muffled with a sound quality so poor that it basically sounds like the person on the other end of the headset and behind window number one, is eating a Big Mac and stuffing a “make it a meal” sized fries in their mouth all the while making change for the person who is already at their window, and then directing them to the next window to pick up their order, while still taking your order, while they are also talking to the other food handler who is handing them a chocolate shake topped with whip cream and a cherry, along with a crispy snack wrap and Caesar Salad, so that they may pass it to a pretty young lady who is sitting in her car anxiously awaiting to have lunch with her boyfriend on a sunny Saturday afternoon down by the water!

Whew! Good thing that they are as attentive to you as they always get your order right and give you the correct change, too! They don’t…really? You’ve received correct change, though, right? No? Well if you are concerned about correct change, then just give them your debit or credit card instead…that should ease your mind a little! NOT!

Back in December of 2010, McDonalds had a “family-sized” cyber-data breach (like so many other reputable companies lately) and sent out a warning to their customers who signed up for promotions, or registered at any of its online sites, that their e-mail addresses had been compromised by an unauthorized third party. McDonalds stated that the customer name, postal address, phone number, and information about promotional preferences may also have been exposed, the company said in an FAQ on its Web site. Social Security numbers were not included in the database, the company said.

However, a short time later it was revealed that in addition to e-mail addresses, other information may have also been exposed such as birth date, and gender, which could pose a serious security threat to those affected. When the breach first occurred, it was announced that the data was managed by an “unnamed company” hired by its marketing partner, Arc Worldwide. However, a short time later the company was revealed to be Silverpop according to a ChicagoBusiness.com report, which quotes an FBI spokesman as saying that “Silverpop has more than 100 customers and that the attack appears to have come from overseas.”

Furthermore, an artist community web site called DeviantArt sent an e-mail to its users saying that user names and birth dates, along with e-mail addresses, may also have been involved in a spam-related breach and its marketing e-mail provider was also Silverpop. “Because we value the information that members give us, we have decided not to rely on the services of Silverpop in the future and their servers will no longer hold any data from us,” the e-mail said.

When asked for a comment, a Silverpop spokeswoman declined to identify any of its clients by name or say how many customers were affected by the compromise other than to say it was a “small percentage.” “It appears Silverpop was among several technology providers targeted as part of a broader cyber-attack,” Silverpop said in a statement. The spokeswoman would not elaborate, but a blog post by Silverpop Chief Executive Bill Nussey eventually suggested that the company wants to make it clear that “…they are not the only company that has suffered a breach.” It goes on to say, “The media has recently been covering the security disclosures of several large brands,” Nussey wrote. “It is important to clarify that several of these large brands have never been Silverpop customers. I’m hopeful it is clear that the disclosed attacks cover multiple companies in our space and we, as an industry, need to work together to protect the security of all of our customers.” Gee… that statement makes me feel SO much better!

Lately, it seems like all we hear about are cyber-attacks and data breaches, including one right around the same time as the McDonalds breach, involving 1.3 million user accounts at a blog empire and a very popular pharmaceutical chain: Walgreens.

Their data breach exposed customer e-mail addresses, but a spokesman said that “he was confident that the incident was not related to any other public breaches, despite the fact that the company had a contract for promotional services with Arc Worldwide as of last year.” It was also indicated in the statement that the Walgreens attack was unrelated to Arc Worldwide or Silverpop, according to a Walgreens spokesman, Michael Polzin. Although Mr. Polzin declined to say how many customers were affected, or how the e-mail addresses were compromised in the first place, he did state that only e-mail addresses were exposed. Walgreens then warned their customers in an e-mail on Friday that they might be targeted by phishing e-mails disguised to appear as though they originated from the Walgreens. The scam then requests additional information, such as credit card numbers, etc. Polzin did say that the company was working with the FBI on the investigation.

