Archive for data breach

AT&T system problem exposes iPhone customers’ personal information

Posted in Economy, Identity Theft, News with tags , , , , , on June 27, 2010 by truthwillrise

Brandon King

Examiner.com

June 20, 2010

Many thousands of people recently braved long lines in to pre-order the iPhone4 which is set to release June 24. The overwhelming volume of pre-orders led to AT&T‘s system shutting down and led to many stores resorting to taking orders using paper and pen.

Unfortunately, this problem with AT&T’s system has put customers’ personal information at risk.

Read the entire article here

Advertisements

Skipton apologises to customers for data breach

Posted in Economy, Identity Theft, Legal, News with tags , on February 4, 2010 by truthwillrise

By Lucy Warwick-Ching
Published: February 3 2010 12:58 | Last updated: February 3 2010 12:58

Skipton Building Society has apologised to customers after a serious breach of data security procedures resulted in thousands of savers receiving financial details about other customers in a recent mailing.

The UK’s fourth largest building society said a third party printing error led to the details of 3,115 customers with passbook accounts being printed on the back of other people’s statements.

However, the company said the details revealed were not enough to put customers at risk of fraud, as the accounts required a signature to make withdrawals and could not be used over the internet. Despite this, it has written to all affected customers, apologising and offering them a new account number for additional peace of mind.

Stacey Dickens, a Skipton spokeswoman, said: “We have written to those affected to apologise and to reassure them that the correspondence contained insufficient information to enable any unauthorised transactions on their accounts. We are also offering to change the account numbers of any customers seeking additional peace of mind.

”As a responsible business, we are in constant dialogue with our regulator and update them as a matter of course regarding business developments such as this.”

Skipton said the City watchdog, the Financial Services Authority, had been made aware of the incident which happened at the end of January.

News of the security breach is likely to further anger customers following last week’s decision by the society to backtrack on its promise to existing mortgage borrowers by announcing it will increase its standard variable rate (SVR) from 3.5 per cent to 4.95 per cent.

1.5 Million Medical Files At Risk in Health Net Data Breach

Posted in Economy, General, Identity Theft, Legal, Life Improvement, News with tags , , , , on November 20, 2009 by truthwillrise

By Matthew Sturdevant
The Hartford Courant
November 19,2009

A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut, was lost six months ago and was first reported Wednesday, state and company officials said.

The insurance company informed the state attorney general’s office and the Department of Insurance Wednesday of the security breach that puts personal medical records at risk in a historic lapse, the first of its kind to be publicly reported.

A portable, external hard drive with Social Security numbers and medical records “disappeared” and is still missing from the insurer’s Northeast headquarters in Shelton, a Health Net spokeswoman said Wednesday.

A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut, was lost six months ago and was first reported Wednesday, state and company officials said.

The insurance company informed the state attorney general’s office and the Department of Insurance Wednesday of the security breach that puts personal medical records at risk in a historic lapse, the first of its kind to be publicly reported.

A portable, external hard drive with Social Security numbers and medical records “disappeared” and is still missing from the insurer’s Northeast headquarters in Shelton, a Health Net spokeswoman said Wednesday.

The hard drive contains Social Security numbers, medical records and health information dating to 2002 for 1.5 million customers — past and present — in Arizona, Connecticut, New Jersey and New York, the spokeswoman said.

The data were compressed, but not encrypted. The information is formatted as images and requires a special computer program to be read, state and company officials said. Health Net plans to send out letters to its customers notifying them of the breach.

Attorney General Richard Blumenthal and Insurance Commissioner Thomas Sullivan each said he is investigating what happened, and why the company waited six months to report the incident.

The data breach is another in a series of information security lapses involving Connecticut residents in recent months. Most, including a large breach of People’s United Bank customer information, have included bank records or Social Security numbers. The missing hard drive at Health Net is the first publicly reported, widespread release of patients’ medical records, at least in recent state history.

“Health Net’s incomprehensible foot-dragging demonstrates shocking disregard for patients’ financial security, as well as loss of their highly sensitive and confidential personal health information,” Blumenthal said in a prepared statement.

Sullivan said his office is requiring Health Net to offer credit protection monitoring through Debix, a company that provides identity-theft protection services.

