Ofer For You (1)

Thursday 26 February 2015

Record-breaking 1Tbps Speed achieved Over 5G Mobile Connection


5g-high-speed-internet-service
New Generations usually bring new base technologies, more network capacity for more data per user, and high speed Internet service, for which Internet service providers usually advertise. However, it is believed that the fifth generation (5G Technology) of mobile network will be beyond our thoughts.

1TBPS OVER 5G
Security researchers from the University of Surrey have just achieved Record-Breaking data speeds during a recent test of 5G wireless data connections, achieving an incredible One Terabit per second (1Tbps) speed – many thousands of times faster than the existing 4G connections.

After 4G, 5G is the next generation of mobile communication technology that aims at offering far greater capacity and be faster, more energy-efficient and more cost-effective than anything that has seen before. The boffins say 5G will be different – very different.

The 5G test was conducted at the university's 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners including Huawei, Fujitsu, Samsung, Vodafone, EE, Aircom, BT, Telefonica, Aeroflex, BBC and Rohde & Schwarz.

DOWNLOAD 100 MOVIES IN JUST 3 SECONDS
1Tbps of speeds are far faster than previously announced 5G tests – Samsung’s 7.5 gigabits per second (Gbps) record, which was 30 times faster than 4G LTE (Long-Term Evolution) speed and just less than 1% of the Surrey team's speed.
"We have developed 10 more breakthrough technologies and one of them means we can exceed 1Tbps wirelessly. This is the same capacity as fiber optics but we are doing it wirelessly," 5GIC director Prof Rahim Tafazolli told the news website V3.
With 1Tbps, it is possible to download a file 100 times the size of a feature film in just three seconds. This incredible speed is over 65,000 times faster than the current 4G download speeds.

5G EXPECTED TO ROLL OUT BY 2020
The test was carried out over a distance of 100 meters using equipment built at the university. The head of the 5GIC said he planned to demonstrate the technology to the public in 2018. It’s believed that 5G could possibly be available in the UK by 2020.

UK communications regulator Ofcom has been supportive of efforts to get 5G to the public. Ofcom previously said it expected 5G mobile should be able to deliver speeds between 10 and 50Gbps, compared with the 4G average download speed of 15 Megabits per second (Mbps).
According to Prof Tafazolli, there were hurdles to overcome before 5G would be ready, he said, "An important aspect of 5G is how it will support applications in the future. We don't know what applications will be in use by 2020, or 2030 or 2040 for that matter, but we know they will be highly sensitive to latency."
There is a need to bring "end-to-end latency down to below one millisecond" in order to enable latest technologies and applications which would just not be possible with 4G. Tafazolli mentioned 3D holographic chess games on smartphones, controlling connected cars over 5G and other possible future applications requiring such low latency.

5G – NEW FRONTIER FOR CYBER ATTACKS
5G will, no doubt, provide a high speed Internet connectivity that would be really a great news for all, but that would be a distinction for cyber criminals as well. In Future, by leveraging 5G technology, it would be very easy for hackers and cybercriminals to take down almost any website on the Internet using Distributed Denial of Service (DDoS) attacks.

In Era of expected 50Gbps Internet speed at home or business, there would be no need for cyber criminals to make a critical infrastructure of botnets by compromising hundreds of thousands of devices, rather they only need few devices with 5G Internet connection to launch the ever largest DDoS attack of around 1 Tbps.

To resolve such issues in future, High speed Internet service providers and online communications service providers need to setup real time monitoring, reporting, limiting, and mitigation and protection mechanism against DDoS attacks in an attempt to protect online users.
-

WhatsApp Web Client Now Available on Firefox and Opera Browsers

By Saumya
Author @ H2K

It's been a long time coming, but now the users of Firefox and Opera browsers don’t need to rely on the Chrome browser to access WhatsApp Web client, as the most popular smartphone messaging service has announced that the Web-based version of its service now works on Firefox and Opera web browsers too.

