Ohio Unemployment Data Breach

Ohio Unemployment Data BreachOhio unemployment applicants were notified last week that their personal information was compromised and exposed to other applicants. Through an error in the application process, some applicants had access to a database file with other applicants’ personal information. The data exposed included first and last name, social security number, and home address. 130,000 applicants were affected by the breach.

“Deloitte Consulting is currently under contract with the Ohio Department of Job and Family Services (ODJFS) to develop the system to administer the pandemic unemployment assistance (PUA) program. Over the weekend, Deloitte Consulting notified ODJFS that about two dozen individuals inadvertently had the capability to view other PUA claimants’ correspondence. Once the unauthorized access was identified, Deloitte fixed the issue within one hour. ODJFS contacted the individuals who had accidental access to the system data.” ODJFS said in a public statement.

Many applicants were still waiting for benefits to begin when the notification came through that their data had been compromised. Deloitte Consulting was brought in to help process the influx of applicants with 1099 tax forms. This form is typically associated with self-employment and independent contractors, and was previously not covered under unemployment before the Pandemic Unemployment Assistance Program. Illinois and Colorado, two other states using Deloitte Consulting, reported similar data exposure to their unemployment applicants’ data. Deloitte Consulting is offering free credit monitoring to those affected.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

COVID-19 Themed Templates for Hackers

Hackers use COVID-19 Themed TemplatesNew, Sophisticated Hacking Techniques in the Age of COVID-19

Hackers are using new methods to create very credible looking, fake websites to steal login credentials. Security firms are seeing an increase in the use of website templates to create phishing websites that look and feel like the real thing. These templates, available on underground forums and marketplaces, are a quick and easy way for criminals to create convincing, fake websites to steal information. The known templates mimic websites from the World Health Organization (WHO), Internal Revenue Service (IRS), Centers for Disease Control (CDC), the United Kingdom government, the government of Canada, and the government of France. Many of these templates have multiple working pages to make them look more realistic. The template that mimics the government of Canada even has English and French segments.

More than half of the phishing campaigns recorded since January are using these new spoof templates to fool consumers. Hackers are using normal phishing techniques, creating urgency by claiming recipients will lose benefits, or reporting a breakthrough on the pandemic. The difference is the use of these templates to create very convincing fake websites. This change in strategy has been effective, resulting in an increase in successful phishing attacks.

Below are some examples of the fake phishing site templates:

This fake CDC site is asking user to authenticate with an email service to generate a vaccine ID.

Fake IRS Page

This fake IRS website created from an available template goes a step further, asking users to enter SSN, DOB, and other private identity information.

Avoid falling prey to these new phishing campaigns by being aware of the links you click on in emails. If an email is creating urgency or preying on emotion (click on this link now or you will lose your vaccine benefits!), the email is probably a scam. Instead of clicking the link, go to the known government website and look for the information. The criminals are making it more difficult to differentiate the fake websites and using emotion to get users to click. Stay informed and think before you click.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Firefox Private Relay Service

Firefox Private Relay ServiceLiving and working on the internet means exposing your email address to many opportunities for spam. A new service from Firefox aims to give users more control over the exposure of their email address. Firefox is testing a new browser extension named Private Relay Service. The extension would generate private, or ‘burner’ email addresses as needed, and forward the incoming traffic to the user’s actual email address. These burner addresses could be used to sign up for online services, or be used when a website requires an email address for access to content. Often these websites will use the email address provided to send a confirmation email, and then spam or sell the address to other services.

A burner email address could be turned off temporarily, or deleted all together if the user notices a lot of spam coming from a single outlet.

Private Relay adds UI to generate unique, random, anonymous email addresses that forward to your real address. You can use your relay addresses to sign up for apps, sites, or newsletters. When you’re done with that service, you can disable or destroy the email address so you’ll never receive any more emails from it.”

The service would also add a layer of security in the event a company’s database is compromised; giving users more control over who has their email address.

The Firefox add-on is currently in testing, but interested users can install the add-on to Firefox now and create a login to be available for the first round of invitations. Apple announced a similar service earlier in the year called ‘Sign in with Apple.’ This service is also currently in testing.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Feature Newsletter

Quanexus Q-News

This week we are featuring our current newsletter. In this newsletter we focus on Security Awareness Training, Long Term Digital Photo Storage, How Data Security Resonates with Customers, and What We Learned from the Equifax Breach.

Click here for the Newsletter

You can also subscribe to our email list and receive the newsletters when they are published. Read previous Newsletters and subscribe to our email list by clicking here.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Wireless