Identity Lock Box

ChoicePoint Fined for Security Breach

2009-10-27T03:35:43Z

ChoicePoint Inc. will pay federal regulators $275,000 for a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft, the Federal Trade Commission reported.

In April 2008, ChoicePoint turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days.

The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress.

Study: Web's Most Dangerous Search Terms

2009-06-03T14:51:33Z

A McAfee study into 2,600 of the most popular keyword searches on the web has concluded that hunts for "screensavers" present the most risk.

The report released this week shows that users who search for "screensavers" have a 59.1 percent chance that they will be infected by malware on a given page of results.

By category, the most dangerous searches involved keywords containing the word "lyrics" (26.3 percent risk) and "free" (21.3 percent). The safest category searches, meanwhile, related to "health" (four percent) and the "economic crisis" (3.5 percent).

The report also warned of the risk generated by searching for information on "work from home." Variations of this search term -- considered more popular than ever, given the state of the economy -- ranged from a 6.3 percent-risk to a 40 percent-risk of infection.

Popular search terms are used by hackers to attract visitors to web sites that automatically download malware to unsuspecting users. The malware can then be used to build a botnet for the hacker or to gather personal information about the user and steal their identity.

Download the full report here.

Heartland Breach Puts Your Data at Risk

2009-01-22T18:22:01Z

Heartland Payment Systems has disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. Heartland's president and CFO, said in a USA TODAY interview that the intruders had access to Heartland's system for "longer than weeks" in late 2008. The number of victims is unknown. "We just don't have the information right now," Baldwin said. Tech security experts said the breach could set a record. Retail giant TJX lost 94 million customer records to hackers in 2007. With more than 100 million transactions per month, they could discover that several months' worth of transactions were captured, says Michael Maloof, chief technology officer at TriGeo Network Security. Heartland processes card payments for restaurants, retailers and other merchants. It discovered the hack last week after Visa and MasterCard notified it of suspicious transactions stemming from accounts linked to its systems. Investigators then found the data-stealing program planted by the thieves.

Identities of Stanford University Employees at Risk

2008-06-09T00:30:38Z

Stanford University sent notification to tens of thousands of past and current employees that their personal information and identity is at risk because of a single stolen laptop that contained their personal information. The laptop was not encrypted.

A Stanford spokesman said that the stolen laptop contained personal information, including birth dates, social security numbers, and home addresses of people hired by the university before September 28th, 2007. According to the university this could be as many as 72,000 individuals.

Stanford has become the latest in a series of organizations to suffer a public relations nightmare - from Wells Fargo Bank to the US Department of Veterans Affairs – because of a security breaches from a single stolen laptop. The sad fact here is that as the trustee of the personal information given to it, Stanford University has failed tens of thousands of people and put their financial identity at risk of being abused.

Yahoo Files Suit to Stop Lottery Phishing Scam

2008-05-17T03:53:53Z

Yahoo has filed suit against a group of phishers. Yahoo alleges that the scammers tried to trick Yahoo subscribers into thinking that they had won a prize from Yahoo in an effort to steal their passwords, credit card numbers, and other sensitive information.

According to the Associated Press, Yahoo filed the lawsuit on May 16 in U.S. District Court in New York City under federal trademark law, federal anti-spam law and other state laws. In the lawsuit the company states that the defendants pretended to be Yahoo representatives, sending out e-mails claiming recipients had won prizes ranging from a few thousand to a million dollars and instructed them to click on a link or forward personal information to a “Yahoo lottery coordinator” to get their prize.

Some recipients were instructed to contact another party to arrange for the prize payment, Yahoo said in the filing, and this other party would charge them “hundreds of dollars in various processing and mailing charges in order to complete the payment process.”

Such “phishing” scams are meant to trick consumers into sharing financial information.

Free Annual Credit Report Scams

2007-11-09T01:05:34Z

A recent amendment to the federal Fair Credit Reporting Act requires each of the nationwide consumer reporting companies – Equifax, Experian, and TransUnion – to provide anyone with a free copy of their credit report, at their request, once every 12 months. Be aware that there is only one online source authorized to do so. That source is annualcreditreport.com. Beware of other sites that may look and sound similar.

Free Credit Report Offers

The Federal Trade Commission (FTC) advises consumers who order their free annual credit reports online to be sure to correctly spell annualcreditreport.com, or link to it from the FTC’s website to avoid being misdirected to other websites that offer supposedly free reports, but only with the purchase of other products. While consumers may be offered additional products or services while on the authorized website, they are not required to make a purchase to receive their free annual credit reports.

The FTC Gets Tough with Free Credit Report Offers

The FTC recently settled a lawsuit against Consumerinfo.com – which did business as Experian Consumer Direct – over the “free credit report” promotion it advertised on television, radio and the Internet, including its websites freecreditreport.com and consumerinfo.com. If you ordered a free credit report from Consumerinfo between November 1, 2000 and September 15, 2003, and were enrolled in its credit monitoring program, you may be eligible for a refund under the FTC’s settlement.

36% of Identity Thieves are Women

2007-10-22T14:39:46Z

A new study by the Economic Crime Institute work group, based at Utica College, has found that a surprising number of identity thieves are women.

