Posts Tagged: ‘credit freeze’

Scam of the day – September 7, 2014 – HealthCare.gov hacked

September 6, 2014 Posted by Steven Weisman, Esq.

The health care industry in general is responsible for more data breaches than any other sector.  The lack of security throughout the health care industry including hospitals and other providers of health care is a huge problem that is only going to get worse as the computers of health care providers continue to be targeted and the personal data that they contain becomes harvested by hacking identity thieves.  From its inception security issues at HealthCare.gov, the website of the federal government’s health insurance marketplace created pursuant to the Affordable Care Act, commonly referred to as Obamacare have been a source of concern of mine and many other experts in cybersecurity.  Recently, it was disclosed that HealthCare.gov was indeed hacked although, according to government spokesmen no personal information of consumers in the 36 states that use HealthCare.gov was compromised.  However, this is of little consolation to the many people who use HealthCare.gov.

When HealthCare.gov was first launched last October, there were major security concerns about the website and the website was activated even before it met federal standards for security.  Everyone remembers the difficulties that were encountered in the initial use of HealthCare.gov, however, until now, the federal government had not reported any data breaches although Aaron Albright, a spokesman at the Centers of Medicare and Medicaid Services which operates HealthCare.gov admits that there are numerous security weaknesses within the system which could lead to hacking that could result in data breaches including weaknesses with the servers including the continued use of manufacturer’s default passwords which could be easily exploited.  In addition, servers have not been subject to regular security scans.

TIPS

Unfortunately, it is probably only a matter of time before HealthCare.gov is hacked by identity thieves who will steal personal information stored there.  If you have done business with HealthCare.gov, you should regularly monitor all of your financial accounts and you may wish to put a credit freeze on your credit report to prevent someone with access to your personal information from using your credit to make large purchases in your name.  You can find instructions as to how to put a credit freeze on your credit reports on the right hand side of this page.

Scam of the day – August 21, 2014 – Community Health Systems data breach update

August 20, 2014 Posted by Steven Weisman, Esq.

A couple of days ago I told you about the massive data breach at Community Health Systems a hospital chain with hospitals in 29 states.  This data breach, which was done by Chinese hackers resulted in personal data on 4.5 million patients of Community Health Systems being stolen.  The data included names, addresses, birth dates and Social Security numbers which puts the affected individuals in serious jeopardy of identity theft.  Community Health Systems is in the process of notifying the affected individuals and offering credit monitoring services.  Now however, Trusted Sec LLC, a security company is indicating that the hacking of Community Health Systems was accomplished by the first known exploitation of the Heartbleed security flaw.  Heartbleed is the name of the security flaw in the Open SSL encryption security technology discovered last April that is used by up to 2/3 of websites on the Internet.  Although the Heartbleed flaw was promptly patched, there was a period during which the users of this technology were left vulnerable and it appears that during this period was when the Chinese hackers managed to steal data from Community Health Systems.  It is not unusual for hackings and data breaches to remain undiscovered for significant periods of time.  This data breach may be the first major data breach connected to Community Health Systems, but it is most likely not going to be the last.

TIPS

It has been said that the price of liberty is eternal vigilance and that is also important in maintaining your own personal security.  People who did not change their passwords following the Heartbleed security flaw first being uncovered should take this as a wake up call to do so now.  You should also consider putting a credit freeze on your credit report.  You can find instructions as to how to do this in the “credit freeze” link on the right hand side of this page.  This will protect your credit from being accessed by someone who may otherwise have enough personal information of yours to access your credit report in an effort to use your credit.  Finally, you should monitor all of your financial accounts regularly for indications of fraudulent use.  Remember, you are only as safe as the places that hold your personal information and some of them have poor security.

Scam of the day – August 17, 2014 – Data breach at Supervalu stores

August 16, 2014 Posted by Steven Weisman, Esq.

