April 23, 2014

Are Businesses Liable For Fraud Resulting From The Heartbleed Bug?

butterfly-1427284-m.jpgMost people by now have heard of the Heartbleed bug. It's the programming flaw in one of the most common encryption methods on the internet: OpenSSL. It makes what should be secure websites, and the personal information they contain, vulnerable to hackers. It is more important, though, than just another internet threat. Every business should consider whether it can be liable for depending on the vulnerable encryption software in the first place. This is especially important in light of the Federal Trade Commission's efforts to ensure that businesses take reasonable precautions to protect their customers' digital data.

The same day the Heartbleed bug was announced, April 7, 2014, Federal District Court Judge Esther Salas, upheld the Federal Trade Commission's right to police corporate cybersecurity practices. As we previously mentioned, the court denied Wyndham Worldwide Corp.'s motion to dismiss a suit the FTC brought against it which arose out of three separate alleged hacking incidents that occurred over a two year period.

According to a story by Matt Egan published on April 8, 2014 in Fox Business.com, the FTC sued Wyndham Worldwide Corp. and three subsidiaries, alleging that Wyndham, unreasonably and unnecessarily, exposed consumers' personal data to unauthorized access and theft that resulted in hundreds of thousands of customers having their payment card account information exported to a domain registered in Russia and a fraud loss of more than $10 million. The suit reportedly alleged that, among other things, Wyndham:

  • Failed to use readily available security measures like firewalls;

  • Allowed software to be configured inappropriately;

  • Failed to ensure hotels implemented adequate information security policies;

  • Failed to remedy known security vulnerabilities.

[Emphasis supplied]

What makes the ruling especially relevant to the Heartbleed bug is the way that the encryption software the bug affects is developed and maintained.

Continue reading "Are Businesses Liable For Fraud Resulting From The Heartbleed Bug? " »

April 21, 2014

Reasonable Precautions in Cybersecurity: How Vulnerable Businesses Really Are

illustration-card-1441198-m.jpgJust in case anyone thinks that cybersecurity is nothing more than an esoteric exercise for computer geeks and technicians, of no importance to the average person or business, the Heartbleed bug has come along to show us all how wrong that is. It was only just discovered two weeks ago and its impact was felt around the world almost immediately.

According to an article in the April 9, 2014 Daily Mail, the Heartbleed bug bypasses the normal safety features of websites. It can affect many of those sites that you might have noticed, which begin with an "https://" in front of their internet address, and which often appear with the symbol of a lock, both of which are supposed to mean they are safe. The bug, though, makes them vulnerable. It reportedly could affect more than 500,000 websites

The bug reportedly allows hackers to bypass normal encryption safety measures to get at encrypted information, including the most profitable types such as credit card numbers, user names, and passwords. The unauthorized user can even obtain the digital keys to impersonate other servers or users and eavesdrop on communications.

It's not considered malicious software or malware because it is more of programing flaw; but that really is not important. What is important is that the flaw, and the vulnerability, went undetected for more than two years until it recently was discovered, independently, by researchers at Google and the Finnish company Codenomicon. A fix is possible, and reportedly fairly easily applied. The problem seems to be that the fix has to be manually applied by the people who run each individual site. That, unfortunately, will take time.

Continue reading "Reasonable Precautions in Cybersecurity: How Vulnerable Businesses Really Are " »

April 9, 2014

Recent Developments In Cybersecurity: What The Federal Trade Commission, Encryption Schemes, and Creative Thinking Have to Do With Your Business

classified-1432995-m.jpgThere are a few recent developments in the field of cybersecurity that businesses, individuals, and fraud investigators alike should take note of. One is a recent case which, if followed, could expand a business' liability for security breaches and the others are new tools businesses possibly could use to protect against that same liability.

Digital information, including how to protect it and prevent fraud, is always a fascinating topic. New advances in digital security go hand in hand with ingenuous ways to steal digital information. It is fun to follow, in the same way it is fun to watch Wile E. Coyote chase the Roadrunner: the chase never really ends, they always come back for more, and they use bigger and better gadgets every time.

