ChoicePoint Inc. will pay federal regulators $275,000 for a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft, the Federal Trade Commission reported.
In April 2008, ChoicePoint turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days.
The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress.
A McAfee study into 2,600 of the most popular keyword searches on the web has concluded that hunts for "screensavers" present the most risk.
The report released this week shows that users who search for "screensavers" have a 59.1 percent chance that they will be infected by malware on a given page of results.
By category, the most dangerous searches involved keywords containing the word "lyrics" (26.3 percent risk) and "free" (21.3 percent). The safest category searches, meanwhile, related to "health" (four percent) and the "economic crisis" (3.5 percent).
The report also warned of the risk generated by searching for information on "work from home." Variations of this search term -- considered more popular than ever, given the state of the economy -- ranged from a 6.3 percent-risk to a 40 percent-risk of infection.
Popular search terms are used by hackers to attract visitors to web sites that automatically download malware to unsuspecting users. The malware can then be used to build a botnet for the hacker or to gather personal information about the user and steal their identity.
Download the full report here.
Heartland Payment Systems has disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants.
Heartland's president and CFO, said in a USA TODAY interview that the intruders had access to Heartland's system for "longer than weeks" in late 2008. The number of victims is unknown. "We just don't have the information right now," Baldwin said.
Tech security experts said the breach could set a record. Retail giant TJX lost 94 million customer records to hackers in 2007. With more than 100 million transactions per month, they could discover that several months' worth of transactions were captured, says Michael Maloof, chief technology officer at TriGeo Network Security.
Heartland processes card payments for restaurants, retailers and other merchants. It discovered the hack last week after Visa and MasterCard notified it of suspicious transactions stemming from accounts linked to its systems. Investigators then found the data-stealing program planted by the thieves.
A Stanford spokesman said that the stolen laptop contained personal information, including birth dates, social security numbers, and home addresses of people hired by the university before September 28th, 2007. According to the university this could be as many as 72,000 individuals.
Stanford has become the latest in a series of organizations to suffer a public relations nightmare - from Wells Fargo Bank to the US Department of Veterans Affairs – because of a security breaches from a single stolen laptop. The sad fact here is that as the trustee of the personal information given to it, Stanford University has failed tens of thousands of people and put their financial identity at risk of being abused.
Yahoo has filed suit against a group of phishers. Yahoo alleges that the scammers tried to trick Yahoo subscribers into thinking that they had won a prize from Yahoo in an effort to steal their passwords, credit card numbers, and other sensitive information.
According to the Associated Press, Yahoo filed the lawsuit on May 16 in U.S. District Court in New York City under federal trademark law, federal anti-spam law and other state laws. In the lawsuit the company states that the defendants pretended to be Yahoo representatives, sending out e-mails claiming recipients had won prizes ranging from a few thousand to a million dollars and instructed them to click on a link or forward personal information to a “Yahoo lottery coordinator” to get their prize.
Some recipients were instructed to contact another party to arrange for the prize payment, Yahoo said in the filing, and this other party would charge them “hundreds of dollars in various processing and mailing charges in order to complete the payment process.”
Such “phishing” scams are meant to trick consumers into sharing financial information.
Free Credit Report Offers
The Federal Trade Commission (FTC) advises consumers who order their free annual credit reports online to be sure to correctly spell annualcreditreport.com, or link to it from the FTC’s website to avoid being misdirected to other websites that offer supposedly free reports, but only with the purchase of other products. While consumers may be offered additional products or services while on the authorized website, they are not required to make a purchase to receive their free annual credit reports.
The FTC Gets Tough with Free Credit Report Offers
The FTC recently settled a lawsuit against Consumerinfo.com – which did business as Experian Consumer Direct – over the “free credit report” promotion it advertised on television, radio and the Internet, including its websites freecreditreport.com and consumerinfo.com. If you ordered a free credit report from Consumerinfo between November 1, 2000 and September 15, 2003, and were enrolled in its credit monitoring program, you may be eligible for a refund under the FTC’s settlement.
The researchers have been given access to Secret Service case files on identity theft spanning from 2000 to 2006. The group’s findings provide the first-ever look at the criminals and victims in major identity theft cases.
