Scam of the day – September 18, 2017 – Update on Equifax class actions

The fallout from the huge data breach at Equifax affecting 143 million Americans continues.  Senators Orrin Hatch and Ron Wyden of the Senate Committee on Finance have sent requests to Equifax for detailed information about the data breach.  In addition, the number of class actions filed against Equifax related to the data breach is now up to twenty three.

Class actions are lawsuits brought by a few individuals on behalf of many others similarly situated.  It is an effective way for consumers to seek redress from companies and the lawyers are paid on a contingency basis so there are no out of pocket expenses to the people who make up the class of harmed individuals.  Once the cases have been certified by the judges hearing the cases as appropriate  for class action status a federal panel will be convened to join the cases into a single lawsuit on behalf of all of the victims.  At that time there will be, most likely, a negotiated settlement, but if one cannot be reached, a trial will occur.   Generally in class actions, class members have the opportunity to either opt in or opt out of the class action, in which case they could bring their own individual lawsuits, although this is rarely productive.

TIPS

I will keep you informed as to the progress of the class actions so that you will be able to make intelligent decisions as to what to do in your own particular case in this matter.

Meanwhile it is imperative, if you have not already done so that you get copies of your credit reports from each of the three major credit reporting agencies and that you freeze your credit at each of the three major credit reporting agencies.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 10, 2017 – Further important Equifax updates

It is unusual here at Scamicide to discuss the same scam for multiple consecutive days, however, the massive Equifax data breach story is continually evolving, affects you and warrants such coverage.

Under pressure from New York Attorney Eric Schneiderman and others, Equifax has removed the waiver of your rights to participate in a class action from the contract you must agree to in order to obtain free identity protection services from its TrustedID  program.  Therefore it makes sense to sign up for the program, which you can do here.

https://www.equifaxsecurity2017.com/enroll/

While Equifax also represented that you could find out from them whether or not you were specifically involved in the data breach, that representation is not accurate.  Numerous people have used fake names to test the system and in each instance were told that they probably were affected by the data breach.  This is mildly upsetting, but no more than that.  The sheer size of the data breach is so large and the potential harm so great that you should assume that you were affected.

TIPS

The advice as to what to do is still the same.  You should put a credit freeze on your credit reports at all of the three major credit reporting agencies.  Fraud alerts are worthless.  In addition, you should get copies of your credit reports from each of the three major credit reporting agencies to look and see if you have already been a victim because it is important to remember that this data breach has gone on for months.  You have the right to a free copy of your credit report from each of the three credit reporting agencies once each year.  What many of us do is stagger the request among the TransUnion, Equifax and Experian by requesting one every four months.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 9, 2017 – Important update about the Equifax data breach

The massive data breach that occurred at credit reporting agency Equifax, between last May and July is a story that is continuing to evolve. If you are one of the approximately 143 million people whose personal information was compromised, you face a serious threat of identity theft. Equifax is offering credit monitoring and other services to the victims of the data breach through its identity protection company, Trusted ID, however, if you read the fine print in the agreement you will find that in order to get the free services you must  waive your rights to be a part of any class action against Equifax and must resort to binding arbitration for any claims against Equifax.  New York Attorney General Eric Schneiderman has already indicated that he believes that requiring such a waiver in this instance is illegal and he has demanded Equifax to remove the language from the agreement.  The agreement does also provide that if you notify Equifax within 30 days of accepting the terms that you wish to opt out of arbitration you can do so, but at the moment, your rights against Equifax are far from clear.

TIPS

So what should you be doing?  It will certainly take some intense investigation, but there may well be cause for a class action against Equifax.  However, in the meantime your primary concern should be protecting yourself from identity theft and the first thing you should do is get copies of your credit report from each of the credit reporting agencies and review them to see if there is any evidence of identity theft. Regardless of whether you find any such indications, the next thing you should do is put a credit freeze on your credit reports at each of the three major credit reporting agencies.

You can get your free copies of your credit reports by using this link.

https://www.annualcreditreport.com/index.action

Here are links to each of the credit reporting agencies for information about how to put a credit freeze on your credit reports: 

Scam of the day – September 8, 2017 – Massive data breach at Equifax

Yesterday Equifax, one of three major credit reporting agencies announced that it had been victimized by a data breach between mid May and July that resulted in personal information of approximately 143 million Americans being stolen.  To put this number into perspective it accounts for nearly 44% of the entire population of the United States.  The compromised information included names, Social Security numbers, birth dates and more.  This information puts the victims of the data breach in serious danger of identity theft.  In the past when major data breaches such as this have occurred, the cybercriminals sell the information to other cybercriminals on the Dark Web.  To date, we have not yet seen this information being sold, but it will be.

