Scam of the day – July 2, 2017 – Anthem data breach class action settlement

I first reported to you about the huge data breach at Anthem, a major care health care company in February of 2015 when it was initially discovered. The data breach affected 78.8 million patients and employees.  The data stolen included birth dates, Social Security numbers and other information putting the victims in extreme danger of identity theft.    In response to the data breach Anthem offered free identity theft repair and credit monitoring services to current or former members of Anthem plans going back to 2004.

A class action filed by people affected by the data breach has recently been settled with the settlement now awaiting approval by a federal judge in California overseeing the case.

Here is a link to the settlement.

https://anthemdatabreachlitigation.girardgibbs.com/wp-content/uploads/2017/06/2017-0623-Dkt-869-8-Settlement-Agreement.pdf

Approval is expected shortly.  Under the terms of the settlement, Anthem will offer two more years of identity theft repair and credit monitoring services to those affected and will pay up to fifteen million dollars toward out of pocket costs incurred by victims of the data breach.  Anthem also agreed to make substantial changes to its cybersecurity systems.  The total amount to be paid to settle the class action is 115 million dollars which is more than five times what Target and Home Depot spent to settle similar charges.  The primary reason for this is that in the Target and Home Depot data breaches all that was lost was credit card information while in the Anthem breach, personal information that can lead to significant identity theft was stolen.  Hopefully, this will serve as a wake up call to companies to upgrade their cybersecurity.  It is important to also note that, as with so many data breaches, this was started when an employee clicked on a link in a simple phishing email.

TIPS

I will notify you when the settlement is approved and let you know how to make a claim and apply for the additional credit monitoring and identity theft protection as well as apply for out of pocket expense reimbursement.

Neither Anthem nor AllClear ID, the company Anthem is using to provide credit monitoring and identity theft protection services to victims of the data breach assists with credit freezes although it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian if you were a victim of this or any other data breach.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the top right hand corner of this page.

Scam of the day – October 18, 2016 – Update on Home Depot data breach settlement

As I reported to you last year, in March of 2015 a settlement was reached between Home Depot and the plaintiffs in a class action on behalf of the 56 million victims of Home Depot’s massive data breach which occurred between April and September of 2014.  The settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  You are eligible to receive payments through the settlement if you used your credit or debit card at a self checkout lane at Home Depot between April 10, 2014 and September 23, 2014 and your card information was stolen.  You also are eligible for a payment if you received notification that your email address was compromised or if you specifically received a settlement notice informing you that you are a member of the class action.  Payments of as much as $10,000 will be made to claimants who suffered out of pocket losses and unreimbursed charges as a result of the data breach.  In addition, affected shoppers can receive payments of $15 per hour for time spent remedying the problems they encountered as a result of the data breach.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment were hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.

TIPS

If you were affected by this data breach, you must file a claim and the deadline for filing a claim is October 29th which is rapidly approaching.  Here is the link to go to in order to file a claim.

https://gilardigateway.com/HomeDepotBreachSettlement/Claimant/UnKnownClaimForm

However, even if you were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security. Greater use of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.  However, whenever you can, you should use your EMV chip card.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not as strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.

Scam of the day – July 22, 2016 – Home Depot class action update

As I reported to you in March a tentative settlement was reached between Home Depot and the plaintiffs in a class action on behalf of the 56 million victims of Home Depot’s massive data breach which occurred between April and September of 2014.  The tentative settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  Home Depot announced also agreed to provide eighteen months of free credit monitoring through security company All Clear ID to affected shoppers.  You can receive payments through the settlement if you used your credit or debit card at a self checkout lane at Home Depot between April 10, 2014 and September 23, 2014 and your card information was stolen.  You also are eligible for a payment if you received notification that your email address was compromised or if you specifically received a settlement notice informing you that you are a member of the class action.  Payments of as much as $10,000 will be made to claimants who suffered out of pocket losses and unreimbursed charges as a result of the data breach.  In addition, affected shoppers can receive payments of $15 per hour for time spent remedying the problems they encountered as a result of the data breach.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment were hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.

TIPS

If you believe you are entitled to payment as a part of the class action, click on this link for more information and to get the claim form which must be filed by October 29th.   http://www.homedepotbreachsettlement.com/frequently-asked-questions.aspx

A hearing on final approval of the settlement will occur on August 12th in the Federal District Court for Northern Georgia.

As for all of us, even if we were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security.  Greater use of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.  However, whenever you can, you should use your EMV chip card.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not as strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.

Scam of the day – March 11, 2016 – Possible Home Depot data breach settlement

A tentative settlement has been reached between Home Depot and the 56 million victims of its massive data breach which occurred between April and September of 2014.  The proposed settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  Shortly after the data breach, Home Depot announced that it would provide a year’s free credit monitoring through security company All Clear ID.  The offer was made to Home Depot customers who used their credit or debit cards at Home Depot between April 1, 2014 and September 9, 2014.  The proposed settlement of the class action brought by victims of the data breach must be approved by the judge overseeing the case.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment was hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.

