Two massive data breaches in France have impacted roughly half the nation’s population. The data of an estimated 33 million people has been compromised, making this the country’s largest-ever data breach. 

Attackers targeted two French healthcare payment service providers, Viamedis and Almerys. Both companies manage third-party payments for health insurance in France. According to the CNIL, (Commission nationale de l’informatique et des libertés) France’s data protection agency, data was compromised during two separate breaches that struck in early February. 

From a statement issued by the CNIL, affected records of policyholders and their families include: 

Marital status. 
Date of birth and social security number. 
The name of the health insurer, as well as the guarantees of the contract. 

The CNIL further stated that data such as banking info, medical data, health reimbursements, postal details, telephone numbers, and emails were not swept up by the breaches.  

What’s at stake with the French data breach? 

The concern with this breach, as with any other, is how this breached info might get combined with info from other breaches. Taken together, bad actors might use that combined info to conduct follow-on attacks, including identity theft.  

As such, the CNIL suggests the following for policyholders: 

Be wary of any requests you might receive, particularly if they concern reimbursement of health costs. 
Periodically check the activities and movements on your various accounts. 

In the meantime, the CNIL stated that it’s investigating the attack further, particularly to determine whether the security measures in place were in line with European data standards and obligations.  

What can I do if I think my info was caught up in the French data breach? 

Any time a data breach occurs, it means that your personal info might end up in the hands of a bad actor. In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part. 

Report unauthorized use of your info or accounts immediately. 

As noted by the CNIL, keep an eye on your account. If you note any unusual activity, notify Viamedis or Almerys immediately.  

Keep an eye out for phishing attacks. 

With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. So it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for info, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches. 

With that, you can look into McAfee Scam Protection. It uses AI that detects suspicous links in email, texts, and social media messages. Further, it can block risky sites if you accidentally click or tap a link. 

Change your passwords and use a password manager. 

While it doesn’t appear that login info was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date. 

Enable two-factor authentication. 

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it. 

Consider using identity monitoring. 

Breached and stolen info often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your info was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.  

McAfee’s service monitors the dark web for your personal info, including email, government IDs, health IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services.​ From there, you’ll get guidance that you can act on, which can help protect your info and accounts from potential theft. 

We also offer identity restoration services through our McAfee+ Ultimate subscriptions. Identity restoration includes access to experts who can help generate an effective and efficient plan to quickly restore your identity, so you don’t have to tackle the issue by yourself. 

Consider using comprehensive online protection. 

A complete suite of online protection software can offer layers of extra security. It offers you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account info. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your info. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.   

The French data breach and the breaches to come — you have ways to protect yourself. 

Whether you’re a French citizen or not, word of this data breach offers an opportunity to bolster your defenses. Major breaches like these occur, just as we saw with the Facebook breach in 2021, the PayPal breach in 2023, and the 23andMe breach, also in 2023. Taking preventative steps now can put you a step ahead of the next one.  

Of those steps, using comprehensive online protection software is the strongest. Protection like ours safeguards your privacy, identity, and devices in breadth and depth — protecting you from data breaches and all manner of scams and attacks that often follow them.  

The post France Gets Hit with Its Largest Data Breach Ever — What You Need to Know appeared first on McAfee Blog.

Read More

Amusing story about a penguin named “Squid.”

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false.

Near as I can tell, a German reporter talking to someone at Fortinet got it wrong, and then everyone else ran with it without reading the German text. It was a hypothetical, which Fortinet eventually confirmed.

Or maybe it was a stock-price hack.

Read More

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

Sunnyvale, Calif. based Juniper Networks makes high-powered Internet routers and switches, and its products are used in some of the world’s largest organizations. Earlier this week KrebsOnSecurity heard from a reader responsible for managing several Juniper devices, who found he could use Juniper’s customer support portal to find device and support contract information for other Juniper customers.

Logan George is a 17-year-old intern working for an organization that uses Juniper products. Speaking on condition that his employer not be named, George said he found the data exposure earlier this week by accident while searching for support information on a particular Juniper product.

George discovered that after logging in with a regular customer account, Juniper’s support website allowed him to list detailed information about virtually any Juniper device purchased by other customers. Searching on Amazon.com in the Juniper portal, for example, returned tens of thousands of records. Each record included the device’s model and serial number, the approximate location where it is installed, as well as the device’s status and associated support contract information.

George said a few minutes of digging around the Juniper support portal revealed he could even see product and support information for the U.S. Department of Defense (DoD).

“If there’s one thing I know it’s that I should not be able to see the DoD’s Juniper products,” George said. “But this information was available for hundreds of companies, and I could see what products they had installed and where.”

George said the exposed support contract information is potentially sensitive because it shows which Juniper products are most likely to be lacking critical security updates.

“If you don’t have a support contract you don’t get updates, it’s as simple as that,” George said. “Using serial numbers, I could see which products aren’t under support contracts. And then I could narrow down where each device was sent through their serial number tracking system, and potentially see all of what was sent to the same location. A lot of companies don’t update their switches very often, and knowing what they use allows someone to know what attack vectors are possible.”

In a written statement, Juniper said the data exposure was the result of a recent upgrade to its support portal.

“We were made aware of an inadvertent issue that allowed registered users to our system to access serial numbers that were not associated with their account,” the statement reads. “We acted promptly to resolve this issue and have no reason to believe at this time that any identifiable or personal customer data was exposed in any way. We take these matters seriously and always use these experiences to prevent further similar incidents. We are actively working to determine the root cause of this defect and thank the researcher for bringing this to our attention.”

The company has not yet responded to requests for information about exactly when those overly permissive user rights were introduced. However, the changes may date back to September 2023, when Juniper announced it had rebuilt its customer support portal.

George told KrebsOnSecurity the back-end for Juniper’s support website appears to be supported by Salesforce, and that Juniper likely did not have the proper user permissions established on its Salesforce assets. In April 2023, KrebsOnSecurity published research showing that a shocking number of organizations — including banks, healthcare providers and state and local governments — were leaking private and sensitive data thanks to misconfigured Salesforce installations.

Nicholas Weaver, a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI) and lecturer at UC Davis, said the complexity layered into modern tech support portals leaves much room for error.

“This is a reminder of how hard it is to build these large systems like support portals, where you need to be able to manage gazillions of users with distinct access roles,” Weaver said. “One minor screw up there can produce hilarious results.”

Last month, computer maker Hewlett Packard Enterprise announced it would buy Juniper Networks for $14 billion, reportedly to help beef up the 100-year-old technology company’s artificial intelligence offerings.

Read More

US companies using AI-generated voices during a call without prior consent could receive fines of up to $23,000 per call

Read More

As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.

The Unromantic Side of Valentine’s Day

Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.

Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.

→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day

Recognizing Common Valentine’s Day Scams

Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.

One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.

→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving

Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.

Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.

How to Keep Your Heart and Your Wallet Safe

While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.

One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.

When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.

For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.

Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.

McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.

How to Report a Scam and What to Do If You Fall Victim to One

If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.

Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.

→ Dig Deeper: How To Report An Online Scam

Don’t Let Scammers Ruin Your Valentine’s Day

The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.

And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.

Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.

The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.

Read More

Facebook and other social media companies struggle with trust, with only 6% globally comfortable sharing personal data, according to a 2024 Thales survey

Read More