Data Brokers: What Are They; How to Get Control of Your Name

Data brokers have lots of personal information about you; here’s what you can do about that.

8DEver hear of the term “data broker”?  What do you think that is? Think about that for a moment. Yep, you got it: An entity that goes after your data and sells it to another entity.

The entity that gets the data, the broker, is called a consumer data company. They snatch huge amounts of data from individuals all over the planet and sell it. And who wants your personal information? Your information is of significant value to marketers, companies doing background checks and in some cases, your government.

They want to know what you like to buy, what you’re most likely to buy, if you want to lose weight, build muscle, what kind of cars you like, where you vacation, what you eat, where you shop for clothes, what kind of disease you have, whether or not you’ve been assaulted or if you have committed a crime…all so they can get a solid picture of who you are.

You now know about data brokers: a whole new industry that reflects our evolving technology. Lawmakers have taken notice of this flourishing industry, trying to get companies to give some control to consumers over what becomes of their data.

At least one data broker makes it possible for you to see how much data is out there about you and to possibly edit and update it. But that’s not enough.

Just how much do data broker companies even know about people?

They build you up from the inside out; starting with skeletal information (name, address, age, race) and padding the meat on from there: education level, medical conditions, income, life events, (buying a home, getting divorced), driving record, law suits against you, credit scores and more. One credit reporting agency even sells lists of the names of people expecting babies and who has newborns. They even sell lists of people who make charitable donations and read romance novels. Data brokers can even get ahold of your income information.

This doesn’t mean that any one data broker knows everything about you. It’s just that a heck of a lot of personal information about you is potentially scattered all over the place. Data brokering is legal: a multi-billion dollar industry involving trillions of transactions every day. But this doesn’t mean the consumer is without rights or power. You can, indeed, do some reclaiming of your name from the data brokering industry.

How do you get control and manage your name?

Sit and wait: As mentioned, lawmakers are putting the heat on data companies to make it possible for consumers to have some control over all of this. The FTC recommended in a 2012 report that the data mining industry establish a website that reveals names of U.S. data brokers plus other relevant information.

  • Got to Data brokers have not responded, so someone else did: a site that tells consumers who the data brokers are and their opt-out links.
  • Browse “Incognito”: with Googles Chrome browser you can open a “New Incognito Window” once opened, you’ve gone incognito. Pages you view in incognito tabs won’t stick around in your browser’s history, cookie store, or search history after you’ve closed all of your incognito tabs. Any files you download or bookmarks you create will be kept.
  • However, you aren’t invisible. Going incognito doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit.
  • Use a VPN: For the ultimate in masking your webcrumbs use Hotspot Shield VPN which acts as a proxy and covers up your IP address and protects your devices and data from Wifi hackers at the same time.
  • Plugins: Browsers Chrome and Firefox offer a plethora of addons to mask your browser. DoNotTrackMe is a good one.
  • Behave: Yes, just be good, don’t commit any crimes, because you can’t erase bad behavior from government records.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Data Breach Notification Bill goes to the House

H.B. 224, a newly introduced data breach notification bill for New Mexico, would mandate that organizations notify breached individuals within 10 days of breach discovery (unencrypted credit card data); and within 10 business days notifying the state attorney general if more than 50 NM residents are affected.

4DThe bill allows for a shorter notification deadline and for card carriers to sue for recovery costs linked to the breach; and customers can sue for statutory damages.

Companies operating in NM will also have additional data security and data disposal requirements, due to the bill. Enacting H.B. 224 would make New Mexico join 46 states who have data breach alert laws.

Payment Card Breach

  • Within two business days: Time allowed for card issuers facing a breach to notify all the merchants “to which the credit card number or debit card number was transmitted,” according to H.B. 224.
  • H.B. 224 would also set a risk of harm threshold regarding when an alert is required for card breaches.
  • If the magnetic strip data or other information is revealed, yielding harm or risk of harm to the cardholder and compromise of access device data, the bill would require notification. The card issuer would not need to give approval or direction.
  • Card issuers can sue for recovery of administrative costs if a card reader is breached or if there’s a problem with strip data.

Data Security and Disposal

  • The bill would make companies “implement and maintain reasonable” security measures to ensure protection of personal identifying information from illegitimate access or other fraudulent action.
  • Businesses would also have to include these data security standards in contracts involving “non-affiliated third parties” that they share personal information with.
  • Personal data, however which way it’s contained, be disposed of such that personal identifying information would be impossible to read or decipher.