Also around that time there was a data breach of the Gawker blogging sites, in which the bad guys identified themselves as “Gnosis”, and obtained access to the company’s web site and back-end database. They then went on to post user names, passwords, e-mail addresses, and other sensitive Gawker communications to The Pirate Bay Bit Torrent site.

What makes these types of cyber-breaches even more complicated, is that because there are so many unsuspecting potential victims out there simply because they use the same password on multiple accounts, the breach puts those users’ accounts on other sites at risk of an additional hijack, and then those sites share the breach with other sites, and so on and so forth. After the Gawker breach, Twitter accounts were found to be used to send spam. To prevent any similar problems from happening, some sites such as LinkedIn, disabled passwords of users whose e-mail addresses were also used on Gawker, and Yahoo reportedly asked users to reset passwords, but did not say it was related to Gawker.

So how does the average, internet surfing, debit card swiping, EBay purchasing, average person like us, or a business that collects this type of sensitive information, help to prevent cyber bullying thieves from stealing the Private Identifiable Information, also known as: PII? (Per Wikipedia: “Personally identifiable information” (PII), as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. The abbreviation PII is widely accepted in the US context, but the phrase it abbreviates has four common variants based on personal /personally, and identifiable / identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used. In other countries with privacy protection laws derived from the OECD privacy principles, the term used is more often “personal information”, which may be somewhat broader).

According to McAfee, the following are some steps that you can take in order to prevent cyber theft. Although these points may sound obvious, or even elementary, it really boils down to the fact that sometimes we forget, and/or take for granted technology, and forget to do the basics in order to protect ourselves.

Top 10 Steps To Help Stop Cybercrime

You’ve probably heard the adage “information is power,” and that is certainly true when it comes to cybercrime. Access to your personal information is what gives hackers the power to tap into your accounts and steal your money or your identity. But the right information can also empower you to protect yourself from being caught up in the thriving industry that is cybercrime. With that in mind, here is our Top 10 list of steps you can take to avoid becoming a victim of cybercrime.

1) Education – Hackers aren’t the only ones who can gain power from information. By educating yourself about the types of scams that exist on the Internet and how to avert them, you are putting yourself one step ahead of the cybercriminals. Since phishing is prevalent, read up on the latest phishing scams and learn how to recognize a phishing attempt. Remember, phishing is when hackers attempt to lure you into revealing personal information by pretending to be a legitimate organization or person. These scams often play off major new stories, so keep informed on the latest news-related scams.

2) Use a firewall – Firewalls monitor traffic between your computer or network and the Internet and serve as a great first line of defense when it comes to keeping intruders out. Make sure to use the firewall that comes with your security software. And if you have a home wireless network, enable the firewall that comes with your router.

3) Click with caution – When you’re checking your email or chatting over instant messenger (IM), be careful not to click on any links in messages from people you don’t know. The link could take you to a fake website that asks for your private information, such as user names and passwords, or it could download malware onto your computer. Even if the message is from someone you know, be cautious. Some viruses replicate and spread through email, so look for information that indicates that the message is legitimate.

4) Practice safe surfing – When navigating the web, you need to take precautions to avoid phony websites that ask for your personal information and pages that contain malware. Use a search engine to help you navigate to the correct web address since it will correct misspellings. That way, you won’t wind up on a fake page at a commonly misspelled address. (Creating a phony site at an address similar to the real site is called “typosquatting,” and it is a fairly common scam.) You may also want to use a product like McAfee® SiteAdvisor® software to help you navigate. SiteAdvisor software is a free browser tool that tells you if a site is safe or not right in your search results, so you are warned before you click.