The Supermarket chain Supervalu Inc. has disclosed that it has joined the growing list of major companies suffering a major data breach.  Although the breach apparently occurred between June 22nd and July 17th, it was only disclosed a few days ago.  Supervalu operates stores under a number of different names including Cub Foods, Hornbacher’s, Shop ‘n Save, Shoppers Food & Pharmacy and Farm Fresh.  In addition, the data breach also apparently affected stores that it sold in 2013, but still supplied the information technology services that were the Achilles heel in this data breaches.  Those stores go under the names Albertsons Acme (not necessarily the same one used by Wylie Coyote) Jewel-Osco, Shaw’s and Star Market.  All in all the data breach may have reached as many as 1,000 stores.  It has been confirmed that the breach which, as in the case of the Target data breach occurred at the point of sale card registers included account numbers, expiration dates and cardholder names.

TIPS

Supervalu has set up a call center for consumers to call for further information.  The number is 855-731-6018.  Additional information may also be obtained by going to Supervalu’s website, www.supervalu.com and go to the Consumer Security Advisory section where information can be obtained about complimentary consumer identify protection services.  Consumers who may have shopped at any of the affected stores should carefully monitor their credit card account for fraudulent use and if you used a debit card, you should strictly monitor your bank account for evidence of fraud.  Establishing a credit freeze at each of the three major credit reporting bureaus is also a good idea.  You can get information as to how to put a credit freeze on your credit report by going to the Credit Freeze section of Scamicide as listed on the right hand side of this page.  Finally, this should again be a lesson to consumers to not use debit cards for retail transactions.  The risk is too great.

Scam of the day – July 19, 2014 – Houston Astros hacked

July 19, 2014 Posted by Steven Weisman, Esq.

No company is safe from the danger of hacking including, as we recently learned Major League Baseball teams.  The Houston Astros were recently embarrassed to announce that their computers had been hacked by unknown hackers who released information about trade discussions involving the Astros and a number of other Major League Baseball teams including the Miami Marlins with which a trade for All-Star outfielder Giancarlo Stanton was discussed.  The hacking did not appear to be for any reason other than to expose and embarrass the management of the Astros, however that is of little consolation to employees of the Astros whose personal information can also be found in the Astros’ computers and which, if released could lead to identity theft.

TIPS

This is just another example that no entity including governmental agencies as well as private companies is safe from the danger of hacking.   A recent report by the State of New York indicated that in New York alone there were more than 900 data breaches that exposes personal and financial records of 7.3 million New Yorkers thus making them victims and potential victims of identity theft.  It is important to remember that you are only as safe as the place with the weakest security that holds your personal information so whenever possible do not provide your personal information, such as your Social Security number to everyone who asks for it.  Health care providers do not need your Social Security number although most request it.  Often the only reason that they want it is to make it easier to collect an unpaid bill from you.  The health care industry in general has done a poor job of protecting personal data from hackers.  The place to find a helping hand in protecting your data is at the end of your own arm.  Limit the places that have your personal information as best you can.  When companies request your Social Security number, offer them another identifier for example.  I recently did this with my eye doctor and the doctor agreed.  You may also want to place a credit freeze on your credit report so that even if your Social Security number and other personal information is stolen, the identity thief will not be able to access your credit report.  You can find information as to how to put a credit freeze on your credit report in the credit freeze section on the right hand side of this page.

Scam of the day – July 14, 2014 – Chinese hackers steal information from Federal Office of Personnel Management

July 14, 2014 Posted by Steven Weisman, Esq.

Hacking of American companies by Chinese hackers is not particularly startling as it is going on all of the time, however the federal government is now admitting that back in March Chinese hackers were able to hack into the data bases of the Office of Personnel Management and gain access to personal information on thousands of government workers.  What is particularly troublesome is that the Office of Personnel Management manages a program called e-QIP where federal employees who are seeking security clearances must provide much personal information including personal financial data.  It is not known what the purpose of the hacking was and whether or not it was government sanctioned or not.  What is known is that, just as the hacking into the computers of the United States Department of Energy last week, showed, government databases are just as vulnerable as those of private companies.

