CalOptima Reports Data Breach That Could Affect 68,000 Members

Unencrypted CDs containing names, diagnosis codes, Social Security numbers and other information for about 68,000 CalOptima members have been lost, sparking concerns about identity theft, Computerworld reports.

CalOptima is Orange County's Medi-Cal managed care plan.  Medi-Cal is California's Medicaid program.

In a statement, CalOptima explained that a claims scanning vendor had sent the CDs to CalOptima via certified mail, but CalOptima only received the outside packaging, not the box with the CDs.

A spokesperson for the health plan said there is no evidence that the CDs were stolen (Vijayan, Computerworld, 10/26).

The statement said that CalOptima informed state and federal agencies of the situation on Oct. 14 and posted an alert on its Web site on Oct. 15 (Goedert, Health Data Management, 10/26).

CalOptima is making arrangements to offer credit monitoring services to members affected by the breach (Computerworld, 10/26).

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

the Best Identity Theft Protection available dot com

FORMER WACHOVIA BANK EMPLOYEE CONVICTED OF BANK FRAUD AND AGGRAVATED IDENTITY THEFT

Juan Rombado, a former Wachovia Bank employee, has been convicted of bank fraud and aggravated identity theft arising from several schemes aimed at defrauding his employer through the theft of customer identities, United States Attorney Tim Johnson announced. Indicted and arrested in August 2009, Rombado pleaded guilty to both counts before United States District Judge Vanessa Gilmore.

 

Rombado, 46, of Houston, admitted that while employed at the N. Eldridge Parkway branch of Wachovia Bank as a financial specialist between March 2007 through Nov. 23, 2007, he used his position to knowingly execute various schemes to defraud Wachovia Bank to obtain money through check kiting. In this scheme, Rombado unlawfully possessed and used the names, dates of birth and Social Security numbers of Wachovia Bank’s loan applicants to unlawfully open bank accounts under the name “Corsan Group,” and then wrote checks from the unfunded accounts knowing they had insufficient funds. Rombado deposited the unfunded checks into his personal bank account and immediately withdrew the funds represented by the fraudulent checks, taking advantage of the time elapsed between the unfunded deposits to his personal account and the money being deducted from the fraudulent accounts.

In addition to the check kiting scheme, Rombado used Wachovia Bank’s customers’ identities to apply for and use unauthorized access devices, namely credit cards. During roughly an eight-month period, Rombado obtained in excess of $1,000 through the use of the credit card. Lastly, Rombado used his position at the bank to embezzle funds from Wachovia Bank customers’ accounts by making unauthorized funds transfers from the customers’ accounts to his personal account. Through the execution of this scheme, Rombado took approximately $16,742.75 from the bank.

Judge Gilmore has set sentencing for Feb. 23, 2010. Rombado faces up to 30 years imprisonment and a $1 million fine for the bank fraud conviction. The aggravated identity theft carries a mandatory sentence of two years imprisonment to be served consecutive to the sentence imposed for the bank fraud conviction. Rombado will remain free on a $50 thousand bond pending sentencing.

The charges against Rombado are the result of an investigation conducted by the United States Secret Service and the Houston Area Fraud Task Force. Special Assistant United States Attorney Justo A. Mendez is prosecuting the case.

Source: U.S. Attorney’s Office

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

H.R.3763 - To amend the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses.

Official Summary

10/8/2009--Introduced.Amends the Fair Credit Reporting Act with respect to the duties of users of consumer reports who take adverse actions on the basis of information contained in such reports. Excludes any health care practice, accounting practice, or legal practice with 20 or fewer employees from the meaning of creditor subject to Red Flag Guidelines regarding identity theft promulgated by the proper federal financial regulatory agency. Excludes any other business which the Federal Trade Commission (FTC) determines:
(1) knows all its customers or clients individually;
(2) only performs services in or around the residences of its customers; or
(3) has not experienced incidents of identity theft, and identity theft is rare for businesses of that type. States that such exclusion shall no longer apply to any business that can no longer meet such eligibility criteria.

If this bill passes it will exclude about 90% of healthcare professionals from having to comply with the FTC's Red Flags Rule Amendment to the Fair and Accurate Credit Transactions Act (FACTA). I have added a widget on the top of the blog so if you are interested, you can follow this bill by visiting my blog.

Enforcement of the Red Flags is to begin on11/01/09. 


To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Sixty-six percent of U.S. adults say they worry "frequently" or "occasionally" about being a victim of identity theft

Being a victim of car theft or home burglary when away rank a distant second

by Lydia Saad

PRINCETON, NJ -- Identity theft debuts on Gallup's Crime survey as Americans' top-ranked crime concern. Sixty-six percent of U.S. adults say they worry "frequently" or "occasionally" about being a victim of identity theft, higher than the reported anxiety about 11 other types of crime and the only crime that a majority worry about at least occasionally.

