Creative Commons License

« February 2006 | Main | January 2011 »

University of Wisconsin Warns of Major Data Breach

Tens of thousands of former University of Wisconsin students and staff members this week continued to receive advisory letters from the University, warning them that hackers managed to break into a database containing their social security numbers and other sensitive information.

Worse, according to the letter (available in PDF format), it appears the hackers had unbridled access to the database for more than two years, putting at least 60,000 former students and employees at risk. School officials first began notifying affected individuals on Nov. 30, almost a month after the breach was first detected.

According to University of Wisconsin officials, the data breach was discovered in late October, when the Wisconsin Union, which administers the campus ID card program, noticed that a database was repeatedly accessed going back as far as January 2008.

A compromised file in the database included social security numbers associated with individual photo IDs and names.


Posted on December 29, 2010 at 10:05 AM | Permalink

Card skimmers at gas pumps, ATMs can capture your cash |

They can be hidden anywhere — on or in a gas pump’s credit card slot or the corner bank’s ATM.

Then with one swipe, an illegal bank card skimmer records data off a debit or credit card and can get the PIN code, too. Seconds later, someone has electronic access to the victim’s account.

Customers can’t see the devices, said Paul Elliott, special agent in charge of the Jacksonville Secret Service field office. Most don’t learn they have been skimmed until the monthly bill arrives.

“We found more than 10,000 numbers on a suspect’s computers that he had recovered from various skimmer devices he had,” Elliott said of a recent arrest. “The dollar loss with one bank was $110,000, off just one financial institution, and there are more.”


Posted on December 29, 2010 at 10:03 AM | Permalink

Tour operator admits credit card data on 110,000 customers breached

A New York-based tour operator reported that credit card information on 110,000 of its customers was compromised by an SQL injection attack on its web server. The tour operator, Twin America (operating as CitySights NY), said that hackers used an SQL injection attack to access the company’s web server database, which contained the names, addresses, emails, credit card numbers, expiration dates, and card verification numbers of its customers. The database did not contain customers’ social security numbers or drivers licenses.

Details of the data breach were revealed in a Dec. 9 letter that the company’s attorney sent to the New Hampshire State Attorney General. The letter said that around 300 customers were New Hampshire residents. The letter said that the breach was discovered Oct. 25 “when a web programmer discovered unauthorized script that appears to have been uploaded to the company’s web server, which is believed to have compromised the security of the database maintained on that server


Posted on December 29, 2010 at 10:02 AM | Permalink

ID Theft: Banks Must Step up Fight

Identity theft crimes are getting more attention, but not enough is being done to prevent them. That lack of prevention is what pushed Neal O'Farrell to found the Identity Theft Council, a newly created national network of partnerships between local law enforcement, financial institutions, businesses and volunteers that aims to provide local, grassroots support for victims of identity theft.

"We have to find some national way to communicate," O'Farrell says.

O'Farrell, a cybercrime and identity-theft expert and consultant for Intersections Inc., says apathy on the part of consumers, law enforcement and business has helped fuel growth of identity theft crimes. "We are seeing an increase in sophisticated malware, yet on the other side, we are seeing law enforcement virtually having to abandon the fight against identity theft," he says. "We are seeing growing apathy among consumers, who feel that zero liability means they have got nothing to lose."


Posted on December 29, 2010 at 10:01 AM | Permalink

Santander sends wrong statements to 35,000 current account holders

Current account holders with Santander may have received a bank statement that does not belong to them.

That is because the Spanish bank sent 35,000 bank statements to the wrong customers, following a printing error on December 18th.

Those who received the wrong statement will have seen their own details on the first page but the details of someone else on the second and third pages.

These statements showed the name, current account number and recent transactions of the customer.

However, the bank has stated that this will not increase the risk of identity theft as staff will be implementing security questions and asking for additional information from their customers.


Posted on December 29, 2010 at 09:57 AM | Permalink

BBB's Top five identity theft scams of 2010

The risk of becoming a victim of identity theft is everywhere. Criminals can gain access to personal information through various ways including mail, computer, credit cards, and even garbage cans. Your BBB has identified the top five scams seeking to steal your identity in 2010.

“ID theft prevention should always be on an individual’s mind,” said Matthew Fehling, President/CEO of BBB. “When it comes to protecting your identity, an ounce of prevention is worth far more than the amount of money, energy, and agony that goes into getting your life back to normal after your financial and personal information has been stolen.”

Read more:

Posted on December 29, 2010 at 09:07 AM | Permalink

Electronic Pickpocketing via RFID

In this high-tech age, pickpockets could use a new device to steal your credit card information without ever touching your wallet or purse.

A new technology that's come out in the last few years might soon make magnetic strips extinct. Several bank cards come with a chip that allow you to pay for purchases by holding your card close enough to a card reader, but "contactless" cards have not caught on as fast as experts thought, because of fears of being electronically pickpocketed.

During times like the holiday rush when shoppers are in a hurry, a contactless card reader seems necessary. The scan-and-go technology helps speed up transactions thanks to an electronic chip placed in newer bank cards, but the downside to radio frequency identification -- or RFID -- is that it's also ideal for tech-savvy pickpockets.

"They can obtain your information and you wouldn't even know it. It could potentially increase identity theft or any fraudulent use of a credit card numbers," Gabby Beltran of the Identity Theft Resource Center said.


Posted on December 22, 2010 at 01:31 PM | Permalink

Identity Theft Resource Center Forecasts More Fraud Ahead in 2011

Identity theft is not going away.  It’s escalating and transforming so quickly the Identity Theft Resource Center can only make educated predictions on the course of identity theft for 2011.

  • Crime Rings - Organized crime will continue to embrace and expand its ability to gather and sell personal identifying information.  These crime groups are often associated with other crimes including drugs, trafficking, counterfeiting, moving stolen goods, and selling stolen information.
    • Additionally, there will continue to be growth in the international nature of identity theft.  Victims will find credit/debit card charges emanating from global transactions in Europe, Africa and Asia.  In June, police arrested 178 criminals in a U.S. - Europe raid on credit and debit card cloning labs, with an estimated value of $24.5 million, according to a report from Reuters.   This is just one of many such organizations.
  • Checks - Check fraud, focused on synthesized checks, will flourish as it becomes harder to get credit due to the economy.  These synthesized checks may have the name and address information of a real person or company and a fraudulent bank account and routing number.  Merchants will unknowingly accept these checks until a system is created to verify checks in real time, as is done with credit/debit cards.
  • Account takeover - Criminals will focus on the deep pockets of small and large businesses, educational facilities and school districts, and even governmental agencies.  A recent Fraud Advisory Report for Businesses*, examined corporate account takeover techniques in which “cyber attackers” empty business accounts in minutes.  Company insiders will play a larger role in overcoming security features and hacking into computer systems and online banking accounts, siphoning money directly to the criminal’s offshore account.
  • Breaches - The known number of breaches will continue to increase due to mandatory reporting.  Additionally, more breaches will become public as evidenced by the 2010 Verizon Data Breach Investigation Report which indicated that 61% of breaches were discovered by outside sources.  An increase in breaches aimed at email lists may lead to more social networking scams and malware attacks.


Posted on December 22, 2010 at 01:29 PM | Permalink

Ariz. hospital misplaces endoscopy patient data

Data cards containing information about more than 2,200 patients were lost at Mountain View Medical Center, a 178-bed hospital in Mesa, Ariz. In a notice posted on the hospital’s website Dec. 10, the hospital reported that the compact memory cards were misplaced from two endoscopy machines, and it became aware of the problem on Oct. 13.

The letter states:“On Oct. 13, Mountain Vista Medical Center became aware that compact memory data cards containing information related to procedures occurring Jan. 1, 2008 through Oct. 12, were missing from two endoscopy machines in the Endoscopy Unit. The compact memory data cards include the following information about the patients: full name, date of birth, age, sex, hospital medical record number, physician last name, date and time of procedure, type of procedure and procedure image(s). We have no reason to believe that the information involved in this incident has been accessed or improperly used.
“Social security numbers, credit card numbers, addresses, and telephone numbers were not included on the data cards,” the notice stated.


Posted on December 22, 2010 at 01:26 PM | Permalink

Ohio State Says Hackers Breached Data on 760,000

Ohio State University is notifying about 760,000 people whose personal information was stored in the university’s computer server that a data breach could put them at risk for identity theft.
The university, located in Columbus, began sending letters on Wednesday to current and former faculty and staff members, students and applicants, telling them that hackers had broken into the server that stored their names, Social Security numbers, dates of birth and addresses.