“My main concern is protecting the members and participating providers,” Sullivan said. “We are currently working with Health Net to ensure adequate notification and protections for all involved.”

Health Net suggests that customers with questions call the company phone number on the back of their benefits card, said Alice Chaves Ferreira, a spokeswoman for Health Net of the Northeast Inc.

“Health Net will provide credit monitoring for over two years — free of charge — to all impacted members who elect this service, and will provide assistance to any member who has experienced any suspicious activity, identity theft or health care fraud between May 2009 and their date of enrollment with our identity protection service,” Chaves Ferreira said.

The company didn’t know what information was on the hard drive, which is why the information wasn’t reported sooner, Chaves Ferreira said. Health Net conducted a lengthy investigation, including a forensic review by computer experts, she said.

It was only then that the company concluded the lost data included a vast trove of information.

Earlier this month, Anthem Blue Cross and Blue Shield of Connecticut reported that a laptop was stolen this summer in the Chicago area, compromising personal information of nearly 850,000 doctors, therapists and other health care providers in 50 states, including 19,000 in Connecticut.

Last year, Bank of New York Mellon lost computer tapes that jeopardized information on more than 600,000 state residents, including many account holders at People’s United Bank.

Yet another data breach has exposed millions potentially to identity theft. If you concerned that you may be affected by this latest data breach, know someone who may be , or want to learn more about identity theft, log on to http://www.prepaidlegal.com/idt/bking62

UNC data breach exposes 163,000 SSNs

Posted in Business, Economy, Identity Theft, Legal with tags , , , , on October 1, 2009 by truthwillrise
School of Medicine at Chapel Hill hacked
By Jaikumar Vijayan

September 25, 2009 07:34 PM ET

 

Computerworld – The University of North Carolina at Chapel Hill on Friday began notifying about 163,000 women about the potential compromise of their Social Security numbers and other personal information after a hacker breached a system containing the data.

The breached server belonged to the UNC School of Medicine and contained information that was collected as part of a federally funded mammography research project. The system contained records on a total of 236,000 women, of which about 163,000 included Social Security numbers.

Matt Mauro, chairman of the university’s Department of Radiology said the breach was first discovered in July when a researcher reported problems accessing the system. A subsequent investigation by the school’s information systems staff revealed that the system had been hacked.

Though the breach was discovered in July, there are indications that the actual intrusion may have taken place as long as two years ago, Mauro said. “We think we found some viruses that date back to 2007,” he said.

The breached server received information from 31 different sites across the state, Mauro said. When the breach was discovered, the system was taken offline immediately and has remained that way since July, Mauro said.

The sites that were sending the information to UNC have stopped doing so for the moment, while stronger precautions are implemented to prevent a similar breach in future, he said.

The reason that notifications have only just started going out is because UNC technology officials and an external forensic team have required time to piece together the extent of the compromise and to figure out exactly who may have been affected by it, Mauro said.

So far, investigations have revealed nothing to suggest that the persons responsible for the break-in have downloaded or modified the data in any way. “But you just don’t know for sure. You have to be suspicious and you have to notify,” he said.

 

If  you are associated with the UNC School of Medicine, or know someone who is they need to know there is help out there for them. Identity Theft Shield has the total solution for these people; please have them call 1-866-510-7907 or log onto http://www.prepaidlegal.com/idt/bking62  to have professionals drive them down the road to recovery.

Ex-Informant Charged With Largest Credit Card Heist in US

Posted in Business, Economy, General, Identity Theft, Legal, News with tags , , , , , , , , , , , on August 20, 2009 by truthwillrise

y Erika Morphy
E-Commerce Times 
Part of the ECT News Network 
08/18/09 1:55 PM PT

New charges have been brought against a hacker already awaiting trials in two other cases of identity theft. In the latest indictment, 28-year-old Albert Gonzalez is accused of participating in the theft of 130 million credit card numbers. Two others are charged with conspiring in the crime.

Albert Gonzalez, 28, a hacker already in jail awaiting trial for what was deemed the largest identity theft in the U.S., has apparently topped himself. Along with two unnamed coconspirators, Gonzalez has been indicted by a federal grand jury in New Jersey for an identity theft that trumps the previous record-setter: 130 million credit and debit card numbers stolen over a two-year period, from 2006 to 2008.