TIPS

As further developments in this settlement occur, I will inform you of those developments so if you were a victim of the Home Depot data breach, I will let you know what to do.  As for all of us, even if we were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security.  Greater implementation of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.

Scam of the day – April 27, 2015 – MasterCard settlement with Target being challenged

The massive data breach caused by the hacking of Target in 2013 which compromised the security of as many as a hundred million credit and debit cards resulted in banks incurring millions of dollars in costs to replace the credit and debit cards put at risk by the data breach.  Although Target is still negotiating with Visa in regard to the amount that Target will reimburse Visa for these costs, Target announced recently that it had reached a settlement with MasterCard to pay nineteen million dollars to cover the costs of reissuing new cards for those people affected by the data breach.

Now a small group of banks has brought legal action to block the settlement which they allege is unfair to the banks that suffered losses as a result of having to reissue debit and credit cards.  Charles Zimmerman, one of the lawyers representing the group of banks challenging the proposed settlement has said the settlement “provides paltry restitution for the substantial losses suffered.”  A motion for a preliminary injunction to prevent the settlement will be heard today in federal court in Minnesota.

TIPS

Regardless of the outcome of this motion hearing or any settlements between the credit card companies, Target and the credit card issuing banks, consumers are well aware that the best place to find a helping hand when it comes to security while shopping is at the end of their own arms.  Part of the reason that we have had so many major retail data breaches in the last couple of years is that the United States still uses magnetic stripe technology from the 1960s rather than the modern computer chip credit cards used primarily throughout the rest of the world that is not susceptible to the type of mass retail hacks that we have seen at Target, Home Depot and others.  With the new chip cards, a new number is created for every transaction for which the card is used, making it worthless for a hacker to steal the credit card’s number from a card processing machine.  Regulations go into effect in October of 2015 that will require retailers to implement such smart card chip technology or be held financially responsible for all losses incurred using the magnetic stripe cards, which is why we will see retailers scrambling to meet the October 2015 deadline.  Meanwhile, some stores such as WallMart have already installed the machines to use the new smart chip cards.

So what should consumers do?

First of all, never use your debit card for retail purchases.  Federal law does not provide the same level of consumer protection from liability that you get with the use of a credit card.  Second, you should get a new smart chip card as soon as possible and use it whenever possible.  These new cards also have magnetic strips so you can still use the same card through the old style credit card processors if the store where you are shopping does not yet have card readers capable of processing the sale using the computer chip.

Scam of the day – November 11, 2014 – New study on effectiveness of phishing

Phishing, as you probably know, is the term for the tactic used by scammers and identity thieves who pose as a legitimate company, government agency or some other person or entity you trust and lure you into providing personal information that can either be used to make you or someone you know a victim of identity theft.  Recently, Google and the University of California, San Diego completed a study that showed just how effective phishing is.  A common phishing technique is to send an email to someone with a link directing them to a phony, but legitimate appearing website.  Other times, the phony email itself contains a request for personal information.  Startlingly, the study showed that at tHE most effective of these phishing websites up to 45% of people targeted provided the information requested.  Sometimes, the scammers are merely looking to take over your email account so that they can send targeted emails to people on your email list that appear to come from you and may be directed to your friends by name.  This type of phishing is called spear phishing.   Phishing is a tremendously effective scam technique and was at the core of the hacking of Target, Home Depot and many other companies and people.

TIPS

Never click on links or download attachments unless you are absolutely sure that they are legitimate.  Even if they appear to be in an email or text message from a friend, you cannot trust the communication because your friend’s account may have been hijacked by an identity thief or scammer.  Never provide personal information on websites unless you have confirmed that it is legitimate.

If your email account is compromised here are the steps to take:

1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you. You have already done this.
5. Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from www.annualcreditreport.com. Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
8. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on Scamicide.

Scam of the day – November 8, 2014 – Latest Home Depot hacking developments

Home Depot has announced that in addition to the information on millions of debit cards and credit cards that were stolen by hackers in its recent data breach which had gone undetected for months before being discovered in early September, the hackers also stole the email addresses of 53 million of its customers.

So what does this mean to you and me?

It means that we can expect to receive phishing emails that appear to come from Home Depot, some of which may even be directed to us by name.  This type of precise phishing is called spear phishing and it is an effective tool of identity thieves in luring us to provide personal information or to click on links or download attachments in official looking emails.  Unfortunately, if you provide the personal information requested under some guise in the email, this information will be used to make you a victim of identity theft and if you click on the link or download attachments in the emails, you will download keystroke logging malware that will steal your personal information from your computer and use it to make you a victim of identity theft.

Home Depot also disclosed for the first time that the way their computers were hacked was by initially hacking into third party vendors with lax security and using their usernames and passwords to gain access to the computers and data of Home Depot.  This was the same tactic used in the Target hacking and many other data breaches.  In fact, in a column I wrote for USA Today in September http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/ I described the techniques used by hackers to infiltrate the computers of targeted companies through such third party vendors or others using offsite access to the computers of the targeted companies.  I mention this not to toot my own horn, but to tell you that the problem has not been solved and we will be seeing this pattern followed in future major data breaches time and time again.

