Scam of the day – July 15, 2016 – Omni Hotels data breach

Omni Hotels and Resorts just became the latest hotel chain to suffered a massive data breach joining Hyatt, Hotels, Starwood Hotels, Hilton Hotels and Trump Hotels who all suffered similar data breaches in the last year in which credit card and debit card information of their customers was stolen by unknown hackers.  Although the data breach at Omni was just recently discovered, it goes back to December 23, 2015 and was stealing credit card and debit card data from Omni Hotels up until June 14, 2016.  The Omni data breach affected forty-eight of Omni’s sixty hotels in North America.  As often is the case, hackers who steal the credit and debit card data sell it in large batches to other cybercriminals on a part of the Internet called the Dark Web.    The first batches of stolen credit cards and debit card information started turning up on the Dark Web in February of 2016.  The hotel industry continues to be an easy target for hackers as it is an industry that services large numbers of people and often the hotels are individually operated franchises rather than operating under a central data security system.  It should be noted, however, that Omni does not operate franchises.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Omni hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Omni and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Certainly if you have been an Omni customer since December 23, 2015 you should carefully review your credit and debit card statements for indications of identity theft and fraudulent charges.  If you were affected by this particular data breach, Omni  is offering free credit monitoring services for a year through AllClear ID.  You can sign up for these services by clicking on this link  https://omnihotels.allclearid.com/

Scam of the day – January 2, 2016 – New law to protect children from identity theft

North Carolina became the latest state to enact a law providing for credit freezes for children to protect against child identity theft. Unfortunately, less than half of the states provide this much needed protection of minors from identity theft.  This is important because in recent years, children have been a prime target of identity thieves who, if they are able to get identifying information on a child such as the child’s Social Security number, can open a credit report on behalf of the child and obtain credit in the child’s name.  The identity thief never pays back the money accessed through the child’s credit and the child is burdened with a bad credit report that can have a deleterious effect on the child when he or she applies for credit, applies for a job, applies for a scholarship or applies for an apartment.

TIPS

If you live in North Carolina, you should go to the website www.ncdoj.gov/creditfreeze for information about how to put a credit freeze on credit reports of your children.  If you live in one of the other states that have similar laws, take advantage of the law, set up a credit report for your children and immediately freeze the account. And while you are at it, you should also freeze your own credit reports as your best precaution against identity theft. For information about how to put a credit freeze on your own credit reports go to the Search This Website section of Scamicide at the top of the page and type in “credit freeze.”  If your state does not have such a law, let your state legislators know that you want them to pass such a law.  I am proposing such a law in my own home state.  Also, as much as possible try to limit the places that have your child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and lets you opt out of information sharing by the school with third parties.  Finally, the security company AllClear ID (www.allclearid.com) provides a free service called ChildScan which not only searches credit records tied to your child’s Social Security number, but also checks employment records, criminal records and medical records to recognize at an early stage if your child has become a victim of identity theft.

Scam of the day – October 4, 2015 – Scottrade hacked in massive data breach

For the third day in a row our Scam of the day involves a major data breach, which is somewhat ironic since October is National Cyber Security Awareness Month.  Certainly the millions of people affected by the data breaches involving T-Mobile, Experian, Trump Hotels and now Scottrade have become more aware of cybersecurity than perhaps they wished to be.  Discount brokerage firm Scottrade just announced that it was the victim of a massive data breach that occurred between late 2013 and early 2014.  Like so many corporate data breaches, the company itself never discovered the hacking.  Rather, in this case it was the FBI that discovered the data breach in August of 2015.  Approximately 4.6 million customers of Scottrade were and are affected by the data breach. Although we are being told by Scottrade that the data lost was limited to names and addresses, it is still a bit too soon to be truly comfortable that the data breach was indeed limited to this information.  The company waited until now to announce the data breach at the request of the FBI so as not to jeopardize their investigation.  Affected customers are now being contacted by Scottrade.  As is so often the case, Scottrade is offering a year of free credit monitoring to affected customers although since the hacking took place so long ago, this may be a bit late for this type of response to be considered timely.  Here is a link to Scottrade’s webpage containing information about the data breach, which also contains information about how to apply for the free credit monitoring if you were affected by the data breach.  https://about.scottrade.com/updates/cybersecurity.html

TIPS

If you were affected by the data breach and wish to sign up for the free credit monitoring service, you should call AllClearID at 855-229-0083 between 8:00 a.m. and 8:00 p.m. Central Time Monday through Saturday.  However, as I have said many times before, credit monitoring does not protect you from identity theft, it only lets you know sooner that you are a victim.  It is similar to if you were crossing the street and got hit by a truck and someone came over to you lying in the street to tell you that you just got hit by a truck.  A better step to consider is to put a credit freeze on your credit report which is possibly the best thing you can do to help protect yourself from identity theft.  You can find information about credit freezes and how to put one on your credit reports at each of the three major credit reporting agencies by going to the Scamicide archives and typing in “credit freeze.”

