US bank Morgan Stanley has posted letters to an unknown amount of customers, notifying them of potential data breaches involving sensitive personal information left on servers and storage sent to recyclers and on an encrypted drive lost at a branch office.
(Tom: In my personal opinion, having my info in the hands of banks and others with whom I do business is risky enough, as this story illustrates only too well, but storing personal or business data in the cloud takes the risk of loss to a whole new level. That is why I continue to use the accounting and business software I created myself hosted on an inhouse computer.
As an additional note, ransomware, phishing and hacking scams are costing businesses obscene amounts of money. Travel giant CWT pays $6.3m ransom to cyber criminals https://www.itnews.com.au/news/travel-giant-cwt-pays-63m-ransom-to-cyber-criminals-551133
Do some homework and formulate firm policy with which you (and any staff) deal with your emails and web sites you visit. For instance I:
Use strong malware protection, currently Emisoft Enterprise Security Suite.
Never click on links in an email from unknown senders.
Even from known senders I sometimes receive emails with just a link, no explanatory text. I do not click on those. I will sometimes email the sender to ask what it is about.
Never download from file transfer sites unless I expect a link from that person and
Always check the displayed and hidden URL match the expected domain as miscreants will sometimes use what is called a sub-domain or sub-folder to make it look more legitimate. For instance last week I got one allegedly from wetransfer.com but when I held my mouse over the link it was not the wetransfer.com domain, that was used as a folder name like this:
A valid name used as a sub-domain for a hacker site looks like this:
So, just because it has a recognisable name somewhere in the URL, that is a trick to fool those not fully tech savvy. Now you are informed, don’t fall for it.)