Online security has come a long way in recent years, but so have phishing attacks. As the Epsilon e-mail breach proves, fraudsters are honing their attacks through the acquisition detailed e-mail profiles and sensitive information connections, says ID security expert Tim Rohrbaugh.
"The phishing only works if the consumer participates; they have to click on something; they have to open something," says Neal O'Farrell of the Identity Theft Council. "So, based on that assumption, shouldn't we be doing more to educate them?"
Gigi Hyland of the NCUA says the latest draft of online authentication guidance is awaiting final signoff from just one FFIEC member agency. And Verizon's new data breach report finds that compromised records resulting from data breaches dropped dramatically in 2010, but the number of breaches continues to grow.
Key questions: What impact - if any - will the recent RSA and Epsilon data breaches have on the FFIEC's pending authentication update? And when will this long-awaited banking guidance finally be released?
The latest Verizon Data Breach Investigations Report is out, and the good news is: The number of compromised records is down. The troubling news is: The number of breaches is up. Bryan Sartin, one of the report authors, explains why.
As details about the Epsilon e-mail breach unfold, the list of affected companies grows, including major banks and merchants. Here is the latest list of the companies known to have been impacted by the incident.
The Social Security Administration sold the information in a database of deceased individuals that erroneous contained the Social Security numbers, dates of birth, full names and ZIP codes of living people, the inspector general reports.
Experts say banks and retailers are doing all they can to control concerns in the aftermath of the Epsilon e-mail breach, and a well-crafted e-mail fooled an RSA employee into opening a phish that led to a sophisticated attack on the company's information systems.
When it comes to e-marketing and the reliance on third parties such as Epsilon, Nicolas Christin of Carnegie Mellon University says banks and merchants should "come clean" about the information they share with outside entities.
Communicating with customers about the incident and warning them not to click links in phishing e-mails are all these impacted institutions and companies really can do, says Jeremiah Grossman, chief technology officer of WhiteHat Security.
Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.