Stop Identity Theft Crime

Tuesday, May 18, 2010

I'm Back! and Are Copy Machines a Security Risk?

First, I want to apologize since it's been 4 months since I last posted. Where does the time go. Just got caught up in life, business, moving etc and had limited time. But now I'm back to keep everyone educated in the wicked wide world of Identity Theft and how to protect yourself.

Secondly, the following is from a CBS news story on copy machine security risks. Since the creation of digital copiers in about 2002, most people do not know that everything copied, printed, emailed or faxed is retained on a hard drive. PROBLEM: Most companies either lease or just sell off old machines leaving the hard drive intact. An identity thief's drooling payday.

Watch the video below. It actually starts after the brief commercial.

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration). Educate yourself and call me at (909) 208-3728 or send a blank email for more info to joerecommends (at)aweber.com! Shameless plug the Best Identity Theft Protection available dot com

Thursday, January 14, 2010

What is 222,477,043?

That is the number of records compromised in 498 data breaches in 2009! Was your personal information one of those records. If so, I hope you have some type of identity theft protection. If not, don't be like an ostrich with your head stuck in the sand thinking the lion won't bite you because you don't see him. Get protected now! It is better to be proactive not reactive when it comes to identity theft.

Visit my shameless plug below to get protected for as low as $9.95 per month for a couple. Add your children (up to 4) for an additional $1/month. This is the best protection on the planet and it comes with restoration services included.

For a copy of the above mentioned Breach report click here! or on the title above.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

the Best Identity Theft Protection available dot com

Saturday, December 26, 2009

Happy Holidays and some Catch Up

Once again, I have been remiss in my duties of posting, mostly due to the Holidays. However, here is some current id theft news.

Heartland Payment Systems will pay $3.6 million to American Express to settle charges relating to Heartland's landmark data breach. The payment, Heartland says in a press release announcing the settlement, resolves "all intrusion-related issues between the two parties" regarding the breach of an estimated 130 million credit and debit cards.

Credit card companies, including American Express, Visa and MasterCard, were forced to cancel and reissue credit cards because of the Heartland data breach. Banks and credit unions have also sued the payments processor to recoup the costs of reissuing cards and to cover the cost of fraud that resulted from the breach.

Earlier this year, Heartland said it had put aside more than $12 million to cover the charges related to the breach. Heartland is expected to be fined by other brands, including Visa and MasterCard.
___________________________

So far this year, there has been 483 data security breaches with 222,305,800 exposed records. To see the full report click here.
___________________________

Was Citibank the Victim of a Massive Breach?

Citigroup Denies News Report of Multi-Million Dollar Hack

December 23, 2009 - Linda McGlasson, Managing Editor

Was Citibank breached by hackers who siphoned tens of millions of dollars from the bank's customers?

The Wall Street Journal on Tuesday reported news of an FBI investigation into an alleged Citibank computer security breach by hackers linked to a Russian cyber gang.

Citigroup executives, however, categorically deny the breach and investigation at Citibank.

"We had no breach of the system and there were no losses, no customer losses, no bank losses," says Joe Petro, managing director of Citigroup's Security and Investigative services. "Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."

Few details were given about the alleged attack, which is reported to have involved two other entities, one of them a U.S. government agency. The Citibank attack was reportedly discovered in the summer, but may have actually happened months or even a year earlier. The breach is said to have been detected by law enforcement agents who saw activity on Internet addresses previously used by the Russian Business Network, a Russian-based gang. Two years ago, RBN went quiet, but it is suspected by observers the group has reformed into smaller sects.

Whether the breach did or did not occur, security experts agree on one point: Large banking institutions are under constant attack, and this report should remind them to stay on alert for suspicious activity.(Full story at www.bankinfosecurity.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

the Best Identity Theft Protection available dot com

Friday, December 11, 2009

HR 2221 Passes Through the House - Now goes to Senate

H.R.2221 - Also known as the Data Accountability and Trust Act was passed by the House this week and now moves to the Senate.

