SpartanTec, Inc. Fayetteville: May 2019

Monday, May 27, 2019

Google Giving More Flexibility To Private Data Removal

Tech giant Google recently unveiled the next step in its plan to put more power in the hands of users when it comes to their own data. The most recent change involves the introduction of a new auto-delete feature tied to your Google account.

It will allow you to set your Location History, Web data and App Activity data to auto-delete after a set period of time defined by you.

With the way things currently work, users have two options. They can either disable Location History and Web and App activity entirely. Or they can manually delete portions of their data (or all of it). Neither option is great, since many apps won't function with those services disabled, and the second is exceedingly cumbersome.

Worse, an AP investigation last year revealed that even if you take the step of disabling your Location History, Google can, will, and does continue to track your location. In fact, just last month it came to light that Google maintains a gigantic database called 'Sensorvault' that contains the detailed location histories of hundreds of millions of phones around the world. In addition, the company reportedly makes the database available to law enforcement agencies to assist them in solving crimes.

This caught the attention of and drew the ire of privacy advocates around the world. This most recent change comes on the heels of that revelation and to the company's credit, it's a good move.

Under the new system, you have three options to choose from:

Keep until I delete manually
Keep for 18 months, then delete automatically
Keep for 3 months, then delete automatically

At this point, there's no official word from the company on when the new feature will be rolled out. You can be sure that when it is, it will make headlines everywhere. It's a pity that it took this long to see, but it's a solid step in the right direction.

Call SpartanTec, Inc. to help your company setup an effective data protection program.

SpartanTec, Inc.
517 Owen Dr
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Friday, May 24, 2019

Stolen Personal And Medical Information Was Found Online

Jeremiah Fowler, a researcher with Security Discovery recently found an unprotected Elasticsearch databased owned by a company called SkyMed on the internet. According to his findings the database was configured such that it was open and visible to any browser. This allows anyone who stumbles across it to edit, download, or even delete data without administrative credentials.
The database contained a total of 136,995 patient records with histories going back thirty years in some cases.

It also included a variety of personally identifiable information such as:

Patient full name
Email address
Date of birth
Address
Phone numbers
In some cases, detailed medical information

Mr. Fowler promptly contacted SkyMed to inform them of the discovery. To their credit, the company promptly took the database offline. They did not, however, make a formal reply to Mr. Fowler. They have not, to this point, reached out to any of the patients whose names and personal information appeared in the database.

Is your company database exposed?

In addition to the unprotected database, Mr. Fowler discovered forensic evidence that indicated the company's network may have been infected with an unknown ransomware strain. Again, however, the company has maintained total silence and has not contacted anyone, including their customers or impacted patients with details.

This complete lack of response is highly unusual. On the heels of such an incident, we normally see a formal acknowledgement, an apology, a statement to the effect that the company is working with law enforcement and possibly engaging the services of a third party to assist with the investigation.

In addition to that, companies almost always make some effort to reach out to impacted parties to warn them of the dangers, advise of next steps they can take and offer free credit protection.

None of that has happened thus far, which could prove to be disastrous for SkyMed. In the absence of those steps, it's difficult to see how the company's customers can trust them going forward. In any case, be advised that if you are in any way reliant on SkyMed for any part of your care, there's a chance your personally identifiable data was exposed.

How do you make sure your companies data is secure? Contact SpartanTec, Inc. for a FREE dark web analysis of your company.

Tuesday, May 7, 2019

AeroGrow May Have Had Data Breach

Do you do any indoor gardening? If so, odds are that you own AeroGrow equipment. If that's the case, some of your personal information, including the credit or debit card number you paid for the goods with, may have been compromised.

The company recently notified its customers that they discovered malware lurking on their payment processing page.

For reasons that aren't yet clear, the company did not detect the malicious code for some four months. They estimate that the malware was active between October 29, 2018 and March 4, 2019.
Aerogrow has notified the FBI and enlisted the aid of a third party to assist with the forensic investigation, which is ongoing. At present, the company is unable to determine how many of its customer records were compromised.

To this point, they have confirmed that among impacted customers, the following information was taken:

Credit or Debit card number
Expiration date
Security Code
Any personal data the customer may have used to verify processing of the payment in question

Grey Gibbs, the AeroGrow Senior VP of Finance and Accounting issued a formal apology in the aftermath of the incident, saying, "I want to sincerely apologize for this incident and I regret any inconvenience it may have caused you. I want to assure you that we take this criminal act very seriously and have addressed it thoroughly."

The company's response has been generally good, and they've offered a year of free credit monitoring to all impacted customers. However, that's small consolation to those who now have to deal with the prospect that their identities may have been stolen and may face fraudulent charges on their credit cards in the weeks and months ahead.

If you're an AeroGrow customer, to be safe, report your payment card as compromised and take whatever other steps you deem necessary to protect your identity.

Are you concerned about the data stored on your servers. SpartanTec, Inc. can provide peace of mind with a free dark web scan.

Wednesday, May 1, 2019

Facebook Admits To Accessing Email Contacts

Facebook can't seem to stay out of its own way. Recently, the social media giant has made headlines on a regular basis, and seldom for anything good or groundbreaking. Not long ago, the company found itself in the midst of a controversy when it came to light that they were asking people for their email account passwords, claiming that it needed these in order to verify the identities of the new users. For businesses involved in social media sites like Facebook, it is best to get in touch with an IT consultant before proceeding to prevent such compromising incidents.

As a practice, this is almost unheard of. In fact, countless numbers of articles have been written underscoring the fact that no legitimate company would ever request such information. In addition, if anyone ever received an email asking for email logins and passwords, (or passwords of any kind), it was a sure sign of a scam in progress. In the case of a leak, it would be severely damaging to users. Always seek advice from an IT consultant Fayetteville regarding these matters.

In addition to that being a horrible business practice, the fear was that Facebook was improperly using the information and unauthorized to harvest personal information on everyone who complied with their unreasonable request.

As it turns out, those fears were spot on. The company recently released a statement saying that they "unintentionally" uploaded email contacts from some 1.5 million new users on its servers, without the consent or knowledge of those users.

Part of the company's dubious explanation reads as follows:

"Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings."

Given the company's recent history of privacy abuses and information security gaffe, this explanation has not been well received. It provides further evidence that Facebook has and continues to utterly fail when it comes to protecting its users' information, even as it generates billions of dollars in revenue from it.

Does your company need a complete technology solution provider? Call SpartanTec, Inc. today.

Are Your Company’s Digital Credentials for Sale on the Dark Web?

Find Out with a Complimentary Dark Web Scan click here;

To help keep your critical business assets safe from the compromises that lead to breach and theft, we are offering a complimentary, one-time scan with Dark Web ID™ Credential Monitoring.

Cybersecurity doesn’t have to be too overwhelming, expensive or complicated. The first step to protecting your business is understanding
your risk.

Contact us today, to find out how we can help!

GET YOUR FREE DARK WEB SCAN