Posts Tagged: ‘credit freeze’

Scam of the day – October 3, 2015 – 15 million T-Mobile customers in danger of identity theft

October 3, 2015 Posted by Steven Weisman, Esq.

T-Mobile has announced that personal information on 15 million of its customers has been stolen as a result of a data breach that occurred between September 1, 2013 and September 16, 2015.  The stolen information includes names, birth dates and Social Security numbers.  This type of information can readily be used by a criminal to steal the identities of the people whose personal information was compromised.  Because identity theft can be a devastating crime, this is a major problem if you were a customer of T-Mobile during that time.  It is important to note that it was not T-Mobile’s computers that were hacked.  Rather it was a server used by the credit reporting agency Experian that was hacked to steal this customer information.  T-Mobile used the services of Experian to run credit checks on people applying for T-Mobile services or devices.  A number of questions are brought up by this hacking including why Experian continued to store this personal information long after the determination of creditworthiness had been done.  Also, there are questions about the encryption program Experian used to protect its data because the encryption proved ineffective.


T-Mobile is offering free credit monitoring services through ProtectMyID to affected customers for two years.  However, it should always be noted that credit monitoring does not help prevent identity theft, but merely helps you learn sooner when you do become a victim of identity theft.  Somewhat ironically, it should also be noted that ProtectMyID is owned and operated by Experian, the same company responsible for the data breach.  For more information about obtaining the free credit monitoring services if you have were affected by this data breach, click on this link which provides instructions from T-Mobile about signing up for the service.

Meanwhile, everyone should consider putting a credit freeze on their credit reports to actually help prevent identity theft.   With a credit freeze in place, an identity theft who has your personal information including your Social Security number will be prevented from accessing your credit report to obtain credit or make purchases in your name.   For more information about credit freezes, go to the archives of and type in “credit freeze.”

Scam of the day – October 2, 2015 – Update on data breach at Trump hotels

October 2, 2015 Posted by Steven Weisman, Esq.

It has just been disclosed by the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York that its hotels had been hit with a Target-like credit card and debit card data breach that appears to have occurred between May 19, 2014 and June 2, 2015.  Although the Trump Hotel Collection is just announcing this now and much of the media is reporting this as a new story, here at Scamicide, we reported to you about this data breach in our Scam of the day on July 5, 2015.  As with so many data breaches, it was discovered not by the company hacked, but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.    The malware used to perform this data breach was installed on computers at Trump hotels front desk terminals as well as as payment card terminals in the hotels’ restaurants and gift shops.  This type of hacking and data breach could have been prevented had the Trump Hotel Collection switched to the modern EMV smart chip credit cards now being required to be used according to credit card regulations that just went to effect yesterday.  Instead the Trump Hotel Collection, as many companies still do, used the old fashioned credit and debit cards with magnetic strips which are so susceptible to hacking.


If you used your credit and debit card at one of the affected Trump hotels between May 19, 2014 and June 2, 2015, you should obtain your credit report from each of the three major credit reporting agencies and look for indications of identity theft.  You should also carefully monitor your credit card account and bank accounts for unusual activity.  You should also consider putting a credit freeze on your credit reports, which is always a good idea.  The Trump Hotel Collection is offering free credit monitoring for people who used their cards at their hotels during the time period indicated above.  For more information about this offer, call them at 877-803-8586.  Here also is a link to the statement of the Trump Hotel Collection about this data breach.

As for the rest of us, there is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which we do business.  One important thing to do is to refrain from using your debit card except at ATMs.  Using your debit card at retail establishments puts you at a much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Also, if you have not yet received a new EMV smart chip credit card from your credit card company, you should ask your credit card company for a replacement credit card with a computer chip now.

Scam of the day – September 13, 2015 – Another major health care data breach

September 13, 2015 Posted by Steven Weisman, Esq.

Health insurer Excellus Blue Cross/Blue Shield became the latest major health insurer to disclose that it had suffered a data breach affecting 10.5 million people.  The compromised information may include names, birth dates, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.  This hacking, which was just announced, but has been going on since December of 2013 is the fourth major health care data breach this year with anthem Blue Cross/Blue Shield being the largest, having affected upwards to 80 million people.  As I warned everyone in my USA Today column in which I made my cyberpredictions for 2015, the health care industry is tremendously vulnerable to data breaches and we can expect these data breaches to continue.  Here is a link to that column.

A recent audit of health care companies and insurers showed that more than 81% of these companies have suffered a data breach in the last two years alone and that number only relates to the data breaches that have been discovered.  There may have been more that remain undiscovered.

The potential consequences of medical company data breaches can be tremendous to affected individuals.  The medical records of an identity thief accessing your medical insurance can become intermingled with your medical records such that you can mistakenly receive improper treatment, such as a potentially deadly blood transfusion of the wrong blood type.