The bill would create nationwide rules for notifying potential victims of identify theft when their personal information that’s stored electronically is improperly exposed.

The bill was introduced in April by Rep. Bobby Rush (D-Ill.) Under this legislation, companies that hold people’s personal data would be required to notify the affected people who are U.S. citizens and residents and the Federal Trade Commission if people are put at risk by a security breach to a system that holds the electronic data.

If passed, H.R. 2221 would preempt related state information security laws. This federal mandate could simplify a complex patchwork of state laws that have been passed without a federal mandate.

Notification, to those individuals whose information is compromised in a breach, would have to happen within 60 days of the discovery unless notification would jeopardize a law enforcement investigation or National Security. The legislation would apply to entities under the jurisdiction of the Federal Trade Commission (FTC).

Exemption: Companies would be exempt from the notification requirements if they determine that there is no “reasonable risk of identity theft, fraud, or other unlawful conduct.” If electronic data is made unusable, unreadable or indecipherable by encryption, the presumption under the law would be that there was no reasonable risk after a security breach.

California was the first State to pass a Breach Notification law and all States should have one. However, a National Federal law adds more teeth to bite the criminal with, that is if they are caught.

For a copy of H.R. 2221 from the Government Printing Office click here!

Shameless plug

the Best Identity Theft Protection available dot com

Thursday, November 19, 2009

Health Net Loses Information on Almost 1/2 million Clients

Attorney General Richard Blumenthal investigating Health Net data breach. (He sure has been busy this month with Blue Shield's breach as well)

Attorney General Richard Blumenthal said today his office is investigating a data breach by health insurer Health Net, which led to the loss of almost 450,000 Connecticut residents' health, personal and financial information.

Blumenthal said Health Net lost the information in May, but never informed consumers, the police or his office about the loss of information until today.

He said the six-month delay in giving notice to consumers and the state could be a violation of the law.

"I am outraged and appalled by Health Net's huge loss of personal, financial and medical information and its failure to swiftly inform authorities and consumers," Blumenthal said. "This information vanished six months ago, but Health Net is only now informing authorities and consumers, an inexcusable and inexplicable delay."

Blumenthal said the information was on a hard drive that disappeared from Health Net's Shelton office. The hard drive included all data on 446,000 Connecticut patients, including health information, as well as financial and personal data such as social security and bank account numbers. The data was compressed, but not encrypted, although a specialized computer program is required to read it.

...."My investigation will seek to establish what happened and why the company kept its customers and the state in the dark for so long," Blumenthal added. "The company's failure to safeguard such sensitive information and inform consumers of its loss -- leaving them naked to identity theft -- may have violated state and federal laws. I will vigorously and aggressively seek damages, penalties and other appropriate remedies, if warranted." (full text at www.hartfordbusiness.com)

Here is a link to Health Net's release http://healthnet.tekgroup.com/press_kits.cfm?presskit_id=13

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Wednesday, November 18, 2009

Kroll Fraud Solutions Helps Organizations Find and Fix Data Security Vulnerabilities

New Kroll Security Risk Assessment enables organizations to measure current levels of data protection and address unacceptable exposure with ease and minimal internal resource requirements

Identity theft experts at Kroll Fraud Solutions have upgraded their comprehensive Security Risk Assessment to help impacted organizations identify existing data risk hot spots and determine how well-protected the exposures are at current security levels.

The Security Risk Assessment features improved usability, increased scope of analysis, and next steps to better help organizations ensure that existing safeguards are keeping pace with the evolution of data breach types, be they targeted or accidental forms of data loss and exposure.

Kroll’s upgraded Security Risk Assessment features:

A series of 38 detailed questions that cover 12 risk “domains,” which consist of areas such as administrative, technical and physical security. The questionnaire is completed by the organization and returned to Kroll for scoring.
A proprietary algorithm executed by Kroll that calculates organizational risk based on the organization’s specific responses.
A scored report for the organization, accompanied by a focused set of recommendations unique to the organization’s situation.

