ChoicePoint Fined for Security Breach

Posted on October 26, 2009 by Alex Drake

ChoicePoint Inc. will pay federal regulators $275,000 for a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft, the Federal Trade Commission reported.

In April 2008, ChoicePoint turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days.

The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress.

Posted in Breach | Tagged , | Leave a comment

Study: Web’s Most Dangerous Search Terms

Posted on June 3, 2009 by Alex Drake

A McAfee study into 2,600 of the most popular keyword searches on the web has concluded that hunts for “”screensavers”" present the most risk.

The report released this week shows that users who search for “screensavers” have a 59.1 percent chance that they will be infected by malware on a given page of results.

By category, the most dangerous searches involved keywords containing the word “”lyrics”" (26.3 percent risk) and “”free”" (21.3 percent). The safest category searches, meanwhile, related to “”health”" (four percent) and the “”economic crisis”" (3.5 percent).

The report also warned of the risk generated by searching for information on “”work from home.”" Variations of this search term — considered more popular than ever, given the state of the economy — ranged from a 6.3 percent-risk to a 40 percent-risk of infection.

Popular search terms are used by hackers to attract visitors to web sites that automatically download malware to unsuspecting users. The malware can then be used to build a botnet for the hacker or to gather personal information about the user and steal their identity.

Posted in Uncategorized | Tagged | Leave a comment

Heartland Breach Puts Your Data at Risk

Posted on January 3, 2009 by Alex Drake

Heartland Payment Systems has disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants.

Heartland’s president and CFO, said in a USA TODAY interview that the intruders had access to Heartland’s system for “”longer than weeks”" in late 2008. The number of victims is unknown. “”We just don’t have the information right now,”" Baldwin said.

Tech security experts said the breach could set a record. Retail giant TJX lost 94 million customer records to hackers in 2007. With more than 100 million transactions per month, they could discover that several months’ worth of transactions were captured, says Michael Maloof, chief technology officer at TriGeo Network Security.

Heartland processes card payments for restaurants, retailers and other merchants. It discovered the hack last week after Visa and MasterCard notified it of suspicious transactions stemming from accounts linked to its systems. Investigators then found the data-stealing program planted by the thieves.

Posted in Breach | Tagged , | Leave a comment

36% of Identity Thieves are Women

Posted on July 9, 2008 by Alex Drake

A new study by the Economic Crime Institute work group, based at Utica College, has found that a surprising number of identity thieves are women.

The researchers have been given access to Secret Service case files on identity theft spanning from 2000 to 2006. The group’s findings provide the first-ever look at the criminals and victims in major identity theft cases.

“Among the results reported were:

  • Only 8% of the criminals were friends or relatives of the victims.
  • 36% of the identity theft crimes in the case files were committed by
    women. That is a greater percentage of women committing crimes than any
    other category.
  • A high percentage of ID crimes were committed using high tech methods such as stealing of data from company databases.
  • Mail theft was a factor in only 9% of the cases.

The average loss for each crime was more than $30,000. In one case, criminals stole $1.3 million before being arrested by federal authorities.

The data provided by the Secret Service included about 700 case files. The group omitted so called “existing account” fraud cases from its research, also called “credit-card only” identity theft.

Posted in Uncategorized | Tagged , | Leave a comment

Free Annual Credit Report Scams

Posted on June 8, 2008 by Alex Drake

A recent amendment to the federal Fair Credit Reporting Act requires each of the nationwide consumer reporting companies Equifax, Experian, and TransUnion to provide anyone with a free copy of their credit report, at their request, once every 12 months. Be aware that there is only one online source authorized to do so. That source is annualcreditreport.com. Beware of other sites that may look and sound similar.

Free Credit Report Offers

The Federal Trade Commission (FTC) advises consumers who order their free annual credit reports online to be sure to correctly spell annualcreditreport.com, or link to it from the FTC’s website to avoid being misdirected to other websites that offer supposedly free reports, but only with the purchase of other products. While consumers may be offered additional products or services while on the authorized website, they are not required to make a purchase to receive their free annual credit reports.

