Health Net Loses Information on Almost 1/2 million Clients

Attorney General Richard Blumenthal investigating Health Net data breach.  (He sure has been busy this month with Blue Shield's breach as well)

Attorney General Richard Blumenthal said today his office is investigating a data breach by health insurer Health Net, which led to the loss of almost 450,000 Connecticut residents' health, personal and financial information.

Blumenthal said Health Net lost the information in May, but never informed consumers, the police or his office about the loss of information until today.

He said the six-month delay in giving notice to consumers and the state could be a violation of the law.

"I am outraged and appalled by Health Net's huge loss of personal, financial and medical information and its failure to swiftly inform authorities and consumers," Blumenthal said. "This information vanished six months ago, but Health Net is only now informing authorities and consumers, an inexcusable and inexplicable delay."

Blumenthal said the information was on a hard drive that disappeared from Health Net's Shelton office. The hard drive included all data on 446,000 Connecticut patients, including health information, as well as financial and personal data such as social security and bank account numbers. The data was compressed, but not encrypted, although a specialized computer program is required to read it.

...."My investigation will seek to establish what happened and why the company kept its customers and the state in the dark for so long," Blumenthal added. "The company's failure to safeguard such sensitive information and inform consumers of its loss -- leaving them naked to identity theft -- may have violated state and federal laws. I will vigorously and aggressively seek damages, penalties and other appropriate remedies, if warranted." (full text at www.hartfordbusiness.com)

Here is a link to Health Net's release http://healthnet.tekgroup.com/press_kits.cfm?presskit_id=13


To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Kroll Fraud Solutions Helps Organizations Find and Fix Data Security Vulnerabilities

New Kroll Security Risk Assessment enables organizations to measure current levels of data protection and address unacceptable exposure with ease and minimal internal resource requirements  

Identity theft experts at Kroll Fraud Solutions have upgraded their comprehensive Security Risk Assessment to help impacted organizations identify existing data risk hot spots and determine how well-protected the exposures are at current security levels.

The Security Risk Assessment features improved usability, increased scope of analysis, and next steps to better help organizations ensure that existing safeguards are keeping pace with the evolution of data breach types, be they targeted or accidental forms of data loss and exposure.

Kroll’s upgraded Security Risk Assessment features:

A series of 38 detailed questions that cover 12 risk “domains,” which consist of areas such as administrative, technical and physical security. The questionnaire is completed by the organization and returned to Kroll for scoring. A proprietary algorithm executed by Kroll that calculates organizational risk based on the organization’s specific responses. A scored report for the organization, accompanied by a focused set of recommendations unique to the organization’s situation.

With this upgrade, organizations will be able to pinpoint specific data security risks and use industry-leading recommendations to strengthen security in areas that pose the greatest threat to their enterprise. This assessment is part of Kroll’s multi-faceted breach preparedness program.

WHEN -- Starting today, a demonstration of the new Kroll Security Risk Assessment will be available on the Kroll Fraud Solutions Web site.

HOW -- For more information, visit: http://www.krollfraudsolutions.com or call 1-866-419-2052.

About Kroll

Kroll, the world's leading risk consulting company, provides a broad range of investigative, intelligence, financial, security and technology services to help clients reduce risks, solve problems and capitalize on opportunities. Kroll Inc. is a wholly-owned subsidiary of Marsh & McLennan Companies, Inc. (NYSE: MMC), the global professional services firm. Kroll began providing identity theft solutions in 1999 and created its Fraud Solutions practice in 2002 in response to increasing requests from clients for counsel and services associated with the loss of sensitive personal information, and related identity protection and restoration issues facing organizations and individuals. Since then, Kroll’s Fraud Solutions clients have included Fortune 500 companies, non-profit organizations, and government entities dealing with healthcare, financial services, insurance, consumer service, and any activity involving the collection and use of personal information. Kroll’s Fraud Solutions team presently serves over 10,000 businesses and millions of individual consumers. For more information, visit: www.krollfraudsolutions.com.

To protect yourself and family against identity theft, put Kroll on your side by visiting my shameless plug below.


To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Hackers get $9.4 million in just 12 hours

Eight charged in elaborate theft of debit card data

By Byron Acohido, USA TODAY

 

A U.S. grand jury on Tuesday indicted eight foreigners on charges stemming from an elaborate cyberheist that began by hacking debit card data from Atlanta-based payments processor RBS WorldPay, then using the data to extract millions from ATMs around the world in just 12 hours.

 

Acting U.S. Attorney Sally Quillian Yates called it "perhaps the most sophisticated and organized computer fraud attack ever conducted." She credited "unprecedented cooperation" between the U.S. and Estonia for cracking the case.