With this upgrade, organizations will be able to pinpoint specific data security risks and use industry-leading recommendations to strengthen security in areas that pose the greatest threat to their enterprise. This assessment is part of Kroll’s multi-faceted breach preparedness program.

WHEN -- Starting today, a demonstration of the new Kroll Security Risk Assessment will be available on the Kroll Fraud Solutions Web site.

HOW -- For more information, visit: http://www.krollfraudsolutions.com or call 1-866-419-2052.

About Kroll

Kroll, the world's leading risk consulting company, provides a broad range of investigative, intelligence, financial, security and technology services to help clients reduce risks, solve problems and capitalize on opportunities. Kroll Inc. is a wholly-owned subsidiary of Marsh & McLennan Companies, Inc. (NYSE: MMC), the global professional services firm. Kroll began providing identity theft solutions in 1999 and created its Fraud Solutions practice in 2002 in response to increasing requests from clients for counsel and services associated with the loss of sensitive personal information, and related identity protection and restoration issues facing organizations and individuals. Since then, Kroll’s Fraud Solutions clients have included Fortune 500 companies, non-profit organizations, and government entities dealing with healthcare, financial services, insurance, consumer service, and any activity involving the collection and use of personal information. Kroll’s Fraud Solutions team presently serves over 10,000 businesses and millions of individual consumers. For more information, visit: www.krollfraudsolutions.com.

To protect yourself and family against identity theft, put Kroll on your side by visiting my shameless plug below.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Saturday, November 14, 2009

Hackers get $9.4 million in just 12 hours

Eight charged in elaborate theft of debit card data

By Byron Acohido, USA TODAY

A U.S. grand jury on Tuesday indicted eight foreigners on charges stemming from an elaborate cyberheist that began by hacking debit card data from Atlanta-based payments processor RBS WorldPay, then using the data to extract millions from ATMs around the world in just 12 hours.

Acting U.S. Attorney Sally Quillian Yates called it "perhaps the most sophisticated and organized computer fraud attack ever conducted." She credited "unprecedented cooperation" between the U.S. and Estonia for cracking the case.

....Viktor Pleshchuk, 28, of St. Petersburg, Russia; Sergei Tsurikov, 25, of Tallinn, Estonia; and Oleg Covelin, 28, of Chisinau, Moldova, were charged with wire fraud, computer fraud and identity theft, along with five others.

In November 2008, the trio allegedly hacked into RBS WorldPay's computer network, then cracked the encryption codes protecting account numbers and PINs for 44 prepaid payroll accounts. Companies use such accounts to distribute salaries via debit cards, which employees use at ATMs to withdraw their pay.

Yates says the thieves raised the payroll account limits, then arranged to have the stolen account numbers embedded on the magnetic stripes of blank payment cards. Finally, they set into motion an army of "cashers" in 280 cities worldwide.

In just 12 hours, using the counterfeit cards, the cashers withdrew $9.4 million from more than 2,100 ATMs in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada, says Yates....(full story at www.usatoday.com)

Tuesday, November 10, 2009

Connecticut AG More Than Upset with Anthem Blue Cross Blue Shield

Connecticut Attorney General's Office

Press Release

Attorney General Investigating Blue Cross Blue Shield Data Breach Affecting 18,000 CT Health Care Professionals, Seeks Additional Protection For Victims

November 9, 2009

Attorney General Richard Blumenthal is investigating Blue Cross Blue Shield’s loss of confidential information, including tax identification and some Social Security numbers, for all 18,817 of its individual Connecticut health care providers, as well as seeking additional identity theft protection for affected doctors, therapists and other professionals.

Blumenthal said that the company and its affiliates may have violated state law by losing the information and failing to notify providers in a timely manner. The companies are offering professionals one year of identity theft protection, but Blumenthal called these measures “inadequate and unacceptable, and said, “I will fight for at least two years.”

Blumenthal said the information was lost when a laptop was stolen on August 25. The laptop held information on the companies’ providers nationwide, including names, addresses, tax identification and provider numbers and some Social Security numbers.