Cybersecurity, though, is more than just a fun-read. It has real-world implications. According to a report published in the Wall Street Journal, Federal District Court Judge Esther Salas, on Monday, April 7, 2014, upheld the Federal Trade Commission's right to police corporate cybersecurity practices to ensure businesses take reasonable precautions to safeguard their customers' data. The FTC reportedly sued Wyndham Worldwide Corp. and three subsidiaries, in 2012, after hackers broke into the company's corporate computer system and the systems at several individual hotels, between 2008 and early 2010, and allegedly stole credit and debit card information from hundreds of thousands of customers. The FTC alleged that Wyndham did not take reasonable measures to protect its customers' information from theft. It cited what it alleged were wrongly configured software, weak passwords and insecure computer servers. Wyndham argued that the FTC did not have the statutory authority to police corporate cybersecurity. The FTC argued that its authority came from its 100 year old statutory power to protect consumers from businesses that engage in unfair or deceptive trade practices. There was no finding of liability, but the court reportedly upheld the FTC's right to bring the suit. The lawsuit reportedly seeks to have the court order Wyndham to improve its security measures and fix whatever harm its customers suffered.

With the possibility of federal enforcement of what amounts to a "reasonable-precautions" cybersecurity standard, businesses, not just fraud investigators, should pay attention to the potential tools at their disposal to protect their clients' information.

The technological advances in keeping things secret are ingenuous. Much like the mythical jackalope, or my favorite, the basselope, they use things that do not seem to have anything to do with each other, to come up with something better: A more effective lock and key to turn away prying eyes from private information they should not see.

Continue reading "Recent Developments In Cybersecurity: What The Federal Trade Commission, Encryption Schemes, and Creative Thinking Have to Do With Your Business" »

April 1, 2014

How To Vacate A Default Judgement In New York: Start At The Beginning

cd-box-1428586-m.jpg How to vacate a default judgement in New York is something every potential litigant should know. It is a topic filled with cautionary tales of second chances, heartache and redemption, as we have talked about in the past. It also demonstrates the importance of thinking outside the box when you try to solve an otherwise intractable problem.

Normally, when a Defendant comes to you for help vacating a default, he is in a state of panic; the only question is how much. Bad things can happen if the default stands; a defendant might have to pay a judgement on a claim that it could have been able to defeat on the merits. There are ways to ameliorate the damage; but the best course is to avoid a default if possible.

Sometimes, the best way to fix a problem is to view it with an open mind and approach it without any preconceived notions. Sometimes the best way to change the end result is to go back to the beginning. Vacating a default judgement is no different. Sometimes the best way to vacate a default judgement is to determine when exactly the Defendant's deadline to answer was, and determine how much he missed it by, if he really missed it at all.

When someone, whether a business or a person, is sued, when does it have to answer the complaint or take some other sort of action to make sure it can defend itself, in court, on the merits? In New York, the answer is, as most answers seem to be, dependent on the circumstances: the method of service or how the Defendant receives the summons and complaint; the court in which it is sued; where the Defendant is when it receives the service of process; and how many copies of the summons and complaint it ultimately receives. Maybe the most surprising of all is that in New York, a Defendant's deadline to answer can depend upon what the Plaintiff does after it serves the summons and complaint on the Defendant.

Continue reading "How To Vacate A Default Judgement In New York: Start At The Beginning" »

March 26, 2014

Adverse Possession in New York: When Do The New Rules Apply?

abstract-circles-and-lines-shape-1187591-m.jpgDisputes involving adverse possession of property, or boundary line disputes, in New York always are contentious. As we have previously written, most people take umbrage when someone tries to take their property; property that they paid for, pay taxes on, and have a deed that says belongs to them. Similarly, most people who claim title to land through adverse possession truly believe it belongs to them and only bring claim to it when they find out someone else actually holds legal title to it.

Adverse Possession law in New York has been so contentious that major changes were enacted to it in 2008. Those changes generally make it harder for someone to obtain title to the land through adverse possession. They reflect the belief that obtaining title to land through adverse possession generally is not favored; in many ways it is not fair or equitable. The problem is that the change in the law complicated the issue. Does the new law apply to claims brought after the law was changed, just because they were brought, i.e., an action was commenced in court, after the law was changed? As with all good legal questions, there is a very definitive, straightforward answer, which just happens to be good for business: It depends.

