Bureaucratic Denial of Service and the OPM Breach

Millions of American citizens received letters over the last two months of 2015, advising them that the US Office of Personnel and Management (OPM) experienced a data breach. Although the US Government realized the breach in June, it took nearly 6 months for the letters’ delivery.  Included in the letter were references to identity theft, as in social security numbers of everyone within the government employee/contractor’s family.  An offer for two years of credit monitoring for all involved softened the blow.

Most experts’ concern centers on the applicants for Top Secret or Special Compartmentalized Information (SCI) sensitive information access, commonly referred to as [...]


Wearing Your Heart on Your Sleeve

A growing number of self-insured employers are tying corporate wellness plans into apps that track their employees’ movements.  Looking for ways to cut the increasing costs associated with providing healthcare plans, these employers are encouraging healthy choices and accountability. Some companies are offering additional health plan choices to employees who participate in such programs.  But in participating, many workers may not realize their personal information may be at risk.


The Wearable Trend

Employees supply their own devices like smart watches, smart glasses and fitness trackers, known in the industry as “enterprise wearables,” which are then linked into an app accessible by the [...]


Fair and Accurate Credit Transactions Act of 2003 (FACTA)

The Fair and Accurate Credit Transactions Act (FACTA), enacted in 2003, amended the existing Fair Credit Reporting Act of 1970 (FCRA). It also included several important provisions to help consumers avoid and respond to identity theft [...]


Canadian Identity Theft Support Centre: A Pioneer in its Field

This article takes a look at the climate of identity theft-related crimes in Canada, a type of crime which is quickly growing and costing Canadians billions of dollars each year. The Canadian Identity Theft Support Center recently opened in March 2012 and hopes to assist victims of identity theft in navigating systems of redress and reclaiming their identity. The Centre was based on a similar organization located in San Diego, California, and currently offers one-to-one assistance through their toll-free number, as well as online toolkits, prevention guides and other [...]


Dimensions of Social Engineering

This article offers a closer look at social engineering attacks, which involve the manipulation of people, instead of technology, to breach an enterprise’s security system. They are considered advanced-persistent attacks and rely on both technical knowledge and ability to manipulate victims’ trust. The article introduces the social engineering attack cycle: 1) information gathering; 2) relationship development; 3) relationship exploitation; and 4) execution of attack. Finally, the article discusses the HBGary case, a recent example of a social engineering attack conducted by the group [...]