Although the computer was stolen in late August, Blue Cross Blue Shield and its related companies Anthem and Empire failed to inform health care providers until late last month.
“As appalling as the data loss, equally alarming and potentially illegal is the delay in disclosing it,” Blumenthal said. “We are vigorously investigating this appalling data loss, needlessly exposing more than 18,000 Connecticut doctors and professionals to devastating identity theft.

“Failing to promptly notify providers of the breach is inexcusable — and a possible violation of state law. Waiting two months left providers severely at risk — needlessly and irresponsibly exposing them to financial mayhem.

“My office demands a full accounting from Blue Cross Blue Shield — healthcare providers affected, details of the loss, protections for professionals, policies and procedures for data loss and other information. State laws mandate that companies fully secure sensitive personal information and quickly disclose breaches — laws the companies may have broken.

“Anthem’s one year of identity theft protection is inadequate and unacceptable. Connecticut doctors and health care professionals expect and deserve a stronger shield against identity loss. I will fight for greater safeguards, including longer identity theft protection, as I have done in other data breaches.

“For identity thieves, private personal data is as good as gold — and should be secured with equal vigor and vigilance. Companies must closely protect Social Security numbers and other sensitive data.”

In addition to protections provided by the companies, Blumenthal said that health care providers can protect themselves by asking the three major credit rating agencies to place a free “Fraud Alert” on their credit reports. The companies are: Equifax – 1-800-525-6285; Experian – 1-888-397-3742; TransUnion – 1-800-680-7289.

Health care providers can also have the major credit rating agencies “freeze” their credit, meaning no new credit can be taken out in their names without their express authorization. A credit freeze request must be made in writing by certified mail to one of the three major credit rating agencies, Equifax, Experian and Transunion.

Credit bureaus charge $10 to freeze and $12 to temporarily un-freeze credit. Blumenthal will seek reimbursement to health care providers for credit freezes and un-freezes.

Thursday, November 5, 2009

FTC Extends Enforcement Deadline For Red Flags Rule Again!

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.

The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

The Commission previously delayed the enforcement of the Rule for entities under its jurisdiction until November 1, 2009. The Commission staff has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Web site (www.ftc.gov/redflagsrule), and in speeches and participation in seminars, conferences and other training events to numerous groups. The Commission also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. FTC staff has published numerous general and industry-specific articles, released a video explaining the Rule, and continues to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members.

On October 30, 2009, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. Today’s announcement that the Commission will delay enforcement of the Rule until June 1, 2010, does not affect the separate timeline of that proceeding and any possible appeals. Nor does it affect other federal agencies’ ongoing enforcement for financial institutions and creditors subject to their oversight.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,700 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Wednesday, October 28, 2009

CalOptima Reports Data Breach That Could Affect 68,000 Members

Unencrypted CDs containing names, diagnosis codes, Social Security numbers and other information for about 68,000 CalOptima members have been lost, sparking concerns about identity theft, Computerworld reports.

CalOptima is Orange County's Medi-Cal managed care plan. Medi-Cal is California's Medicaid program.

In a statement, CalOptima explained that a claims scanning vendor had sent the CDs to CalOptima via certified mail, but CalOptima only received the outside packaging, not the box with the CDs.

A spokesperson for the health plan said there is no evidence that the CDs were stolen (Vijayan, Computerworld, 10/26).

The statement said that CalOptima informed state and federal agencies of the situation on Oct. 14 and posted an alert on its Web site on Oct. 15 (Goedert, Health Data Management, 10/26).

CalOptima is making arrangements to offer credit monitoring services to members affected by the breach (Computerworld, 10/26).

Shameless plug

the Best Identity Theft Protection available dot com

FORMER WACHOVIA BANK EMPLOYEE CONVICTED OF BANK FRAUD AND AGGRAVATED IDENTITY THEFT

Juan Rombado, a former Wachovia Bank employee, has been convicted of bank fraud and aggravated identity theft arising from several schemes aimed at defrauding his employer through the theft of customer identities, United States Attorney Tim Johnson announced. Indicted and arrested in August 2009, Rombado pleaded guilty to both counts before United States District Judge Vanessa Gilmore.