At one point, Gonzalez was working as an informant with the U.S. Secret Service to hunt hackers, while at the same time allegedly stealing data.

Storied Resume

In August 2008, the Department of Justice fingered Gonzalez as the ringleader of a hacker gang that stole 40 million credit card numbers — then believed to be the largest single case of hacking theft. Consumers at T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax were victimized in that raid. Those charges were filed in the District of Massachusetts. Gonzalez will face them in a trial scheduled to begin in 2010.

In May 2008, the U.S. Attorney’s Office for the Eastern District of New York charged Gonzalez in connection with the hacking of a computer network run by a national restaurant chain. Trial on those charges is scheduled to begin in Long Island, N.Y., in September 2009.

This latest episode is also the most audacious, according to the Department of Justice. The Miami-based Gonzalez and two Russian accomplices hacked into corporate databases five times over a two-year time period, using a SQL injection attack to target 7-Eleven, Heartland Payment Systems and Hannaford Brothers, a Maine-based supermarket chain, among other companies.

The three allegedly hacked into the networks and placed backdoor access in the systems to allow them to revisit without detection in order to steal the data. They would then send the data to servers in California, Illinois, Latvia, the Netherlands and Ukraine for resale to criminals.

If convicted, Gonzalez faces up to 35 years in prison and US$500,000 in fines.

The Department of Justice did not return the E-Commerce Times’ call requesting comment in time for publication.

The fact that Gonzalez acted as an informant for the Secret Service and then turned around and played the government “is a common problem in law enforcement — but particularly acute in the prosecution of cybercrimes,” said Alexander H. Southwell, an attorney with Gibson Dunn & Crutcher’s white collar defense and investigations practice.

“That is because prosecutors and law enforcement are very dependent on using insiders to penetrate criminal activity,” Southwell told the E-Commerce Times. “These cases are hard to crack without somebody on the inside because of the nature of cybercrime.”

Informers have a tendency to think that because they have protection from the government, they get a free pass on anything else they want to do, he noted.

Familiar Environment

Apart from the James Bond elements of these cases, they’re much the same as other massive identity thefts. Despite episode after episode, the underlying breeding ground hasn’t changed. That environment is characterized both by the government’s patchwork approach to protection — which often allows perpetrators to escape undetected — and the reluctance of retailers to implement stronger security measures.

The United States follows a “sectoral” approach to cybersecurity, M. Peter Adler, an attorney at Pepper Hamilton, told the E-Commerce Times.

“This means that regulations and industry standards pertaining to information security may vary slightly for companies in healthcare, financial services, [firms that have] government contracts or that use payment cards,” he explained.

“Layer state laws on this, such as those in Massachusetts and California, and a company is left with a patchwork quilt of protections that are often not completely understood and that can result in security gaps,” said Adler, adding that what the country really needs is a unified and comprehensive approach to cybersecurity that will keep up with the hackers.

The private sector must step up as well, said Robert Siciliano, CEO of IDTheftSecurity.com.

“Credit card companies, banks and retailers … clearly make huge profits that trump the losses from fraud — otherwise, they’d do something to stop fraud,” Siciliano told the E-Commerce Times.

“Credit card fraud can be stopped dead with numerous technologies that make the data useless to the thieves,” he noted, “but until banks, retailers and the credit card companies adopt them, the bleeding will continue.”

The recession is not helping, either.

Even if the government were strongly pushing more protective measures, said Adam Levin, cofounder of Identity Theft 911, it would have to balance those against the inevitable legitimate purchases stymied by such measures.

Furthermore, state governments in the forefront of enforcement have been forced to cut back because of budget cuts, he told the E-Commerce Times.

“Ultimately, it won’t be the government that solves this problem, but ultimate regulators of our economy — class action attorneys,” Levin concluded

 

 

 

 

 

 

           This is just another instance of personal information being stolen and tens of millions are now potential victims of Identity              Theft. It once again goes to show people it is not what we are doing with our information, but what others do with that                      information that can cause plenty of trouble. If you are concerned that you may be affected by this latest breach, or just                        concerned about Identity Theft, please log on to http://www.prepaidlegal.com/idt/bking62 or call 1-866-510-7907.