WHATSAPP WEB AVAILABLE FOR OPERA & FIREFOX
Almost a month ago, WhatsApp launched the web client of its service but the access was limited only to the Google Chrome users. Now, the company is giving more choices to desktop users by launching WhatsApp Web Today for Opera and Firefox browsers, though you’ll still have to wait a little long if you’re a Safari user.

WhatsApp Web is nothing than an extension of the core mobile WhatsApp application. It syncs conversations from your smartphone devices to your PCs, with everything stored on the mobile device itself.

HOW TO USE WHATSAPP ON PC/DESKTOP
whatsapp-web-opera-firefox-browsers
In order to install WhatsApp web in your PC or laptop running Google Chrome, Mozilla Firefox or Opera browsers, you need to follow same steps, as the sign-up process is the same as with Chrome browser:
  • Interested WhatsApp users simply need to open Chrome and navigate to http://web.whatsapp.com
  • A QR code will appear on the web page, which must be scanned using WhatsApp mobile application to activate the service.
  • By scanning the QR code that appears, users will automatically have paired their mobile WhatsApp with the WhatsApp web client, as shown.
For now, WhatsApp Web only works with Android, Windows Phone and BlackBerry devices, but unfortunately, iPhones still don't have the capability to scan the WhatsApp Web QR code because there's no web solution at this time for iOS users because of limitations of the platform.

Currently, WhatsApp has 700 million users sending 30 billion messages per day, and is bigger than most of its competitors, including Facebook Messenger, Line and WeChat. Now, this new WhatsApp web client available for a wider range of browsers will definitely increase its market.

Wednesday 25 February 2015

Windows? NO, Linux and Mac OS X Most Vulnerable Operating System In 2014


Author @ H2K 


vulnerable-operating-system
Apple’s operating system is considered to be the most secure operating system whether it’s Mac OS X for desktop computers or iOS for iPhones. But believe it or not, they are the most vulnerable operating system of year 2014.

MOST VULNERABLE OPERATING SYSTEM 
Windows, which is often referred to as the most vulnerable operating system in the world and also an easy pie for hackers, is not even listed on the top three vulnerable OS. According to an analysis by the network and security solutions provider GFI, the top three most vulnerable operating system are:
  • Apple’s Mac OS X
  • Apple iOS
  • Linux kernel
GFI analysis is based on the data from the US National Vulnerability Database (NVD), which shows that in 2014, the top three most vulnerable operating systems took owner by the following number of vulnerabilities reported in their software:
  • Mac OS X - Total 147 vulnerabilities were reported, 64 of which were rated as high-severity
  • Apple’s iOS - Total 127 vulnerabilities were reported, 32 of which were rated as highly-severity
  • Linux Kernel - Total 119 vulnerabilities were reported, 24 of which were rated as high-severity.

MAJOR VULNERABILITIES REPORTED IN 2014
The major vulnerabilities that took over the Internet in 2014 were as follows:
  • HEARTBLEED - A critical security vulnerability detected in OpenSSL left large number of cryptographic keys and private data from the most important sites and services on the Internet open to hackers. It was considered to be one of the biggest Internet threat in the history.
  • SHELLSHOCK - A critical remotely exploitable vulnerability discovered in the widely used Linux and Unix command-line shell, known as Bash, aka the GNU Bourne Again Shell, left countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals.
Surprisingly, Microsoft’s Windows 78 and 8.1 Operating Systems were the least vulnerable OS, as they fall into the bottom half of the list and rank at 5th, 7th and 8th, with 36 vulnerabilities reported in all of them.
"2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems,explained GFI Software manager Cristian Florian.
Linux and Mac OS X Most Vulnerable Operating System In 2014
Windows Server 2008 was the fourth most vulnerable OS in 2014 with 38 vulnerabilities, but it isn't a version aimed at consumers.

MOST VULNERABLE APPLICATION
However, when it comes to applications, Microsoft proved to be on the contrary, as its Internet Explorerbrowser lead the list with 242 total vulnerabilities, with 220 of them being rated as critical.

Obviously, this could embarrass Microsoft, as Internet Explorer has nearly twice as many security flaws than the second most vulnerable application, which was Google Chrome.

