According to a report today in the Wall Street Journal, Sony Corp. said it is unable to say when it can restore partial service to its PlayStation Network online game system, likely adding to pressure from already frustrated customers who have been subjected to stolen personal data as well as missed deadlines for resumption.

With that in mind, the Daily Shield is pleased to welcome back Intersections’ Consumer Security Advisor, Neal O’Farrell to share his additional thoughts on what some people are calling “the most costly data breach in history.”

No sooner had Sony done a major global mea culpa over its massive PlayStation data breach that exposed the personal information of more than 77 million of its customers, it quickly followed with a “mea gulpa” announcement that the completely separate Sony Online Entertainment network also lost more than 25 million additional customer accounts to a breach by hackers.

In an interview with the Christian Science Monitor, Larry Ponemon, founder of the research organization the Ponemon Institute that tracks the cost of data breaches, estimated that this breach alone could represent “the mother of all data breaches” and could end up costing Sony up to $2 billion. He added “In this mobile connected world, everything is connected. Today it’s our PlayStation, tomorrow it might be our refrigerator or our washing machine.”

Naturally there’s been a lot of talk in the past few weeks about this and all the other breaches now announced almost daily. Specifically the conversations have centered on what more we can do to prevent these data breaches in the first place, and if they really make any difference to victims and consumers anyway.

The sad reality is that most businesses are not as scared of data breaches as they used to be. Sure they’re an embarrassment, and can end up costing them a lot of money. And they can do a great deal of harm to some businesses, especially in the short term.

But I detect a growing apathy to data breaches amongst consumers – I call it breach fatigue – and I believe that many businesses are sensing this fatigue and as a result are worrying less about the long term damage. It’s not unusual when a breach happens for the business involved to batten down the hatches, disappear into the bunkers, and leave their PR teams to deflect any questions or criticisms. After a week or two, the fuss has died down, the storm has passed, and executives can emerge from the bunkers.

We need to prevent this slide into indifference before it becomes the norm, and over the coming days and weeks I’ll be sharing some ideas that I think might make a difference.

For example, I think it’s time we considered creating a breach classification system. Just like a hurricane or earthquake classification, data breaches could be classified by severity to make it easier for consumers to understand how worried they should be about a particular breach.

For example, the lowest level of breach could be a Category 1 and assigned to a breach that involves only a handful of records and the least dangerous information, like a name. This could increase to a maximum Category 5, like the Sony breach, where millions of records are exposed and the data involved includes the most sensitive, like account information, credit cards, and Social Security numbers.

I think a classification system like this might at least make it easier to communicate to confused consumers just how serious a particular breach is, so they can focus on the most series breaches and not worry so much about the ones that can do them the least harm.

There are obviously challenges to crating a system, like who would assign the classification and how quickly a breach could be classified in a way that could be useful to consumers. But with data breaches now a daily occurrence, we must find ways to stem the apathy.

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

The Daily Shield once again welcomes Neal O’Farrell, Intersections Consumer Security Advisor. In today’s article, Neal updates us on a recent report released by Symantec outlining the latest Internet security threats.

We’re already a third of the way through this year, and while cybercrime and identity theft show no real sign of abating, last year was so bad we’re still trying to get a clear picture.

Earlier this month, security firm Symantec did provide some clarity when it published the latest volume of its Internet Security Threat Report that provided an in-depth view of exactly what the bad guys were up to last year. And maybe what it tells us about this year and next.

There is so much troubling news in the report, I thought it might be easier to highlight a dozen or so of the most important conclusions, so here goes.

1. Symantec identified more than 286 million new threats in 2010, including scams, malware, and new exploits and attacks.

2. The company saw dramatic increases in both the frequency and sophistication of targeted attacks on businesses of all sizes.

3. Social networking sites as well as mobile devices were favorite targets for hackers.

4. In 2010, attackers launched targeted attacks against a surprising number of smaller companies.

5. In many cases, the attackers researched key victims within each business and then tailored their attacks to access company networks.

6. Due to their targeted nature, many of these attacks succeeded even when victim organizations had basic security measures in place.

7. Data breaches caused by hacking resulted in an average of more than 260,000 identities exposed per breach in 2010, nearly quadruple that of any other cause.

8. One of the primary attack techniques used on social networking sites involved the use of shortened URLs. In 2010, Symantec found that 65% of malicious links in news feeds on places like Facebook used shortened URLs. Of these, 73% were clicked 11 times or more, with 33% receiving between 11 and 50 clicks.

9. Most malware attacks in 2010 against mobile devices took the form of Trojan horse programs posing as legitimate applications.

10. Symantec documented 163 vulnerabilities during 2010 that could be used by attackers to gain partial or complete control over devices running popular mobile platforms.

11. The price of bots on the cybercrime underground has gone as low as $15 for 10,000 bots. Bots are compromised computers that can be linked together to steal identities, share and hide stolen data and pornography, and attack other computers. Once under the control of “bot herders” these compromised computers are rented out to other criminals.

12. In the same underground economy, stolen credit cards get fetch as much as $100 each to as little as seven cents. It all depends on how much supporting information is included (like names and addresses), the fund limits and balances available on the stolen accounts, and whether the criminal buyers purchase in bulk.

The report was published at just about the same time that a 26-year-old hacker from Lithonia, Georgia admitted to a variety of identity theft charges after he was arrested in possession of a staggering 670,000 stolen credit card records.

The thief admitted that he was able to steal half of those cards from hacking into just one company, and was only caught after the Secret Service bought some of the stolen cards from him in a sting. According to financial institutions, the cards in his possession had already been used to scam more than $36 million from consumers, banks, and credit card companies.

