Scam of the day – May 28, 2017 – Chipotle data breach update

Today’s scam of the day is an update of the Scam of the day from April 28th when I first wrote about the data breach at Chipotle Mexican Grill. After  a series of food safety problems in 2015, the Chipotle Mexican Grill restaurant chain had recently regained sales, but that could change with the announcement by the company that it had suffered a data breach affecting most of its 2,550 restaurants between March 24th and April 18th. Following an all too predictable pattern, the data breach came about as a result of malware that stole credit card and debit card information from Chipotle’s card processors.  This in great part is due to the fact that Chipotle has still not updated its credit card processing equipment to handle the more secure chip credit cards as required by industry regulations.

Here is a link to Chipotle’s  updated official announcement about the data breach which, if you ate at a Chipotle’s restaurant during the relevant period, also provides a link to inform you if the particular restaurant you went to is affected by the data breach.  https://www.chipotle.com/security

TIPS

As consumers the best thing you can do is to use your EMV chip card whenever possible.  Unfortunately, Chipotle is just one of many retail establishments that still have not updated their credit card and debit card processing equipment to use EMV chip cards.  For further personal protection, don’t use your debit card for retail purchases because the protection from liability that you get regarding fraudulent use of a debit card is not as strong as the liability protection you get when using a credit card. In addition, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.

If you were a customer of Chipotle’s during the affected period, it is a good idea to carefully monitor the charges on your credit card for indications of fraudulent use.

Scam of the day – May 27, 2017 – Target pays $18.5 Million to 47 states to settle security breach claims

Many people trace the era of major data breaches by hackers to the massive data breach at Target during the holiday shopping season of 2013. Credit card and debit card data on approximately 40 million Target customers was stolen as well as other information including email addresses of approximately 70 million Target customers.

Recently 47 states and the District of Columbia settled civil charges against Target related to the data breach with Target agreeing to pay 18.5 million dollars to each of these states and the District of Columbia. California will receive 1.4 million dollars which is the largest amount that any state will receive.  None of this money is to returned to consumers.

This settlement is very significant because it is part of an escalating trend of companies whose negligence leads to data breaches being held responsible for the harm caused to consumers.

Pursuant to the settlement, Target will implement a comprehensive security program which will include the use of whitelisting analytic software that helps prevent unauthorized malware programs from being downloaded, segmenting of credit card information from other parts of Target’s computer networks and increased use of encryption.

TIPS

This is a very positive step and, having reviewed in detail the security requirements that Target will be required to implement, I believe these provide a good guide for other companies to use to enhance their data security.

As for all of us as consumers, the best thing we can do is to refrain from using our debit cards from any use other than as an ATM card because the laws protecting us from unauthorized use of debit cards are not as strong as those protecting us from unauthorized use of credit cards.  In addition, whenever possible use your credit card as a chip card rather than as a magnetic strip card for increased security.

Scam of the day – April 18, 2017 – New study about seniors and susceptibility to scams

A recently released  preliminary study by researchers at Cornell University published in the Journals of Gerontology concluded that naturally occurring changes in the brains of older people makes them vulnerable to financial exploitation.  The changes noted were in a part of the brain that alert us when facing a risky situation as well as another part of the brain that controls the ability to read social cues.  This deterioration of the brain can and is exploited by scammers to swindle older people.

A previous study by the University of Iowa also found changes in another part of the brain during aging that controls belief and doubt that would make older people less skeptical and therefore more likely to be a scam victim.

According to a study by the MetLife Mature Market Institute the cost of financial exploitation of the elderly is approximately 3 billion dollars annually.

TIPS

If you have an elderly family member who may be undergoing a decline in mental acuity, it is important to take specific steps to help prevent them from becoming a victim of financial exploitation.  First, it is important to recognize that many elderly victims of financial exploitation are victimized by their own family members or caregivers.  Keeping personal financial information and account information safe and secure is an important first step to take.  It is also important to regularly monitor the accounts of seniors.  Limits on access to funds such as through debit cards that can be customized to monitor spending, block certain types of transactions and set spending limits can be useful to some people.

Scam of the day – December 5, 2016 – Online credit card fraud increasing

Anti-fraud company Iovation is reporting that credit card fraud for online shopping during the first shopping weekend of the holiday shopping season that began on November 25th increased by 20% over last year and 34% over 2014.  This is not surprising because safer EMV credit cards with a chip that issue a new authorizing code every time the card is used cannot use the chip capability when shopping online,  leaving them more vulnerable to hackers accessing the victim’s credit card number which can then be used by the criminal for online purchases.  Victims may become victims of this type of identity theft through either security weaknesses in their own devices or at websites where they shop.

