Archive for the ‘Data Breaches’ Category

Top U.S. Banker Newest ID Theft Poster Child

Saturday, September 5th, 2009

On August 25th, President Barack Obama nominated Ben Bernanke to another term as chairman of the Federal Reserve.

In a story reported this week by The Economist:

“The decision was widely hailed on Wall Street and in Washington, DC. With few exceptions, politicians and economists lined up to praise Mr. Bernanke and to laud Mr. Obama for keeping him.”

Coincidentally, also on August 25th, Newsweek Magazine reported:

“Last summer, just as he was dealing with the first rumblings of the financial crisis on Wall Street, Bernanke learned that a thief had swiped his wife’s purse-including the couple’s joint check book. Later, someone started cashing checks on the Bernanke family account…”

“The theft of the Bernanke check book-never publicly revealed until now-soon became part of a wide-ranging (and previously underway) identity-theft investigation by the Secret Service and the U.S. Postal Inspection Service.”

The shocking news is that the “previously underway” investigation exposed what the Justice Department calls “the largest alleged credit and debit card data breach ever charged in the United States.”

Many of the highest profile breaches in U.S. history are allegedly the result of this one mastermind’s activity. Thankfully, the ringleader and two of his co-conspirators are behind bars now.

Victims of the crime-spree reportedly include:

  • Heartland Payment Systems
  • Supermarket chain Hannaford Brothers
  • 7-Eleven stores
  • DSW shoe stores
  • TJ Maxx stores

This is a wake up call for America. If brazen purse snatchers can swipe cash from our top banker’s checking account and hackers can swipe “protected” corporate data with impunity, then the average American continues to remain vulnerable beyond belief.

Protecting your mail, private pins , personal data, passwords, payment instruments (credit/debit cards, checks) and computer data is YOUR responsibility. Despite our best efforts, the portability of data outside of our control, leaves us all exposed in this digital world.

This truth-is-stranger-than-fiction story illustrates another truth. Without the dedicated and ongoing effort of law enforcement, your personal, medical or bank records are just as vulnerable as an attractive unattended purse, slung over the back of a chair at the local Starbucks.

Posted in Check scams, Data Breaches, Data security, Federal Government, Police agencies | No Comments »

A Spyware Case Where Bigger Is Not Better

Sunday, February 1st, 2009

The Heartland Payment Systems security breach is now considered to possibly be the biggest in history.

The massive theft which is thought to have occurred sometime in 2008, may have allowed the hackers to swipe credit card data from more than 100 million accounts. Apparently, it was spy-ware installed on the company’s internal network that grabbed the data.

PCWorld Magazine reported:

“Heartland says it didn’t discover the breach until Visa and MasterCard came knocking about suspicious activity involving card numbers processed by Heartland……

It’s all the more sad that we as consumers really can’t do a darn thing to protect ourselves against this kind of theft. We can be incredibly careful with our own PC and data, but we have no control over how it’s handled by the plethora of companies that store and process our information.”

According to the Washington Post, Heartland President and CFO Robert Baldwin contacted the U.S. Secret Service as well as two breach forensics teams to investigate.

In terms of sheer volume, Baldwin said:

“The transactional data crossing our platform, in terms of magnitude… is about 1oo million transactions per month.”

This type of breach leaves you and I powerless to prevent it and vulnerable as a result. The stolen Heartland data is precisely what crooks need to create counterfeit credit cards.

That is why the following basics of Identity Theft Protection should be a part of YOUR financial planning.

  1. Carefully watch all your credit card statements for irregularities
  2. Be on the look out for small charges from unknown creditors and report them
  3. Consider freezing your credit files if you don’t plan to apply for new credit soon
  4. The use of a credit card leaves you LESS vulnerable than using a debit card card
  5. Grab a free credit report at least 3 times a year for FREE

CEO Baldwin was quoted as saying simply:

“….we recognize and feel badly about the inconvenience this is going to cause consumers.”

The giant credit card processor feels badly. I’ll sleep better now.

Posted in Credit card fraud, Credit industry, Data Breaches, Data security, Personal privacy | No Comments »

Looming Cyber-Threat Has Fed's Attention

Thursday, January 22nd, 2009

Outgoing National Intelligence Director Michael McConnell reported last week that Cyber-threats are among his greatest concerns, second only to Iran’s continuing development of nuclear weapons.