Equifax is offering to affected customers a free year of credit monitoring and the ability to freeze your Equifax credit report.  To find out if your records were affected by the breach, click on this link provided by Equifax

Potential Impact

TIPS

If you have been affected by the data breach, you should sign up for the free services offered by Equifax and definitely should freeze your credit report at all of the credit reporting agencies because the information stolen puts you in jeopardy of identity theft at all of the credit reporting agencies.

Even if you have not been a victim of the data breach, you should consider taking this as the opportunity to put a credit freeze on your credit reports. Credit freezes are the best thing you can do to protect yourself from becoming a victim of identity theft.

To get started, it’s best to first understand the laws and fees governing credit freezes in your state. The National Conference of State Legislatures describes the credit freeze laws for each state. 

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them for information about how to get a credit freeze: 

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.

August 26, 2017 – Steve Weisman’s latest column for the Saturday Evening Post

Here is a link to my latest column which describes how putting a credit freeze on your credit reports can be the best thing you can do to protect yourself from becoming a victim of identity theft.

Con Watch: Credit Freezes: The Best Protection from Identity Theft

Scam of the day – August 11, 2017 – Nationwide insurance settles data breach lawsuit

It appears that the insurance company Nationwide, despite its catchy slogan, may not be on your side.  Nationwide Mutual Insurance Company has just settled a legal complaint brought against it by the attorneys general of 32 states and the District of Columbia related to a 2012 data breach in which sensitive personal information including Social Security numbers of  1.2 million of its customers and even people who merely applied for insurance quotes and did not buy insurance from Nationwide was stolen in a massive hacking and data breach.

Under the terms of the settlement Nationwide will pay 5.5 million dollars to the states’ attorneys general who will use the funds to cover the costs of the investigation and legal action against Nationwide as well as to assist in future consumer protection enforcement cases.

Two class actions by injured consumers regarding the data breach are still pending in the courts.

The key reason for the liability of Nationwide in this case is that the data breach was made possible due to the failure of Nationwide to update their security software with patches that were already available.  Had Nationwide installed the security updates in a timely fashion, the hacking and data breach would have been thwarted.

In addition to the 5.5 million dollar payment, Nationwide is also required under the terms of the settlement to update its security practices, install security updates in a timely manner and take other specified steps to protect consumers’ data.  Nationwide is also required to notify consumers that the company keeps their personal information even if the consumer does not become a customer of Nationwide.

TIPS

You will continue to see legal actions, settlements and court decisions such as this in the future as law enforcement is increasingly holding companies responsible for their faulty security practices.  As New York Attorney General Eric Schneiderman said, “Nationwide demonstrated true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process.”

So what does this mean to you and me?

Once again, this shows that regardless of how protective you are of your personal information, you are only as safe as the companies and institutions with the weakest security that have your information. Try as much as you can to limit providing personal information to companies unless there is a real need and inquire as to what the companies do to protect your data.  In addition, as I have advised many times, the best thing you can do to protect yourself from identity theft is to put a credit freeze on your credit reports at the three major credit reporting agencies. You can learn how to do this by going to the “search the website” section of Scamicide and putting in the words “credit freeze.”

 

Scam of the day – August 1, 2017 – Discover card now offering identity theft alert services

Discover is now offering free identity theft alert services through any of their credit cards.  Discover monitors websites on the Dark Web where criminals buy and sell stolen credit cards, Social Security numbers and other identity theft information.  They will then alert their customers if it is found that their Social Security number or credit card has been compromised.  In addition, Discover will also monitor the customer’s Experian credit report and alert the customer if new accounts, such as credit cards, car loans or mortgages are taken out in the name of the customer.  Finally, Discover representatives will offer some guidance in remedying the problem if the customer does become a victim of identity theft.  All of these services are offered by Discover to its customers at no charge.

TIPS

While this is a very significant benefit to consumers and Discover should be applauded for its efforts, it should be noted that there are numerous other ways that identity theft is accomplished beyond those that Discover will be monitoring.  In addition, Discover will only be looking at the customer’s Experian credit report and not those of the other credit reporting agencies, TransUnion and Equifax.  Often problems may appear on one of these companies reports and not on the others.  Perhaps most importantly, like all credit monitoring services, these services do nothing to help prevent someone from becoming a victim of identity theft in the first place.  There are many things that people can do to help protect themselves from becoming a victim of identity theft, perhaps most strongly by putting a credit freeze on their credit reports at all three of the credit reporting agencies.  In my book “Identity Theft Alert” I list more than sixty simple things people can do to protect themselves from becoming a victim of identity theft.

