Happy Holidays and some Catch Up

Once again, I have been remiss in my duties of posting, mostly due to the Holidays. However, here is some current id theft news.

Heartland Payment Systems will pay $3.6 million to American Express to settle charges relating to Heartland's landmark data breach. The payment, Heartland says in a press release announcing the settlement, resolves "all intrusion-related issues between the two parties" regarding the breach of an estimated 130 million credit and debit cards.

Credit card companies, including American Express, Visa and MasterCard, were forced to cancel and reissue credit cards because of the Heartland data breach. Banks and credit unions have also sued the payments processor to recoup the costs of reissuing cards and to cover the cost of fraud that resulted from the breach. 

Earlier this year, Heartland said it had put aside more than $12 million to cover the charges related to the breach. Heartland is expected to be fined by other brands, including Visa and MasterCard.
___________________________

So far this year, there has been 483 data security breaches with 222,305,800 exposed records. To see the full report click here. 
 ___________________________

Was Citibank the Victim of a Massive Breach?

Citigroup Denies News Report of Multi-Million Dollar Hack

December 23, 2009 - Linda McGlasson, Managing Editor

Was Citibank breached by hackers who siphoned tens of millions of dollars from the bank's customers?

The Wall Street Journal on Tuesday reported news of an FBI investigation into an alleged Citibank computer security breach by hackers linked to a Russian cyber gang.

Citigroup executives, however, categorically deny the breach and investigation at Citibank.

"We had no breach of the system and there were no losses, no customer losses, no bank losses," says Joe Petro, managing director of Citigroup's Security and Investigative services. "Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."

Few details were given about the alleged attack, which is reported to have involved two other entities, one of them a U.S. government agency. The Citibank attack was reportedly discovered in the summer, but may have actually happened months or even a year earlier. The breach is said to have been detected by law enforcement agents who saw activity on Internet addresses previously used by the Russian Business Network, a Russian-based gang. Two years ago, RBN went quiet, but it is suspected by observers the group has reformed into smaller sects.

Whether the breach did or did not occur, security experts agree on one point: Large banking institutions are under constant attack, and this report should remind them to stay on alert for suspicious activity.(Full story at www.bankinfosecurity.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

the Best Identity Theft Protection available dot com

HR 2221 Passes Through the House - Now goes to Senate

H.R.2221 - Also known as the Data Accountability and Trust Act was passed by the House this week and now moves to the Senate.

The bill would create nationwide rules for notifying potential victims of identify theft when their personal information that’s stored electronically is improperly exposed.

The bill was introduced in April by Rep. Bobby Rush (D-Ill.)  Under this legislation, companies that hold people’s personal data would be required to notify the affected people who are U.S. citizens and residents and the Federal Trade Commission if people are put at risk by a security breach to a system that holds the electronic data.

If passed, H.R. 2221 would preempt related state information security laws. This federal mandate could simplify a complex patchwork of state laws that have been passed without a federal mandate.

Notification, to those individuals whose information is compromised in a breach, would have to happen within 60 days of the discovery unless notification would jeopardize a law enforcement investigation or National Security. The legislation would apply to entities under the jurisdiction of the Federal Trade Commission (FTC).

Exemption:  Companies would be exempt from the notification requirements if they determine that there is no “reasonable risk of identity theft, fraud, or other unlawful conduct.”  If electronic data is made unusable, unreadable or indecipherable by encryption, the presumption under the law would be that there was no reasonable risk after a security breach.

California was the first State to pass a Breach Notification law and all States should have one. However, a National Federal law adds more teeth to bite the criminal with, that is if they are caught.

For a copy of H.R. 2221 from the Government Printing Office click here!

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

the Best Identity Theft Protection available dot com