If you became a customer of Scottrade after February of 2014, your information was not compromised.

Although Scottrade will be notifying affected customers, so will scammers with emails in which they pose as Scottrade and attempt to lure you into clicking on links or providing information that will put you in danger of identity theft.  Trust me, you can’t trust anyone.   Never click on a link unless you are absolutely sure that it is legitimate.  In the case of Scottrade customers, you are better off calling them directly rather than clicking on a link or providing information in response to an email or text message.

Scam of the day – February 19, 2015 – Anthem data breach update

As I reported to you right after it happened earlier this month, Anthem, a major care health care company suffered a data breach that could affect as many as 80 million Americans.  The data stolen included birth dates, Social Security numbers and other information putting the affected victims in extreme danger of identity theft.  Anthem is now offering free identity theft repair and credit monitoring services to current or former members of affected Anthem plans going back to 2004.  This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore and Unicare.  It also includes customers of affiliated Blue Cross and Blue Shield companies who used their Blue Cross Blue Shield insurance in any of the states where Anthem, Inc. does business.  Those state are California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

TIPS

Anthem has contracted with AllClear ID to provide two years of identity theft repair and credit monitoring services to affected customers.  Identity repair assistance is available without enrollment by merely calling AllClear ID at 877-263-7995.  Additionally, affected customers may enroll at no charge in the AllClear PRO credit monitoring service during this two year period.  You can enroll either by phone at 877-263-7995 or online at https://anthem.allclearid.com/

Additionally although neither Anthem nor AllClear ID provides this service, if you were a victim of this data breach, it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  You can find more information about credit freezes and how to put them on your credit reports at no charge by going to the Scamicide archives.

Scam of the day – October 1, 2014 – Supervalu stores hacked for second time in two months

Regular readers of Scamicide.com may remember that it was just last August 17th that I told you about the hacking at grocery chain Supervalu.  Well, it has happened again.  Now the company is saying that a second, entirely different hacking and data breach occurred just a few weeks after the previous hacking was discovered that affected customers at some of its Shop ‘n Save, Shoppers Food & Pharmacy and Cub Foods stores as well as some of its liquor stores.  Although the company is saying that due to what it calls its “enhanced” security technology installed after the last data breach, it believes that no cardholder data was actually taken by the hackers, it is still too early in the investigation to definitively make that statement.  In last Saturday’s USA Today, I wrote a column about the commonality of the data breaches over the last year that you may find interesting.  Here is a link to that column:

http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

You can well expect there to be continuing problems at retailers in the weeks and months ahead with data breaches.

TIPS

Specifically for people who think they may have been affected by the most recent Supervalu data breach, you can go to Supervalu’s website for more detailed information.  Supervalu’s website is www.supervalu.com.  They have also established a call center for information about free credit monitoring being offered through the company AllClear ID.  You can reach the call center at 855-731-6018.  If you receive an email or text message purporting to be from AllClearID or Supervalu asking you to click on a link to access the free credit monitoring services, don’t do so.  You can’t be sure that the email or text message is legitimate and all you may end up doing is downloading malware on to your own computer or other electronic device that will enable the identity thief to steal all of the personal information stored on your computer or other personal electronic device  and use it to make you a victim of identity theft.  Instead go directly to Suprevalu’s true website at www.supervalu.com.

For the rest of us who may not be personally affected by this latest data breach, this serves as a reminder that we should not use debit cards when shopping in retail stores because of the greater harm that can come if your debit card is hacked.  It also is important to remember to regularly monitor your credit card statement, preferably online to look for fraudulent charges.  Remember, when it comes to data breaches, the retail merchants who get hacked are always months behind when the hacking occurred so you need to be monitoring your accounts for improper activity.