  • The bill would authorize the state attorney general to seek injunctive relief and recovery of damages via court.
  • Failure of a company to notify of the breach could result in harsh fines, if the bill is enacted.
  • Customers could sue for damages of $100 to $300, depending on circumstances.

Being accountable:

It may be just a matter of time before the Federal government steps in and decides PCI Standards might not fix client data protection problems. Businesses who see the writing on the wall are being proactive and making smarter investments in their customers security.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Data Insecurity causes Customer Headaches

Imagine not being able to use cash for even the smallest purchases because your bank—still shaking from news of the recent retail data breach that affected at least 110 million accounts—has decided to block all customer transactions. This actually happened.

12DIn many recent interviews I have been asked the question numerous times “Is it time to go back to cash?” The answer is NO, but consumers should definitely have cash on hand. Not having cash will severely limit consumers in the event of a massive power outage and we are seeing that massive data breaches have big time negative effects too.

Large banks, in response to that 110-million-account breach, may be putting limits on card usage, and can have cards replaced relatively quickly. But smaller financial institutions do not have the means to replace cards quickly. They also lack budgets to cover potential breach incidents.

As a result, a customer may learn that their card is blocked from transactions that don’t involve a PIN. Many consumers got stung by this during the holidays. One customer reported he had to contact his bank first to confirm any online purchases. His card then gets unblocked for an hour, but then blocked again. Supposedly this ban has since been lifted.

In a litigious society, don’t bet against the possibility of consumers suing retailers for these kinds of consequences; it’s already begun happening. One woman filed a class-action lawsuit on Dec. 23, 2013, citing a giant retailer’s alleged failure to secure its data, leading to the massive breach.

Tips for Businesses

  • Always update. Your software should always be up to date. Thieves can easily overcome old software and invade your sensitive data.
  • Control access. Who has access to your servers? Do you know? Make sure that only trusted users/administrators have access.
  • App testing. If a custom application code is running on your servers, it should be tested for the top 10 security issues regarding web applications.
  • Be alert. Keep a tight rein on your server, and your cloud provider’s bill. A traffic surge that you don’t expect can signal a spam attack.

Don’t pass the buck. Business owners, and consumers as well, have been playing key roles in cyber crimes—though not with malicious intentions, but rather, being uninformed as well as not wanting to step up to the plate.

Stepping up to the plate is the only option retailers have in order to survive. The time to show your customers you are serious about preventing credit card fraud and the lengths you’ll go to protect their identities is right now.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Data Breaches hurt Businesses’ Brand

That very newsworthy data breach that’s still in the news struck 110 million customers, not the more commonly reported 40 million; that’s one-third of the U.S. population.

4HThere was also another, but less publicized, breach of huge proportions that occurred to a major retailer in mid-December of 2013. And some reports say another 6 or more retailers may be affected in a similar breach.

The major-news retailer that got kicked in the butt by cyber criminals has run full page newspaper ads apologizing for not effectively protecting customers’ data, and hoping to win back consumers’ trust and loyalty. Kind of sounds like the Tylenol poisoning scare in the 1980s when the drug maker went on a massive ad campaign to win back consumers’ trust.

But with each new revelation of more data being compromised and growing concern of additional fraud, has come more media and customer scrutiny resulting in compounded brand damage.

Trust and Security

Feeling secure and trusting the brand is a major force behind consumer loyalty. Prior to that massive December breach, the retailer was right up there with its huge competitors as far as meeting reasonable consumer expectations.

That data breach has severely tainted the retailer’s customers’ trust. The 2014 Customer Loyalty Engagement Index accesses the retailer’s brand engagement level to be about 6 percent.

Sales have plummeted since the breach hit the news. Recovery is expected to be slow and arduous, and social media is fueling the sensationalism. It can take years to build up trust, but just a few hours of news “going viral” to crush it.

All is not lost.

The adage “What doesn’t kill us makes us stronger” plays a vital role when companies embrace their failures, learn from them and do right by their customers. The next few months will have a serious impact on the future of the breached companies and every retailer who accepts credit cards for payment.