Google Chrome browser had 124 vulnerabilities reported in 2014. On the other hand, Adobe Flash Playerimproved last year with only 76 vulnerabilities reported.
Linux and Mac OS X Most Vulnerable Operating System In 2014
Overall, a total of 7,038 new security vulnerabilities were added to the National Vulnerability Database (NVD) last year, which indicates that an average of 19 new security vulnerabilities were reported every day.

Out of those, 80% were reported in third-party applications, 13% in operating systems, and 4% in hardware devices.

For those who aren't aware, NVD is the US government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

Monday 16 February 2015

Visa Wants To Track Your Smartphone to Prevent Credit Card Fraud


VISA MOBILE LOCATION CONFIRMATION APP
The payment processing and credit card giant Visa has came forward to put an end to this problem by letting cardholders the chance to buy things wherever they are. The company plans to release a new location-based feature that will help cardholders to update their location via smartphone.

Starting in April, the banks will include the software application, dubbed Visa Mobile Location Confirmation, in their smartphone apps. The app will use cardholders smartphone's ability to locate itself and verify that they're near where the card is being used.

IN WAKE OF INCREASING CREDIT CARD FRAUD
The idea behind this new move is to reduce the rising incidents of credit card fraud and fraudulent transaction that are a lot higher if the transaction takes place in a different location from the phone’s actual location. The app will differentiate between an authenticate transaction and a suspicious one.
"Mobile Location Confirmation is an optional service for consumers that will be offered through participating financial institutions’ mobile banking applications," Visa said Thursday. "The service uses mobile geo-location data in real time as an additional input into Visa’s predictive fraud analytic."
THE COMPANY BEHIND
This new software is supplied by a company called Finsphere - a leader in the use of mobile data and geospatial analysis. The software will be an opt-in service, meaning that it won't work until people grant permission.

In order to set up the location tracker, Visa has collaborated with different card-issuing banks to add its software to their mobile banking apps.

HOW THE APP WORKS ?
If the cardholder opts in for the feature, over a period of time, the Visa software will plot out a cardholder’s home range with a radius of roughly 50 miles.

If that customer leaves that territory, the tracker will send that information to Visa that the customer has entered a new city or country, and the company will be less likely to flag that card for fraud alerts when purchases at different area stores are made.

The move by the payment processing giant is good enough to lower the risk of credit and debit card fraud. The loss in terms of money by credit card fraud is rising with every year. According to the latest data available from the Federal Reserve, debit card fraud cost banks $1.57 billion in 2013 and credit card fraud cost $4 billion in 2012.

Friday 13 February 2015

Bypassing Windows Security by modifying 1 Bit Only

Bypassing Windows Security by modifying 1 Bit Only
Among several vulnerabilities, Microsoft on Tuesday patched a critical vulnerability that could be exploited by hackers to bypass security measures on all versions of Windows operating systems from XP to Windows 10, just by modifying a single bit.

The local privilege escalation vulnerability (CVE-2015-0057) could give attackers total control of the victims’ machines, explains Udi Yavo, the chief technology officer at the security firm enSilo.

"A threat actor that gains access to a Windows machine can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization," said Yavo.

INTERESTING PART OF THE FLAW
Yavo continued, "Interestingly, the exploit requires modifying only a single bit of the Windows operating system."
The flaw existed in the graphical user interface (GUI) component of the Win32k.sys module within the Windows Kernel which, among other things, manages vertical and horizontal Windows’ scroll bars. The flaw actually resides in the xxxEnableWndSBArrows function which could alter the state of both scroll bars through a call.

The researchers at the security firm managed to create an exploit for all versions of Windows and found that the desktop versions up to Windows 10 technical preview were affected by the vulnerability.

In an advisory, Yavo provided a detail technical analysis of the vulnerability and showed that even a minor bug can be used by remote attackers to gain complete control over any Windows operating system.

VIDEO DEMONSTRATION
Yavo included a proof-of-concept video, that doesn't actually disclose any sensitive code, but shows the privilege escalation exploitation on a machine running 64-bit Windows 10 Technical Preview. 