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

Sophos, Mashable, ID Guardian and a number of other media outlets have reported today about a scam that is targeting fans of the popular series “Twilight.”

Users are being tricked into “Liking” the scam links, but the ultimate goal is to steal your personal information. By clicking on the “Play Now” button, you will be “clickjacked” and the scam will spread itself virally to all of your other friends on Facebook (not a good thing!).

What to do if you’ve already been hit by this scam? Sophos has created a YouTube video that will show you how to clean up your Facebook account. As we always say, please, please be careful on which links you click, even if they are from a “friend” on Facebook!

Want to learn more about identity theft and fraud protection?

Keep informed about the latest threats to your safety. Join our Facebook group.

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

In today’s edition of the Daily Shield, Intersections’ Consumer Security Advisor Neal O’Farrell talks about the dangers of social media.

One tweet, one word, one mistake. That’s all it took to not only cost a media executive his job, but also placed the jobs of twenty of his colleagues in jeopardy.

That’s according to a recent story on AP. The first victim to be “twipped up” by the tweeting was the media executive working under contract to Chrysler in Detroit. While stuck and frustrated in traffic clogging the motorway, he used a common expletive in a pretty tame 140 character observation about how bad Michigan drivers really were.

But instead of posting it on his personal twitter feed, it inadvertently made it to Chrysler’s corporate Twitter feed. And the motor city giant was not pleased.

In what some might see as a typical overreaction by an overly sensitive corporate giant, Chrysler went into damage control mode and not only fired the tweeter, but took the entire account away from the media company that employed him.

Which meant twenty of his colleagues also lost their jobs. A very high price to pay for a simple error of judgment. Maybe too high. Certainly this executive’s future in the media business is probably in great doubt, and who knows what damage will be done to the small business that lost such a big account.

But maybe it will backfire on Chrysler too, who may be seen as too sensitive to the small flub and way too insensitive to hardworking locals who may now be joining Michigan’s very, very long unemployment line.

And exactly what was the offending tweet? “I find it ironic that Detroit is known as the #motorcity and yet no one here knows how to (expletive) drive.”

But it does serve as a warning. Nothing you post on social networking is safe or private. Employers are increasingly showing zero tolerance for anything done or said on social networks that might negatively impact their business or reputation.

In September 2010, email security firm Proof Point releases a study that found 20% of companies polled had disciplined employees for social networking mistakes or policy breaches, and 7% had actually fired employees. And in the recent 2011 Javelin Strategy & Research Identity Fraud Survey Report, users of social networks are twice as likely to suffer identity fraud compared to those who do not.

Which may be why more than half the companies polled actually ban the use of Facebook in the workplace, and nearly a third ban LinkedIn.

Want to learn more about identity theft and fraud protection?

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.

In a letter to congress released yesterday, Facebook announced its intention of moving forward with plans to release personal information (phone numbers, email addresses, physical addresses) to 3rd parties. Facebook had actually made this announcement several months earlier, but then backed off implementing the policy amidst public outcry.

The letter from Facebook, written to Reps. Edward Markey (D-Mass.) and Joe Barton (R-Tex.) states, “We have not yet decided when or in what manner we will redeploy the permission for mobile numbers and addresses,” the letter states. “We are evaluating whether and how we can increase the visibility of applications’ request for permission to access user contact information. We are also considering whether additional user education would be helpful.”

The Daily Shield does not want to wait for Facebook to provide that “additional user education.” It’s easy to limit 3rd-party access to your information. Here are our recommendations:

1. In the upper right hand corner of your Facebook profile, click on “Account” and then click on “Privacy Settings”
2. You are now on a page titled “Choose Your Privacy Settings”
3. Under the heading “Sharing on Facebook,” select “Custom.” This allows you to select what information you will share and with whom.
4. Select “Customize Settings”
5. This page allows you to decide who can see and comment on things you share, things on your Wall and things you’re tagged in. At this point, what you share is matter of your own personal choice, but we suggest at a minimum that you select “Only Friends,” for information such as Wall Posts, Relationships, Bio, etc.
6. Scroll down to the bottom of the page and under the Contact Information settings, change the settings for “Mobile Phone,” “Other Phone,” “Address”, “IM Screen Name”, and your email address to “Only Me.”

We at the Daily Shield question the need for even listing information such as your phone number and address on social networks like Facebook. Your real friends already have your contact information, and there is no reason to share that information with the rest of the world. The best defense is not posting your personal information to Facebook at all. The only way to completely eliminate the possibility of 3rd-party applications from accessing your personal information is by not posting personal information to Facebook.

Facebook is a remarkable tool that lets you share information with friends and family. But, it is not a phone book or online directory. Ultimately it all becomes a personal decision. You, and you alone can decide what information you wish to share.

Let’s be perfectly clear. We love Facebook and the power of social networking technology. We at Identity Guard have our own Facebook page, and we use it to pass along information that we consider to be vital for protecting the one thing that makes you uniquely you – your identity. But at the end of the day, each of us has to take responsibility for protecting ourselves. And that protection starts with being constantly vigilant and being careful about the type and amount of information you put out there on the Internet for all to see. Here are some additional tips for staying safe online.

Facebook VP Ellliot Schrage said it best when he commented on a similar privacy uproar last year. He said, “If you don’t want Facebook to share your personal information, don’t share your personal information with Facebook.”

Well said Elliot. We agree. We couldn’t have said it better ourselves.

Want to learn more about identity theft and fraud protection?

Take the first step. Learn more about the flexible and innovative solutions from IDENTITY GUARD®.