What law applies depends on when the adverse possessor claims he gained title to the disputed property. For anyone who alleges that their claim to title vested prior to 2008, when the Real Property Actions and Proceedings Law ยงยง 501, 522, and 543, were amended, the law as it existed prior to 2008 applies to their claim. See Shilkoff v. Longhitano, 94 A.D.3d 974, 943 N.Y.S.2d 144, 145 (2nd Dept. 2012); Asher v. Borenstein, 76 A.D.3d 984, 986, 908 N.Y.S.2d 90, 92 (2nd Dept. 2010).

The Second Department stated the applicable rule, and the reasoning behind it, in Hogan v. Kelly, 86 A.D.3d 590, 591-92, 927 N.Y.S.2d 157, 158-59 (2nd Dept. 2011):

Continue reading "Adverse Possession in New York: When Do The New Rules Apply?" »

March 14, 2014

How Do You Know What To Look For In A Fraud Investigation? Utilize The Right Tools And The Right People

cosmos-lighting-1-1024026-m.jpgInsurance fraud, how it's committed and how it's solved, always is an interesting topic. It's like a crime drama. Whether it's Castle, The Mentalist, or NCIS, you get to see the end result and then figure out how it happened; and you inevitably learn about a couple of mistakes that help it along and a few more that eventually bring it to an end. Real-life examples are not always as compelling as highly-rated TV shows but they do illustrate the problem and show what investigators should, and should not, do to bring it to an end. The ones we will be talking about in this post are Rental Car Fraud, a smart-phone app, and, once again, the Target Data Breach. They have a lot more in common than you might think.

Rental Car Fraud, a subset of the ever-popular Auto Fraud, is growing at an alarming rate, according to an article in the March 12, 2014 edition of the Claims Journal by Denise Johnson. The concept is simple: rent a series of cars; use them to commit crimes and then dump, and maybe even burn, them when you're done; and conceal your identity by using fake or stolen ID. The cars are hard to trace and the connections between them even more difficult to figure out. According to Kraig Palmer, an investigator with the California Highway Patrol who recently spoke at the Combined Claims Conference in Orange County, Calif., stolen ID's are not hard to come by and can be relatively cheap at about $50 each. The fraud is not easy to solve. According to the article, Palmer said he worked on one case that involved 103 vehicles, which resulted in 72 arrests. Another involved 3 main suspects who rented 42 cars from 2 different rental agencies. One of the suspects was a preferred customer, which evidently made it easier for him to rent the cars and harder for the companies to trace him. Those incentive programs reportedly often allow a customer to register on-line without even having to set foot in the rental agency.

There are certain things a claims adjuster or SIU rep should look for when faced with an auto claim for property damage or bodily injury that involves a rental car. Kraig Palmer, according to the Claims Journal story, suggested they look for unusual patterns, such as whether one person rented more than one vehicle involved in the occurrence. Howard J. Hirsch added a few more, which appeared in the January/February 2011 edition of Auto Rental News; though he referred the tips to auto rental counter agents, fraud investigators might be able to use them as well:

  • The customer owned a vehicle, but it is not being serviced or repaired [at the time he rents the car].

  • The customer inquires about extra insurance before it is offered.

  • The customer is a walk-in and does not own a vehicle.

  • The customer has a local address and an out of state license.

  • The customer only requests a one-day rental.

  • The customer pays in cash.

  • The customer pays for the rental with someone else's credit card.

  • The customer presents a foreign driver's license with no passport.

Continue reading "How Do You Know What To Look For In A Fraud Investigation? Utilize The Right Tools And The Right People " »

March 11, 2014

Developments in Big Data: Upside, Downside, and Fully Homomorphic Encryption

question-1-1339413-m.jpgThere have been a few interesting recent news stories concerning the benefits and dangers of Big Data, for businesses and individuals alike. One even points out a possible middle ground, which can allow the continued use of the vast amounts of data at the disposal of government and businesses, while protecting individual privacy.