You can watch the video below:

The attack method can be used to bypass kernel protections such as Kernel Data Execution Prevention (DEP), Kernel Address Space Layout Randomization (KASLR), Mandatory Integrity Control (MIC), Supervisor Mode Execution Protection (SMEP), and NULL deference protection.

FUNNY PART
Yavo also found an ancient piece of code in calls within the horizontal scrollbar component of the xxxEnableWndSBArrows function to the xxxWindowEvent function, and the "funny" thing about it was that that it’s a dead code. This code he said had existed "for about 15-years doing absolutely nothing".

However, the vulnerability was patched by Microsoft on Tuesday. But, the company still hasn't addressed a recently disclosed Universal Cross-Site Scripting (UXSS) vulnerability affecting Internet Explorer that could allow malicious hackers to inject malicious code into users' websites and steal cookies, session and login credentials.

Thursday 12 February 2015

Facebook Vulnerability Allows Hacker to Delete Any Photo Album

Kunal Vohra

Director @ H2K

Facebook Vulnerability Allows Hacker to Delete Any Photo Album
A Serious vulnerability in Facebook has recently been reported that could allow anyone to delete your complete Facebook photo album without having authentication.

Security Researcher Laxman Muthiyah told The Hacker News that the vulnerability actually resides in Facebook Graph API mechanism, which allows "a hacker to delete any photo album on Facebook. Any photo album owned by an user or a page or a group could be deleted."

DELETING FACEBOOK PHOTO ALBUMS
According to Facebook developers documentation, its not possible to delete albums using the Graph API, but Indian security researcher has found a way to delete not just his own, but also others Facebook photo albums within few seconds.
"I decided to try it with Facebook for mobile access token because we can see delete option for all photo albums in Facebook mobile application isn't it? Yeah and also it uses the same Graph API," he said.
In general, Facebook Graph API requires an access token to read or write users data, which gives limited access to an app only. However, Laxman discovered that his own "access token" generated for mobile version of Facebook could be exploited to remove any photo albums posted by any Facebook User.

In order to delete a photo album from victim’s Facebook account, the attacker only needs to send a HTTP-based Graph API request with victim’s photo album ID and attacker’s own access token generated for ‘Facebook for android’ app.

SAMPLE REQUEST
Request :-
DELETE /<Victim's_photo_album_id> HTTP/1.1
Host : graph.facebook.com 
Content-Length: 245
access_token=<Your(Attacker)_Facebook_for_Android_Access_Token>
VIDEO DEMONSTRATION

Facebook Bug Bounty program rewarded him with $12,500 USD for helping the Facebook Security team to patch this critical loophole.

Wednesday 11 February 2015

Facebook Launches Free Mobile Internet Service In India


By Kunal VohraDirector @ H2K 


Last year, the founder of the Social Network giant highlighted the future of universal Internet access, the dream that Facebook founder Mark Zuckerberg wants to fulfill — Making Internet access available to everyoneacross the world just like a service as essential as of 911 in the case of an emergency.

Dreams are transforming into Reality!! Facebook’s Internet.org app has launched in India to offer free Internet access to a set of websites for users in seven different circles, including Mumbai, Maharashtra, Gujarat, Andhra Pradesh, Chennai, Tamil Nadu and Kerala.

Internet.org, with motto 'Internet for All', named after a project developed by the world’s biggest social network site Facebook to expand Internet access to "the next 5 billion people" around the world who currently don't have it.

Facebook has tied up with India's Reliance Communications in an effort to provide free Internet services to users on mobile phones, making India the first country in Asia to get Facebook's Internet.org service.

The Internet.org Smartphone app will initially provide free Internet access to a total of 38 websites and services. The service will work for both existing and new subscribers of Reliance Communications and will work on both feature phones as well as Android smartphones.

