Scam of the day – August 11, 2017 – Nationwide insurance settles data breach lawsuit

It appears that the insurance company Nationwide, despite its catchy slogan, may not be on your side.  Nationwide Mutual Insurance Company has just settled a legal complaint brought against it by the attorneys general of 32 states and the District of Columbia related to a 2012 data breach in which sensitive personal information including Social Security numbers of  1.2 million of its customers and even people who merely applied for insurance quotes and did not buy insurance from Nationwide was stolen in a massive hacking and data breach.

Under the terms of the settlement Nationwide will pay 5.5 million dollars to the states’ attorneys general who will use the funds to cover the costs of the investigation and legal action against Nationwide as well as to assist in future consumer protection enforcement cases.

Two class actions by injured consumers regarding the data breach are still pending in the courts.

The key reason for the liability of Nationwide in this case is that the data breach was made possible due to the failure of Nationwide to update their security software with patches that were already available.  Had Nationwide installed the security updates in a timely fashion, the hacking and data breach would have been thwarted.

In addition to the 5.5 million dollar payment, Nationwide is also required under the terms of the settlement to update its security practices, install security updates in a timely manner and take other specified steps to protect consumers’ data.  Nationwide is also required to notify consumers that the company keeps their personal information even if the consumer does not become a customer of Nationwide.


You will continue to see legal actions, settlements and court decisions such as this in the future as law enforcement is increasingly holding companies responsible for their faulty security practices.  As New York Attorney General Eric Schneiderman said, “Nationwide demonstrated true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process.”

So what does this mean to you and me?

Once again, this shows that regardless of how protective you are of your personal information, you are only as safe as the companies and institutions with the weakest security that have your information. Try as much as you can to limit providing personal information to companies unless there is a real need and inquire as to what the companies do to protect your data.  In addition, as I have advised many times, the best thing you can do to protect yourself from identity theft is to put a credit freeze on your credit reports at the three major credit reporting agencies. You can learn how to do this by going to the “search the website” section of Scamicide and putting in the words “credit freeze.”


Scam of the day – April 17, 2016 – Bank insider identity thief pleads guilty

Great attention is being given by many companies and institutions to protecting themselves from identity thieves attacking them from the outside, but it is also important for companies to pay equal attention to protecting themselves from the threat of identity theft and data breaches from rogue employees within their own companies.  Recently, Ronald Reed pleaded guilty to bank fraud and identity theft in federal court in California.  Reed convinced four Wells Fargo bank employees into providing him with information about Wells Fargo bank customers including their birth dates, bank account numbers and Social Security numbers which he used to steal money from the customers’ accounts as well as use their accounts to cash counterfeit checks.  Reed is scheduled to be sentenced on July 15th and faces as many as 32 years in prison.

Identity theft by bank insiders is a growing problem.  Late last year two bank employees of JP Morgan Chase were indicted for accessing customers accounts through phony ATM cards and stealing approximately $400,000.  Older people with accounts into which their Social Security checks are electronically deposited are particular desirable targets of these criminals.  In addition, many criminal bank insiders, familiar with banking regulations keep their fraudulent withdrawals to less than $10,000, the level at which greater bank scrutiny occurs.


There is little that we can do as consumers to protect ourselves from this type of insider identity theft.  The best thing you can do is to monitor all of your accounts and financial dealings often in order to recognize as soon as possible when identity theft has occurred.  The earlier you learn that you have become a victim of identity theft, the easier it is to correct the problem.  Anyone who has become a victim of identity theft should go to the tab at the top of the website for detailed information about the steps you need to take if you have become a victim of identity theft.

As for the banks themselves, they should do a better job of screening potential employees.  Some banks do little more than a cursory criminal background check.  In addition, banks should limit the access of tellers to customer information.  New York Attorney General Eric T. Schneiderman has advised New York banks to limit the access of tellers to such sensitive customer account information.