5) Practice safe shopping – In addition to practicing safe surfing, you also need to be careful where you shop online. Be cautious when shopping at a site that you’ve never visited before and do a little investigation before you enter your payment information. Look for a trustmark, such as McAfee SECURE™, to tell you if a site is safe. And when you’re on a payment page, look for the lock symbol in your browser, indicating that the site uses encryption, or scrambling, to keep your information safe. Click on the icon to make sure that the security certificate pertains to the site you are on. You also want to look at the address bar to see if the site starts with “https://” instead of http:// because this is another way to see if the site uses encryption. When it comes time to pay, use a credit card instead of a debit card. If the site turns out to be fraudulent your credit card issuer may reimburse you for the charges, but with a debit card your money is gone. Finally, evaluate the site’s security and privacy policies in regards to your personal data.

6) Use comprehensive security software and keep your system updated – Because hackers have a wide variety of ways to access your system and information, you need comprehensive security software that can protect you from all angles. Software like McAfee® SecurityCenter, available preloaded on Dell™ PCs, can help protect you from malware, phishing, spyware, and other common and emerging threats. Just make sure that you keep your security software up to date by selecting the automatic update function on your security control panel. And don’t forget to perform regular scans. You also want to update your operating system (OS) and browser with the latest security patches. If you are a Microsoft Windows user, you can enable automatic updates to keep your OS safe.

7) Secure your wireless network – Hackers can access data while it’s in transit on an unsecured wireless network. You can keep the hackers out by enabling the firewall on your router and changing the router’s administrator password. Cybercriminals often know the default passwords and they can use them to hack into your network. You may also want to set up your router so it only allows access to people with passwords that are encrypted. Check your owner’s manual for instructions on setting up encryption.

8) Use strong passwords – Although it may be easier for you to remember short passwords that reference your birthday, middle name, or pet’s name, these kinds of passwords also make it easy for hackers. Strong passwords can go a long way in helping secure your information, so choose a password that is at least 10 characters long and consists of a combination of letters, numbers and special characters. Also consider changing your password periodically to reduce the likelihood of it being compromised.

9) Use common sense – Despite the warnings, cybercrime is increasing, fueled by common mistakes people make such as responding to spam and downloading attachments from people they don’t know. So, use common sense whenever you’re on the Internet. Never post personal information online or share sensitive information such as your social security number and credit card number. Exercise caution when clicking on any links or downloading any programs.

10) Be suspicious – Even if you consider yourself cyber savvy, you still need to keep your guard up for any new tricks and be proactive about your safety. Backup your data regularly in case anything goes wrong, and monitor your accounts and credit reports to make sure that a hacker has not stolen your information or identity. Although protecting yourself does take some effort, remember that there are a lot of resources and tools to help you. And by adopting a few precautions and best practices, you can help keep cybercrime from growing.

In addition, please visit the Federal Trade Commission website: http://business. ftc.gov/privacy-and-security where you will find a number of ways to prevent cyber theft and to protect your own PII, including the online brochure, “Protecting PERSONAL INFORMATION: A Guide for Business”.

So, next time you drive up to a fast food window, or swipe your card at a department store, just remember one thing: Be aware!

Well, April marks my sixth year anniversary as a columnist for The Insurance Advocate. I still remember the first time Steve Acunto asked me to submit an article; and I thought he was nuts! Steve and I were having breakfast in a little café in Grand Central Station in New York on St. Patrick’s Day in 2008. I was marching in the parade that day with my kids’ high school marching band, as I was representing the Longwood Central School District Board of Education in support of the band. I remember walking up 5th Avenue that afternoon, waving to all the people who were watching the parade, kissing babies and their mommies, while I wondered what in the world I would ever write about! A week later I wrote my first piece, while sitting by the pool at the Marriott in Orlando, FL, about six o’clock in the morning.

Well, six years later and probably about 150 articles into it, I am enjoying this gig more now than I ever did…and I STILL wonder what in the world am I ever going to write about every time I reach a deadline and get that exciting call from Gina at the magazine, asking me “Loguercio, where is my article?!?!”

To all our readers and especially those who enjoy reading my column, thank you for bringing me into your home or business twice a month and I hope that you enjoy reading my column as much as I enjoy bringing it to you!

Until next time, Ciao for now!