The FTC Gets Tough with Free Credit Report Offers

The FTC recently settled a lawsuit against Consumerinfo.com which did business as Experian Consumer Direct over the free credit report promotion it advertised on television, radio and the Internet, including its websites freecreditreport.com and consumerinfo.com. If you ordered a free credit report from Consumerinfo between November 1, 2000 and September 15, 2003, and were enrolled in its credit monitoring program, you may be eligible for a refund under the FTC’s settlement.

Posted in Uncategorized | Tagged , , , | Leave a comment

Personal Information of 159,000 Administaff Employees Compromised

Posted on October 17, 2007 by Alex Drake

An Administaff company laptop containing the personal information of 159,000 employees was stolen from a company employee. The laptop was stolen from a company employee’s car while they were shopping for groceries on October 3rd, 2007.

The information on the laptop contained the names, addresses, and social security numbers of current and former employees. The information was not encrypted.

The company has notified all affected persons and has offered one year of free credit-monitoring service. Credit monitoring services, such as LifeLock.com, monitor a person’s credit file with the three credit bureaus and alerts people when there is potentially fraudulent activity.

Source: Chron.com (Houston Chronicle), Oct. 15,  “Laptop Goes Missing with Data on Workers

Posted in Breach | Tagged , | Leave a comment

Stolen Laptop Contains Transportation Department Worker Information

Posted on October 14, 2007 by Alex Drake

“In Washington state, a burglar stole a laptop containing the personal information of 1,400 current and former employees of the King County Transportation Department.

The information contained the names, addresses, and social security numbers of current and former employees.

The laptop belongs to a human resources employee who regularly brings the laptop from one job site to another. The laptop was password protected, but the data was not encrypted. The victims were part of the department’s Roads, Airport and Fleet divisions.

“Source: SeattleTimes.nwsource.com (Seattle Times), Oct. 12, “County Workers’ Data on Stolen Laptop.”

Posted in Breach | Tagged , , | Leave a comment

Massachusetts Regulators Mistakenly Sent Out Disks with Personal Information

Posted on October 12, 2007 by Alex Drake

In Massachusetts the Divisions of Professional Licensure and Health Professions Licensure sent out information to marketing firms and other businesses containing the personal data, including Social Security numbers, of 450,000 licensed professionals.

The Division of Professional Licensure notified both the secretary of state and the office of the attorney general about the breach, and has begun notifying all affected individuals.

Affected individuals include engineers, nursing home administrators, certified public accountants and other professionals.

Individuals who feel they may have been affected can contact the Division of Professional Licensure.

Source: Boston.com (The Boston Globe), Oct. 3, “Mass. accidentally sends out disks with personal information

Posted in Breach | Tagged , , | Leave a comment

Former University of Iowa Graduate Students at Risk of Identity Theft

Posted on October 12, 2007 by Alex Drake

The University of Iowa is warning 184 students and graduates that grade information and Social Security numbers were on a laptop stolen from a former teaching assistant. The laptop was stolen in September from the home of a former teaching assistant.

The laptop contains class records, including attendance, test scores and grades of 184 students who took graduate courses between 2002 and 2006. The Social Security numbers of 100 students are also on the laptop.

The Philosophy department chairman is mailing letters to affected students
and accepting phone calls from those who are concerned about the incident.

Source: DesMoinesRegister.com (The Des Moines Register), Oct. 8, “Stolen Laptop Has U of I Student Data

Posted in Uncategorized | Tagged , , | Leave a comment

U. of Texas Student’s Personal Information Available Online

Posted on October 11, 2007 by Alex Drake

The University of Texas said it works hard to notify students about how to avoid identity theft, but the school put some of its own at risk.

The Personal information, including Social Security numbers of 22 current and former students, was posted and available to access on a university FTP site in late September.

All the students impacted were enrolled in a petroleum and geosystems class during the summers of 2001 and 2002.

The university took the files offline within hours after being notified by SSNBreach.org, but not before 22 students’ Social Security numbers were exposed.

The university said there is an ongoing effort to get rid of using Social Security numbers except where they are needed.

Posted in Breach | Tagged , , | Leave a comment