Rombado, 46, of Houston, admitted that while employed at the N. Eldridge Parkway branch of Wachovia Bank as a financial specialist between March 2007 through Nov. 23, 2007, he used his position to knowingly execute various schemes to defraud Wachovia Bank to obtain money through check kiting. In this scheme, Rombado unlawfully possessed and used the names, dates of birth and Social Security numbers of Wachovia Bank’s loan applicants to unlawfully open bank accounts under the name “Corsan Group,” and then wrote checks from the unfunded accounts knowing they had insufficient funds. Rombado deposited the unfunded checks into his personal bank account and immediately withdrew the funds represented by the fraudulent checks, taking advantage of the time elapsed between the unfunded deposits to his personal account and the money being deducted from the fraudulent accounts.

In addition to the check kiting scheme, Rombado used Wachovia Bank’s customers’ identities to apply for and use unauthorized access devices, namely credit cards. During roughly an eight-month period, Rombado obtained in excess of $1,000 through the use of the credit card. Lastly, Rombado used his position at the bank to embezzle funds from Wachovia Bank customers’ accounts by making unauthorized funds transfers from the customers’ accounts to his personal account. Through the execution of this scheme, Rombado took approximately $16,742.75 from the bank.

Judge Gilmore has set sentencing for Feb. 23, 2010. Rombado faces up to 30 years imprisonment and a $1 million fine for the bank fraud conviction. The aggravated identity theft carries a mandatory sentence of two years imprisonment to be served consecutive to the sentence imposed for the bank fraud conviction. Rombado will remain free on a $50 thousand bond pending sentencing.

The charges against Rombado are the result of an investigation conducted by the United States Secret Service and the Houston Area Fraud Task Force. Special Assistant United States Attorney Justo A. Mendez is prosecuting the case.

Source: U.S. Attorney’s Office

Wednesday, October 21, 2009

H.R.3763 - To amend the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses.

Official Summary

10/8/2009--Introduced.Amends the Fair Credit Reporting Act with respect to the duties of users of consumer reports who take adverse actions on the basis of information contained in such reports. Excludes any health care practice, accounting practice, or legal practice with 20 or fewer employees from the meaning of creditor subject to Red Flag Guidelines regarding identity theft promulgated by the proper federal financial regulatory agency. Excludes any other business which the Federal Trade Commission (FTC) determines:
(1) knows all its customers or clients individually;
(2) only performs services in or around the residences of its customers; or
(3) has not experienced incidents of identity theft, and identity theft is rare for businesses of that type. States that such exclusion shall no longer apply to any business that can no longer meet such eligibility criteria.

If this bill passes it will exclude about 90% of healthcare professionals from having to comply with the FTC's Red Flags Rule Amendment to the Fair and Accurate Credit Transactions Act (FACTA). I have added a widget on the top of the blog so if you are interested, you can follow this bill by visiting my blog.

Enforcement of the Red Flags is to begin on11/01/09.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Sixty-six percent of U.S. adults say they worry "frequently" or "occasionally" about being a victim of identity theft

Being a victim of car theft or home burglary when away rank a distant second
by Lydia Saad

PRINCETON, NJ -- Identity theft debuts on Gallup's Crime survey as Americans' top-ranked crime concern. Sixty-six percent of U.S. adults say they worry "frequently" or "occasionally" about being a victim of identity theft, higher than the reported anxiety about 11 other types of crime and the only crime that a majority worry about at least occasionally.
Gallup trends measuring Americans' fear of being victims of specific crimes date back several decades, but for each of 10 crimes, the question has been updated annually on Gallup's Crime survey since 2000. Terrorism was added to the list in 2001, and 2009 marks the first year identity theft has been included.
Men and women are about equally likely to say they worry about identity theft, but there are differences by income. Americans in households earning less than $30,000 per year are significantly less likely to say they worry frequently or occasionally about this crime than are those making higher amounts.