Gallup trends measuring Americans' fear of being victims of specific crimes date back several decades, but for each of 10 crimes, the question has been updated annually on Gallup's Crime survey since 2000. Terrorism was added to the list in 2001, and 2009 marks the first year identity theft has been included.

Men and women are about equally likely to say they worry about identity theft, but there are differences by income. Americans in households earning less than $30,000 per year are significantly less likely to say they worry frequently or occasionally about this crime than are those making higher amounts.

However, other data in the Oct. 1-4 survey suggest that identity theft is not related to income. According to respondents' self-reports of their crime victimization in the past year, 12% of low-income Americans -- identical to the percentage in high-income households -- say that they or another member of their household was the victim of identity theft in the past year. (Full report at www.gallup.com)

There is one comment in Lydia Saad's story that is incorrect. She wrote: "Although most victims can quickly undo the damage by canceling their credit cards,..." This may be true for some financial identity theft but financial only is about 22-25% of all identity theft. Canceling a credit card will not help if you are a victim of social security, drivers license, criminal or medical identity theft which was up 400% last year.

That is why when obtaining Identity Theft protection, choose a company that offers restoration for all areas of id theft such as the one I offer. Visit my shameless plug below for more information. And we also now protect child identities.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

New Phishing Attacks Target Institutions in Four States

CA., NY, PA and WI Customers Victimized by Text, Phone Messages

October 13, 2009 - Linda McGlasson, Managing Editor

A fresh string of phishing attacks have struck financial institutions nationwide over the past two weeks, with customers of 10 banks and credit unions in California, New York, Pennsylvania and Wisconsin receiving fraudulent text messages or automated phone calls.

These incidents are concurrent with a new report from the Anti-Phishing Working Group, which says such attacks are up nearly 600 percent this year.

Text Messaging Scams

Members 1st Federal Credit Union of central Pennsylvania reported on Sept. 28 that it received calls from customers about text messages claiming that their cards were blocked. The calls were purportedly from Members 1st, and the customer phones that were targeted were reportedly AT&T mobile phones.....

.....Similar attacks happened on Oct. 2 in Nebraska to Greater Omaha Credit Union customers. Omaha police say the phishers sent text messages to mobile phones in the Omaha area, claiming their bank card had been deactivated and instructing them to call an 877 number to reactivate it. At least one customer fell victim, losing several hundred dollars to phishers located in Huntington Beach, CA. "Once he changed his PIN, somebody went in and withdrew the money," said Richard Patterson, president of Greater Omaha Federal Credit Union....

...How the scam works: Fraudsters learn the first three digits for certain cell phone providers in an area and just dial in remaining digits for mass texting, hoping to catch customers...

California Bank Hit in Automated Attack

The phishing scam that hit Liberty Bank, Boulder Creek, CA on Oct. 2, is still happening. The bank reports that an automated phone call phishing scam references Liberty Bank by name, making the scam more believable to unsuspecting bank customers.

Listen to the automated vishing call:
The Santa Cruz Sheriff's office initially handled the investigation, but the case has been turned over to the FBI, says Jill Hitchman, first vice president of the bank. "We've been told that Bank of America, Wells Fargo Bank, Citibank and some credit unions as far away as Humboldt County have been targeted," Hitchman says.

Residents of San Lorenzo Valley and parts of Santa Cruz reported receiving automated phone calls, purportedly from Liberty Bank, saying, "Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department."

Customers who pressed "1" were asked to enter their credit/debit card number and personal identification number. Once usernames and passwords to a web-based e-mail account are captured from a customer, criminals can access the login information and transfer money out, Hitchman says.

Hitchman explains that the phishers used phone systems that were hijacked in small companies to make the calls. "They used voice over IP technology to get into the back door of these companies," she says. This recording is the actual message that customers heard from the phishers. (full text at www.bankinfosecurity.com)

NOTE: In April while in Michigan, I answered two calls at my sister's home that were of this nature and "Caller id spoofing" was used as well. Read the article on caller id spoofing here.

This article is from a week ago. Sorry, I missed it the first time.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Payroll Processor Breached Twice in One Month

PayChoice Warns Business Clients of Network Breaches, Potential Fraud

October 19, 2009 - Linda McGlasson, Managing Editor

For the second time in less than a month, New Jersey-based payroll processor PayChoice has alerted customers to a network breach.

PayChoice, based in Moorestown, NJ, had to take its Online Employer site offline last Thursday for a short time after the latest security breach was discovered. While the exact cause of the breach was not revealed, the company says it has taken new precautions.

"PayChoice deployed additional security measures to protect client data after the company identified a key mechanism used by online attackers," says CEO Robert Digby. PayChoice's Online Employer site was briefly taken offline after the company discovered the breach, which occurred on Oct. 14. Digby says PayChoice has reopened the site with most functionality after protecting against the methods used in the attack.

The payroll processing company, which boasts more than 125,000 business clients, warned its customers by letter about the new breach after some clients reported "phantom" employees showing up on their payrolls.

