Posts Tagged: ‘credit freeze’

Scam of the day – January 2, 2016 – New law to protect children from identity theft

January 2, 2016 Posted by Steven Weisman, Esq.

North Carolina became the latest state to enact a law to protect against child identity theft. Unfortunately, less than half of the states provide this much needed protection of minors from identity theft.  This is important because in recent years, children have been a prime target of identity thieves who, if they are able to get identifying information on a child such as the child’s Social Security number, can open a credit report on behalf of the child and obtain credit in the child’s name.  The identity thief never pays back the money accessed through the child’s credit and the child is burdened with a bad credit report that can have a deleterious effect on the child when he or she applies for credit, applies for a job, applies for a scholarship or applies for an apartment.

TIPS

If you live in North Carolina, you should go to the website www.ncdoj.gov/creditfreeze for information about how to put a credit freeze on credit reports of your children.  If you live in one of the other states that have similar laws, take advantage of the law, set up a credit report for your children and immediately freeze the account. And while you are at it, you should also freeze your own credit reports as your best precaution against identity theft. For information about how to put a credit freeze on your own credit reports go to the Search This Website section of Scamicide at the top of the page and type in “credit freeze.”  If your state does not have such a law, let your state legislators know that you want them to pass such a law.  I am proposing such a law in my own home state.  Also, as much as possible try to limit the places that have your child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and lets you opt out of information sharing by the school with third parties.  Finally, the security company AllClear ID (www.allclearid.com) provides a free service called ChildScan which not only searches credit records tied to your child’s Social Security number, but also checks employment records, criminal records and medical records to recognize at an early stage if your child has become a victim of identity theft.

Scam of the day – December 15, 2015 – A million OPM data breach victims still not notified

December 15, 2015 Posted by Steven Weisman, Esq.

As you all know by now and as I first reported to you in 2014 and again last summer, the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of more than 21 million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  In October, the OPM began notifying victims of the massive data breach about the identity theft protection services the government will make available to them for the next three years.  The notification process is now completed, but unfortunately 1.5 million people who were affected by the data breach have not been contacted because the OPM no longer has current addresses for these people.     No email notices were sent or are planning to be sent by OPM so if you get an email that purports to be from the OPM, it is a scam.   The federal government has chosen Identity Theft Guard Solutions to provide  three years of identity theft protection to victims.

TIPS

If you believe you were possibly a victim of the OPM data breach, but have not yet received a letter from the OPM informing you about your options, you can go to the OPM’s special website to verify that you were a victim and to obtain a PIN to use in order to apply for identity theft protection services offered by Identity Theft Guard Solutions.  You also can call the OPM at 866-408-4555 to find out if you were a victim.

It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM is offering these services a year after the data breach actually occurred so the danger of identity theft has increased.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

Scam of the day – December 12, 2015 – Georgia voters at risk of identity theft

December 12, 2015 Posted by Steven Weisman, Esq.

Not all data breaches are caused by hackers breaking into the computers of companies and governmental agencies in an effort to steal personal information that can be used for purposes of identity theft.  Sometimes the data breaches that expose personal information of people involved with companies and governmental agencies occurs due to the negligence of those holding the information.  This, however, is of little consolation to those people whose personal information has been exposed and made available to people who can then use that information for purposes of identity theft.  In October the Georgia Secretary of State’s office mistakenly distributed CDs containing personal data including Social Security numbers and birth dates on 6.2 million registered voters to twelve organizations that regularly purchase voter lists maintained by the Secretary of State.  Among the groups receiving the CDs were state political parties, news media organizations and Georgia GunOwner Magazine.  An investigation is ongoing as to how this occurred.  The Secretary of State has indicated that all twelve CDs have been retrieved, but at this time, no one knows who may have gotten access to the personal information contained on those CDs before they were retrieved.  Now Georgia Secretary of State Brian Kemp has announced that those affected voters will be provided with a year of free credit and identity theft monitoring services through CSID services.  Those people affected by the data breach will be able to sign up for these services within the next few weeks.

