Jepsen Stresses CyberSecurity at Home and Business, with Settlements and Warnings

National Cyber Security Awareness Month isn’t until October, but Connecticut Attorney General George Jepsen and just over a dozen of his colleagues across the country are getting a head start in warning the public about the dangers of so-called pirate websites. In televised public service announcements now airing in Connecticut, along with social media and radio psa’s, Jepsen shares hackers can infect visitors’ computers with malware and viruses that can leave consumers’ personal and financial information vulnerable.

Cyber security is a topic Jepsen has been involved with for some time.  This past March, the Attorney General announced the creation of a new department within the Connecticut Office of the Attorney General – the Privacy and Data Security Department – that works exclusively on investigations and litigation related to privacy and data security.

The new department has been responsible for all investigations involving consumer privacy and data security. It also helps to educate the public and business community about their responsibilities, which include protecting personally identifiable and sensitive data and promptly notifying affected individuals and the Office of the Attorney General when breaches do occur.

Jepsen is immediate past president of the National Association of Attorneys General (his one-year term ended in June) and has been a member of the organization’s Internet Safety/Cyber Privacy and Security Committee.

National Cyber Security Awareness Month, a month-long collaborative effort between the United States Department of Homeland Security and the National Cyber Security Alliance, began in 2004 and is held every October. During the campaign, individuals are encouraged to take advantage of resources that can help them be safer and more secure while online.

This week, Jepsen’s office announced that Connecticut has joined with 31 other states and the District of Columbia in a $5.5 million settlement with Nationwide Mutual Insurance Company and its subsidiary, Allied Property & Casualty Insurance Company, which resolves the states' investigation into a 2012 data breach that exposed sensitive personal information of 1.2 million consumers across the country. Approximately 774 Connecticut residents were impacted by the breach, the Office said. Connecticut's share of the settlement funds totals $256,559.28, which will be deposited in the state's general fund. The Connecticut Attorney General's office was a co-leader of the investigation and negotiations, along with the Offices of the Attorney General of the District of Columbia, Florida and Maryland.

In May, Jepsen announced that Connecticut joined with 46 other states and the District of Columbia in an $18.5 million settlement with the Target Corporation to resolve the states' investigation into the retail company's 2013 data breach. The settlement represented the largest multistate data breach settlement achieved to date.  That breach affected more than 41 million customer payment card accounts and contact information for more than 60 million customers. Connecticut will receive $1,012,936 from the settlement, which will be deposited in the state's General Fund.

In the new public service announcement, Jepsen stresses that “Nowadays, all of you have to worry about cybersecurity,” Jepsen tells viewers in his ad. “Hackers are always looking for new ways to break into our computers. Something as simple as visiting pirate websites can put your computer at risk.”

"State AGs often serve as the consumer protection agency for their citizens, so we appreciate the leadership they are taking in alerting consumers to the new danger that consumers face from malware and content theft websites," said Tom Galvin, Executive Director of the Digital Citizens Alliance, a consumer-focused group that looks at how to make the Internet safer. "Criminals are exploiting stolen content by baiting consumers to view videos and songs and then stealing their IDs and financial information. It should be a wake-up call for consumers."

Among the states whose Attorneys General are participating in the initiative are Arizona, Hawaii, Idaho, Indiana, Kansas, Kentucky, Louisiana, Montana, North Carolina, North Dakota, Oregon, South Dakota and Wisconsin.

The Connecticut Attorney General's office has previously issued a series of tips for consumers:

TIP #1: When it doubt, throw it out:

Be very cautious about clicking on a link or opening an email, social media post or tweet (or its attachment) from someone you do not know and trust, and always keep virus protection software up to date. Consumers that use Facebook or Twitter should regulate their privacy settings to ensure personal information is protected and not accessible. Also, only allow those that you know into your social network rather than those that you may not recognize.

TIP #2: Watch out for phishing emails or scams:

You may do business online with financial institutions that you know and trust, however, always keep in mind that legitimate businesses will never ask you to reply in an email with any personal information such as your Social Security number, PIN number. If you question the validity of an email you received, call the number on your credit card, bank statement, or on the financial institution's actual website (which you should find online without clicking on any links in a suspicious email).  If available, always use a safe payment option when making online purchases, such as a credit card.

TIP #3: Keep your machine clean and up to date:

Online users can reduce the risk of their computers being infected with malware by keeping antivirus software up to date and having the latest versions of apps, Web browsers and operating systems. Many but not all software programs will automatically update in order to avoid risks.  Consumers should consider turning on automatic updates when available to be sure that critical updates are not missed while waiting for manual download.

TIP #4: Help to educate your children about online safety and security:

Remind your family to limit how and with whom they share any information on line.  When made available, set privacy and security settings on accounts and web browsers used by children to your comfort level for surfing the Web and information sharing.  If your browser does not support such settings, consider using one that does.  From social media to simple internet searches, it is important to talk to children about online security before they potentially confront risks on line.   

TIP #5: Regularly change and update passwords and web keys:

If you use the Internet for banking, bill-paying or other monetary transactions, be sure to select secure, difficult-to-guess passwords and PINs, and get in the habit of changing them on a regular basis whenever possible. Consumers can also protect their personal and communications data by encrypting their own wireless Internet networks and regularly changing their wifi passwords. Try not to login into any social media accounts on a public computer and if you must, be sure to never save passwords or login information.