A website about identity theft protection, credit repair, scams, security, fraud, privacy, credit reports, credit monitoring and credit scores.
A website about identity theft protection, credit repair, scams, security, fraud, privacy, credit reports, credit monitoring and credit scores.
The theft of consumer data from Neiman Marcus appears far deeper than had been disclosed originally, with the luxury retailer now saying that hackers invaded its systems for several months in a breach that involved 1.1 million credit and debit cards.
The malware installed on terminals in Neiman Marcus stores seems to be the same malware that infiltrated Target’s systems and exposed information from as many as 110 million customers, according to a person briefed on the investigations who spoke on the condition of anonymity and is not authorized to speak publicly about the attacks.
Investigators have not revealed whether the same cybercriminals are suspected in both breaches, although investigators and security specialists have described a loose band of hackers from Eastern Europe as the likeliest suspects in the Target theft. Security specialists working with the authorities have said that the hackers were considering several major retailers as potential targets.
In a statement posted on its website Wednesday night, Neiman Marcus said that the malware had been “clandestinely” put into its system and had stolen payment data off cards used from July 16 to Oct. 30. MasterCard, Visa and Discover have told the company that about 2,400 cards used at Neiman Marcus and its Last Call outlet stores have since been used fraudulently.
Posted on January 28, 2014 at 09:28 AM | Permalink
With all of the media surrounding the Target, Neiman Marcus, and, now, Michaels data breaches (and potentially other retail outlets), it can be overwhelming to determine what you should do to protect yourself. Even though you can't prevent a breach, there are steps you can and should take to prevent future headache and harm.
This is an important alert to read even if you weren't a victim of the recent breaches. As privacy and security professionals say on a regular basis, data breaches aren't a question of "if", they are a question of "when." It is best to be prepared and proactive.
1. Monitor your accounts. Check the financial account(s) you used to make your purchase at the breached retailer on a regular basis – preferably online. Don’t wait for the monthly statement. If there is any charge -- including a very small charge -- that you did not make or authorize, call the financial institution immediately.
2. Credit cards are better than debit cards. Always. If you used a debit card at the breached retailer, call your financial institution and request that they issue you a new card (if they haven't already). And in the meantime monitor your account closely and report any loss as soon as you notice it.
3. Take advantage of free credit monitoring services, but realize their limitations. In the cases of Target and Neiman Marcus, they are each offering a single-bureau monitoring service (there are three credit bureaus). This can be helpful if someone gains access to your Social Security number and tries to open a new account in your name, but it does not protect you against other forms of fraud.
Go directly to https://creditmonitoring.target.com to sign up for the service Target is offering. You will find Neiman Marcus' service here: https://www.protectmyid.com/nm.
4. Watch out for fraudsters. If you follow these general rules, you will largely reduce your chances of falling victim to common scams.
Never give sensitive information out to anyone who calls you. Chances are no breached company is going to call everyone whose records were breached—even if your caller ID says otherwise. It's safe to say the same applies with any law enforcement or government agency, bank, or other entity that may have a reason to need sensitive information.
Watch for fraudulent emails. Don't open attachments unless you BOTH trust the sender and are expecting an attachment from them. Don’t respond to an email asking for any sensitive information even if it looks official.
5. Keep up with your credit reports. It doesn't matter if you've been the victim of a data breach, you are entitled to one free credit report per year from each of the three credit bureaus. We recommend spacing them out and ordering one report every four months. Only do this through the official site, https://www.annualcreditreport.com. Don’t fall for websites with similar names.
Posted on January 27, 2014 at 06:43 PM | Permalink
The data breach at Target Corp over the holiday shopping season was far bigger than initially thought, the company said today, as state prosecutors announced a nationwide probe into the second-biggest retail cyber attack on record.
Target said an investigation has found that the hackers stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. Previously, the No.3 U.S. retailer said the hackers stole data from 40 million credit and debit cards.
The two sets of numbers likely contained some overlap, but the extent was not clear, according to Target spokeswoman Molly Snyder. She also noted that some of the victims did not shop at Target stores during the period of the breach between November 27 and December 15, and their personal information was stolen from a database.