Scam of the day – July 2, 2017 – Anthem data breach class action settlement

I first reported to you about the huge data breach at Anthem, a major care health care company in February of 2015 when it was initially discovered. The data breach affected 78.8 million patients and employees.  The data stolen included birth dates, Social Security numbers and other information putting the victims in extreme danger of identity theft.    In response to the data breach Anthem offered free identity theft repair and credit monitoring services to current or former members of Anthem plans going back to 2004.

A class action filed by people affected by the data breach has recently been settled with the settlement now awaiting approval by a federal judge in California overseeing the case.

Here is a link to the settlement.

https://anthemdatabreachlitigation.girardgibbs.com/wp-content/uploads/2017/06/2017-0623-Dkt-869-8-Settlement-Agreement.pdf

Approval is expected shortly.  Under the terms of the settlement, Anthem will offer two more years of identity theft repair and credit monitoring services to those affected and will pay up to fifteen million dollars toward out of pocket costs incurred by victims of the data breach.  Anthem also agreed to make substantial changes to its cybersecurity systems.  The total amount to be paid to settle the class action is 115 million dollars which is more than five times what Target and Home Depot spent to settle similar charges.  The primary reason for this is that in the Target and Home Depot data breaches all that was lost was credit card information while in the Anthem breach, personal information that can lead to significant identity theft was stolen.  Hopefully, this will serve as a wake up call to companies to upgrade their cybersecurity.  It is important to also note that, as with so many data breaches, this was started when an employee clicked on a link in a simple phishing email.

TIPS

I will notify you when the settlement is approved and let you know how to make a claim and apply for the additional credit monitoring and identity theft protection as well as apply for out of pocket expense reimbursement.

Neither Anthem nor AllClear ID, the company Anthem is using to provide credit monitoring and identity theft protection services to victims of the data breach assists with credit freezes although it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian if you were a victim of this or any other data breach.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the top right hand corner of this page.

Scam of the day – March 25, 2017 – Multiple states’ JobLink database hacked

JobLink, which is a database managed by Job Link Alliance, maintains online databases that connects employers with job seekers.  JobLink is used by the state governments of Alabama, Arizona, Arkansas, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. It has recently come to light that the database for all of the states using JobLink were hacked sometime prior to March 16th.  The total number of people affected is undetermined at this time, but potentially huge.  In Delaware alone personal information from more than 200,000 accounts were stolen. Included in the information stolen in this data breach were names, Social Security numbers and birth dates which could be readily used for purposes of identity theft.

TIPS

If you used JobLink in any of the affected states, you should immediately freeze your credit with each of the three credit reporting agencies to help prevent anyone who may have access to your Social Security number from obtaining credit in your name.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the right hand corner of this page.

You should also carefully monitor all of your credit cards and other accounts regularly for any indications of identity theft.

Scam of the day – November 24, 2016 – Disturbing data breach at HUD

Earlier this week, the Department of Housing and Urban Development (HUD) disclosed that it had suffered two data breaches occurring on August 29th and September 14 in which personal information including Social Security numbers of approximately 480,000 people was made publicly available on the HUD website.  No hacking was involved by individuals or nation states.  The data breach was done through the negligence of HUD employees who inadvertently posted the information.  The information has been taken down and, at the moment, there is no evidence that the information has been used for purposes of identity theft.   HUD is investigating the data breach to determine the exact extent of the problem, how it occurred and what to do to prevent such data breaches in the future.

Letters are being sent by HUD to affected individuals and HUD is offering a year of free credit monitoring.

TIPS

Identity thieves will be sending letters appearing to come from HUD about this data breach asking for personal information.  You should not provide such information to anyone who calls you, emails you, text messages you or contacts you by mail.   Here is a link to the official HUD website with contact information if you have questions as to your rights in this matter.  http://portal.hud.gov/hudportal/HUD?src=/contact

This incident again highlights that you are only as secure as the places that have your personal information with the weakest security. Therefore, as much as possible, you should limit the amount of personal information you provide to any company, institution or government agency as much as possible.  However, unfortunately, in many instances, such as with HUD there will be times you need to provide your Social Security and other personal information.  Therefore it is important to protect yourself from identity theft as best you can.  The best thing you can do to protect yourself is to put a credit freeze on your credit report so that even if someone obtains your Social Security number, they will be unable to establish credit in your name.  You can learn how to put a credit freeze on your credit reports by going to the Search the Website section of Scamicide in the top of this page on the right hand corner and type in “credit freeze.”