However, other data in the Oct. 1-4 survey suggest that identity theft is not related to income. According to respondents' self-reports of their crime victimization in the past year, 12% of low-income Americans -- identical to the percentage in high-income households -- say that they or another member of their household was the victim of identity theft in the past year. (Full report at www.gallup.com)

There is one comment in Lydia Saad's story that is incorrect. She wrote: "Although most victims can quickly undo the damage by canceling their credit cards,..." This may be true for some financial identity theft but financial only is about 22-25% of all identity theft. Canceling a credit card will not help if you are a victim of social security, drivers license, criminal or medical identity theft which was up 400% last year.

That is why when obtaining Identity Theft protection, choose a company that offers restoration for all areas of id theft such as the one I offer. Visit my shameless plug below for more information. And we also now protect child identities.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Tuesday, October 20, 2009

New Phishing Attacks Target Institutions in Four States

CA., NY, PA and WI Customers Victimized by Text, Phone Messages
October 13, 2009 - Linda McGlasson, Managing Editor

A fresh string of phishing attacks have struck financial institutions nationwide over the past two weeks, with customers of 10 banks and credit unions in California, New York, Pennsylvania and Wisconsin receiving fraudulent text messages or automated phone calls.
These incidents are concurrent with a new report from the Anti-Phishing Working Group, which says such attacks are up nearly 600 percent this year.
Text Messaging Scams

Members 1st Federal Credit Union of central Pennsylvania reported on Sept. 28 that it received calls from customers about text messages claiming that their cards were blocked. The calls were purportedly from Members 1st, and the customer phones that were targeted were reportedly AT&T mobile phones.....
.....Similar attacks happened on Oct. 2 in Nebraska to Greater Omaha Credit Union customers. Omaha police say the phishers sent text messages to mobile phones in the Omaha area, claiming their bank card had been deactivated and instructing them to call an 877 number to reactivate it. At least one customer fell victim, losing several hundred dollars to phishers located in Huntington Beach, CA. "Once he changed his PIN, somebody went in and withdrew the money," said Richard Patterson, president of Greater Omaha Federal Credit Union....

...How the scam works: Fraudsters learn the first three digits for certain cell phone providers in an area and just dial in remaining digits for mass texting, hoping to catch customers...

California Bank Hit in Automated Attack
The phishing scam that hit Liberty Bank, Boulder Creek, CA on Oct. 2, is still happening. The bank reports that an automated phone call phishing scam references Liberty Bank by name, making the scam more believable to unsuspecting bank customers.
Listen to the automated vishing call:
The Santa Cruz Sheriff's office initially handled the investigation, but the case has been turned over to the FBI, says Jill Hitchman, first vice president of the bank. "We've been told that Bank of America, Wells Fargo Bank, Citibank and some credit unions as far away as Humboldt County have been targeted," Hitchman says.
Residents of San Lorenzo Valley and parts of Santa Cruz reported receiving automated phone calls, purportedly from Liberty Bank, saying, "Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department."
Customers who pressed "1" were asked to enter their credit/debit card number and personal identification number. Once usernames and passwords to a web-based e-mail account are captured from a customer, criminals can access the login information and transfer money out, Hitchman says.
Hitchman explains that the phishers used phone systems that were hijacked in small companies to make the calls. "They used voice over IP technology to get into the back door of these companies," she says. This recording is the actual message that customers heard from the phishers. (full text at www.bankinfosecurity.com)

NOTE: In April while in Michigan, I answered two calls at my sister's home that were of this nature and "Caller id spoofing" was used as well. Read the article on caller id spoofing here.