TIPS

This year 55% of online shoppers used their smartphones and other portable devices to make their online purchases and while many people have security software installed and regularly updated on their computers, many people do not take the same type of precautions with their smartphones or other portable devices, leaving them in greater danger of being hacked.  The key is to protect all of your devices with security software and keep it updated to protect you from the latest strains of malware as well as to prevent the malware from ever being installed on your devices.  The best thing you can do to prevent the malware from becoming installed on your devices is to never click on links in emails or text messages unless you have absolutely confirmed that the communication and the link are genuine.  Clicking on tainted links in specifically tailored spear phishing emails and text messages are still the most common method that malware is spread.

It is also important when shopping online to use your credit card rather than your debit card.  The consumer protection laws are stronger in regard to credit cards than debit cards and the inconvenience of having your debit card hacked is much greater than the problems you encounter when your credit card is hacked.

Scam of the day – October 18, 2016 – Update on Home Depot data breach settlement

As I reported to you last year, in March of 2015 a settlement was reached between Home Depot and the plaintiffs in a class action on behalf of the 56 million victims of Home Depot’s massive data breach which occurred between April and September of 2014.  The settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  You are eligible to receive payments through the settlement if you used your credit or debit card at a self checkout lane at Home Depot between April 10, 2014 and September 23, 2014 and your card information was stolen.  You also are eligible for a payment if you received notification that your email address was compromised or if you specifically received a settlement notice informing you that you are a member of the class action.  Payments of as much as $10,000 will be made to claimants who suffered out of pocket losses and unreimbursed charges as a result of the data breach.  In addition, affected shoppers can receive payments of $15 per hour for time spent remedying the problems they encountered as a result of the data breach.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment were hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.

TIPS

If you were affected by this data breach, you must file a claim and the deadline for filing a claim is October 29th which is rapidly approaching.  Here is the link to go to in order to file a claim.

https://gilardigateway.com/HomeDepotBreachSettlement/Claimant/UnKnownClaimForm

However, even if you were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security. Greater use of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.  However, whenever you can, you should use your EMV chip card.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not as strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.

Scam of the day – October 13, 2016 – Vera Bradley stores hacked

Luggage and handbag manufacturer, Vera Bradley announced yesterday that its retail stores suffered a data breach in which credit card numbers, customer names, card expiration dates and verification codes for customers who used credit and debit cards at its stores between July 25th and September 23rd were stolen by criminals who hacked into the company’s payment processing equipment.  Vera Bradley was notified of the data breach by law enforcement on September 15th.  Generally, breaches like this are discovered when a pattern for stolen credit cards being sold on the Dark Web where criminals buy and sell stolen credit cards indicates a common source or when the card issuing banks notice a pattern of fraudulent use traceable back to a single common denominator, namely the victims all shopped at a particular store.  Vera Bradley could have avoided this data breach had it switched over to EMV chip cards instead of continuing to use the old-style magnetic strip credit cards which are so much more susceptible to theft through data breaches.

Unlike most companies that suffer such data breaches, Vera Bradley is not offering free credit monitoring at this time.

TIPS

If you were a customer at a Vera Bradley store between July 25th and September 23rd, you should go online right away to monitor use of your credit card or debit card.  It is a good policy not to use your debit card for retail purchases because you have less protection under the law for unauthorized use.  Further, even if you report fraudulent use of your debit card immediately to your bank, your bank account to which the card is tied will be frozen and inaccessible to you while the bank investigates the matter.  Use your EMV chip card whenever possible and even if you were not a shopper at Vera Bradley, you should regularly monitor your credit card statement online so that you can discover any fraudulent use early.  Finally, be wary of any emails or text messages you may get that appear to be from Vera Bradley that require you to provide personal information.  Scammers often take advantage of data breaches such as this to send phishing emails to lure people into providing personal information they can use to make you a victim of identity theft.

