Posts Tagged: ‘credit freeze’

Steve Weisman’s latest USA Today column

October 17, 2015 Posted by Steven Weisman, Esq.

Here is a link to Steve Weisman’s latest column for USA Today entitled “Why You Should Have a Credit Freeze.”

Scam of the day – October 12, 2015 – Most data breaches not caused by hacking

October 12, 2015 Posted by Steven Weisman, Esq.

With the news constantly filled with stories of major data breaches such as last week’s disclosures of data breaches at Experian, Trump Hotels and Scottrade, it would be easy to come to the conclusion that hackers planting keystroke logging malware in the computers of their targeted victims would be the primary source of data breaches.  However, that conclusion is wrong.  According to a just released study done by the security firm Trend Micro, using data compiled by the Privacy Rights Clearinghouse, while 25% of the data breaches indeed were attributed to malware planted by hackers, 41% of the data breaches were attributable, according to the report, to the loss of “sensitive information stored on employees’ laptops, mobile devices, and thumb drives.”  Further complicating the problem is the fact that often the information contained on these devices was unencrypted, which should come as no surprise to those who remember the 2006 data breach at the Department of Veterans Affairs in which unencrypted personal information including Social Security numbers of more than 26 million present and former military personnel was stolen through the theft of a laptop from the home of a VA data analyst.


Once again, the lesson is that regardless of how careful you are to protect the privacy of your personal data, you are only as safe as the companies and agencies with the weakest security that hold your personal information.  Therefore, it is not a matter of if you will become a victim of a data breach, it is a matter of when.  Knowing this it is important to first, as much as you can, limit the places that have your personal information.  Many times you are asked for such information by companies without a need for that information.  Your physician does not need your Social Security number.  When possible, refuse and offer another form of identification, such as your driver’s license number.  Second, you should be prepared for the inevitable data breach and put a credit freeze on your credit reports at each of the three major credit reporting agencies so that even if someone does obtain your personal information, they cannot use that information to get access to your credit report and run up debts in your name.  Putting a credit freeze on your credit reports is the simplest and best protection you can have against identity theft.  To learn more about how to put a credit freeze on your credit reports, go the archives of Scamicide and type in “credit freeze.”

Scam of the day – October 3, 2015 – 15 million T-Mobile customers in danger of identity theft

October 3, 2015 Posted by Steven Weisman, Esq.

T-Mobile has announced that personal information on 15 million of its customers has been stolen as a result of a data breach that occurred between September 1, 2013 and September 16, 2015.  The stolen information includes names, birth dates and Social Security numbers.  This type of information can readily be used by a criminal to steal the identities of the people whose personal information was compromised.  Because identity theft can be a devastating crime, this is a major problem if you were a customer of T-Mobile during that time.  It is important to note that it was not T-Mobile’s computers that were hacked.  Rather it was a server used by the credit reporting agency Experian that was hacked to steal this customer information.  T-Mobile used the services of Experian to run credit checks on people applying for T-Mobile services or devices.  A number of questions are brought up by this hacking including why Experian continued to store this personal information long after the determination of creditworthiness had been done.  Also, there are questions about the encryption program Experian used to protect its data because the encryption proved ineffective.


T-Mobile is offering free credit monitoring services through ProtectMyID to affected customers for two years.  However, it should always be noted that credit monitoring does not help prevent identity theft, but merely helps you learn sooner when you do become a victim of identity theft.  Somewhat ironically, it should also be noted that ProtectMyID is owned and operated by Experian, the same company responsible for the data breach.  For more information about obtaining the free credit monitoring services if you have were affected by this data breach, click on this link which provides instructions from T-Mobile about signing up for the service.

Meanwhile, everyone should consider putting a credit freeze on their credit reports to actually help prevent identity theft.   With a credit freeze in place, an identity theft who has your personal information including your Social Security number will be prevented from accessing your credit report to obtain credit or make purchases in your name.   For more information about credit freezes, go to the archives of and type in “credit freeze.”

Scam of the day – October 2, 2015 – Update on data breach at Trump hotels

October 2, 2015 Posted by Steven Weisman, Esq.