This article is from a week ago. Sorry, I missed it the first time.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Payroll Processor Breached Twice in One Month

PayChoice Warns Business Clients of Network Breaches, Potential Fraud
October 19, 2009 - Linda McGlasson, Managing Editor
For the second time in less than a month, New Jersey-based payroll processor PayChoice has alerted customers to a network breach.
PayChoice, based in Moorestown, NJ, had to take its Online Employer site offline last Thursday for a short time after the latest security breach was discovered. While the exact cause of the breach was not revealed, the company says it has taken new precautions.
"PayChoice deployed additional security measures to protect client data after the company identified a key mechanism used by online attackers," says CEO Robert Digby. PayChoice's Online Employer site was briefly taken offline after the company discovered the breach, which occurred on Oct. 14. Digby says PayChoice has reopened the site with most functionality after protecting against the methods used in the attack.
The payroll processing company, which boasts more than 125,000 business clients, warned its customers by letter about the new breach after some clients reported "phantom" employees showing up on their payrolls.
The message to PayChoice customers indicated that the hackers may have stolen customer login IDs and passwords by going through a hole in security on the website feature that helps customers change their password. PayChoice says it turned off the change-password feature to fix the vulnerability. (Full text at www.bankinfosecurity.com)

Wednesday, October 7, 2009

Online Crime up Nearly 600% in '09

Expert: 'The Internet Has Never Been More Dangerous'
October 5, 2009 - Linda McGlasson, Managing Editor

Bogus security software applications are among the types of electronic crimes that grew 585 percent over the first half of this year, according to a new study.
The Anti Phishing Working Group's (APWG) latest report shows that rogue anti-malware programs, infected computers and crimeware broke new records in the first half of 2009. The report shows that criminals are innovative and have "apparently unchecked ambition" with crimeware designed to target financial institutions' customers....
....The report also shows:
The number of unique phishing websites detected in June rose to 49,084 -- the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement.

The number of hijacked brands ascended to an all-time high of 310 in March and remained at an elevated level to the close of the half in June.

The total number of infected computers rose more than 66 percent to 11,937,944 - now more than 54 percent of the total sample of scanned computers.

Payment Services became phishing's most targeted sector, displacing Financial Services. Jevans notes that institutions' customers still are a primary target of electronic criminals.
"The Internet has never been more dangerous," Jevans says. "In the first half of 2009, phishing escalated to some of the highest levels we've ever seen." Full text at www.bankinfosecurity.com)

I don't want to tell you that "I Told You So...but..."

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Lawsuit: Heartland Knew Data Security Standard was 'Insufficient'

Complaint Says CEO Described PCI as 'Lowest Common Denominator' of Protection
October 5, 2009 - Linda McGlasson, Managing Editor
Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.
This is the contention of a new master complaint filed in the class action suit against Heartland, which in January announced a data breach that is now estimated to be the largest known hack, involving 130 million credit and debt card accounts.
In a November 2008 earnings call, according to the complaint, Carr told analysts, "[We] also recognize the need to move beyond the lowest common denominator of data security, currently the PCI DSS standards. We believe it is imperative to move to a higher standard for processing secure transactions, one which we have the ability to implement without waiting for the payments infrastructure to change." ...
....Heartland executives have said consistently that the company was PCI-compliant at the time on the breach, which the complaint now says may have begun as early as December 2007. Visa, however, removed Heartland from its list of PCI-compliant service providers in March of this year, and one Visa security executive was quoted as saying "We have never seen anyone breached that was PCI compliant."

Heartland was re-certified as PCI compliant in May. (Full text at www.bankinfosecurity.com)

As I've said in past articles, I was one of the 130 million victims. When I was notified in January 2009, I was in Las Vegas doing a seminar on Id Theft at a national convention. My credit union called me and told me that they had to close out my debit card due to the breach. Here I was with $7 in my pocket, no other credit cards with me and 2 more days in Vegas.

I guess "What happens in Vegas - Stays in Vegas!"

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Monday, October 5, 2009

The Data Breach Blog Missing Blue Cross laptop puts 39,000 physicians at risk

The loss of a Blue Cross laptop has put the sensitive information of possibly 39,000 physicians at risk.

How many victims? Approximately 39,000 individuals have been notified though the actual scope of the breach is unknown.

What type of personal information? Personal information including tax identification numbers, which for some, are the same as their Social Security number.

What happened? The laptop, which contained a database with sensitive information about physicians nationwide, was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago.