For more information about Vera Bradley, you can go directly to its website at http://www.verabradley.com/

Scam of the day – April 30, 2016 – Class action against P.F. Chang’s restaurant chain continues

In June of 2014 I first reported to you about a data breach at P.F. Chang’s China Bistro a major restaurant chain.  A large number of credit cards and debit cards used at P.F.Chang’s restaurants  between March 2014 and May 19, 2014 were compromised.   A class action was filed by John Lewert and Lucas Kosner in 2014 on behalf of themselves and other similarly situated victims of the data breach.  P.F.Chang was initially successful in having the lawsuit dismissed on the ground that Lewert and Kosner had not personally suffered any harm at this time due to the data breach.  However, recently, the Seventh Circuit Court of Appeals revived the lawsuit, ruling in favor of the plaintiffs and allowing the case to proceed because, the court determined, the plaintiffs and others whose data was stolen faced the “concrete” possibility of becoming a future victim of identity theft.

If you were a customer of P.F. Chang’s affected by the data breach, here is a link to the website of the law firms handling the class action to which you can go for more information.  http://www.siprut.com/ and http://www.litedepalma.com/

TIPS

So what does this mean to you?  As I have cautioned you many times, you should not use your debit card for anything other than an ATM card.  Using it for retail purchases potentially puts your entire bank account tied to the card in jeopardy.  By using a credit card, your liability is limited to no more than $50 for fraudulent charges and many companies do not even charge you anything for fraudulent charges.  Everyone should monitor their credit card statements carefully each month to make sure that no fraudulent charges appear and if they do, you should contact your credit card company to have those charges removed immediately and to get a new credit card.

Scam of the day – May 6, 2015 – Another data breach at Sally Beauty stores

It was just a little over a year ago that I told you about a massive data breach at beauty supply company, Sally Beauty and apparently they have not learned their lesson.  Earlier this week the store said it was looking into “reports of unusual activity” on credit and debit cards used at some of its stores.  According to the store, “Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected.” It appears that more than 25,000 transactions were compromised by the data breach.  Once again, however, Sally Beauty did not take the prudent step of moving to smart card technology as some companies, such as Wal Mart have done ahead of the October 2015 deadline for doing so.

TIPS

Just as I advised you yesterday, the best thing you can do to protect yourself when shopping in a retail store is to not use your debit card which, if compromised can potentially put your entire bank account in jeopardy.  You also should carefully monitor your credit card statements to look for fraudulent purchases so that in the event of a data breach, you can quickly determine if you have become a victim of identity theft and close down the account so that all it will cost you is the inconvenience of getting a new credit card.

Scam of the day – April 18, 2015 – TD Bank hit by a skimmer

The Chelmsford Massachusetts police are investigating a skimmer that was found installed on a branch of TD Bank in Chelmsford Massachusetts.  Skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card which then permits the identity thief to access that information to access the victim’s bank account when the skimmer is used on a debit card attached to a bank account.  Each skimmer can hold information on as many as 2,400 cards.

TIPS

Always look for signs of tampering on any machine through which you swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, which are used at ATMs when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if they do not report a theft promptly.   Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.

Scam of the day – December 9, 2014 – Banks win first round in Target lawsuit

Last year’s massive data breach at Target was the first of a series of data breaches that continue unabated to this day with no end in sight.  While millions of Target customers were inconvenienced by the theft of their credit card or debit card information, banks that issued those cards and had to replace those stolen cards suffered financial losses involved with replacing the stolen cards as high as 400 million dollars.  Five of these banks, Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union and First Federal Savings filed a class action in federal court on behalf of themselves and other affected banks seeking payment from Target for the losses they incurred as a result of the Target data breach.  Target responded to the lawsuit by filing a Motion to Dismiss the lawsuit arguing that it was not responsible for the data breach, however Judge Paul A. Magnuson, in denying Target’s motion ruled that there was sufficient evidence of Target’s negligence to warrant a trial.  Specifically, the judge said that Target ignored security software program alerts that there was a problem and also actually disabled some of its own security features which contributed to the data breach.  According to Judge Magnuson, “Plaintiffs have plausibly alleged that Target’s conduct both caused and exacerbated the harm they suffered.”

TIPS

The importance of this early ruling in the case of the banks against Target cannot be overestimated.   While in the past retailers were not held responsible for the occasional data breach occurring in the processing of credit and debit card transactions, an ultimate verdict in favor of the banks could signal a major change in how retailers conduct business in general and in particular what security steps they will need to take in order to avoid financial responsibility for future data breaches.  Coupled with regulations shifting responsibility for data breaches to retailers who fail to switch to new smart credit cards with computer chips by October of 2015, this ruling may signal a new paradigm for company electronic security.