Posted on January 21, 2014 at 09:25 AM | Permalink
Thousands of people across Europe and, more specifically, in Ireland have had their credit card and personal details stolen after a company which runs reward schemes was hacked.
Investigators have discovered that more than 376,000 people have had their details pilfered after Loyaltybuild's data centre in County Clare, Ireland was breached. It is believed that a further 150,000 potential client records may also have been compromised.
Of this figure some 70,000 or so were SuperValu customers and over 8000 were clients of AXA Leisure Break.
SuperValu is now contacting its customers to advise them that there is a "high risk" that an unauthorised third party has accessed details of cards used to pay for Getaway Breaks between January 2011 and February 2012.
The company said that the Getaway Breaks booking system has now been suspended until further notice. The company also emphasised that only data collected through Loyaltybuild was at risk and that other SuperValu customers would not be affected.
AXA said it will be contacting all of its customers whose data may be at risk and will advise them to check their credit card statements for any unauthorised activity.
Posted on November 14, 2013 at 01:49 PM | Permalink
More Americans' identities were stolen in tax refund crimes in the first six months of 2013 than in all of 2012, said a U.S. Internal Revenue Service watchdog on Thursday who described the problem as "a growing epidemic."
Tax refund fraud has exploded in recent years. Scammers typically use stolen names and Social Security numbers to file phony electronic tax forms for IRS refunds.
About 1.6 million Americans were victims of ID theft/tax refund crimes this year through June, up from 1.2 million taxpayers in all of 2012, the Treasury Inspector General for Tax Administration (TIGTA) said in a report.
"Identity theft is a growing epidemic," said J. Russell George, TIGTA's chief.
Democratic Senator Bill Nelson of Florida, a hot spot for these crimes, said in a statement that TIGTA's analysis shows the IRS is making progress, but much remains to be done.
TIGTA said that while the number of frauds has risen, the amount of federal revenue lost to these crimes has decreased. In 2011, the government lost $3.6 billion in potentially fraudulent tax refunds, down from $5.2 billion in 2010.
The thieves are increasingly working from abroad, TIGTA found. In 2011, someone using a single mailing address in Lithuania made more tax filings with fraudulent Social Security numbers than any single U.S. address, TIGTA said.
The Lithuanian address received $220,489 in fraudulent IRS refunds; an address in Shanghai received $156,533.
"The constantly evolving tactics used by scammers to commit identity theft continues to be one of the biggest challenges facing the IRS," the IRS said in a statement on Thursday.
TIGTA said the IRS must do more to spot red flags signaling potential fraud in tax filings, such as multiple filings from the same address, and to help victims more quickly.
The IRS said it agreed with TIGTA's recommendations.
Posted on November 14, 2013 at 01:45 PM | Permalink
Federal agents arrested two Hartford residents for allegedly stealing the identities of high-profile celebrities, including rapper 50 Cent and New York Knicks star Carmelo Anthony, and paying for Tiffany & Co. diamonds, Honda Vespa scooters and three used Cadillacs with the victims' credit cards.
According to investigators, the pair defrauded seven high-profile victims across the country including singers and athletes from Farmington, Conn., Miami and Beverly Hills.
Court documents showed Preston and Nunez found the celebrities' personal information on the Internet, and got ahold of their credit card numbers. They are accused of spending more than $500,000 on items that included Tiffany diamonds, dozens of Honda Vespa scooters and expensive cars. Investigators said most purchases were made online and on the phone.
Posted on November 14, 2013 at 01:43 PM | Permalink
The Fair Credit Reporting Act (known as FCRA) goes back to 1970 as an amendment to the Consumer Credit Protection Act. The FCRA provides consumer protection in the areas of fairness, accuracy, and privacy of the information collected by the credit bureaus. It also governs the credit repair and maintenance processes, verifying that the information in your credit report is correct.
Federal consumer rights under the FCRA include:
Access to your credit score. Your credit score provides potential creditors with a numerical indication of how likely you are to repay borrowed money. Based upon information found within your credit report, this number helps lenders, insurance companies, and other businesses decide whether or not to do business with you. The credit bureaus are required to provide your credit score if you request it, however it may come with a small fee attached. With our recommended service, you'll receive THREE free, updated credit scores and all three credit reports EVERY MONTH!