The benefits of Big Data are not as well-known as they should be. A recent study by Sean Young, assistant professor of family medicine at the David Geffen School of Medicine at UCLA and co-director of the Center for Digital Behavior at UCLA, showed one way that Big Data could be used to promote and protect public health. The researchers collected approximately 550 million Tweets; developed an algorithm, or set of instructions, that searched for words suggesting risky behavior or drug use; and located those words among the Tweets. Though they only identified just less than 10,000 such Tweets, they were able to match those Tweets with geographic areas with unusually high incidences of HIV cases. The researchers propose using real-time analysis of social media data to understand and maybe even predict where HIV and drug use will occur. That information could be used for disease detection and prevention.

The downside to collecting vast amounts of data about large numbers of people is that it is hard control who has access to it and how it is used. According to the British newspaper The Guardian, a management consulting firm recently uploaded the British National Health Service's Hospital Episode Statistics to Google servers in order to work with the information to answer specific questions and even create interactive maps involving specific queries. It was a large amount of data; it took two weeks to upload and consisted of 27 DVD's of information. The problem, reportedly, was that the data contained personal information including information about patient locations, since it was used to create maps, and the Google servers were outside Britain, evidently making its dissemination harder to control. This has increased criticism of another NHS plan, the care.data scheme, which will link general physician and hospital records, including a patient's date of birth, NHS number, zip code, ethnicity and gender, and allow that information to be used by researchers, drug companies, and insurers. The problem, reportedly, is how to safeguard that data, which will be partially, but not totally, scrubbed of personal information.

Continue reading "Developments in Big Data: Upside, Downside, and Fully Homomorphic Encryption" »

March 7, 2014

Hearsay Evidence Can Be Used To Help Defeat A Motion For Summary Judgement In New York

IMG_20140309_191535 - Copy.jpgSometimes you learn something new from unexpected places. Sometimes you have to challenge your assumptions if you want to have any hope of solving an otherwise intractable problem. Sometimes, just because common knowledge is widely accepted, does not mean that it should be. A recent appeal I was working on made this clear.

Every New York attorney knows the test for defeating a motion for summary judgement: a party must offer evidence in admissible form sufficient to create a genuine issue of material fact that requires a trial. Most probably know the citation for the rule by heart. Zuckerman v. City of New York, 49 N.Y.2d 557, 404 N.E.2d 718 (1980), is one of the most frequently cited cases in New York. It is common practice, based on that rule, to disregard inadmissible evidence and, most often, to not even offer it in opposition to a summary judgement motion. After all, why should you offer evidence that will not be considered? There is really only one problem with this idea: it is wrong.

The actual quote from Zuckerman v. City of New York, 49 N.Y.2d 557, 562, 404 N.E.2d 718, 720 (1980) is:

We have repeatedly held that one opposing a motion for summary judgment must produce evidentiary proof in admissible form sufficient to require a trial of material questions of fact on which he rests his claim or must demonstrate acceptable excuse for his failure to meet the requirement of tender in admissible form; mere conclusions, expressions of hope or unsubstantiated allegations or assertions are insufficient (Alvord and Swift v. Stewart M. Muller Constr. Co., 46 N.Y.2d 276, 281-282, 413 N.Y.S.2d 309, 385 N.E.2d 1238; Fried v. Bower & Gardner, 46 N.Y.2d 765, 767, 413 N.Y.S.2d 650, 386 N.E.2d 258; Platzman v. American Totalisator Co., 45 N.Y.2d 910, 912, 411 N.Y.S.2d 230, 383 N.E.2d 876; Mallad Constr. Corp. v. County Fed. Sav. & Loan Ass'n, 32 N.Y.2d 285, 290, 344 N.Y.S.2d 925, 298 N.E.2d 96).

The rule does not mean that a party should self-edit itself from submitting inadmissible evidence in opposition to a motion for summary judgement. Whereas inadmissible evidence is insufficient on its own, it can help turn mere expressions of hope into genuine issues of fact that require a trial.