MSNBC and the Associated Press reported:

“…Iran producing a nuclear weapon and a cyber attack on critical government or private computer networks top the list of concerns nagging at National Intelligence Director Michael McConnell as he prepares to leave office.”

There are many well intentioned observers who seem to think that cyber-crime in general is on the decline inside the United States. Although there is statistically no need for mass panic, it is foolish to assume that our computer infrastructure isn’t the greatest information target in the world. As a practical matter, I think we are all better off with “someone on the gate” to guard our repositories of personal, commercial,  educational, financial and military data.

The truth is that many potentially damaging breaches go undetected and are often intentionally unreported. Back in 2005, the Department of Homeland Security constructed a worst-case-scenario type cyber-attack and concluded that over 20 million credit cards might be affected over a period as short as just one week. The Department concluded that an event like this could undermine faith in the entire U.S. financial system.

We all pray that President Obama’s team remains watchful and vigilant on the cyber-front during these desperate times. The Obama Administration has already declared our nation’s cyber-infrastructure a “strategic asset” and has pledged to protect “America’s competitive advantage”.

Great start Mr. President.

Posted in Computer safety, Cyberwar, Data Breaches, Federal Government | No Comments »

Forecasters Make ID Theft Predictions For 2009

Sunday, January 4th, 2009

Recently, the Identity Theft Resource Center looked forward to the coming year to predict events that will be the inevitable outcomes of the current economic crisis and the looming identity theft battles.

Real Estate: Homeowners who are behind on payments or seeking refinancing sources can easily fall prey to unscrupulous thieves who are more than willing to “take your information and see what we can do”. Bogus land grants and home equity scams will be commonplace. The recommendation is that homeowners speak directly with well known and established banking and mortgage companies in order to avoid the potential pitfalls of unknown solution providers.

Credit Cards: Many consumers may unknowingly turn to thieves in order to get access to credit cards, debit cards and debt consolidation loans. It is easy to imagine handing over private information to seemingly legitimate companies. Like the mortgage industry, the credit card world has been turned on it’s head in the current economic climate. Look before you “leap” into a deal that may be too good to be true.

Check Fraud: Due to the lack of easy credit, many thieves will turn to check fraud as a way to accomplish their crimes. Needless to say, safeguard your checkbook, deposit slips and banking statements as a first line of defense. Many financial advisers are steering clients away from using paper checks at all. If you must write paper checks, be sure to use an anti-check-washing gel pen and keep a close eye out for any irregularities on your statement.

Organized Crime and Cyber-Thieves- Rings of professional thieves from all over the world have helped make identity theft the fastest growing crime in the United States. Security experts agree that these attacks will become more brazen as time goes by. According to the Wall Street Journal, the U.S. Department of Homeland Security has been reviewing “worst case scenarios” for possible attacks against U.S. government, industrial and financial institutions.

Consumer Scams: Common and rampant scams with nicknames such as skimming, phishing, vishing, pharming and whaling will continue in 2009. This is largely due to the weak condition of the U.S. economy, the vulnerability of average consumer and law enforcement’s scarcity of resources to deal with the sheer volume of complaints.

Breaches: Corporate, educational and government security breaches continue to grow every year. According to the ITRC, there were 641 breaches in 2008, surpassing the total of 446 in 2007. Due to the portability of data, the easy theft of laptops, the cunning deception of “inside scam artists” and the desperation of global perpetrators, this number will continue to increase. At the very least, have your own laptop or PDA/smart-phone set up with encryption and password protection software.

Remaining diligent, alert and informed about the latest scams and threats is your best defense against being victimized in 2009. Stay tuned.

Tags: , , , , ,
Posted in Credit card fraud, Credit industry, Cyberwar, Data Breaches, Federal Government, Real Estate Fraud | No Comments »

10 Ways To Guard Your Medical Records

Thursday, July 31st, 2008

Part 3 of 3

A Prescription to Prevent Prying Eyes

Your doctor’s office, clinic or hospital are clearly in the bulls-eye when it comes to being targeted by predatory identity thieves. Insurance company records are under attack as well. Many of the bad guys are on the outside trying to get in to databases and files, but unfortunately many culprits are on the inside and can’t resist the temptation to pry or steal.

Sadly, the market demand for our most private health-related information is quite high and therefore tempting for those inclined to take advantage of their to access to our most private health matters.

Privacy experts, attorneys and fraud investigators have their hands full battling fraud and theft on these fronts. As I mentioned a couple of posts ago, the FTC reported in a recent survey that 3 percent of U.S. identity crime victims (250,000 people) had some form of their personal information used to obtain either medical services or false insurance claims payments.