Notification when your credit information is used against you. If your application for insurance coverage, auto loan, mortgage, or other type of credit is denied, the lender must inform you of the decision. They must also provide the contact information of the credit bureau that gave them access to your report.
The right to dispute information on your credit report. Incomplete or false information can drag your credit score down. In addition to viewing your credit report, the FCRA allows you to trigger an investigation with the credit bureaus if you spot an error. Once the information is verified as false or inaccurate, it must be deleted or corrected within 30 days. Keep in mind that our service demands that creditors and bureaus uphold two additional reporting standards pursuant to other applicable laws -fairness and substantiation - in addition to simple accuracy.
The right to delete outdated information. Negative citations such as collections and bankruptcies can remain on your credit report for a maximum of 7 to 10 years. After this time period has passed, the credit bureaus must remove them from your report. Remember, though, that there is no minimum reporting period, so creditors or credit bureaus can remove information even earlier if they choose to do so.
The right to decide who views your credit report. No one can view your credit report without your permission. The FCRA requires lenders, landlords, employers, and other interested parties to obtain consent before viewing your credit report.
The right to opt out of unsolicited offers. If you're tired of receiving pre-approved credit applications and insurance coverage offers, you have legal recourse. Businesses that send these offers must include a toll-free number that allows you to remove your name from their solicitation list.
The right to legal action. Your credit report is valuable, and the FCRA prevents outsiders from misusing it. For more information, contact a credit repair professional, or visit the Federal Trade Commission website:www.ftc.gov/credit.
Federal law says that information about you that is reported to the credit bureaus must be accurate and fair. However, the Federal Trade Commission reports that one in four consumers have errors on their credit reports that lower their credit scores!
Credit repair is about fixing these errors so your credit report and credit score are the best they can be. The process, which can be quite cumbersome, involves disputing the errors in your report directly with the credit bureaus.
What kind of errors might be on your report? Late payments, unknown accounts, collections, foreclosures, charge-offs, liens, judgements, or bankruptcies. Any of these can reduce your score by a significant amount.
Credit repair can be performed by you but it is very complicated. In the past most people have used credit repair organizations. These are companies that do credit repair for you. You have to buy your credit reports and hand them over to the CRO. The CRO staff read through your report and then perform the credit repair for you. You have no control over the process and are vulnerable to getting ripped off by a CRO.
CROs for the most part were all pretty similar. Some are total scams and it is difficult to tell which are reputable and which are not. Even the reputable ones have questionable practices like purposefully limiting the number of items you can dispute each month -- so they can keep you as a customer longer.
Experts say you can expect a late payment to hurt your credit score for seven years, with your score gradually recovering over that time frame as you make smart borrowing decisions -- though exactly how much and how fast your score recovers isn't entirely clear.
The federal Fair Credit Reporting Act says that negative items can only appear on your credit report for seven years, but it doesn't say how the credit industry should treat the impact of those items after they happen. That vagueness, combined with the secrecy and complexity involved in credit scoring, mean that it's tough to say exactly how a borrower's credit score will recover from a late payment. Still, provided the borrower makes smart decisions following a slip-up, time will heal those credit wounds.
"Every consumer's situation is different, but generally speaking, the impact from a negative item, such as a late payment, will lessen as that item ages" says Steve Katz, spokesman for credit bureau TransUnion.
While FICO, creator of the most-widely used scoring model, largely keeps the details of its scoring model a secret, we do know the approximate damage a late payment will cause. FICO pulled the curtain back a bit on its scoring model recently when it acknowledged just how much certain credit mistakes can hurt a borrower's credit score. For example, in the case of two hypothetical consumers, FICO said that a 30-day late payment would reduce a FICO score of 680 by 60 to 80 points, while an identical late payment would reduce a FICO score of 780 by 90 to 110 points. (For more on this topic, see our story on FICO's damage points.) You can run FICO's credit score simulator to get an idea of how much damage various mistakes, including a late payment, may cause to your own credit score.Read more