Details: It is Blue Cross’ policy to encrypt all information on company computers, Jeff Smokler, national Blue Cross-Blue Shield spokesman told Boston.com. An employee who was authorized to have the information violated company rules, however, by downloading an unencrypted version of the database onto a personal laptop. The laptop was stolen after the employee left headquarters with it.

The breach might affect Massachusetts physicians and other providers the worst because they typically use their Social Security numbers as their tax identification numbers — which was part of the information breached.

Quote: “It took some time to figure out what type of data was on the laptop,’’ Tara Murray, Blue Cross and Blue Shield of Massachusetts spokeswoman told Boston.com. “There is no reason to be believe the data has been used to steal people’s identity, but we are just being cautious . . . to notify them and offering free credit monitoring.’’ (I highlighted this because this is standard boilerplate verbal vomit every time there is a breach! Credit monitoring only covers about 25% of all id theft. What if......the docs will find out the hard way or they can get our service that protects them in all 5 areas of id theft).

What was the response? Blue Cross will review its security procedures and make it a priority to persuade state physicians and other health care providers to apply for a new tax ID number that is different from their Social Security number. In addition, additional encryption will be implemented.

Source: Boston.com, “Blue Cross physicians warned of data breach,” Oct. 3, 2009.

By the way, any Physician reading this and still needs to get his Red Flags Policy before enforcement begins by the FTC on 11/01/09, feel free to visit www.stopidtheftcrime.com for a video and link to create your policy.

Tuesday, September 15, 2009

Senate Bill (SB-20) to bolster California breach law awaits governor

Bill to bolster California breach law awaits governor

Dan Kaplan

September 11, 2009

A new Senate bill in California, which seeks to complement the state's trailblazing SB-1386 data breach disclosure bill, is ready for Gov. Arnold Schwarzenegger's signature.

The new legislation, SB-20, builds on the 2003 bill by requiring that breach notification letters also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident and advice on steps to take to protect oneself from identity theft. The law also would require that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general's office.

"Experience over the past half dozen years indicates that too often, the information received [in the letter] is confusing, not clarifying," state Democratic Sen. Joe Simitian, author of both bills, said this week in a news release. "SB-20 ensures that notice of a security breach will be genuinely helpful to consumers."

...The governor must sign or veto the bill by Oct. 11.

SB-1386 laid the groundwork for roughly 45 other states to pass similar laws requiring organizations that expose personal information to notify victims. (Full text at www.scmagazineus.com)

Chase Bank Notifies Customers of Breach

Backup Tape Reported Missing from Vendor Storage Facility
September 11, 2009 - Linda McGlasson, Managing Editor

Chase Bank has sent out data breach notification letters to an undisclosed number of customers after a computer tape with customers' personal information was reported missing from a third-party vendor's storage facility.
Tom Kelly, spokesperson for New York-based Chase, the commercial/consumer banking arm of financial giant JPMorgan Chase, says the vendor -- which he would not name -- confirmed it received and maintained the tape, and that its offsite facility had been searched thoroughly after the tape disappeared. Kelly would not say if the data on the tape was encrypted, but says its data can be read only with special equipment and software. "We have no evidence to indicate any of the information has been viewed or used inappropriately," Kelly says. (emphasis added because: That's what they all say. It must be a boilerplate all use in case of a breach) (Full text at www.bankinfosecurity.com)

Tuesday, May 18, 2010

Thursday, January 14, 2010

Saturday, December 26, 2009

Friday, December 11, 2009

Thursday, November 19, 2009

Wednesday, November 18, 2009

Saturday, November 14, 2009

Tuesday, November 10, 2009

Thursday, November 5, 2009

Wednesday, October 28, 2009

Wednesday, October 21, 2009

Official Summary

Tuesday, October 20, 2009

Text Messaging Scams

Wednesday, October 7, 2009

Monday, October 5, 2009

Tuesday, September 15, 2009

Child Identity Theft Does Happen

Identity Theft Shield Overview

About Me

Subscribe To Stop Id Theft Crime

Security Breach Reports in 2009 and previous years

Visit web site below for free ebook on protecting yourself from Id Theft

Latest Security Breach News

Blog Archive