It has been a while since we had posts out here, so let me use the space for some practical items that might be helpful.
My hope is that you all pay attention to your data trail. Anything online can be scraped, skimmed or misused. Sadly, data breaches are becoming a weekly occurrence. You need to be aware of this and monitor your card / bank / credit activity appropriately.
Late last week, we were notified that a fairly popular teen monitoring app (TeenSafe) has leaked tens of thousands of subscriber’s information that was not stored as encrypted information. Critical items, including Apple ID’s and passwords were apparently stored as clear text (a no-no for any online system) on a server that for lack of a better description sprang a data leak.
TeenSafe is not a bad app. It is available for both iPhone and Android and allows parents to view their child’s text messages, location, monitor who they are calling and when, access their browsing history and know what apps their teen has installed on their phone.
<<INTERLUDE>> I usually run into two schools of thought on this subject when I speak with teen and parent groups. Group one is what I call the head-in-the-sand “my kid deserves privacy” camp. Group two is the group that lives under the Reaganesque rule I imposed on my kids….. “trust, but verify.” I might have gone a little farther (I actually might have hacked and reprogrammed my kids phones to spin out all texts and the same information TeenSafe provides. Just use the app now – it’s easier).
I had my kids under a user agreement which essentially identified me as the owner of the equipment and the mobile plan, and as such their use was subject to monitoring at any time. Let’s face it, they might as well learn this lesson now – every company in the world has us all click-through a similar screen and they monitor us.
But I digress.
Simply put, if you do not have a monitoring agreement with your child regarding all of their devices then you need your head examined. I see all the data, and I know how it is captured, tracked, used and misused. This requires active parenting rather than just befriending the child and saying “yes” to whatever technological whims they run across – and too many have fallen into a habit of believing our kids should be turned loose to find their own digital path.
Behold – what I have found to be the great sieve of information and privacy leaks on the Internet: Teens. Teens and those over 60 have the highest instances of becoming scamming victims. When it happens to our teens, though, it impacts the entire family because literally everything on their device all the way down to payment methods is tied to the parents. <<INTERLUDE OVER>>
When it comes to data breaches, you CAN protect yourself by just trying to think ahead. An example of a more recent scam to capture information designed to steal your data? How many of you saw this traipsing across Facebook just last week?
You can find junk like this all the time. What amazes me is that people actually participate. Think about those security questions you fill out with your bank or any other online system. “What is your favorite pet’s name?” “What is your favorite vacation spot?” This is known as “out of wallet” information, and it is amazing how many scammers can capture this information just by putting up some lame post like the one above – and so many people just voluntarily spit out the information.
It is hard to stop an active data breach, but you CAN manage what you voluntarily put online. Treat your personal information as you would your wallet. Don’t pass it around.
Just this year alone, we have seen data breaches happen at:
-TeenSafe (passwords and master device ID’s)
-Sears (4/4/18): up to 100,000 individuals who purchased items online at sears.com from 9.27.17 – 10.12.17 having credit card information stolen
-K-Mart (4/4/18): owned by sears and affected by the same breach (tied back to 7.ai)
-Delta Airlines (4/4/18): Affected by the same breach as Sears, but has been vague about the potential impact to customers
-BestBuy (4/5/18): Also affected by the Sears processor breach – notified customers on 4/5. “Only a small fraction of our online online customer population was affected.”
-Saks Fifth Avenue (April notification): Hudson’s Bay, parent company of S.F.A. confirmed a data breach compromised payment systems including customer credit and debit cards. Estimates of the number of affected customers have not been released, but are expected to number in the millions. (Note – Lord & Taylor was also affected by this same breach)
-Under Armour (March, 2018): Data from their “MyFitness Pal” app was accessed by an “unknown party.” While we don’t think payment information was stolen, over 150 million Americans now have their weight histories somewhere out there for the world to see.
-Panera Bread (April, 2018): While it is beyond me why anyone ever goes to Panera (I like food that is made, not thawed), up to 37 million of those who have settled for Panera food and ordered it on the Panera website were subject to losing their personal information including names, addresses and partial credit card numbers.
Of course, the list goes on. Near the end of last year, these companies were breached: Forever21, Sonic, Whole Foods, K-Mart (yep….less than a year ago and now again), Gamestop and Arby’s.
There is a reason we have made an active decision at PV to NOT publish a hard copy directory – primarily because it exposes Personally Identifiable Information (PII) in an insecure way to an audience that is not controlled. Anyone off the street can walk into a church and request a directory by saying they are a new member, and walk out with hundreds of names, addresses, phone numbers, and indicators of children at a household along with their ages.
Believe me, it happens – sometimes with dire consequences.
Our church directory is opt-in and online-only behind a login by design. I realize some of you don’t like that – and I understand. I, too, miss the days when we had a small 3-ring binder with pictures, names, dates of birth, and what I used to call the “asterisk of faith” that we used to denote those who had been baptized. Times have changed, though, and we have a responsibility to adhere to privacy law.
For those who fear our online giving portal – all our systems are certified with the latest banking system security and all activity is encrypted. It is WAY safer than EVER using a check. Checks have become, in my opinion, THE most INSECURE financial instrument out there. On it, you have your name, address, phone, bank routing number and account number. Everything I need to drain your bank account online is on the front of your check – even if you write “void” on it.
Many in our congregation in their work or businesses are racing right now to become GDPR compliant. If you don’t know what that stands for, count yourself lucky. If you DO know, then you know it is a lot of time and money to become compliant.
GDPR. HIPAA. HITECH. The acronyms for attempts to protect data keep coming. Take the time, maybe once a month, to keep yourselves up to date and protect yourself. Most credit cards come with fraud prevention and also allow you to see your FICO score. Checking this on a monthly basis can be an easy indicator. More importantly, though, I would recommend that you put a 90-day fraud alert on your credit file. It is free, and you can require new creditors to contact you by phone to verify you are requesting the credit. Just re-do it every 90-days. You only have to do this at one of the bureaus. Here is the link to do it at Experian – they will notify Trans Union and Equifax.
Oh – and before you fill up your car by swiping that card at the pump, take the extra five seconds and grab that card reader and yank around on it to be sure a skimmer is not attached. If you really want to double-check, look on your phone in the Bluetooth settings area to see if there is a rogue Bluetooth signal around.
Simple vigilance can save you a lot of headaches!
‹ Back to Blog