India is not first country to receive the service, Internet.org app has far been available in Colombia and a handful of African countries, including ZambiaKenya, and Tanzania, but now the service is making its way to India’s billion-plus population.
"This is a big step forward in our efforts to connect everyone to the Internet, and to help people share their ideas and creativity with the entire world. We'll continue to improve the experience and roll it out to other parts of the world," Facebook said in a statement.
Most of the services on Internet.org are available in English and six local languages — Hindi, Tamil, Telugu, Malayalam, Gujarati, and Marathi — and they can be accessed through the dedicated Android app, from the start screen of the Opera Mini mobile Web browser, or from UCWeb’s popular UC Browser app.

The full list of services includes:
  • Aaj Tak: News in Hindi
  • AccuWeather: Weather information
  • amarujala.com: News in Hindi
  • AP Speaks: Engage with local government
  • Babajob: Search for jobs
  • BabyCenter & MAMA: Learn about pregnancy and childcare
  • BBC News
  • Bing Search Cleartrip: Check train and flight schedules & buy tickets
  • Daily Bhaskar: Read local news
  • Dictionary.com
  • ESPN Cricinfo: Cricket updates
  • Facebook
  • Facts for Life: Health and hygiene information
  • Girl Effect: Articles and tips for girls
  • HungamaPlay: Music
  • IBNLive: News
  • iLearn: Learn from Women Entrepreneurs
  • India Today: Local news
  • Internet Basics
  • Jagran: Local news
  • Jagran Josh: Education and career information
  • Maalai Malar: News in Tamil
  • Maharashtra Times: News in Marathi
  • Malaria No More: Malaria information
  • manoramanews.com: Local news
  • Messenger: Send messages to friends and family
  • NDTV: Read news
  • Newshunt: Read news in English
  • OLX: Buy and sell products and services
  • Reliance Astrology: Read your horoscope
  • Reuters Market Lite: Get farming and crop information
  • Socialblood: Register to donate blood
  • Times of India: Read news
  • TimesJobs: Search for jobs
  • Translator: Translate words and phrases
  • Wikipedia: Find information
  • wikiHow: Find information
On the whole, it is reasonable to expect that giving poor people access to Internet and possibility of connecting with people anywhere around the world will be socially transforming the life in a very positive way.

Tuesday 10 February 2015

Xposed Framework for Android 5.0 Lollipop coming “soon”



By Kunal Vohra
Director @ H2K

OnePlus-One-Android Xposed framework-bootmanager-3-2
The popular Xposed Framework, which allows for a wide range of customization tweaks to Android, sadly is not yet working with Android 5.0 Lollipop. Developer, rovo89 had previously commentedabout issues with development time and adapting the software to various new Lollipop features, but it looks like a release may finally be nearing.
Commenting briefly on the XDA Forum, rovo89 indicates that Xposed for Lollipop could be ready “soon” and that it is already “working very well”. Previously, it was not even clear if bringing all of the features over to Lollipop would be possible, but fortunately it seems that development has come along well and is working on his own Nexus 5, as shown in the screen-shot below.
Previously, compatibility issues with the ART run time, SE Linux security and a lack of time to commit to the project had been holding back a Lollipop version of the software.
Xposed Lollipop working
We still don’t have a date set for release, but this is a much more upbeat outlook for Xposed fans than there appeared to be towards the end of last year. Hopefully it won’t be too long until Lollipop users can resume tinkering with Xposed Framework.

Monday 9 February 2015

Samsung Admits Its Smart TV Is Spying On You

By Kunal Vohra
Director @ H2K

Samsung Admits Its Smart TV Is Spying On You
Is Your Smart TV Spying On You? You just need to make sure you don't hold any private conversations in front of the internet-connected TV.

IS SMART TV GETTING TOO SMART?
Smart TVs are connected to the Internet, and they are capable of collecting and transmitting our data.

Samsung's Smart TV uses voice recognition technology to enable voice commands, but its privacy policy defined by the company says "if your spoken words include personal or other sensitive information, that information will be captured and transmitted to a third party."