It has just been disclosed by the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York that its hotels had been hit with a Target-like credit card and debit card data breach that appears to have occurred between May 19, 2014 and June 2, 2015.  Although the Trump Hotel Collection is just announcing this now and much of the media is reporting this as a new story, here at Scamicide, we reported to you about this data breach in our Scam of the day on July 5, 2015.  As with so many data breaches, it was discovered not by the company hacked, but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.    The malware used to perform this data breach was installed on computers at Trump hotels front desk terminals as well as as payment card terminals in the hotels’ restaurants and gift shops.  This type of hacking and data breach could have been prevented had the Trump Hotel Collection switched to the modern EMV smart chip credit cards now being required to be used according to credit card regulations that just went to effect yesterday.  Instead the Trump Hotel Collection, as many companies still do, used the old fashioned credit and debit cards with magnetic strips which are so susceptible to hacking.


If you used your credit and debit card at one of the affected Trump hotels between May 19, 2014 and June 2, 2015, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.  The Trump Hotel Collection is offering free credit monitoring for people who used their cards at their hotels during the time period indicated above.  For more information about this offer, call them at 877-803-8586.  Here also is a link to the statement of the Trump Hotel Collection about this data breach.

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.

Scam of the day – September 13, 2015 – Another major health care data breach

September 13, 2015 Posted by Steven Weisman, Esq.

Health insurer Excellus Blue Cross/Blue Shield became the latest major health insurer to disclose that it had suffered a data breach affecting 10.5 million people.  The compromised information may include names, birth dates, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.  This hacking, which was just announced, but has been going on since December of 2013 is the fourth major health care data breach this year with anthem Blue Cross/Blue Shield being the largest, having affected upwards to 80 million people.  As I warned everyone in my USA Today column in which I made my cyberpredictions for 2015, the health care industry is tremendously vulnerable to data breaches and we can expect these data breaches to continue.  Here is a link to that column.

A recent audit of health care companies and insurers showed that more than 81% of these companies have suffered a data breach in the last two years alone and that number only relates to the data breaches that have been discovered.  There may have been more that remain undiscovered.

The potential consequences of medical company data breaches can be tremendous to affected individuals.  The medical records of an identity thief accessing your medical insurance can become intermingled with your medical records such that you can mistakenly receive improper treatment, such as a potentially deadly blood transfusion of the wrong blood type.


Excellus will be sending out snail mail letters to those people affected by the data breach shortly.  If you receive an email purportedly from Excellus asking you to click on links for information about the data breach, it is a phishing email aimed at getting you to download malware on to your computer and make you a victim of identity theft.  As many hacked companies do, Excellus is offering two years of free credit monitoring, however these services will do nothing to protect you from identity theft.  In order to do that, I suggest that you put a credit freeze on your credit report at each of the three major credit reporting agencies in order to prevent someone who already has your personal information such as your Social Security number from accessing your credit report to run up debts in your name.  You can find information about how to do a credit freeze in the Scamicide Archives.  For more information about the Excellus data breach, you can either call their toll free hotline number of 877-589-3331 or got their website by clicking on this link.

Scam of the day – September 8, 2015 – Company picked to provide identity theft protection for victims of OPM data breach

September 7, 2015 Posted by Steven Weisman, Esq.

The Office of Personnel Management (OPM) which was hacked by Chinese hackers who stole personal information of more than 21 million present and former federal employees has chosen Identity Theft Guard Solutions to provide  three years of identity theft protections to the victims.  Notifications will be going out from the Defense Department to the victims starting at the end of September and it will take about three months to notify all of the victims.  Also covered by the program will be more than 6 million children whose parent’s information was compromised in the data breach.   When the data breach was initially discovered, the OPM hired another company to provide 18 months of identity theft protection services, however, the company had its website crash and the call center answering questions about the services to be provided often had delays of hours before callers could speak to a representative.


If you were a victim of the OPM data breach, you should be on the lookout for notification from the Defense Department with information about how to apply for benefits under the program.  However, it is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.  None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

Scam of the day – August 24, 2015 – Plenty of Fish dating site hacked

August 24, 2015 Posted by Steven Weisman, Esq.

Plenty of Fish ( an online dating website with more than a hundred million members had its website corrupted by hackers who managed to install a keystroke logging malware program known as Tinba that enables the identity thieves to steal credit card and banking information from its victims.  What makes this hacking particularly noteworthy is that the hackers did not hack into the computers of Plenty of Fish to install malware as was done in the recent hacking of Ashley Madison.  Instead, they hacked into the computers of a legitimate advertising company, Improve Digital that distributed online advertisements to Plenty of Fish.  The malware was attached to legitimate online advertisements placed by Improve Digital on the Plenty of Fish website.  And as I always say, “things aren’t as bad as you think, they are worse.”  In this case, it was not even necessary for someone visiting the Plenty of Fish website to click on the infected advertisements to permit the malware to be downloaded on to their computers.  All that was necessary was to merely go to the now infected website to have  your computer, in turn, infected with this dangerous malware.


