educational

Mounting Breaches: Are You Paying Enough Attention to Internet Security?

For those of you who haven’t been paying attention to the news, there is an epidemic in the online world and it’s getting worse. Last month JPMorgan Chase announced that 76 million households were affected by a recent security breach in which many individuals had their personal information stolen by hackers. To put things in perspective, JPMorgan Chase has 65.8 million open accounts including 30.1 million checking accounts. It’s the second largest mortgage originator in the U.S., and the third largest auto-lender not owned by a car manufacturer.

According to the Identify Theft Resource Center, there have been 579 data breaches this year, a 27.5 percent increase over the same period last year. In addition to JPMorgan Chase, reportedly, Target, P.F. Chang’s, Jimmy John’s, Neiman Marcus, Michaels and Sally Beauty Supply have all recently fallen victim to massive hacks and data theft.

Porn.com, purchased in 2007 for $9.5 million, was recently hijacked by an unknown third party, making it the largest domain hijacking in recent memory.

Millions of pieces of data including names, birthdates, addresses, telephone numbers, drivers license numbers, credit card numbers and more are now in the hands of individuals with bad intentions. This sensitive data is being traded, sold and utilized unbeknownst to individuals all over the world.

Sadly, the media doesn’t find all data breaches juicy enough to make the headlines, but in addition to the banking, restaurant and retail sectors, it’s been a horrible year for data breaches in education, and critical infrastructure. In the education arena, the Universities of Maryland, Wisconsin and Iowa State University all fell victim to massive security failures. In those cases, social security numbers, credit card numbers, health records and intellectual property produced by research departments were exposed according to Stephen Boyer, co-founder and CTO of Bitsight.

If you are reading this article and still aren’t concerned, perhaps you didn’t hear that the U.S. Nuclear Regulatory Commission (NRC) reportedly sustained an email based hack recently as well (the third such event in recent years). The NRC is the regulator of the nation’s use of nuclear materials and commercial power plants.

In the healthcare arena, the North Carolina Department of Health and Human Services blamed a computer programming error for the mailing of more than 48,000 Medicaid cards for children to the wrong addresses; St. Joseph Health Systems (based in Texas) was hacked and 405,000 former and current patients, employees and employee beneficiaries were affected; Sutherland Healthcare Solutions in Los Angeles suffered a data breach affecting 338,700 California residents, which included social security numbers and medical diagnosis being compromised; and last but not least, Variable Annuity Life Insurance Co. had a thumb drive stolen that contained the sensitive data of 774,000 people that participate in the company’s insurance programs.

In the celebrity world, in the past few months, Jennifer Lawrence, Kate Upton, Jessica Brown Findlay, Amber Heard, Erin Heatherton, Gabrielle Union, Kirsten Dunst, Kaley Cuoco, Kim Kardashian, Nina Dobrev, Anna Kendrick, Cara Delevingne, Rihanna, Jenny McCarthy, Mary-Kate Olsen, Mena Suvari, Kelly Brook, Nick Hogan, Mary Winstead, Hope Solo, Becca Tobin and Teresa Palmer, amongst others, have all had their private and personal photos stolen. Many of the photos are sexually explicit and expose private moments that were never meant to be shared with the public.

In the domain arena, Porn.com, purchased in 2007 for $9.5 million, was recently hijacked by an unknown third party, making it the largest domain hijacking in recent memory.

Clearly there is a problem that is getting worse and probably isn’t going to slow down anytime soon. As the Internet and programming continues to evolve so do the hackers of the world. Make no mistake about it, despite their nefarious goals, hackers are educated, bright, creative and adaptive. Underestimating the abilities of today’s hackers is a mistake that appears to always prove costly.

In the U.S., there are laws in place that can be used to attempt to hold hackers criminally responsible but unfortunately investigations into many of the recent headline hackings have been slow and have led to dead ends. Hackers being located far outside of the U.S. have also contributed to the government’s ineffectiveness in dealing with the hacking problem.

  • The Computer Fraud and Abuse Act (CFAA) 18 U.S.C. Section 1030, makes it illegal for anyone to distribute computer code or place it in the stream of commerce if they intend to cause either damage or economic loss.
  • The Electronic Communications Privacy Act (ECPA) 18 U.S.C. Sections 2510-2521, 2701-2710, protects against the unlawful interceptions of any wire communications – whether it’s telephone or cell phone conversations, voicemail, email and other data sent over the wires.
  • The Economic Espionage Act (EEA) makes it a federal crime to take, download, receive, or possess trade secret information obtained without the owner’s authorization.
  • The Wire Fraud Act makes it illegal to use interstate wire communications systems, which ostensibly includes the internet, to commit a fraud to obtain money or property.
  • The National Property Act (NSPA) prohibits the transportation in interstate commerce of “any goods, wares, securities, or money” valued at $5,000 or more that are known to be stolen or fraudulently obtained. The NSPA has been used in computerized transfers of funds.
  • The Identity Theft and Assumption Deterrence Act (ITADA) 18 U.S.C. Section 1028(a)(7) criminalizes identity theft and allows courts to assess the losses suffered by individual consumers.

As a consumer and member of society, you need to be vigilant and responsible for what personal information that you share and what security measures you have in place to protect your sensitive information. Additionally, you need to be highly cautious about what electronic data you store on your electronic devices and share online.

I feel bad for all of the recent celebrities and non-celebrities that have had their most private and intimate moments shared with the world involuntarily; however, I also question the level of maturity, and decision-making of these same individuals.

Common sense should not be ignored and you need to be regularly changing your usernames, passwords, and checking your financial statements (credit card statements, bank statements, credit report etc.). I’d also recommend that you keep a list of anyone (including your banks, health care providers etc.) that you have provided any sensitive information to.

As business owners, now is the time to review all of your security protocols and ensure that you are using the best technology available to protect the sensitive information that your consumers are sharing. You need to be considering data encryption, email encryption, complex access credentials, IP access restrictions amongst the many technical options available. You should also find out all out the security protocols for all of your vendors such as your Internet service provider(s) and host(s). You may be doing everything that you can in terms of security but you need to carefully pick your vendors to ensure that your customer sensitive data is safe in their hands as well.

It’s also not all about technology, and as a business owner you need to be responsible in your hiring practices and ensuring that sensitive data can only be accessed by limited, trained and security cleared personnel. It’s no secret that many of the recent Internet security breaches have been inside jobs or were the result of employee negligence. As the employer, it is your ultimate responsibility to do everything that you can to protect your customers’ sensitive data.

It may cost you a few bucks but there are some incredible outside firms for hire that can review your existing security and assist you with identifying and resolving issues that you may not know exist. Additionally, more than ever, businesses are actually hiring former hackers to purposely attempt to infiltrate the businesses’ systems to locate vulnerabilities; this may be one of the best current methods available.

Don’t think that this can’t happen to you or your business; statistically speaking, it may have already happened to you and you aren’t even aware of it yet.

This article does not constitute legal advice and is provided for your information only and should not be relied upon in lieu of consultation with legal advisors in your own jurisdiction. It may not be current as the laws in this area change frequently. Transmission of the information contained in this article is not intended to create, and the receipt does not constitute, an attorney-client relationship between sender and receiver.

Corey Silverstein is the managing and founding member of the Law Offices of Corey D. Silverstein P.C. His practice focuses on representing all areas of the adult industry and his clientele includes hosting companies, affiliate programs, content producers, processing companies, website owners and performers, just to name a few. Silverstein can be reached by email at corey@myadultattorney.com. He also can be contacted by telephone at (248) 290-0655.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More