Excellus will be sending out snail mail letters to those people affected by the data breach shortly.  If you receive an email purportedly from Excellus asking you to click on links for information about the data breach, it is a phishing email aimed at getting you to download malware on to your computer and make you a victim of identity theft.  As many hacked companies do, Excellus is offering two years of free credit monitoring, however these services will do nothing to protect you from identity theft.  In order to do that, I suggest that you put a credit freeze on your credit report at each of the three major credit reporting agencies in order to prevent someone who already has your personal information such as your Social Security number from accessing your credit report to run up debts in your name.  You can find information about how to do a credit freeze in the Scamicide Archives.  For more information about the Excellus data breach, you can either call their toll free hotline number of 877-589-3331 or got their website by clicking on this link.

Scam of the day – September 8, 2015 – Company picked to provide identity theft protection for victims of OPM data breach

September 7, 2015 Posted by Steven Weisman, Esq.

The Office of Personnel Management (OPM) which was hacked by Chinese hackers who stole personal information of more than 21 million present and former federal employees has chosen Identity Theft Guard Solutions to provide  three years of identity theft protections to the victims.  Notifications will be going out from the Defense Department to the victims starting at the end of September and it will take about three months to notify all of the victims.  Also covered by the program will be more than 6 million children whose parent’s information was compromised in the data breach.   When the data breach was initially discovered, the OPM hired another company to provide 18 months of identity theft protection services, however, the company had its website crash and the call center answering questions about the services to be provided often had delays of hours before callers could speak to a representative.


If you were a victim of the OPM data breach, you should be on the lookout for notification from the Defense Department with information about how to apply for benefits under the program.  However, it is important to remember that no identity theft protection company can prevent you from becoming a victim of identity theft.  The best they can do is notify you earlier that you have become a victim.  None of the identity theft protection companies help you with the one best step you can take to protect yourself from identity theft which is to put a credit freeze on your credit report.  With a credit freeze on your credit report, even if someone has your personal information including your Social Security number, they cannot access your credit report for purposes of gaining credit or loans in your name.  You can find information about how to put a credit freeze on your credit reports at each of the three major credit reporting agencies by going to the Archives section of Scamicide and putting in the words “credit freeze.”

Scam of the day – August 24, 2015 – Plenty of Fish dating site hacked

August 24, 2015 Posted by Steven Weisman, Esq.

Plenty of Fish ( an online dating website with more than a hundred million members had its website corrupted by hackers who managed to install a keystroke logging malware program known as Tinba that enables the identity thieves to steal credit card and banking information from its victims.  What makes this hacking particularly noteworthy is that the hackers did not hack into the computers of Plenty of Fish to install malware as was done in the recent hacking of Ashley Madison.  Instead, they hacked into the computers of a legitimate advertising company, Improve Digital that distributed online advertisements to Plenty of Fish.  The malware was attached to legitimate online advertisements placed by Improve Digital on the Plenty of Fish website.  And as I always say, “things aren’t as bad as you think, they are worse.”  In this case, it was not even necessary for someone visiting the Plenty of Fish website to click on the infected advertisements to permit the malware to be downloaded on to their computers.  All that was necessary was to merely go to the now infected website to have  your computer, in turn, infected with this dangerous malware.


If you are a user of Plenty of Fish, you should monitor your bank accounts and credit card accounts closely.  You also would be wise, if you already have not done so, to put a credit freeze on your credit report.  You can find information as to how to do this here on Scamicide.  Just go to the archives and enter the words “credit freeze.”  You also should make sure that you are using the latest anti-virus and anti-malware software on your computer and run a scan for any viruses or malware.

Scam of the day – August 11, 2015 – Medical Informatics Engineering class actions filed

August 10, 2015 Posted by Steven Weisman, Esq.

Recently I told you about the hacking and data breach of Medical Informatics Engineering (MIE) and its cloud service NoMoreClipboard.   MIE operates more than 300 medical centers in 38 states.  On May 26th it discovered that it had been hacked since May 7th.  Unfortunately the personal information compromised in the data breach was very significant including names, telephone numbers, mailing addresses, usernames, password security questions and answers, spousal information, email addresses, birth dates, Social Security numbers, health insurance policy information and more all of which puts the victims of the data breach in serious jeopardy of traditional and medical identity theft.  It is estimated that almost four million people had their personal information stolen.  The company started notifying affected victims whose personal information was hacked by traditional mail in June and July.  Now, however, two lawsuits have been filed on behalf of the victims in the Federal District Court in Ft. Wayne Indiana seeking class action status.  Both lawsuits  allege that MIE was negligent in not implementing proper security measures to protect the personal information it collected and stored.


If you are one of the victims of the data breach and want more information about the two class actions, you can contact the law firms, Price Waicukauski & Riley LLC and Cohen & Malad LLP by clicking on the following links respectively and

You can also call MIE’s toll-free hotline at 866-328-1987 for more information.   In addition, you should also carefully monitor all of your financial accounts and check your medical records to make sure that someone has not accessed your health insurance and made you a victim of medical identity theft.  You should also put a credit freeze on your credit report.  You can find out how to put a credit freeze on your credit report by going to the Archives of Scamicide.  Be wary of any emails that you receive purporting to be from MIE because you can expect identity thieves to be sending out these as phishing email posing as MIE seeking to have you provide personal information or click on links containing malware.

Scam of the day – July 24, 2015 – Major identity thief convicted

July 23, 2015 Posted by Steven Weisman, Esq.