TIPS

If you are a registered voter in Georgia, you can contact the Secretary of State’s office for updated information about the data breach and what you can do to protect yourself from identity theft by calling the Secretary of State’s office at 404-654-6045.  A link to CSID’s website where affected people can sign up for credit and identity theft monitoring services will be provided on the Secretary of State’s website www.sos.ga.gov as soon as the services are available.  Meanwhile, if you are a registered voter in Georgia and therefore in danger of identity theft due to this information being distributed, you should consider putting a credit freeze on your credit report at each of the three major credit reporting agencies as a proactive measure that will provide you with greater protection from identity theft than you will get from credit and identity theft monitoring services.  Go to the archives of Scamicide and type in “credit freeze” for information as to how to set up a credit freeze on your credit reports.

Scam of the day – December 9, 2015 – Is the letter you received from OPM real or a scam?

December 9, 2015 Posted by Steven Weisman, Esq.

As you all know by now and as I first reported to you in 2014 and again last summer, the federal Office of Personnel Management (OPM) was hacked by Chinese hackers who stole personal information of more than 21 million present and former federal employees as well as non-employees whose information was gathered by the OPM during the course of background investigations of federal employees.  In October, the OPM began notifying victims of the massive data breach about the identity theft protection services the government will make available to them for the next three years.  The notification process is taking about three months with many notification letters only recently having been sent.  I have been contacted by clients of mine inquiring as to whether the notices they received are real.   It is important to remember that the official notice is only being sent by regular mail.  No email notices will be sent so if you get an email that purports to be from the OPM, it is a scam.   The federal government has chosen Identity Theft Guard Solutions to provide  three years of identity theft protection to victims. In the notification letter you are urged to contact the OPM’s security website to enroll in the free identity monitoring program and you are provided a PIN to use in order to enroll.

Identity thieves have been copying the letter and changing the website address where you are directed to go to enroll in the identity theft protection services, directing people to a phony website where they will be prompted to provide personal information purportedly to enroll in the program.  If you provide personal information to these scammers, you will end up a victim of identity theft.  Here is a link to the official website for enrolling in the credit monitoring services being offered by the OPM:  https://www.opm.gov/cybersecurity/#Services

Once there you will be prompted to input your PIN and only the last four digits of your Social Security number.

TIPS

If you were a victim of the OPM data breach, you should be on the lookout for a notification letter with information about how to apply for benefits under the program.  The OPM is only notifying people by regular mail.  If you have been notified by email, text message or telephone, the notice is a scam and you should ignore it.  Even if you receive a letter, you should make sure that the web address you go to is accurate.  For convenience, you can use the web address I have indicated above.  In any event, remember, the legitimate website will not ask for your complete Social Security number.  It is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.    In fact, the OPM is offering these services a year after the data breach actually occurred so the danger of identity theft has increased.   None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

U.S. PIRG report on credit freezes

November 29, 2015 Posted by Steven Weisman, Esq.

Regular readers of Scamicide know that I am a strong advocate of everyone getting a credit freeze on their credit reports at each of the three major credit reporting agencies. It is the simplest and best defense you have against identity theft.  Here is a link to an excellent report by U.S. PIRG about credit freezes entitled “Why You Should Get Security Freezes Before Your Information is Stolen.  I urge you to read it.  It has a lot of helpful information including information about how to put a credit freeze on your credit reports.

http://uspirg.org/sites/pirg/files/reports/USPIRGFREEZE_0.pdf

Steve Weisman’s latest USA Today column

October 17, 2015 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column for USA Today entitled “Why You Should Have a Credit Freeze.”  http://www.usatoday.com/story/money/columnist/2015/10/17/weisman-credit-freeze/73383650/

Scam of the day – October 12, 2015 – Most data breaches not caused by hacking

October 12, 2015 Posted by Steven Weisman, Esq.

With the news constantly filled with stories of major data breaches such as last week’s disclosures of data breaches at Experian, Trump Hotels and Scottrade, it would be easy to come to the conclusion that hackers planting keystroke logging malware in the computers of their targeted victims would be the primary source of data breaches.  However, that conclusion is wrong.  According to a just released study done by the security firm Trend Micro, using data compiled by the Privacy Rights Clearinghouse, while 25% of the data breaches indeed were attributed to malware planted by hackers, 41% of the data breaches were attributable, according to the report, to the loss of “sensitive information stored on employees’ laptops, mobile devices, and thumb drives.”  Further complicating the problem is the fact that often the information contained on these devices was unencrypted, which should come as no surprise to those who remember the 2006 data breach at the Department of Veterans Affairs in which unencrypted personal information including Social Security numbers of more than 26 million present and former military personnel was stolen through the theft of a laptop from the home of a VA data analyst.