If you are a user of Plenty of Fish, you should monitor your bank accounts and credit card accounts closely.  You also would be wise, if you already have not done so, to put a credit freeze on your credit report.  You can find information as to how to do this here on Scamicide.  Just go to the archives and enter the words “credit freeze.”  You also should make sure that you are using the latest anti-virus and anti-malware software on your computer and run a scan for any viruses or malware.

Scam of the day – August 11, 2015 – Medical Informatics Engineering class actions filed

August 10, 2015 Posted by Steven Weisman, Esq.

Recently I told you about the hacking and data breach of Medical Informatics Engineering (MIE) and its cloud service NoMoreClipboard.   MIE operates more than 300 medical centers in 38 states.  On May 26th it discovered that it had been hacked since May 7th.  Unfortunately the personal information compromised in the data breach was very significant including names, telephone numbers, mailing addresses, usernames, password security questions and answers, spousal information, email addresses, birth dates, Social Security numbers, health insurance policy information and more all of which puts the victims of the data breach in serious jeopardy of traditional and medical identity theft.  It is estimated that almost four million people had their personal information stolen.  The company started notifying affected victims whose personal information was hacked by traditional mail in June and July.  Now, however, two lawsuits have been filed on behalf of the victims in the Federal District Court in Ft. Wayne Indiana seeking class action status.  Both lawsuits  allege that MIE was negligent in not implementing proper security measures to protect the personal information it collected and stored.


If you are one of the victims of the data breach and want more information about the two class actions, you can contact the law firms, Price Waicukauski & Riley LLC and Cohen & Malad LLP by clicking on the following links respectively and

You can also call MIE’s toll-free hotline at 866-328-1987 for more information.   In addition, you should also carefully monitor all of your financial accounts and check your medical records to make sure that someone has not accessed your health insurance and made you a victim of medical identity theft.  You should also put a credit freeze on your credit report.  You can find out how to put a credit freeze on your credit report by going to the Archives of Scamicide.  Be wary of any emails that you receive purporting to be from MIE because you can expect identity thieves to be sending out these as phishing email posing as MIE seeking to have you provide personal information or click on links containing malware.

Scam of the day – July 24, 2015 – Major identity thief convicted

July 23, 2015 Posted by Steven Weisman, Esq.

Hieu Minh Ngo has pleaded guilty to a number of identity theft related charges in the Federal District Court of New Hampshire and been sentenced to 13 years in prison.  Between 2007 and 2013 Ngo obtained access to as many as 200 million consumer records from large data brokers including Court Ventures, which is 2012 was acquired by Experian, one of the three major credit reporting bureaus.  Ngo was able to access these records by posing as a private investigator.   Putting this number into perspective, it represents 60% of the population of the United States.   He then sold to identity thieves comprehensive packages of consumer data, referred to in the world of identity thieves as “fullz,” made up of individuals’ names, credit card numbers, Social Security numbers, birth dates bank account numbers and bank routing numbers, on black market websites he operated called and  According to the Justice Department, Ngo sold fullz to 1,300 identity thieves, who in turn committed large numbers of identity theft including 65 million dollars in income tax identity theft alone.  Ngo could have been sentenced to 24 years in prison, but through a plea bargain got a reduced sentenced in return for his cooperation in identifying his former identity thief customers.

Now, a class action lawsuit has been filed in the Federal District Court for the Central District of California against Experian alleging it was negligent in failing to protect its consumer data from Ngo.  The class action is seeking to have Experian ordered to notify all affected consumers, provide free credit monitoring services to affected consumers and establish a fund to reimburse those who became victims of identity theft due to Experian’s negligence.  I will keep you informed as further developments in this case occur.


This case is yet another example of how vulnerable we all are to identity theft because we are only as secure as the companies and governmental agencies that have our personal information.  One thing, however, we can all do to protect ourselves is to put a credit freeze on our credit reports at each of the three major credit reporting bureaus, which will prevent access to our personal credit records and the information contained therein.  Go to the Archives section of Scamicide for further information about how to put a credit freeze on your credit reports.