The message to PayChoice customers indicated that the hackers may have stolen customer login IDs and passwords by going through a hole in security on the website feature that helps customers change their password. PayChoice says it turned off the change-password feature to fix the vulnerability. (Full text at www.bankinfosecurity.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Online Crime up Nearly 600% in '09

Expert: 'The Internet Has Never Been More Dangerous'

October 5, 2009 - Linda McGlasson, Managing Editor

Bogus security software applications are among the types of electronic crimes that grew 585 percent over the first half of this year, according to a new study.

The Anti Phishing Working Group's (APWG) latest report shows that rogue anti-malware programs, infected computers and crimeware broke new records in the first half of 2009. The report shows that criminals are innovative and have "apparently unchecked ambition" with crimeware designed to target financial institutions' customers....

....The report also shows:

• The number of unique phishing websites detected in June rose to 49,084 -- the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement.


• The number of hijacked brands ascended to an all-time high of 310 in March and remained at an elevated level to the close of the half in June.


• The total number of infected computers rose more than 66 percent to 11,937,944 - now more than 54 percent of the total sample of scanned computers.


• Payment Services became phishing's most targeted sector, displacing Financial Services. Jevans notes that institutions' customers still are a primary target of electronic criminals.

"The Internet has never been more dangerous," Jevans says. "In the first half of 2009, phishing escalated to some of the highest levels we've ever seen." Full text at www.bankinfosecurity.com)

I don't want to tell you that "I Told You So...but..."

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Lawsuit: Heartland Knew Data Security Standard was 'Insufficient'

Complaint Says CEO Described PCI as 'Lowest Common Denominator' of Protection

October 5, 2009 - Linda McGlasson, Managing Editor

Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.

This is the contention of a new master complaint filed in the class action suit against Heartland, which in January announced a data breach that is now estimated to be the largest known hack, involving 130 million credit and debt card accounts.

In a November 2008 earnings call, according to the complaint, Carr told analysts, "[We] also recognize the need to move beyond the lowest common denominator of data security, currently the PCI DSS standards. We believe it is imperative to move to a higher standard for processing secure transactions, one which we have the ability to implement without waiting for the payments infrastructure to change." ...

....Heartland executives have said consistently that the company was PCI-compliant at the time on the breach, which the complaint now says may have begun as early as December 2007. Visa, however, removed Heartland from its list of PCI-compliant service providers in March of this year, and one Visa security executive was quoted as saying "We have never seen anyone breached that was PCI compliant."

Heartland was re-certified as PCI compliant in May. (Full text at www.bankinfosecurity.com)

As I've said in past articles, I was one of the 130 million victims. When I was notified in January 2009, I was in Las Vegas doing a seminar on Id Theft at a national convention. My credit union called me and told me that they had to close out my debit card due to the breach. Here I was with $7 in my pocket, no other credit cards with me and 2 more days in Vegas.

I guess "What happens in Vegas - Stays in Vegas!"

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

The Data Breach Blog Missing Blue Cross laptop puts 39,000 physicians at risk

The loss of a Blue Cross laptop has put the sensitive information of possibly 39,000 physicians at risk.

How many victims? Approximately 39,000 individuals have been notified though the actual scope of the breach is unknown.

What type of personal information? Personal information including tax identification numbers, which for some, are the same as their Social Security number.

What happened? The laptop, which contained a database with sensitive information about physicians nationwide, was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago.

Details: It is Blue Cross’ policy to encrypt all information on company computers, Jeff Smokler, national Blue Cross-Blue Shield spokesman told Boston.com. An employee who was authorized to have the information violated company rules, however, by downloading an unencrypted version of the database onto a personal laptop. The laptop was stolen after the employee left headquarters with it.

The breach might affect Massachusetts physicians and other providers the worst because they typically use their Social Security numbers as their tax identification numbers — which was part of the information breached.

Quote: “It took some time to figure out what type of data was on the laptop,’’ Tara Murray, Blue Cross and Blue Shield of Massachusetts spokeswoman told Boston.com. “There is no reason to be believe the data has been used to steal people’s identity, but we are just being cautious . . . to notify them and offering free credit monitoring.’’ (I highlighted this because this is standard boilerplate verbal vomit every time there is a breach! Credit monitoring only covers about 25% of all id theft. What if......the docs will find out the hard way or they can get our service that protects them in all 5 areas of id theft).

What was the response? Blue Cross will review its security procedures and make it a priority to persuade state physicians and other health care providers to apply for a new tax ID number that is different from their Social Security number. In addition, additional encryption will be implemented.

Source: Boston.com, “Blue Cross physicians warned of data breach,” Oct. 3, 2009.

By the way, any Physician reading this and still needs to get his Red Flags Policy before enforcement begins by the FTC on 11/01/09, feel free to visit www.stopidtheftcrime.com for a video and link to create your policy.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com