The case that made this clear is Gier v. CGF Health Sys., Inc., 307 A.D.2d 729, 762 N.Y.S.2d 472 (4th Dept. 2003). It is a medical malpractice/wrongful death action in which the decedent was admitted to the hospital with a diagnosis of a recurrent abdominal hernia and died four hours later of a ruptured abdominal aortic aneurysm. The central issue was whether the Defendant, who was the on-call attending physician at the time the decedent was admitted to the hospital, was notified of her admission before his shift ended. If he was notified then there was the requisite physician-patient relationship; otherwise, there was not. The Defendant testified at his deposition that he had not been notified and he submitted his deposition testimony in support of his motion for summary judgement to dismiss the complaint against him.

In opposition, Plaintiff submitted affidavits of two doctors, Cheng and Bruce. Neither remembered the specific circumstances of decedent's admission. Instead, they each testified to habit evidence: that it was normal practice and procedure for the attending physician, whoever, that might be, to be notified when a patient is admitted to the hospital. Those two affidavits were insufficient, according to the lower court, to raise a genuine issue of material, triable fact.

Plaintiff also submitted the decedent's hospital chart, which contained numerous references to the Defendant as the decedent's attending physician and, more importantly, the last major piece of evidence: an unsworn memorandum of a Dr. Cudmore, which stated that the chief surgical resident told Dr. Cudmore that the Defendant had been notified of the decedent's admission while he was still on duty. The lower court did not even consider it, because it clearly was inadmissible. It was an unsworn document that relayed two unsworn, hearsay, statements; it was double hearsay, at least.

Continue reading "Hearsay Evidence Can Be Used To Help Defeat A Motion For Summary Judgement In New York" »

February 28, 2014

How To Negotiate a Business Deal: Think Win-Win and BATNA

out-of-the-park-842657-m.jpgA recent news story caught my eye because it shows the importance of a win-win negotiation strategy and the need to accurately assess your BATNA, or best alternative to a negotiated agreement. Though it deals with personal injury claims in Kansas, it can teach a lot to businesses in New York and across the country.

The state legislature in Kansas is considering a few important changes to personal injury litigation: increasing the cap on non-economic damages while at the same time changing the rules of evidence to allow a jury to hear whether a plaintiff has had losses covered by other, or collateral, sources including insurance, and to make it more difficult to use questionable expert testimony. To put it another way, the proposed rule changes would allow personal injury plaintiffs to collect more for pain and suffering while arguably making those harder to prove.

According to the story in the February 28, 2014, Claims Journal, Kansas has not raised its cap on damages for pain and suffering since the 1980's. Though the cap was found constitutional by the state's highest court in 2012, the decision disapprovingly noted the long delay in raising the cap. The warning evidently was heard loud and clear. The story notes that the chairman of the state senate judiciary committee, Jeff King, considers it only a matter of time before the current cap, of $250,000, is overturned as being too low. That is why the current bill would increase the cap, in stages, to $350,000.

Continue reading "How To Negotiate a Business Deal: Think Win-Win and BATNA" »

February 13, 2014

The Terms And Conditions Of A Contract For The Sale Of Goods In New York: Do Purchase Orders Really Matter?

garbage can dark - Copy.jpgA contract for the sale of goods: one business, or merchant, buys a part from another. They agree on quantity, price, and delivery. The Seller sends the Buyer a purchase order and delivers the goods, and the Buyer pays. It all sounds easy, but as we previously said, a lot can go wrong in a seemingly simple transaction.

What happens if the Buyer asks the Seller to recommend a part but it doesn't work because it's not the right one? What if the Buyer says he needs a part that meets certain specs, the Seller delivers what the Buyer asks for, but the Buyer asks for the wrong thing? What if the Seller says the part meets the specs but it doesn't? Does the Buyer always have to pay for the part or can he return it, and does the Seller always have to take it back?

Some cases illustrate the complexities involved in a contract for the sale of goods better than others. Many times, you can find the most detailed application of the rules in a lower court opinion. One such case is Kabbalah Jeans, Inc. v. CN USA Int'l Corp., 26 Misc. 3d 1241(A), 907 N.Y.S.2d 438 (Sup. Ct. Kings County 2010). It's instructive because it shows how rules designed to make things simple can sometimes make things difficult.

In a sale of goods dispute between merchants, the two most important, and meaningful, titles, are Buyer and Seller.