Now is the time to beat the drum of customer security and bring awareness to how your company protects customer data. Move up t Move down

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Corporate BYOD puts Client Data at risk

When employees improperly use mobiles, they put their companies at risk for data breaches. This includes leaving lots of sensitive data on the devices—which can pave the way to leakage of data, plus other issues.

7WMobile device use in workplaces is increasing—and so is its associated security risks. Current security measures are lagging behind the increased rate of mobile device use in the corporate realm.

One study not only showed that a lot of company information was left on handsets, but personal information as well was left on, putting employees at risk for personal compromises.

This small study demonstrates a clear need for improved guidelines and policies governing smartphone use and security of the devices. This becomes even more relevant as businesses turn more to cloud storage for data.

Non-approved software-as-a-service (SaaS) apps, used by employees, is widespread, according to a McAfee study. These apps are not approved by the company’s IT department. Employees can easily bypass the IT department by using the cloud. The study showed:

  • Over 80 percent of survey participants reported using unauthorized SaaS apps.
  • About 35 percent of SaaS apps used on the job are not approved.
  • About 15 percent of users have had a security problem using SaaS.

Employees may not realize that their chosen SaaS apps are poorly safeguarded. Such employees aren’t malicious; they’re just trying to be more efficient. Businesses need to find the right balance of protecting themselves yet allowing employees to use apps for increased productivity.

An ideal situation would be to monitor SaaS apps and apply policies that do not inhibit employees’ ability to be productive.

A recent Forbes article got my attention and the authors solutions make good business sense.

Six Solutions

1) XenMobile. This allows IT to secure and manage smartphones, data and apps, and establish policies based on smartphone ownership, location or status. Users can then more easily access the web, e-mail, corporate apps and documents with a single click on a mobile.

2) Airwatch. This mobile device system provides management of apps, content and e-mail, to oppose inadvertent mismanagement of smartphones by employees (e.g., storing documents in vulnerable locations).

Just enter username and password; Airwatch will wirelessly and automatically configure all the settings, apps, security policies and more based on the worker’s role in the company.

3) Mobile Iron. This system manages and secures apps, devices and content, ideal for businesses that support the BYOD program. Personal content can be separated from corporate content, protecting the employee’s private data.

4) Good Dynamics secure mobility platform. This is a BYOD program that keeps employees productive while zeroing in on security. Personal data is partitioned off from business data to protect programs like e-mail.

5) Samsung Knox. This system is for Android devices, managing with a multi-tiered security approach. One’s network will be protected from malware, hacking, viruses and non-approved access.

6) Protect your BYOD on wireless networks. Use VPN if you’re on a portable wireless device. Hotspot Shield VPN is free, though its paid version is more e expanded and faster. First launch Hotspot before you use your PC laptop, iPad or iPhone to connect to free public Wi-Fi services like at the airport or at a coffee shop or hotel.

Your entire web surfing session will then be protected. All of your connections will be secured. This will eliminate some of the aggravation for your company’s IT department.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is a Data Breach and how do I protect Myself?

When protected, sensitive or confidential data is accessed or used by someone without authority, this is a data breach. This can involve any kind of data such as personal health, financial, or business related.

3DNot all data breaches result from hacking into a computer. One can breach data simply by peering over someone’s shoulder at the computer screen when they shouldn’t be. It can also be elaborately planned: A company’s new employee may actually be working for an extensive crime ring to steal data from the inside. Needless to say, a data breach can lead to identity theft (among many other problems).

In the workplace, especially retail, where credit cards are processed, the Payment Card Industry Data Security Standard is designed to provide retailers with guidelines to eliminate data breaches. In a healthcare workplace, HIPAA (Health Insurance Portability and Accountability Act) helps control who has access to personal health information.

How can you protect yourself?

  • As a consumer you must keep your operating system updated to the latest secure version.
  • Run antivirus, antispyware, antiphishing and a firewall.
  • Protect your wireless communications with encryption and use a VPN for portable devices.
  • Use secure passwords with upper/lower case and numbers.
  • In the event someone else is responsible for a breach read very carefully any notification of a data security breach and don’t assume that the breach was accidental or that identify theft is not likely.
  • Use an identity theft protection product. It will scavenge cyberspace for any unauthorized use of personal information such as from your credit cards and Social Security number; will keep track of personal credit information; and will send an alert if suspicious activity is detected—maybe even prior to you receiving a consumer notification.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Prepare now for device and data theft

Digital device theft is a big problem. I’ve seen numerous stories about iPhones being stolen right from a person’s hand while the user was talking on it. Others have reported sitting in a coffee shop while having a conversation and having someone walk in, see the person’s iPad, swipe it, and before anyone can get out of their chair, be halfway down the block.