Hieu Minh Ngo has pleaded guilty to a number of identity theft related charges in the Federal District Court of New Hampshire and been sentenced to 13 years in prison.  Between 2007 and 2013 Ngo obtained access to as many as 200 million consumer records from large data brokers including Court Ventures, which is 2012 was acquired by Experian, one of the three major credit reporting bureaus.  Ngo was able to access these records by posing as a private investigator.   Putting this number into perspective, it represents 60% of the population of the United States.   He then sold to identity thieves comprehensive packages of consumer data, referred to in the world of identity thieves as “fullz,” made up of individuals’ names, credit card numbers, Social Security numbers, birth dates bank account numbers and bank routing numbers, on black market websites he operated called and  According to the Justice Department, Ngo sold fullz to 1,300 identity thieves, who in turn committed large numbers of identity theft including 65 million dollars in income tax identity theft alone.  Ngo could have been sentenced to 24 years in prison, but through a plea bargain got a reduced sentenced in return for his cooperation in identifying his former identity thief customers.

Now, a class action lawsuit has been filed in the Federal District Court for the Central District of California against Experian alleging it was negligent in failing to protect its consumer data from Ngo.  The class action is seeking to have Experian ordered to notify all affected consumers, provide free credit monitoring services to affected consumers and establish a fund to reimburse those who became victims of identity theft due to Experian’s negligence.  I will keep you informed as further developments in this case occur.


This case is yet another example of how vulnerable we all are to identity theft because we are only as secure as the companies and governmental agencies that have our personal information.  One thing, however, we can all do to protect ourselves is to put a credit freeze on our credit reports at each of the three major credit reporting bureaus, which will prevent access to our personal credit records and the information contained therein.  Go to the Archives section of Scamicide for further information about how to put a credit freeze on your credit reports.

Scam of the day – July 23, 2015 – FTC accuses Lifelock of misleading consumers

July 23, 2015 Posted by Steven Weisman, Esq.

In a recent court filing in the Federal District Court of Arizona, Lifelock, one of the most well known companies offering identity theft protection services has been accused by the Federal Trade Commission (FTC) of failing to live up to a settlement Lifelock made in 2010 with the FTC as well as 35 state attorneys general regarding charges that Lifelock used misleading and deceptive advertising as well as failing to adequately protect the security of the personal data of its customers.  According to the FTC, Lifelock violated the 2010 settlement by failing to maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card numbers, Social Security numbers and bank account numbers as well as by falsely advertising that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions.  Lifelock has publicly disputed the allegations.


If the charges are proved to be true, this would be very disturbing to Lifelock customers because any company holding such tremendous amounts of personal information would be a prime target of hackers and identity thieves.  It is also important to remember that neither Lifelock nor any of the other identity theft protection services are able to truly protect you from identity theft.  They merely help you take certain steps to reduce your chances of becoming a victim of identity theft and help you monitor your accounts to let you know sooner if you become a victim of identity theft.  In fact, none of the identity theft protection services assist you in putting a credit freeze on your credit report which may be the single best step you can take to protect yourself from identity theft.  You can find instructions for putting a credit freeze on your credit reports here in the Archives of Scamicide.   None of the things that any of these companies do for you are things you cannot do for yourself at less cost.  In fact, although it is obviously self-serving, the cost of my book “Identity Theft Alert” in which I provide you with precise steps you can take to help protect yourself from identity theft is less than a month’s cost of most identity theft protection services.

Scam of the day – July 20, 2015 – UCLA Health System hacked affecting 4.5 million people

July 19, 2015 Posted by Steven Weisman, Esq.

The parade of data breaches at major health care providers continues as I predicted in my USA Today column last December.  Here is a link to that column.

The present data breach is of the UCLA Health System and it may have been going on undetected since September of 2014 until recently being discovered.  The information that may have been compromised is a treasure trove of data for identity thieves.  It included names, Social Security numbers, medical records, ID numbers and addresses on 4.5 million people.  But, as I always say, things aren’t as bad as you think — they are worse.  The stolen data was totally unencrypted making the threat to the people in the UCLA Health Systems computers more serious.

Medical identity theft can not only result in your financial life being threatened.  The mixing of medical records of the victim of the identity theft with the medical records of the identity thief utilizing the medical insurance can potentially be deadly, such as when a person might receive the wrong blood type in a transfusion or a drug to which they may be seriously allergic.  Again, compounding the problem, it can be extremely difficult or even impossible to remove the identity thief’s medical information from the victim’s medical records after the problem has been discovered due to quirks in the medical privacy laws.


If you are one of the people affected by this data breach, UCLA will be notifying you by regular mail and will explain your options.  They will not be notifying people by email or text messages so if you receive such a communication, you should not click on any links contained in the email or text message because they have been sent by an identity thief as a phishing email attempting to lure you into downloading malware by clicking on the link.

Those people affected will be offered free credit monitoring for a year.  They also should monitor their financial and medical insurance accounts carefully for early indications of fraud.  Putting a credit freeze on their credit reports would also be a good step to take.  You can find more information about credit freezes here in the Scamicide archives.

Here is a link to a press release by UCLA which describes the data breach and your options.