If your company is in the habit of searching for the best value in medical benefits for employees, there is a good chance that they will make a switch to a new provider for “better benefits”. While that could be good for the company’s bottom line, your medical history has now been replicated in a new place and “abandoned” in another. These realities of the health care landscape make vigilance a necessity.

The Washington Post reported earlier this month about a peer to peer data breach that involved the medical records of at least 1000 patients at Walter Reed Army Medical Center. In many cases, breaches are caused by the careless downloading of file sharing or peer to peer (P2P) software by careless employees at work.

Leading the way again, California passed legislation this year requiring notification when consumers’ medical information is “improperly accessed”. Only Arkansas has passed similar legislation and the topic is now being debated in Congress.

Here are 10 ways you can protect your medical history, your records and your health.

  • Limit your authorization for release of medical records to anyone unless it is an absolute necessity.
  • Inspect all your insurance statements for accuracy and the absence of any discrepancies.
  • Put your shredder (cross cut) to work on any health or medical documents that you may discard.
  • Ask for and inspect your medical records or statements for any benefits which may have been paid for under your name, but not received.
  • Monitor your credit report for any collection notices filed by medical providers.
  • While not always easy, make a serious attempt to correct any inaccuracies in your medical records.
  • File a police report if your information is stolen.
  • Read and digest the privacy statements of all your medical providers and request copies for your records.
  • Remember that your medical records are just as vulnerable as other sensitive documents. Keep them out of reach and out of sight.
  • According to the Identity Theft Resource Center, if you are a Medicare patient, you should make a photocopy of your Medicare card and carry a wallet sized version with only the last 4 digits of your Social Security number showing. The original should be locked away. The name and contact information of a trusted person should be included in your wallet. This medical contact person should have on hand the following information: the last 4 numbers of your SSN, your pertinent medical history, the name of your doctors and a list of all your medications. This tip could be a lifesaver.

Posted in Data Breaches, Medical Identity Theft, Personal privacy | No Comments »

Universities Pummeled by Data Thefts

Friday, April 25th, 2008

Massive data spill leaves thousands of students out in the cold.

The combined number of people victimized in two separate incidents at the Universities of Virginia and Miami totals over 50,000.

Nearly every imaginable piece of private information was stolen; including names, addresses, credit card data and highly- prized social security numbers.

These giant leaks aren’t supposed to occur, but the fact is that the portability of laptops and backup tapes makes the crime more common than casual observers may notice.

In the Florida case, the records were being shipped off to a private off site storage facility. This practice is usually designed to safeguard the data off campus, but this time the stagecoach was robbed.

This isn’t the first time the University of Virginia has dealt with this crime. Last year the F.B.I. was called in to investigate the theft of data belonging to 5735 University faculty members.

Techweb Media reported this story last week and also disclosed new research from analysts at AMI Partners. The research indicates that a staggering 86 percent of mid-sized U.S. business reported some sort of security breach or data loss in the last 12 months!

What can you do to ward off the grim IDENTITY GRIM REAPER?

1. Back up your data. A backup allows you to restore missing, corrupted or stolen files quickly. A backup will also allow you to continue your work while your computer is being located, repaired or restored.

2. Download updates to your OS and software regularly. Security patches and “bug fixes” can help you keep your privacy armor polished.

3. Be on guard for viruses and worms. Fight these cyber-security threats by installing a good anti-virus software program.

4. Fight off malicious Ad-ware and Spy-ware. Everyone using the web, instant messaging or file-sharing is vulnerable. Install protective software to fight off malicious mal-ware and update it regularly.

5. What do you mean you don’t have a firewall? Install one immediately to protect your computer from intrusion. Purchase a firewall “box” or get the software version from a company like Norton or McAfee.

6. Use stronger-longer passwords. The longer and stranger looking they are, the better. Recent studies indicate that most computer users utilize the same password for everything. Create long and unusual alpha-numeric passwords that don’t contain easy clues like your dog’s name or the street you grew up on.

7. Lock your computer down! The trunk of your car doesn’t count. Visit a local retailer to purchase a computer locking cable device. Turning your back on your computer for even a moment at home, at the library or at Starbucks is just asking for trouble with a capital T.

Posted in Anti-virus software, Computer safety, Data Breaches, Data security, Personal privacy | No Comments »