TIPS

So what does this mean to you?

First and foremost if you are someone whose information was maintained by the Office of Personnel Management you should be on heightened alert for identity theft.  You should check your credit report with each of the three major credit reporting agencies, Equifax, TransUnion and Experian.  You also would be wise to put a credit freeze on your credit reports at each of the three major credit bureaus to prevent someone with personal information about you from gaining access to your credit report and utilizing your credit.  You can find a detailed explanation of credit freezes along with instructions for getting one in the right hand column of the first page of Scamicide.  As for the rest of us, this is yet another lesson that you are only as safe from identity theft as the places with the weakest security that hold personal information about you.  Whenever possible limit the amount of personal information held by companies and governmental agencies with which you do business.  Also, do not leave your credit card number on file with any retailer with which you do business regularly.  It may be convenient to do so, but it increases your risk of identity theft if the company is hacked and your data is compromised.

Scam of the day – July 10, 2014 – Indiana passes law to protect children from identity theft

July 10, 2014 Posted by Steven Weisman, Esq.

Children have become a ripe target of identity thieves and with good reason.  Armed with a Social Security number of a child, an identity thief can establish credit in the name of the child, abuse that credit with little chance that the child or his or her parents will become aware of the identity theft until the child reaches an age where they may be applying for financial aid for college or applying for a car loan.  It is only then that the child and his or her family become aware that the child’s credit report has been corrupted which can create substantial problems for that child, not only in obtaining a loan, but in getting a job, insurance, renting an apartment, getting a loan or in the many other areas where a credit report is used.  For adults, credit reports can be frozen such that even if someone has that person’s Social Security number and other identifying information, the person’s credit report cannot be accessed and used for fraudulent purposes, however except in a handful of states, the credit reports of children cannot be frozen.  Now Indiana has joined this small number of states that permit the credit reports of children to be frozen.  If your state does not have such a law, you should lobby your legislators to pass such legislation.

TIPS

Freezing a credit report is one of the most effective ways to prevent identity theft.  Unlike costly credit monitoring, which is often offered for free to victims of a data breach by the company whose data has been stolen, a credit freeze can actually stop forms of identity theft.  Credit monitoring merely tells you after the fact that you have been a victim.  It offers the same protection as someone who has just been hit by a truck while crossing the street and someone comes over to the victim lying in the road and informs him or her that he or she has been just been hit by a truck.  For instructions as to how to put a credit freeze on your credit report, go to the archives of Scamicide at the top of this page and type in “credit freeze.”

Scam of the day – July 4, 2014 – Butler University data breach

July 5, 2014 Posted by Steven Weisman, Esq.

Butler University has become the latest school to disclose that their computers had been hacked and personal information including Social Security numbers of 163,000  students, faculty, staff, former students and even people who merely applied to the school was compromised. This is just the latest instance of a college or university being hacked.  It also is another breach in which the university still maintained personal information in its data banks on former students, and in this case, mere applicants although the university had absolutely no reason to maintain Social Security numbers for such people.  As I have told you many times previously, you are only as safe as the places with the weakest security that hold your personal information.

TIPS

If you have ever had any contact with Butler University I urge you to contact the school and not wait to be notified in order to learn if you were affected by this latest data breach.  The University’s assistance line is available Mondays through Fridays between 9:00 a.m. and 7:00 p.m.  The telephone number is 888-414-8021 and you should use the reference number 8867061014.   I also urge you to put a credit freeze on your credit report so that even if someone has access to your Social Security number, they will not be able to access credit in your name.  With so many places with weak security  holding personal information including Social Security numbers on all of us, I urge everyone to consider putting a credit freeze on your credit report.  You can find directions how to do it by going to the Scamicide archives.

Scam of the day – May 11, 2014 – What’s up doc? Your identity

May 11, 2014 Posted by Steven Weisman, Esq.