The researchers have been given access to Secret Service case files on identity theft spanning from 2000 to 2006. The group’s findings provide the first-ever look at the criminals and victims in major identity theft cases.
]]>

Only 8% of the criminals were friends or relatives of the victims.
36% of the identity theft crimes in the case files were committed by women. That is a greater percentage of women committing crimes than any other category.
A high percentage of ID crimes were committed using high tech methods such as stealing of data from company databases.
Mail theft was a factor in only 9% of the cases.

The average loss for each crime was more than $30,000. In one case, criminals stole $1.3 million before being arrested by federal authorities.

The data provided by the Secret Service included about 700 case files. The group omitted so called ‘existing account” fraud cases from its research, also called “credit-card only” identity theft.

Personal Information of 159,000 Administaff Employees Compromised

2007-10-15T16:57:28Z

An Administaff company laptop containing the personal information of 159,000 employees was stolen from a company employee. The laptop was stolen from a company employee's car while they were shopping for groceries on October 3rd, 2007.

The information on the laptop contained the names, addresses, and social security numbers of current and former employees. The information was not encrypted.

The company has notified all affected persons and has offered one year of free credit-monitoring service. Credit monitoring services, such as LifeLock.com, monitor a person's credit file with the three credit bureaus and alerts people when there is potentially fraudulent activity. ]]> Source: Chron.com (Houston Chronicle), Oct. 15, “Laptop Goes Missing with Data on Workers”

Stolen Laptop Contains Transportation Department Worker Information

2007-10-13T03:49:31Z

In Washington state, a burglar stole a laptop containing the personal information of 1,400 current and former employees of the King County Transportation Department.

The information contained the names, addresses, and social security numbers of current and former employees.

The laptop belongs to a human resources employee who regularly brings the laptop from one job site to another. The laptop was password protected, but the data was not encrypted. The victims were part of the department’s Roads, Airport and Fleet divisions.

]]>

U. of Texas Student’s Personal Information Available Online

2007-10-12T03:37:19Z

The University of Texas said it works hard to notify students about how to avoid identity theft, but the school put some of its own at risk.

The Personal information, including Social Security numbers of 22 current and former students, was posted and available to access on a university FTP site in late September.

All the students impacted were enrolled in a petroleum and geosystems class during the summers of 2001 and 2002.

The university took the files offline within hours after being notified by SSNBreach.org, but not before 22 students' Social Security numbers were exposed.

The university said there is an ongoing effort to get rid of using Social Security numbers except where they are needed.

]]>

Former University of Iowa Graduate Students at Risk of Identity Theft

2007-10-08T20:13:29Z

The University of Iowa is warning 184 students and graduates that grade information and Social Security numbers were on a laptop stolen from a former teaching assistant. The laptop was stolen in September from the home of a former teaching assistant.

The laptop contains class records, including attendance, test scores and grades of 184 students who took graduate courses between 2002 and 2006. The Social Security numbers of 100 students are also on the laptop.

The Philosophy department chairman is mailing letters to affected students and accepting phone calls from those who are concerned about the incident.

]]> Source: DesMoinesRegister.com (The Des Moines Register), Oct. 8, “Stolen Laptop Has U of I Student Data”

Massachusetts Regulators Mistakenly Sent Out Disks with Personal Information

2007-10-03T20:25:27Z

In Massachusetts the Divisions of Professional Licensure and Health Professions Licensure sent out information to marketing firms and other businesses containing the personal data, including Social Security numbers, of 450,000 licensed professionals.

The Division of Professional Licensure notified both the secretary of state and the office of the attorney general about the breach, and has begun notifying all affected individuals.

Affected individuals include engineers, nursing home administrators, certified public accountants and other professionals.

Individuals who feel they may have been affected can contact the Division of Professional Licensure.

]]> Source: Boston.com (The Boston Globe), Oct. 3, “Mass. accidentally sends out disks with personal information”

Personal information of 600 Queens University of Charlotte Students Emailed to Fellow Students

2007-09-18T22:21:33Z

In an apparent administrative error, the personal information of more than 600 Queens University students was emailed to other students. Queens University is located in Charlotte, North Carolina.

The information contained names, addresses, student IDs and social security numbers of the affected students.

University administrators have notified affected students by email, U.S. mail, and phone. Additionally, the university has contracted with a fraud and credit monitoring service for the next 12 months. Students will receive email alerts on changes to credit reports and insurance against identity theft. ]]>

Hacker Obtains Contact Information of 6.3 Million TD Ameritrade Customers

2007-09-14T18:41:34Z

TD Ameritrade revealed on Friday that the contact information for 6.3 million of its customers was stolen from one of its databases.

Joe Maglia, TD Ameritrade’s CEO, said the company “recently discovered and eliminated unauthorized code” from the database server. He also stated that the company is confident that it has identified the source of the breach.

The information stolen includes the names, addresses and email addresses, plus a account activity information from the last 6 months. Accounts opened after July 18th were not impacted. ]]>

Hackers Compromise Voxant Online Store

2007-09-14T17:24:11Z

In a letter to the New Hampshire Attorney General, Voxant revealed that one of it's ecommerce servers was compromised by what appeared to be a phishing scheme. The hackers had the ability to access encrypted credit card information along with the encryption key. As a result Voxant is sending 4,500 customers letters notifying them of the breach and informing them to change their credit card numbers.

The point of contact regarding this incident is:

Roylene Julesza
Director, Syndication
1851 Alexander Bell Drive
Reston, VA 20191

Source: Letter to the New Hampshire attorney general, Aug. 31.