You’d definitely be distraught if someone walked into your office and stole your laptop, which unfortunately very is common too. You’d be out several hundred dollars due to the loss of the hardware. But the reality is, that stolen digital device will cost much more in lost data if a breach occurs—and then, of course, lost time from having to recover from the data loss.

Protect the data and the device:

Dummy terminal: This means your device doesn’t have any data on it. All your data is cloud based or on a central server. If it’s lost or stolen, then the loss is only a hardware one.

  • Make sure any device or dummy terminal is password protected.

Situational awareness: No matter where you are, or as safe as you might think you are, there is a possibility your device will be targeted.

  • Never fight for material items. If thieves want it, they can have it.
  • Reduce the risks by keeping your devices close when riding the subway or on a bus.
  • Never put down your devices and walk away, such as in an airport or coffee shop.
  • Lock all doors in rooms where your devices reside, including in a home, apartment, dorm or office.

Lock/locate/wipe: There are numerous tools available to lock your device if it isn’t password protected (which it had better be!), locate via a GPS or internet/WiFi connection, and wipe the data remotely.

  • Determine if your device has lock/locate/wipe built in, or seek out a third-party application.

Backup data: This is essential and easy to do. Most of your data should already be in the cloud if you are using cloud-based services such as Google Docs.

  • Use Mozy, Crashplan, Carbonite or iCloud—or all of these—to seamlessly back up your data.
  • Use local external drives that copy data to one another.

Backup devices: Is your mobile your life? Then get another one. You need a backup. Is laptop theft a matter of life or death? If you’d have even one day of downtime because of hardware theft, then you need a second laptop.

  • Have all the data synched in the cloud.
  • Consider keeping the device plugged into the network and all your data in sync 24/7/265.

WiFi snooping: It isn’t just hardware theft you need to be concerned about. WiFi snoopers are as common as your everyday smash-and-grab thieves.

  • Protect your WiFi-connected devices with Hotspot Shield VPN. This is a free tool that will encrypt all your data as it travels over a WiFi network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

How Likely Am I to Be a Victim of Mobile Crime or Data Theft?

Imagine your body being targeted by 100 million viruses. That is exactly what’s happening to your networked digital devices. Laptops, desktops, netbooks, Macs, iPads, iPhones, BlackBerrys, Androids and Symbian mobile phones are all at risk. Research from McAfee Labs reveals a variety of threats:

  • Mobile: Android has become the most popular platform for mobile malware. Hundreds of Android threats soared from the middle of 2011 into thousands of threats in early 2012 into 2013. The bulk of these threats spread through third-party app stores and were financially motivated.
  • Malware: In the first quarter of 2012, PC malware developers delivered their most productive quarter ever, supporting a forecast of 100 million pieces of malware before the end of 2013. Malicious developers are building more rootkits (software designed to evade detection) and password-stealing Trojans (software that collects the information required to break into a device or an account). Like many consumers, they also like the Mac.
  • Spam and phishing: Believe it or not, spam volume has decreased to a mere one trillion messages per month. McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” By using information they collect about you, spear phishers create more realistic messages that increase the chance you will click. In 2012, nearly all targeted attacks started with a spear phish cast.
  • Botnets: Botnets are groups of infected computers—often consumer PCs—that criminals manipulate to send spam, process fraudulent transactions, or conceal other nefarious activities. In 2012, infected bots reached five million.
  • Bad URLs: McAfee is recording 10,000 new risky or malicious websites each day. Website URLs, domains, subdomains and particular IP addresses can be deemed “bad” because they are used to host malware, phishing websites or potentially unwanted programs.

While these numbers do not yet approach the volumes of incidents occurring on PCs, they make it clear that mobile devices are genuine and increasing targets. For you as a user, forewarned is forearmed.

To avoid becoming a victim:

  1. Keep mobile security software current. The latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
  2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
  3. Use a private VPN. Hotspot Shield VPN, which is free to download, creates a virtual private network (VPN) between your iPhone, Android or tablet and any internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures