Creative Commons License

« December 2010 | Main | February 2011 »

Facebook cyber attacks on social networking sites doubled in 2010

The attacks by spam, phishing and malware upon social-networking sites last year were twice the amount of attacks from 2009, as mentioned in the latest review on cyber threats.

The concerned report, the Sophos' Security Threat Report 2011 got released yesterday, and it has an explanation on about the swiftly rising number of social-networking sites, the most significant of which is, not surprisingly, Facebook, that have turned into the sitting targets of the cyber attackers.

When the users of the various social-networking sites were asked by Sophos if they had got any spam or phishing e-mails or any kind of malware attack in December last year, around 67% of the people complained of having received spam. This is a rise from the previous figure of 33.4% of April 2009.

Meanwhile 43% of the people reported phishing messages, which is a rise from the 21% of the previous year. And 40% of the people complained of having malware attacks which increased from 21.2% from the 2009.

Once a hacker breaks into someone's account, there's a whole treasury of personal information from friends to relation laid before him. Then he can use that personal information by selling it to advertisers or commit various criminal acts such as identity theft.


Posted on January 28, 2011 at 09:08 AM | Permalink

Identity Theft: Thieves use unsecured wireless networks

SPRINGFIELD, Mo. -- A crime that you may have thought was a big-city problem is now in the Ozarks.  The Springfield Police Department says it's been inundated with cases of identity theft involving wireless networks.  Police say there's a simple way to protect yourself.

Most cases of identity theft may involve someone overseas stealing your information but it's also happening right here -- possibly in your front yard. 

"The bad guys are getting to your information because it's not locked down," said Springfield Police Dept. spokesman Cpl. Matt Brown.

If you have wireless internet, you could be at risk.  Criminals just drive down the street looking for unsecured wireless hotspots -- that is, Wi-Fi network signals with no password protection. 

"They're able to quickly within seconds get into system and start doing whatever they want to do," said Brown.

In fact, within minutes, a reporter was able to find dozens of unprotected Wi-Fi networks in one neighborhood.

There have even been cases locally of innocent people getting arrested for crimes as serious as child pornography. 

"We're seeing a pretty good spike where innocent citizens are having computer systems taken over by offenders searching child porn or stealing their identities," said Brown.

Here's the problem.  In the case of internet crimes such as child pornography, police may follow an IP address to your computer, so it looks like you're the one who committed a crime.  It could be someone in front of your house, using your internet access, and stealing your identity. 


Posted on January 28, 2011 at 09:07 AM | Permalink

Bill Would Make Certain ID Theft Cases Easier To Prove - Colorado

A recent controversial decision by the Colorado Supreme Court has prompted newly elected state Rep. Mark Barker, R-Colorado Springs, to file HB11-1049, titled “Use of Personal Info to Defraud.” The bill was filed Jan. 12, and its intent is to clarify the statutory language involving identity theft following the recent high court decision involving Felix Montes-Rodriguez.

Montes-Rodriguez was convicted of criminal impersonation based on his use of a false social security number on an application for an automobile loan, and he admitted to using the false social security number. However, he contested the charge. He argued that he did not assume a false identity or capacity under the statute because he applied for the loan using his proper name, birth date, address, and other identifying information.


Posted on January 28, 2011 at 08:12 AM | Permalink

Colorado dials up ID theft hotline

Increase in complaints prompted service, says Bureau of Investigation

Identity theft and fraud victims in Colorado can get help from a new 24-hour hotline at the Colorado Bureau of Investigation.

The state has been among the top 10 in the nation for identity-theft complaints in the past several years, and Fort Collins residents have increasingly fallen victim to Internet-based fraud.

“We’re seeing a tremendous increase,” said Sgt. Don Whitson with Fort Collins Police Services. “Just about every day, we find a different thing people tell us about how they got ripped off.”

Finances for the CBI hotline, as well as a victim’s advocate for such crimes, are provided through federal grants to the Colorado Division of Criminal Justice. It serves English- and Spanish-speaking callers.

CBI agent Ralph Gagliardi said the hotline offers advice for people seeking to protect themselves as well as those who suspect they’ve been victimized.

He declined to comment on whether the statewide numbers appear to be increasing, but he said perpetrators’ locations “run the gamut” from within Colorado to across the country and planet.

“Right now, the big things are the scams over the phones or Internet that the bad guys solicit or fish for the person’s name, Social Security number or date of birth, representing themselves as a bank or as the Census Bureau,”Gagliardi said.

People might not know their information has been stolen until they go to apply for credit or receive a bill for services they didn’t receive, he said.

The latest available data from the Federal Trade Commission indicates there were 4,775 complaints of identity theft in Colorado in 2009, with the ninth-highest rate in the country at 95 per 100,000 people.

Florida ranked No. 1, with 22,664 complaints at a rate of 122.3 per 100,000 people, according to the FTC website.

The CBI investigates and assists with investigations of large-ring operations and those crossing state lines, but ID theft and fraud cases typically are investigated by local agencies.

Whitson said such crimes are “under-reported, under-investigated and certainly under-prosecuted,” and the only way to decrease the frequency of such offenses is to increase punishment.

The effects of the crime are long term, Whitson said.

“You get punched in the head and it hurts and you go on,” he said, adding that having one’s “retirement liquidated” creates a lasting impact.

Fort Collins police have three detectives, a civilian and a sergeant handling financial crimes, and another detective is to be added in the next couple years through a tax initiative, Whitson said.

“We have all our resources maxed out, currently,” he said.

Whitson said even websites that appear legitimate — complete with the secure site icon on the user’s browser — can be fraudulent.

“You should never send anything over the Internet that you’re not willing to give up to some criminal,” he said. “There are a lot of g


Posted on January 28, 2011 at 08:10 AM | Permalink

Error sends University of Missouri insurance mail to wrong addresses

COLUMBIA, MO -- Hundreds of participants of University of Missouri’s health insurance program are being told to be on the look-out for insurance fraud after several hundred insurance communications were mailed to the wrong person. Health benefit statements, health services letters and new ID cards were among the correspondence mailed to incorrect addresses between January 6th and 10th of this year. The mailings included personal information, including, names, member numbers and birth dates. However, the University said social security numbers were not included in the mailings. The University tells KRCG the error affected about 750 employees with about an equal number of pieces of mail. University of Missouri system officials blames the problem on Coventry Health Care, which administers the university’s insurance plans. Coventry said a computer malfunction aligned names with the wrong addresses. The incorrect mailings could put those affected in danger of medical identity theft, when a person uses another person’s insurance card to receive medical services. The World Privacy Forum says it has been trying to raise awareness about medical ID theft for years now.   The organization says there is no national standard for dealing with medical identity theft and that it is hard to fix once the damage is done. One concerning outcome of the crime is the altering of one’s medical history. "There are people we've talked with who, their imposter went in and had a hospital stay and put down that they were allergic to one drug, and then the real person is not allergic to that drug, but they're allergic to other drugs,” said Pat Dixon, the executive director of the World Privacy Forum in an interview with NPR. Kelly Stuck, who oversees faculty and staff benefits with MU, tell KRCG she believes the threat of medical identity theft is diminished because the incorrect mailings were only sent to other MU employees. University of Missouri said it immediately contacted Coventry on Jan. 14th after an employee alerted officials to getting correspondence intended for someone else. The university reports that it wasn’t until Jan. 20th that Coventry provided them with an explanation of what went wrong. Coventry said it implemented new safeguards to prevent a similar type of error from happening in the future. On Jan. 21st, MU mailed out its own letters to employees affected by the mailing error. The letter tells those affected to ask their health providers to confirm the identity of anyone trying to get medical services using their insurance cards. The letter also instructs to carefully review their Coventry correspondence to look out for any unauthorized insurance claims. At this point, Coventry is not reissuing ID numbers to those affected by the error because the Coventry ID number is a variation of the university-issued identification number, according to Stuck, who said that the University will closely monitor those ID numbers. In a press release, MU said that it has asked Coventry to take steps to recover the misdirected mail. 


Posted on January 28, 2011 at 08:08 AM | Permalink

Facebook suspends developer access to users' phone numbers and addresses

It's the flip-side of enjoying instant communication with your friends.

Facebook has courted a fresh privacy row after allowing developers of apps access to sensitive information including telephone numbers and addresses.

The social networking site announced the change on its blog last Friday, saying: 'We are now making a user's address and mobile phone number accessible.'

Internet security analysts and privacy experts immediately advised people to remove their phone numbers and addresses from the site.


Posted on January 19, 2011 at 08:26 AM | Permalink

IRS warns of agency impersonators

With tax season roughly three months away, the IRS is stepping up its awareness campaign in order to highlight common tax scams that occur during the season.

This week, IRS officials warned taxpayers to look out for con artists that use the agency's name in order to steal from others.

The government tax collection agency says these schemes are quite common in the months before tax day, and that anyone who receives unsolicited e-mails or phone calls on tax issues should ignore them, The Montrose Daily Press reports. These scams often target the financial and personal information of individuals, only to turn around and use this information to commit identity theft and other crimes.

The agency told consumers it does not use e-mails to communicate with taxpayers, and that those who receive emails from the IRS or the Treasury Department threatening action should disregard the messages, the news source says. In addition, taxpayers should be weary of following any links, as they could lead to websites that contain malware, which could potentially harm their computer.

The IRS says if any taxpayers experience a suspicious e-mail or phone call, they should call the Federal Trade Commission and report the scam.


Posted on January 19, 2011 at 08:21 AM | Permalink

Hospital Security Breach Puts Patients' Records At Risk - Indiana News Story

A security breach at St. Vincent Indianapolis Hospital may have put the records of 1,800 patients at risk.Hospital officials said they learned in November that certain associate e-mail accounts were breached, which may have allowed patient names, dates of service and certain clinical information to be accessed.Those patients were sent a letter from hospital officials informing them of actions by a third party to inappropriately obtain e-mail log-ins.


Posted on January 19, 2011 at 08:21 AM | Permalink

Texas ranks 3rd highest for ID theft complaints | Dallas Business Journal

Identity theft crimes increased 33 percent in the United States from 2009 to 2010, according to the Identity Theft Resource Center (ITRC).

According to the Federal Trade Commission, its Red Flags Rule that requires companies to have a written identity theft prevention policy should make it easier to detect those types of crimes.


Posted on January 19, 2011 at 08:19 AM | Permalink

PenFed hacking leaves possibility of troop identity thefts

Members of a credit union that serves active-duty military personnel and others connected to the Pentagon are at risk for identity theft after a laptop was hacked, exposing the personal and financial records of an undisclosed number of troops and their families.

The Pentagon Federal Credit Union, or PenFed, the Alexandria-based institution that serves the military and other government agencies, mailed a letter to customers in early January alerting them to the security breach, which was discovered Dec. 12. PenFed would not comment on how many customers were notified.

The attorney general's office in New Hampshire, however, disclosed that the names, addresses, Social Security numbers and credit and debit card numbers of 514 credit union customers were improperly accessed. New Hampshire is one of the few states that require companies to notify the attorney general of security breaches that affect its residents, and it makes the information public.


Posted on January 19, 2011 at 08:18 AM | Permalink

Tax season is prime time for mail thieves

Identity theft happens year round, but January is prime time for the bad guys. That's because so many year-end financial forms are in the mail as companies send out tax documents.

There are documents from your employer, bank or credit union, brokerage firm and mortgage lender, just to name a few.

"All of these documents have extremely sensitive personal identifying information on them including your Social Security number," says Adam Levin, with Identify Theft 911.

"Thieves know this. And they wait. And as stuff accumulates in a mailbox with this kind of precious information, it is a virtual cornucopia for identity thieves."

Here's how to protect yourself: Make a list of all the financial forms you expect to get and check them off as they arrive.

If you plan to go away, have your mail held at the Post Office or ask a trusted friend or neighbor pick up your mail every day.

And see if you can make the switch from paper to electronic delivery.

"And if you have the opportunity to opt for it, do it," says Levin.

If you don't have a locking mailbox, maybe it's time you get one.


Posted on January 19, 2011 at 08:18 AM | Permalink

Attorney General Investigating UConn Bookstore Security Breach

Connecticut Attorney General George Jepsen is investigating a recent security data breach affecting University of Connecticut Co-op consumers.

Jepsen wants specific information by Thursday on the number of customers affected, what information was taken or lost, and what the Co-op is going to identify the hacker, according to a news release from Jepsen’s office.

The attorney general and Asst. Attorney General Matthew Fitzsimmons also want to know what the Co-op, and its third-party vendor, are doing to prevent such a breach in the future.

 “The situation calls into question the effectiveness of the Co-op’s measures to protect the confidentiality and security of private information received from its customers,” Jepsen said in a news release on Jan. 13. “It is imperative that breaches of this sort do not reoccur and that affected individuals are provided sufficient protections to safeguard their information from misuse.”

A Co-op vender’s database containing customer’s names, addresses, telephone numbers, e-mail addresses and credit card numbers with expiration dates and security codes of HuskyDirect customers was hacked in December, according to a press release from the university.

The release stated that 18,000 customer accounts were accessed. Tuesday, Susan Kinsman, director of communication for the attorney general's office, said, "we know anecdotally that there have been several complaints about personal data compromised in the breach being misused."

A UConn Co-op news release said bookstore employees became aware of the data breach on Dec. 26, 2010, when they were notified by a third-party vendor that the encryption on their administrative password had been tampered with.


Posted on January 19, 2011 at 08:16 AM | Permalink

Experts name top 7 trends in health information privacy for 2011

Business marketing and Digital persona managers such as Michael Fertik deal with privacy rights and information all the time. Here's some of the highlights for the 2011 health industry. A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach and governance have identified the top seven trends in healthcare information privacy for 2011.

The experts suggest that as health information exchanges take form, millions of patient records – soon to be available as digital files – will lead to potential unauthorized access, violation of new data breach laws and exposure to the threat of medical and financial identity theft.

"Endemic failure to keep pace with best practices and advancing technology has resulted in antiquated data security, governance, policy plaguing in the healthcare industry," said Larry Ponemon, chairman and founder, Ponemon Institute.

"Millions of patients are at risk for medical and financial identity fraud due to inadequate information security," he said. "Information security in the healthcare industry is at the fulcrum of economic, technological, and regulatory influence and, to date, it has not demonstrated an ability to adapt to meet the resulting challenges – but it must. The reputation and well-being of those organizations upon which we rely to practice the healing arts depends on it," he said.


Posted on January 12, 2011 at 04:21 PM | Permalink

Report: Military and government data breached 104 times in 2010

Military and government agencies mistakenly exposed the personal data of thousands of citizens in at least 104 incidents in 2010, up from 90 such data breaches the previous year, according to a new study. Yet, far fewer personal records were released as a result -- 1.2 million in 2010, well under the 79.4 million exposed in 2009.

The study by the nonprofit Identify Theft Resource Center found that there were 662 breaches reported nationwide in 2010. The center defines a breach as an event in which an individual's name and other identifying information, such as a Social Security or driver's license number, banking or medical data, are put at risk in electronic or paper format.

Of the 622 total breaches reported in 2010, 15.7 percent involved data handled by state and federal agencies and the military. Sixty-two percent of all breaches resulted in the exposure of Social Security numbers. One of the biggest breaches involved the exposure of 207,000 records of Army Reservists in Colorado.

Businesses accounted for the largest percentage of data breaches -- 42.1 percent. Medical and health care facilities accounted for 24.2 percent, followed by educational institutions at 9.8 percent and the banking industry at 8.2 percent.

Because there is no centralized reporting system for the unintended exposure of personal records, the actual scope of the problem is likely much greater. "Other then breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events," ITRC said in a news release. "It is clear without a mandatory national reporting requirement that many data breaches will continue to be unreported, or underreported."

K. Selcuk Candan, a professor of computer science and engineering at Arizona State University in Tempe, said such a repository would help security analysts observe data breach patterns. "A site would . . . help identify hot spots in data breaches and help countermeasure development efforts that today have to proceed on a more or less case-by-case basis," he said in an e-mail to Nexgov in response to questions.


Posted on January 12, 2011 at 04:20 PM | Permalink

Suspected ID thief may have over 1,000 victims

An Olympia man arrested Thursday may have planned to steal the identities of 1,000 people, said Thurston County Sheriff John Snaza.

Anthony Vaughn is held on 50 counts of identity theft at the Thurston County Jail. A veteran detective said Vaughn was likely part of the largest identity theft ring in county history.

According to court documents, Vaughn admitted to detectives he stole the items to support a drug habit.

Detectives seized 40 boxes of evidence from Vaughn's Olympia home.

Police said Vaughn had the names and social security numbers of hundreds of employees with the State's Employment Security Division.

Those names were apparently on paperwork stolen from a car parked on the state Capitol campus last year.


Posted on January 12, 2011 at 04:19 PM | Permalink

Tulane Laptop stolen with W-2 info, S.S. numbers of each employee

A Tulane University-owned laptop was stolen last year that had a file containing private information of each person employed at the university in the past year, according to school officials.

The computer had W-2 information, names, Social Security numbers, address and salary for every employee, including student and part-time employees and anyone who will receive a 2010 W-2.

School officials say the laptop, used to process 2010 tax records during the university's winter break, was not encrypted and was in a briefcase in the locked automobile of an employee who was out of town. It was stolen Dec. 29, and school officials were notified the following day.

The university has sent letters to the more than 10,000 affected individuals and have offered a full year of credit monitoring. If you have any questions, call (504) 865-5291 between 9 a.m. and 5 p.m., Monday through Friday.


Posted on January 12, 2011 at 04:18 PM | Permalink

Number of victims rises to 380 in Sierra Madre gas station fraud

Police have identified 380 victims of credit or debit card fraud at a Sierra Madre gas station with losses exceeding $109,000, Police Chief Marilyn Diaz said Monday.

Authorities were seeking more scam victims at EVG Quality Gas, which suddenly shut down after Christmas. Within days, hundreds of people found their credit or debit cards had been used without their authorization.

“The fraudulent charges arising from credit and debit cards used at the EVG station are showing up both as EVG charges and charges to other retail establishments, both in California and out of state," Diaz said. "Anyone who has used a credit or debit card at EVG in the past 12 months should report any fraudulent charges to Sierra Madre police.”


Posted on January 12, 2011 at 04:16 PM | Permalink

Fake Wi-Fi connections expose users to identity theft

Not all potential security breaches at an airport can be captured on a cell phone and posted as a YouTube video.

One such danger lurks in the form of free wireless Internet access offered by many airports throughout the nation and in other public places.

Authorities warn travelers to beware of hackers setting up fake wireless fidelity -- or Wi-Fi -- connections to steal passwords, credit card and bank account numbers, and other personal information.

Experts say the threat of identity theft is not new, but it's not clear how prevalent it has become because tracking can be difficult.

"Ever since Wi-Fi became available, criminals have found a new way to exploit new victims," said Tom Osborne, a special agent who manages the cybercrime squad in Sacramento's FBI office.

Osborne said some airports and other public places reported Wi-Fi security issues a few years ago.

But "a lot of people don't report," said Sacramento County sheriff's Sgt. Bill Mannering of the Sacramento Valley Hi-Tech Crimes Task Force.

Victims may not even know their information has been compromised when they click onto a network or access point created by the hacker, officials said.

"All it takes is a person with a laptop two seats away from you," said Gary Almond, president of the Northeast California Better Business Bureau.


Lesson: make sure you use the best encryption possible on your Wifi router at home.

Posted on January 12, 2011 at 04:15 PM | Permalink

New Law for Online Marketers: Restore Online Shoppers' Confidence Act

On Dec. 29, President Obama signed into law the Restore Online Shoppers' Confidence Act, which requires these marketers to obey a number of rules before they can start billing consumers' credit cards.

"Too many companies are trying to use phony monthly billing to rip off Americans and this bill will help strengthen our hand," Federal Trade Commission Chairman Jon Leibowitz said in a statement. "Consumers should be able to make informed decisions, so the terms and conditions of any offer must be disclosed clearly and conspicuously."

The Restore Online Shoppers' Confidence Act makes it illegal for a post-transaction third-party marketer to charge, or attempt to charge, a consumer for any good or service sold in an online transaction, unless:

  • The marketer clearly discloses to the consumer all the material terms of the transaction.
  • The marketer has obtained the consumer's consent before charging their credit card, bank account, or other financial account. They must also obtain the full account number to be charged directly from the consumer.
The new law also makes it unlawful for any online shopping site to transfer a consumer's financial account information to a third-party marketer -- the key practice that facilitated the entire scam.


Finally, the law makes it illegal for a marketer to charge, or attempt to charge, a consumer for any good or service with a negative-option feature in an online transaction, unless:

  • The marketer clearly discloses to the consumer all the material terms of the transaction.
  • The marketer has obtained the consumer's consent before charging their credit card, bank account, or other financial account.
  • The marketer provides a simple way for the consumer to cancel.


This new consumer protection law was introduced by Sen. Jay Rockefeller, D-W.Va., who, as chairman of the Senate Commerce Committee, launched an investigation in 2009 into the practices of the three major post-transaction, negative-option marketing firms, Webloyalty, Vertrue and Affinion. The investigation also focused on the many shopping sites that partnered with them, such as Orbitz, Fandango and Priceline.


Posted on January 10, 2011 at 10:03 AM | Permalink

Consumer Ally's Top 5 Scams of 2010

The worst economic crisis since the Great Depression has provided happy hunting grounds for legions of unscrupulous scammers looking to take advantage of financially strapped consumers.

Thanks to the collapse of the housing bubble, Wall Street's suicidal tendencies and unemployment rates nearing 10%, millions of consumers are desperate to dig themselves out of debt. Untold numbers of them have been victimized by fraudsters, and the Federal Trade Commission and states have been working overtime to put them out of business.

Here's our list of the five worst scams of 2010:


Posted on January 6, 2011 at 01:46 PM | Permalink

Honda online database hacked

Cybercriminals hacked into the database of American Honda Motor Co., Inc. stealing the names, e-mail addresses and Vehicle Identification Numbers (VIN) of 2.2 million car owners.

The affected automobile owners received an e-mail from Honda last week notifying them of the breach, reported the Columbus Dispatch. It is not known when the database hack occurred.
The e-mail message explained that customers’ identifications were compromised by thieves who gained unauthorized access to an e-mail list initially set up to create a welcome e-mail for new Honda and Acura owners. The welcome e-mail list contained customers’ names and e-mails, as well as online login names and their 17-character VINs.

The hacked Honda list contained no financial information, Social Security numbers or phone numbers, according to Honda.


Posted on January 6, 2011 at 01:42 PM | Permalink

Santander sends thousands of statements to wrong addresses

Santander has admitted sending up to 35,000 customers' bank statements to the wrong addresses, can reveal.

The Spanish giant, which has angered account holders all year with shocking service, now risks a multi million pound fine for disclosing highly sensitive personal information to third parties, in an apparent Data Protection Act breach (see the ID Fraud and Stay Safe Online guides).

One MoneySaver from Stockport, who wishes to remain anonymous, has reported receiving part of somebody else's Santander current account statement today, printed on the back of his.
He says he could see the person's name, bank details and recent transactions (see the Best Bank Accounts guide).

The Santander customer says he immediately alerted the Information Commissioner's Office (ICO), which regulates the handling of personal data, of the gaffe.

An ICO spokesperson says: "We have recently been informed of a data loss which involves Santander. We will be making enquiries into the apparent breach of the Data Protection Act before deciding what action, if any, needs to be taken.

"Under the Act, organisations that process personal information have an obligation to keep it secure. It is a matter of concern if information such as account details have been provided to the wrong recipient.
"Banks risk losing the confidence and trust of customers if they fail to safeguard personal information."
Santander today reported its embarrassing blunder to the City regulator, the Financial Services Authority (FSA).


Posted on January 6, 2011 at 01:40 PM | Permalink

TX identity theft scheme could affect thousands

Four women were indicted yesterday, for an identity theft scheme.

Angela Cuellar, Yolanda Ramos, Diane Rivera, and Christine Elifritz, were all involved in the theft of Fingerprint Application Services of Texas applications, that are required by the Texas Education Agency. All four women, remain in custody at McLennan County Jail. They are scheduled for for a detention hearing next Tuesday.

Before Angela Cuellar left her job as a live scan operator for Integrated Biometrics Technology in Waco, she stole the applications that included social security numbers and birth dates, that she should have shred long ago.

Richard Kitterman, with the Better Business Bureau, says that business' should have a standard operation procedure when it comes to the dismissal of employees. He says if they have this procedure, "at the point of dismissal, their ability to access company files, records, and other things, ceases to exist."


Posted on January 6, 2011 at 01:39 PM | Permalink

How data breaches can lead to identity theft

Every year, approximately 10 million people are the victims of identity theft. Even if you follow all of the advice the Better Business Bureau and other organizations offer for protecting yourself, you're still vulnerable to events beyond your control. The most vigilant and fraud-conscious consumers can have their identity stolen through breaches of databases that they didn't even know held information on them.

Recent headlines described data breaches at fast-food and pharmacy chains, both of which have many locations in the Mid-South. While it doesn't appear that either database contained any financial or other confidential information, the companies are warning people to beware of suspicious e-mails requesting financial or other information that purport to come from them.

Customers of a deli and a national retailer weren't so lucky. These companies' databases contained credit and debit card numbers that were used to make fraudulent charges. In the case of the retailer, which happened several years ago, 45 million card numbers were stolen.

Hospitals, government agencies and other organizations have also been the victims of data breaches. The Identity Theft Resource Center says there were at least 498 data breaches reported in 2009, which is actually an improvement from 657 the year before.

An increasing number of state and federal laws dictate that companies must be proactive in notifying consumers when their information has been compromised in a data breach. Most will set up a hotline to address concerns and questions. If you receive a notification about a breach that you don't thoroughly understand, call the company.

If one of your accounts is affected, contact your financial institution and get its advice on what to do, which may include closing the account. Check your statements as soon as you receive them and notify the financial institution immediately if there are fraudulent charges.

File a fraud alert with all three credit reporting agencies (Equifax, Experian and TransUnion). They are required to flag your credit report for 90 days and notify you if someone tries to open a new account using your information. Sign up for free credit report monitoring that may be offered by the company whose data was breached.

Even if you haven't been affected by a data breach, you should obtain a copy of your credit report on a yearly basis to ensure you haven't been the victim of some other form of identity theft and to ensure the information in the report is accurate. Free reports can be obtained from


Posted on January 6, 2011 at 01:37 PM | Permalink

58 Banking Breaches in 2010

There have been 58 reported banking-related data breaches so far in 2010, according to the Identity Theft Resource Center -- slightly fewer than the total of 62 breaches in 2009. But it is possible that additional 2010 breaches will be reported after the new year.

Of the 58 breaches tracked by the ITRC:

  • 9 are related to insider theft;
  • 6 are related to missing paper documents;
  • 8 were linked to card skimming attacks;
  • 5 resulted from stolen or missing hardware;
  • 8 are blamed on cyberattacks or outside network intrusions;
  • 4 are related to the exposure of data on the Web;
  • 6 are linked to an accidental breach;
  • 3 were of unknown origin.

While some breaches were accidental or related to sloppy security, such as the improper disposal of paper files and documents, many involved a malicious or criminal element. Whether linked to an insider, a cyberattack or an ATM skimming device, the incidents prove criminals continue to target financial institutions -- and for good reason.


Posted on January 6, 2011 at 01:36 PM | Permalink

Massive credit card fraud investigated at gas station

Crime is rare in Sierra Madre, so 175 cases of fraud involving a local gas station is sending ripples through the tiny foothill community.

Sierra Madre police say most of the victims are local residents who use credit cards at EVG Quality Gas, and investigators expect to find more.

The first victim reported an identity theft to police Dec. 27 after using her credit card at the station at 50 S. Baldwin Ave.

By noon Monday, Sierra Madre police officers had received more than 175 fraud reports linked to EVG. The total loss exceeds $49,000.


Posted on January 6, 2011 at 01:35 PM | Permalink