In recent weeks a rash of identity thefts have occurred targeting physicians in New Hampshire, Arizona, Connecticut, Indiana, Maine, Michigan, North Carolina and the District of Columbia.  Many of these physicians who have become victims of income tax identity theft as their Social Security numbers were used by identity thieves filing phony income tax returns with their Social Security numbers and collecting refunds based on counterfeit W-2s.  Income tax identity theft is a huge problem and a sore spot with me as I don’t think the IRS is taking the one simple, low-cost step that could dramatically reduce this crime.  The IRS. as I have told you many times previously, does not compare W-2s in filed tax returns with the real W-2s filed by employers until August, long after they have sent out refunds.  Merely comparing the W-2s before sending out a refund would go a long way toward stemming this tide of income tax identity theft in a cost effective manner.

The identity theft of the physicians in the affected states has been traced to various state and national professional organizations, however the precise source of the hacking has still not been determined.  Once again, it is clear that regardless of how protective you are of your identity, you are only as safe as the places that hold your personal information with the weakest security.

TIPS

Whenever possible do not provide your Social Security number to companies, agencies or other entities with which you do business unless you absolutely must do so.  Also, monitor your credit report and your financial accounts regularly to become aware of any security breaches as soon as possible.  Also, because you cannot control your own security, it is prudent to put a credit freeze on your credit report so that even if someone obtains your Social Security number, they cannot get access to your credit report for purposes of making large purposes.  Go to the section on Credit Freezes on the right hand side of this page for information about how to put a credit freeze on your credit reports.

Scam of the day – April 26, 2014 – Tufts Medicare Preferred data breach

April 26, 2014 Posted by Steven Weisman, Esq.

Health insurance company Tufts Health Plans has just disclosed that it was a victim of a data breach through which names, birth dates and Social Security numbers of 8,830 of its customers who had purchased Tufts Medicare Preferred Policies, such as its supplemental Medicare coverage and its prescription drug plan.  The data breach is being investigated by federal law enforcement who initially discovered the data breach during the course of another investigation.  Tufts did not disclose how the data breach occurred, but is presently saying that it “was not due to an electronic breach, IT system vulnerability or hacking.”  However, without further details as to how the data breach was discovered, I must admit that I am skeptical of their firm pronouncement that there was no failure of computer security involved.

TIPS

Tufts is offering a year of free credit monitoring to those people affected.  If you have a Tufts Medicare Preferred Policy I urge you to contact your insurer to see if you were one of the people affected by this data breach.  Credit monitoring can be helpful, but it does absolutely nothing to prevent identity theft, it merely enables you to learn that you have become an identity theft victim sooner.  A better thing to do is to put a credit freeze on your credit report so that even if someone has your Social Security number and other personal information about you, they cannot access your credit report and get credit in your name.  On the right hand side of this page you will find a link to information on credit freezes and how to get one.

Scam of the day – April 25, 2014 – Data breach at Iowa State University

April 25, 2014 Posted by Steven Weisman, Esq.

Iowa State University officials announced this week that their computers had been hacked and personal information including Social Security numbers of 30,000 present and former students of the university were compromised.  The university will be sending an email notification to affected individuals this week.  This is just the latest instance of a college or university being hacked.  It also is another breach in which the university still maintained personal information in its data banks on former students although the university had absolutely no reason to maintain Social Security numbers for such students.  As I have told you many times previously, you are only as safe as the places with the weakest security that hold your personal information.

TIPS

If you are a student or former student of Iowa State University I urge you to contact the school and not wait to be notified in order to learn if you were affected by this latest data breach.  I also urge you to put a credit freeze on your credit report so that even if someone has access to your Social Security number, they will not be able to access credit in your name.  With so many places with weak security  holding personal information including Social Security numbers on all of us, I urge everyone to consider putting a credit freeze on your credit report.  You can find directions how to do it by going to the Scamicide archives.