In other words, Samsung's Voice Recognition feature is always listening you, unless you deactivate it. So these internet-enabled smart devices can be exploited to reveal a wealth of personal.
"In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features." Samsung Smart TV privacy policy says.
Samsung points out that the voice recognition feature can be turned off by the TV's owner, but even if you turn the feature off, Samsung can still collect enough of your data.
A spokesperson for the company told that Samsung "takes consumer privacy very seriously. In all of our Smart TVs we employ industry-standard security safeguards and practices, including data encryption, to secure consumers’ personal information and prevent unauthorized collection or use"
samsung-smart-tv-spying
This is not the first time Samsung Smart TV or other Internet of Things has set off alarms among privacy experts.
  • December 2012: Security researcher revealed a vulnerability in Samsung Smart TVs that allows an intruder to take control of the devices that are connected to the same network.
  • November 2013: Researchers found that LG's Smart TVs are sending personal information back to the company's servers about what channels you watch and viewing habits.
  • July 2013: Another vulnerability allowed hackers to remotely crash Samsung Smart TV without doing much efforts.
  • January, 2014: More than 100,000 Refrigerators and other internet-enabled home appliances were hacked to perform a massive cyber attack.
  • April 2014: We reported about cyber attacks and specialized malware targeting Internet of Things (IoT) such as TVs, Refrigerators, Microwave or dishwashers.
Internet-enabled devices and voice command technology is becoming more ubiquitous, and many consumers rely on those solutions. So it is advised that companies needs to address some elements of its privacy policy more properly.

Sunday 8 February 2015

Anthem Data Breach — 6 Things You Need To Know



By Kunal Vohra
Director @H2K

Anthem Data Breach
The Nation’s second largest Health insurer company, Anthem, alerted its customers on Wednesday that hackers had stolen the personal information of over 80 Millions of its customers, making it the largest data breach and double the number of payment cards affected by Target data breach occurred in 2013.

The stolen personal information includes residential addresses, birthdays, medical identification numbers, Social Security Numbers, email addresses and some income data belonging to both current and former customers and employees, including its own chief executive.

80 Million is a vast number — it's roughly the populations of California, Texas and Illinois when combined together. So far, there is no evidence whether financial or medical information of the company’s customers was compromised, according to a statement given by Anthem’s vice president, Kristin Binns.

The health giant, based in Indianapolis, has hired cybersecurity firm FireEye’s Mandiant division to work out which customers. Despite these efforts, the company has not yet identified the attacker behind the massive Anthem data breach.

1. WHAT WENT WRONG ?
Now the question rises, What went wrong with the second largest health insurer company that it lead its 80 million customers expose to mega cyber hacks?

Anthem hack could be due to a vulnerability in the healthcare company, and security experts say the stolen information was vulnerable because Anthem did not take proper precautions, such as protecting the data in its computers and servers through encryption, in the same way it protected medical information that was sent or shared outside of the database.

A spokesperson from Anthem says they do not known who is behind the attack, but a number of security consultants have pointed that in the past Chinese hackers have shown their interest in targeting popular healthcare companies.

It is to be estimated that the malicious hackers may have infiltrated the Anthem’s networks by making use of a sophisticated malicious software program that gave them access to the login credential of an Anthem employee, thereby breaching 80 million customers.

2. BEWARE!! E-MAIL SCAMS TARGETING ANTHEM CUSTOMERS
As soon as the story broke, cyber criminals started exploiting the latest Anthem data breach in an attempt to persuade people to sign up for bogus credit protection services and provide personal information about themselves.

The insurer company on Friday warned its customers about an e-mail scam targeting former and current customers whose personal information was suspected to have been stolen in the Anthem breach.

Anthem warned about the email scam in a statement saying that the emails appears to come from Anthem and ask recipients to click on the attached link in order to obtain credit monitoring. Do not click on such links and do not provide any information on any website, Anthem advised its customers.

Don’t expect any email warnings from the company because the Anthem hack is much severe than what it appears. To avoid fallout from the hackers, Anthem said it will contact its customers only via mail delivered by the U.S. Postal Service. The company will not call members regarding the breach and will not ask for any credit card information or Social Security numbers over the phone or via an email.