....Viktor Pleshchuk, 28, of St. Petersburg, Russia; Sergei Tsurikov, 25, of Tallinn, Estonia; and Oleg Covelin, 28, of Chisinau, Moldova, were charged with wire fraud, computer fraud and identity theft, along with five others.

In November 2008, the trio allegedly hacked into RBS WorldPay's computer network, then cracked the encryption codes protecting account numbers and PINs for 44 prepaid payroll accounts. Companies use such accounts to distribute salaries via debit cards, which employees use at ATMs to withdraw their pay.

Yates says the thieves raised the payroll account limits, then arranged to have the stolen account numbers embedded on the magnetic stripes of blank payment cards. Finally, they set into motion an army of "cashers" in 280 cities worldwide.

In just 12 hours, using the counterfeit cards, the cashers withdrew $9.4 million from more than 2,100 ATMs in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada, says Yates....(full story at www.usatoday.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Connecticut AG More Than Upset with Anthem Blue Cross Blue Shield

Connecticut Attorney General's Office

Press Release

Attorney General Investigating Blue Cross Blue Shield Data Breach Affecting 18,000 CT Health Care Professionals, Seeks Additional Protection For Victims

November 9, 2009

Attorney General Richard Blumenthal is investigating Blue Cross Blue Shield’s loss of confidential information, including tax identification and some Social Security numbers, for all 18,817 of its individual Connecticut health care providers, as well as seeking additional identity theft protection for affected doctors, therapists and other professionals.

Blumenthal said that the company and its affiliates may have violated state law by losing the information and failing to notify providers in a timely manner. The companies are offering professionals one year of identity theft protection, but Blumenthal called these measures “inadequate and unacceptable, and said, “I will fight for at least two years.”

Blumenthal said the information was lost when a laptop was stolen on August 25. The laptop held information on the companies’ providers nationwide, including names, addresses, tax identification and provider numbers and some Social Security numbers.

Although the computer was stolen in late August, Blue Cross Blue Shield and its related companies Anthem and Empire failed to inform health care providers until late last month.
“As appalling as the data loss, equally alarming and potentially illegal is the delay in disclosing it,” Blumenthal said. “We are vigorously investigating this appalling data loss, needlessly exposing more than 18,000 Connecticut doctors and professionals to devastating identity theft.

“Failing to promptly notify providers of the breach is inexcusable — and a possible violation of state law. Waiting two months left providers severely at risk — needlessly and irresponsibly exposing them to financial mayhem.

“My office demands a full accounting from Blue Cross Blue Shield — healthcare providers affected, details of the loss, protections for professionals, policies and procedures for data loss and other information. State laws mandate that companies fully secure sensitive personal information and quickly disclose breaches — laws the companies may have broken.

“Anthem’s one year of identity theft protection is inadequate and unacceptable. Connecticut doctors and health care professionals expect and deserve a stronger shield against identity loss. I will fight for greater safeguards, including longer identity theft protection, as I have done in other data breaches.

“For identity thieves, private personal data is as good as gold — and should be secured with equal vigor and vigilance. Companies must closely protect Social Security numbers and other sensitive data.”

In addition to protections provided by the companies, Blumenthal said that health care providers can protect themselves by asking the three major credit rating agencies to place a free “Fraud Alert” on their credit reports. The companies are: Equifax – 1-800-525-6285; Experian – 1-888-397-3742; TransUnion – 1-800-680-7289.

Health care providers can also have the major credit rating agencies “freeze” their credit, meaning no new credit can be taken out in their names without their express authorization. A credit freeze request must be made in writing by certified mail to one of the three major credit rating agencies, Equifax, Experian and Transunion.

Credit bureaus charge $10 to freeze and $12 to temporarily un-freeze credit. Blumenthal will seek reimbursement to health care providers for credit freezes and un-freezes.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

FTC Extends Enforcement Deadline For Red Flags Rule Again!

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.

The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

The Commission previously delayed the enforcement of the Rule for entities under its jurisdiction until November 1, 2009. The Commission staff has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Web site (www.ftc.gov/redflagsrule), and in speeches and participation in seminars, conferences and other training events to numerous groups. The Commission also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. FTC staff has published numerous general and industry-specific articles, released a video explaining the Rule, and continues to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members.

On October 30, 2009, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. Today’s announcement that the Commission will delay enforcement of the Rule until June 1, 2010, does not affect the separate timeline of that proceeding and any possible appeals. Nor does it affect other federal agencies’ ongoing enforcement for financial institutions and creditors subject to their oversight.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,700 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com