Continue reading "The Terms And Conditions Of A Contract For The Sale Of Goods In New York: Do Purchase Orders Really Matter?" »

February 10, 2014

How To Win A Trial: Think Like an Outsider; Trust a Juror

Box.Outside.book.small - Copy.jpgTrial lawyers are problem solvers. That is what they have to do and what their clients expect them to do. The biggest problem they face is how to persuade a jury. After all, the last time a trial went completely as planned was probably the first time one ever did.

Trial attorneys often rely on experts, and expertise, to win their case. The idea is that the average juror will recognize that the experts, whether lawyers or expert witnesses, know best and will follow along. The best way to solve a problem, though, just might be to think outside the box, which is something experts, including trial attorneys, do not always do best.

New research shows that finding creative solutions, from unexpected places, often leads to the best results, and that average people often can solve even complex, highly technical, problems better than experts and computers alike. Though the research has to do with molecular science, it sheds light on how you can win a trial.

Researchers, from Carnegie Mellon and Stanford University, have set out to better understand how RNA, which is one of the three macromolecules essential for human life, is designed. The hope is that this can lead to better ways to treat, or even cure, diseases or, believe it or not, even lead to building better computers, with RNA.

Normally the researchers would have done what they do best: conduct the research themselves. They would have used their knowledge, training, and experience to try to come up with the best designs. This time, however, they did something different: they invited people who had absolutely no special training, to design RNA. Surprisingly, or maybe not, those average people came up with far better designs than the experts.

Continue reading "How To Win A Trial: Think Like an Outsider; Trust a Juror" »

January 28, 2014

Marketing, Mobile Payment Apps & Credit Card Fraud: What Your Business Should Know

snow.IMG_00000242 (3) - Copy.jpgAdvances in business technology are becoming routine, even in the most unexpected places. Each new advance comes with both risks and rewards. One of the more recent, the mobile payment app, accessed through a customer's mobile phone, points out how the good and the bad often go hand in hand: big data, marketing, privacy, cybersecurity, biometrics, and liability all wrapped up into one. How to benefit from this technology, without being caught in its snares, is a lesson every business should learn.

We previously talked about the costs involved when digital information is stolen from a business. At approximately $188 per stolen record in the United States, the costs quickly add up, even for small and medium size businesses. At that price, think of how hard it would be for a parts supplier, a small manufacturer, or a retail store to cover the loss of a few thousand, or even a few hundred, customers' payment records.

Customers like the mobile payment apps; they make the buying experience seamlessly simply. Their ease of use lets the customer pay for a purchase without much more than punching up the app and turning the smartphone towards the store's scanner; all without the sting of paying with cash or the necessity of pulling out a credit card. Instead, the credit card information is tied to the app. That, however, is where the trouble begins.

Mobile payment apps offer even more advantages for businesses. Many, including Henry Helgeson, CEO of payment systems software provider Merchant Warehouse, in a June 18, 2013 article in Forbes, have touted the possibilities. If done properly, and widely, mobile payment apps can harness the big data capabilities of smartphones to help businesses:

Continue reading "Marketing, Mobile Payment Apps & Credit Card Fraud: What Your Business Should Know " »

January 24, 2014

A Survey of the Danger, and Cost, of Businesses Using Digital Information

IMG_00000183.jpg Almost every New York Business uses digital information daily and therefore runs the risk of having it stolen. The potential costs involved are significant and the risks are real. How to protect against the dangers, consequences, and liability arising from data breaches, while still taking advantage of the benefits of using digital information, is a challenge every business, large and small, must become aware of and learn how to meet. In this post we'll take a look at the dangers involved, and in subsequent posts we'll examine the available remedies.

The most prominent data breach in the news recently, as we've discussed, is the one at Target stores. It alone involved the theft of credit and debit card information of more than 40 million people, or more than 1/8 of the total population of the United States. The potential costs, and liability, involved are huge: according to a report by Ponemon Institute, released in May, 2013, the average cost of a breach per stolen record, globally, was $136; in the United States it was even higher, $188. Multiplied by 40 million records compromised in the Target breach, the costs could run into the billions of dollars.