3. THIS DATA BREACH COULD LEADS TO OTHER BREACHES
Anthem claimed that the hackers didn’t appear to have stolen customers’ medical information. However, medical identification numbers were taken, along with Social Security numbers, addresses and email addresses, which could be by cyber crooks used for medical fraud.

Medical identity theft has become a booming business, according to security experts, who warned that the hackers’ succeeded in penetrating Anthem’s computer systems could use the stolen information to target other health care companies.

Over 90 percent of healthcare organizations reported they have had at least one data breach over the last two years, according to a survey of health care providers published last year by the Ponemon Institute, a privacy and data protection research firm.

4. CALIFORNIA CUSTOMER SUES ANTHEM
A California woman on Thursday accused Anthem of failing to properly secure and protect its customers’ personal information, including usernames, birth dates, addresses and social security numbers. She seeks to represent all other customers who have been affected by this massive data breach.
"It appears that Anthem’s security system did not involve encrypting Social Security numbers and birth dates –- two of the most valuable pieces of information that a thief can have," Susan Morris said in her complaint filed in federal court in Santa Ana, California.
Among other claims, Morris seeks damages for violations of California’s unfair competition and data breach laws, Bloomberg reported. The case is Morris vs. Anthem Inc., 15-cv-00196, U.S. District Court, Central District of California (Santa Ana).

5. DEMAND OF LAWS TO BETTER PREVENT BREACHES
After falling for massive data breaches like Target, Home Depot,...and now Anthem hack, there is a need for more systemic changes in the laws in an attempt to prevent big hacks after hackers hit Anthem, the nation's second-largest health insurer.
"We're going to need federal legislation to address security issues to keep these huge hacks from happening," says Waldo Jaquith, who leads U.S. Open Data, which works with the public sector and private companies to better understand, store and share data.
Jaquith suggests setting minimal security requirements into the law — such as requirement of much stricter passwords and customer authentication. But, until there are more systemic changes, consumers are left quite helpless.

6. HOW TO PROTECT YOURSELF AFTER BREACH
The hack affected a wide array of Anthem brands, including Anthem Blue Cross; Anthem Blue Cross and Blue Shield; Blue Cross and Blue Shield of Georgia; Empire Blue Cross and Blue Shield; Amerigroup; Caremore; Unicare; Healthlink; and DeCare. So, if you have one of these plan, your personal data may have been taken by cyber crooks.

If you are a one of those affected customers, you will have to remain vigilant against fraud for the rest of your lives, because the risk of identity theft isn't short term, like in case of credit cards fraud. You may follow the following steps to protect yourself:
  • Monitor Your Accounts - Watch out if someone using your information don’t ever try to take over or transfer money out of your existing accounts. Don’t forget that thieves with stolen info can get through your security questions, including the last 4 digits of your social and street address. Also, watch for any unauthorized activity or transfers on your current financial accounts, those affected in the breach.
  • Sign Up for Credit Alerts and Identity Theft Protection for Free - The insurer company is offering free credit monitoring and identity protection services to all of its affected customers. So, you must sign up now, as these services will keep an eye on every unauthorised activities and send you alerts when someone else tries to use your identity. You can get further information on these measures atAnthemFacts.com.
  • File Your Taxes Early - According to Paige Hanson, Educational Programs Manager for LifeLock, an identity theft monitoring service, it only takes two pieces of information for a cyber thief to hook your tax refund by filing your taxes early and claiming it for themselves, and the data in the breach contained both. So, in order to avoid any such problems, file your taxes as early as possible.
  • Get Password Manager and Use Two Factor Authentication - The advice is common for all affected by data breaches — change your password and use password manager to make sure you use a complex one, and don’t use the same password or username across various websites. Also activate two factor authentication for an extra layer of protection beyond your password.
  • Stay Vigilant - The last and foremost thing to protect against the breach is to stay vigilant, as nobody knows when or where your stolen identities will be used. So, affected consumers will simply have to stay mindful forever.
"Your Social Security number is not going to change," said Gorup. "This is going to stick with you for life."
In case for any queries about Anthem data breach, the company has set up a dedicated website and a toll-free number (1-877-263-7995) for customers to access updates and ask questions related to the hack.