TIPS

Once again, the lesson is that regardless of how careful you are to protect the privacy of your personal data, you are only as safe as the companies and agencies with the weakest security that hold your personal information.  Therefore, it is not a matter of if you will become a victim of a data breach, it is a matter of when.  Knowing this it is important to first, as much as you can, limit the places that have your personal information.  Many times you are asked for such information by companies without a need for that information.  Your physician does not need your Social Security number.  When possible, refuse and offer another form of identification, such as your driver’s license number.  Second, you should be prepared for the inevitable data breach and put a credit freeze on your credit reports at each of the three major credit reporting agencies so that even if someone does obtain your personal information, they cannot use that information to get access to your credit report and run up debts in your name.  Putting a credit freeze on your credit reports is the simplest and best protection you can have against identity theft.  To learn more about how to put a credit freeze on your credit reports, go the archives of Scamicide and type in “credit freeze.”

Scam of the day – October 3, 2015 – 15 million T-Mobile customers in danger of identity theft

October 3, 2015 Posted by Steven Weisman, Esq.

T-Mobile has announced that personal information on 15 million of its customers has been stolen as a result of a data breach that occurred between September 1, 2013 and September 16, 2015.  The stolen information includes names, birth dates and Social Security numbers.  This type of information can readily be used by a criminal to steal the identities of the people whose personal information was compromised.  Because identity theft can be a devastating crime, this is a major problem if you were a customer of T-Mobile during that time.  It is important to note that it was not T-Mobile’s computers that were hacked.  Rather it was a server used by the credit reporting agency Experian that was hacked to steal this customer information.  T-Mobile used the services of Experian to run credit checks on people applying for T-Mobile services or devices.  A number of questions are brought up by this hacking including why Experian continued to store this personal information long after the determination of creditworthiness had been done.  Also, there are questions about the encryption program Experian used to protect its data because the encryption proved ineffective.

TIPS

T-Mobile is offering free credit monitoring services through ProtectMyID to affected customers for two years.  However, it should always be noted that credit monitoring does not help prevent identity theft, but merely helps you learn sooner when you do become a victim of identity theft.  Somewhat ironically, it should also be noted that ProtectMyID is owned and operated by Experian, the same company responsible for the data breach.  For more information about obtaining the free credit monitoring services if you have were affected by this data breach, click on this link which provides instructions from T-Mobile about signing up for the service. http://www.t-mobile.com/landing/experian-data-breach

Meanwhile, everyone should consider putting a credit freeze on their credit reports to actually help prevent identity theft.   With a credit freeze in place, an identity theft who has your personal information including your Social Security number will be prevented from accessing your credit report to obtain credit or make purchases in your name.   For more information about credit freezes, go to the archives of Scamicide.com and type in “credit freeze.”

Scam of the day – October 2, 2015 – Update on data breach at Trump hotels

October 2, 2015 Posted by Steven Weisman, Esq.

It has just been disclosed by the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York that its hotels had been hit with a Target-like credit card and debit card data breach that appears to have occurred between May 19, 2014 and June 2, 2015.  Although the Trump Hotel Collection is just announcing this now and much of the media is reporting this as a new story, here at Scamicide, we reported to you about this data breach in our Scam of the day on July 5, 2015.  As with so many data breaches, it was discovered not by the company hacked, but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.    The malware used to perform this data breach was installed on computers at Trump hotels front desk terminals as well as as payment card terminals in the hotels’ restaurants and gift shops.  This type of hacking and data breach could have been prevented had the Trump Hotel Collection switched to the modern EMV smart chip credit cards now being required to be used according to credit card regulations that just went to effect yesterday.  Instead the Trump Hotel Collection, as many companies still do, used the old fashioned credit and debit cards with magnetic strips which are so susceptible to hacking.

TIPS

If you used your credit and debit card at one of the affected Trump hotels between May 19, 2014 and June 2, 2015, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.  The Trump Hotel Collection is offering free credit monitoring for people who used their cards at their hotels during the time period indicated above.  For more information about this offer, call them at 877-803-8586.  Here also is a link to the statement of the Trump Hotel Collection about this data breach. https://www.trumphotelcollection.com/cc-security-faq

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.