The university said that although there was no evidence that the information had been used for identity theft, it was nonetheless offering a year of free credit protection to everyone whose data was on the server


Posted on December 22, 2010 at 01:25 PM | Permalink

Alarming increase in identity theft cases

There is an alarming increase in the number of identity theft cases that the Ohio State Highway Patrol is now investigating.

Anything that requires state licensing falls under Ohio State Highway Patrol jurisdiction.

In 2010, troopers investigated 100 percent more identity fraud cases than they did last year.

It is the largest percentage increase in any type of crime the OSP handles.

"The trend we see now is it's real documents. They've just been tampered with or people are using someone else's actual documents," Ohio State Patrol Lt. Joe Mannion said.

Stolen identities are used for many things. Emptying your bank account and ruining your credit are jst a few.


Posted on December 22, 2010 at 01:23 PM | Permalink

HISD boosting computer security after hacker threat | Houston & Texas News | - Houston Chronicle

Hundreds of thousands of students and employees in the Houston school district had their Social Security numbers and other personal data exposed to a suspected computer hacker, HISD officials announced on Thursday. A criminal investigation, launched in October after district employees noticed a security breach, has found that the hacking was more severe than initially thought, leaving students' grades and employees' bank account information vulnerable. via

Posted on December 14, 2010 at 01:11 PM | Permalink | Comments (0)

Identity Theft Warning for U of Arizona Students

The University of Arizona says they've lost a computer hard drive containing information on thousands of students, and administrators are warning those students they could be at risk of having their identities stolen.

The hard drive contains data on more than 8,000 students enrolled between 1997 and 2008, and if it gets into the wrong hands, alumni could be big trouble. The missing hard drive has the names and social security numbers of thousands of former students.


Posted on December 13, 2010 at 04:24 PM | Permalink

Service Members Face New Threat - Identity Theft -

At bases and outposts at home and around the world, military personnel continue to use their Social Security numbers as personal identifiers in dozens of everyday settings, from filling out health forms to checking out basketballs at the gym. Thousands of soldiers in Iraq even stencil the last four digits onto their laundry bags.


Posted on December 13, 2010 at 04:23 PM | Permalink

Why Should I Bother Writing a Letter When I Can Call or Email? :: California Credit Law Blog

Frequently people ask me how they can get the credit bureaus to correct inaccurate information on their credit reports. I always tell them to dispute inaccurate credit reports via letter sent Certified Mail, Return Receipt. Why do that, you ask, when I can dispute on-line or by phone? If you look at their websites, you know the credit bureaus encourage consumers to phone or email. It is almost impossible to find an address to mail a written dispute letter to.

There are COMPELLING REASONS to do your disputes in WRITING, Certified Mail, Return Receipt. If you have put it in writing and kept a copy and obtained a receipt you can prove exactly what information you provided and that they received it.


Posted on December 13, 2010 at 04:20 PM | Permalink

Large Jury Verdict Against Equifax in Identity Theft Case :: California Credit Law Blog

Equifax has a judgment against it for more than a million dollars to a Bay Area man whose identity was stolen. While the consumer was hospitalized, an impostor used his identity to open fraudulent accounts. He found the fraudulent accounts on his credit reports from Experian, Equifax and TransUnion and disputed them.


Posted on December 13, 2010 at 04:18 PM | Permalink

University of Tennessee Medical Center data not disposed properly

University of Tennessee Medical Center officials are alerting about 8,000 patients that hospital reports containing their private information were not properly disposed of and could pose a privacy breach risk.


UT Medical Center spokesman Jim Ragonese said Friday that based on an internal investigation there is no reason to believe any patient information was disclosed, used or accessed inappropriately.


Data breach

Posted on December 1, 2010 at 01:33 PM | Permalink

Used Cell Phones Allow Identity Theft, Expert Says - Detroit Local News Story - WDIV Detroit

People should be thinking twice when donating or reselling old cell phones, a security expert said."Sometimes your phone number is almost as valuable as your Social Security number," said security expert Tom Berry.


Posted on December 1, 2010 at 12:34 PM | Permalink | Comments (0)

Welcome to ScamSafe

This website is a blog about consumer credit, identity theft protection, scams, security, fraud, privacy, credit reports, credit monitoring and credit scores.

Please read our legal notices.

Posted on December 1, 2010 at 11:50 AM | Permalink | Comments (0)