Continue reading "A Survey of the Danger, and Cost, of Businesses Using Digital Information" »

January 17, 2014

Technology, Tracking, and You: How Businesses Use Location In Marketing

SBUH.jpg Digital information can be both a blessing and a curse for modern day businesses. It's seemingly everywhere because, it seems, people leave it everywhere, even unsuspectingly. Even a little can tell you a lot, if you know where to look. Apparently innocuous information, like where you are at any given moment, can tell more about you, and be more valuable, than you might think. A recent story in the Wall Street Journal drives this point home.

We've written a lot recently about the wealth of information available in the modern-day digital age: how it can be used to investigate insurance fraud; how it can help criminals steal; or even how it can be their target. What's becoming ever more clear, however, is the tremendous impact this information can and will have on businesses and commerce as a whole.

The Wall Street Journal story deals with turning location into dollar signs. Published on Tuesday January 14, 2013, it focuses on how companies get a huge amount of specific, detailed, though anonymous, information about customers, just by knowing where they are and where they've been, each and every day. They use this information in targeted marketing campaigns to increase their profits. The kicker is that they get this information, about their customers' travels, habits, and interests, all simply by tracking their customers location, and most people probably don't even realize they're doing it.

Continue reading "Technology, Tracking, and You: How Businesses Use Location In Marketing " »

January 13, 2014

Data Breaches, Cyber Security, and Insurance Fraud: How Information Can Help and Hurt

Marsh.12.28.13.jpgThere's an awful lot of data out there in the great big digital universe, and, as everyone should know by now, it can create a record of people's activities that they may not always fully appreciate. We've previously written about how metadata, when used the right way, can help investigate insurance fraud. As recent news stories point out, however, when used the wrong way by the wrong people, it can be used to steal and defraud innocent people and companies.

Everyone, every time they go online, leaves a digital footprint. Whether it's social media, where you just have to post your latest thought for all to see; e-commerce, where you browse, select and pay for everything on-line; or even shopping at the local brick and mortar store where you pay by credit card, there's a record created and information left behind. Cyber-security, which is just another name for at least trying to keep that digital information safe, was much in the news this Christmas Season. Unfortunately, for shoppers, retailers and broadcasters, alike, cyber-security often seems to be more of a goal than a reality.

By now, the security breach at Target stores may seem like old news, but it's not. On Friday, January 10, 2014, Target said that 70 million people had their names, addresses, and telephone numbers taken by cyber-thieves. This is in addition to the 40 million people who had their credit and debit card information, including Personal Identification Numbers, or PIN's, hacked from Target's servers. Thankfully, a lot of the information, including the PIN's, evidently was encrypted, which at least means it has to be cracked open before a thief can get at it. Whether that will be enough to protect the stolen information is something only time will tell. Unfortunately, even the loss of seemingly benign personal information, like your address, email address, and telephone number, can make you more susceptible to identity theft.

Neiman Marcus, just this past Saturday, January 11, 2014, announced that it, too, had been a victim of a cyber-security attack, in which thieves stole some of its customers' credit card information and made unauthorized purchases during the holiday season.

On December 25, 2013, the BBC was hacked. Just so you don't think that retail customers are the only targets, or that retail sales are the only source of ill-gotten gains, communications companies, even staid government-run ones like the British Broadcasting Corporation, are vulnerable. The story broke because someone saw the thief trying to sell access to the BBC servers, online. That would be kind of like coming home from work and not realizing your house was broken into until you see a commercial trying to sell your heirloom jewelry on TV.

The supposed thief, according the BBC story, is a notorious Russian hacker known by the names ""HASH" and "Rev0lver". From the sound of it, it's not the first time he's done this, and it won't be the last time he'll try. He attempted to sell access on underground, which is another word for clandestine, marketplaces on the web. It was first noticed by the Milwaukee based cyber-security firm Hold Security LLC, which reportedly makes a practice of monitoring such sites to locate people who try to deal in stolen information like this. HASH tried to convince buyers he had something worthwhile by showing them files which only someone with access to the servers would be able to get at.

Now you might think to yourself, what's the big deal about the BBC? After all, it's just information. It's not like anyone stole money directly out of your pocket.

Continue reading "Data Breaches, Cyber Security, and Insurance Fraud: How Information Can Help and Hurt" »