Two in THree Austrailian Companies Leak Data

Posted in Business, Economy, Identity Theft, Life Improvement with tags , , , , on August 12, 2009 by truthwillrise
Renews calls for mandatory data disclosure laws.

Two in three Australian organisations experienced a serious data breach in the last twelve months, according to a survey by the Ponemon Institute.

The Institute, commissioned by data encryption company PGP, paid 482 IT security professionals in Australia to answer questions around the protection of their data.

Some 69 percent of respondents said they experienced at least one data breach in the last 12 months, up from 56 percent in 2008.

One in four of those companies that experienced a data breach suffered five or more breaches in the 12 months, up 22 percent on 2008.

Of those organisations that did admit to losing data, 65 percent chose not to inform the public – a figure the report’s authors said was “sure to add to the demand for Australia to adopt data breach notification laws similar to those in the United States.”

The Federal Government has spent the last few months reviewing privacy laws, the first draft of which was due to be released to the public within a week.

But no timeline has been set for the introduction of mandatory data disclosure laws, as recommended by the Australian Law Reform Commission and the Office of the Privacy Commissioner.

In the interim, the Office of the Privacy Commissioner has produced a voluntary guide to managing data breaches.

The survey also revealed some interesting data on what motivates organisations to protect their data.

Of those organisations that use data encryption technology to protect against the leak of confidential data, only 15 percent said they did so for regulatory reasons (citing the Federal Privacy Act, National Privacy Principles and PCI DSS requirements) whereas 70 per cent used encryption to protect their brand and reputation.

 

 

The problem of data breaches is not just an United States problem, but an international one. For more information on what you can do if you have been affected by a data breach, or what you can do before that happens, log on to http://www.prepaidlegal.com/idt/bking62    , http://www.greatworkplan.com/betterlife4u or call 1-866-510-7907.

Soldiers warned about ID theft after laptop stolen

Posted in Business, Identity Theft, Legal, Life Improvement, News with tags , , , , , on August 7, 2009 by truthwillrise

By RYAN J. FOLEY (AP) – 1 day ago

MADISON, Wis. — The Army National Guard is investigating why a contractor had data including Social Security numbers for 131,000 current and former soldiers on an unsecured personal laptop that was stolen, a spokesman said Thursday.

The Guard was sending letters this week warning those affected to protect themselves from identity theft after the July 27 theft of the laptop belonging to a contract employee, said Randy Noller, spokesman for the National Guard Bureau in Arlington, Va. 

He would not release details, including the contractor involved and where it happened, but said police were investigating. The stolen laptop contains names, addresses, Social Security numbers and payment data for those enrolled in the Army National Guard Bonus and Incentives Program.

The Guard had no indication any data has been compromised but affected soldiers, generally those who received enlistment and retention bonuses in recent years, should take precautionary steps such as putting fraud alerts on their credit, Noller said.

He did not know how many of the 131,000 affected are on active duty. Those who are deployed and believe identity theft has occurred are being told to contact the nearest Judge Advocate Office for help.

The Guard is also working with its state affiliates to notify soldiers. In Wisconsin, about 1,700 soldiers were affected, including 800 who are on active duty in Iraq and Afghanistan, said a Wisconsin National Guard spokeswoman, Maj. Jackie Guthrie.

Noller said the Guard’s internal investigation is looking into what security policies were breached in the contractor’s handling of the data, which should not have been on an unsecured private laptop.

“We know simply by virtue of being on a personal laptop there were some security protocols violated. Exactly which ones, how and why is yet to be determined,” he said.

He stressed that “no malice was involved.”

“The guy was doing his job, trying to do it well and didn’t do the right thing,” Noller said.

He said the contractor was cooperating with the Guard’s investigation. A Web site and toll free hotline, 1-877-481-4957, has been set up to handle inquiries.

Computer security expert Larry Ponemon of the Ponemon Institute, a think tank in Traverse City, Mich., said employees should never have that much data on their personal laptops. In a study for Dell Inc., his group estimated last year that up to 600,000 laptops were lost annually at airports alone.

“To physically carry 131,000 records and use your laptop as a way of manipulating that information, there is never an excuse,” he said. “There is no reason that would be an acceptable security posture for any company. That’s definitely an indication of bad security.”

 

You can also call 1-866-510-7907.