TIPS

The takeaway from Home Depot’s announcement that identity thieves may have your email address is to be even more vigilant in regard to not clicking on links or downloading attachments in emails regardless of how legitimate they may look.  The risk is too great.  You can well expect that you may receive an email that appears to come from Home Depot and it may have a link for you to click on for either more information about the risk to you of the data breach or even to gain you access to free credit monitoring.  Such a legitimate email was sent by Target to its affected customers after its major data breach.  However, you cannot be sure that the email is legitimate so don’t click on the link or download any attachments.  Rather, if the message appears to you to be legitimate, merely go directly to Home Depot’s real website where you will find the real information.  When Target sent an email with a link to free credit monitoring, I ignored the email, went to the Target website and enrolled there for the free credit monitoring.

Scam of the day – September 12, 2014 – Latest Home Depot developments

The Home Depot hacking, which could well end up to be the largest commercial data breach in history continues to evolve.  The latest developments involve those people who unwisely used their debit cards for making purchases at Home Depot stores.  Although Home Depot attempted to comfort those people who used debit cards at their stores by telling them that no PINs were among the data stolen, banks are already reporting a large increase in fraudulent ATM withdrawals using those compromised debit cards.  So how could this happen?  Unfortunately, armed with the debit card number, the full name of the card holder, the city, state and zip code where the card was used, enterprising identity thieves are able to gain access to the Social Security numbers and birth dates of those customers.  They are then able to call automated systems at the banks issuing the cards and change the PIN.  Most of these systems will allow the caller to be able to change PINs if the caller passes three of five security checks including the customer’s date of birth and the last four digits of the customer’s Social Security number and the card’s expiration date.  These can be obtained by identity thieves and we are now seeing hundreds of thousands of dollars already emptied from the bank accounts of people who used their debit cards to shop at Home Depot.  This same problem occurred following the Target data breach last Fall.

TIPS

First and foremost, DO NOT USE DEBIT CARDS FOR RETAIL PURCHASES.  I can’t say this too often or too loudly.  The risk to your financial well being is just too great, particularly with more and more retailers being hit with the same data breaches that have happened at Target, Home Depot and many other stores.  This will continue to happen as cyber security experts still have not come up with a viable solution to the threat posed by the hackers behind these data breaches.  When making purchases, use your credit card where the risk is only one of inconvenience in having to get a new card if your card is part of a data breach.  Meanwhile banks have got to recognize that their present system of allowing people to change PINs by phone with information easily obtained by identity thieves is not effective and the system must change.

Scam of the day – September 11, 2014 – Important Home Depot update

Home Depot has not confirmed what we knew all along, namely that they had been hit by a massive data breach that may involve as many as sixty million Home Depot customers going back to April 1, 2014.  The hacking of Home Depot followed the same pattern that we first saw in the hacking of Target last year, which was the first in what is already a long line of data breaches including, but not limited to Neiman Marcus, P.F. Chang’s, Goodwill and U.P.S.  As usual, due to the effectiveness of the malware used by what is probably the same Eastern European hackers, it was not Home Depot that first discovered the data breach, but rather banks monitoring credit card usage that were able to find a common denominator in fraudulent use of credit cards and trace it back to Home Depot.  The hackers who accomplished the Home Depot data breach are now selling the stolen credit and debit card information on black market websites in large batches.  Interestingly, along with the credit card numbers and debit card numbers, the hackers also are selling the state and zip code for the particular cards.  This enables the hackers to defeat some fraud detection programs that pick up charges made from areas far from the home of the card holder.   The identity thieves buying the card information can either buy card information for cards in their area and use them there or use them online.

Home Depot has announced that it is providing a year’s free credit monitoring through All Clear ID.  The offer is being made to Home Depot customers who used their credit or debit cards at Home Depot between April 1, 2014 and September 9, 2014.  If you wish to enroll, you can either go to Home Depot’s website www.HomeDepot.com or All Clear ID’s special website www.homedepot.allclearid.com.   It is very important to note that many people will be receiving emails, texts and phone messages purporting to be from Home Depot providing links to supposedly help you apply for the credit monitoring.  Many people will also be called on the phone and asked  by purported representatives of Home Depot for personal information including credit card information in order to enroll in the credit monitoring program.   These emails and text messages are scams designed to get you to download keystroke logging malware that will steal all of your information from your computer to make you a victim of identity theft while the calls are from scammers seeking to have you provide them the information they need to make you a victim of identity theft.

TIPS

Don’t click on links in emails or text messages promising to help you enroll in the free credit monitoring program.  You can’t be sure that the emails or text messages are legitimate.  Don’t provide personal information including credit card information over the phone to anyone you have not called unless you are absolutely sure that they are legitimate.  Instead go directly to the Home Depot website, www.homedepot.com or All Clear ID’s special website for Home Depot hacking victims, www.homedepot.allclearid.com where you can sign up for the credit monitoring service.  The malware used by the Home Depot hackers is still being used against many other companies and we can expect more and more data breaches in the future.  To protect yourself, do not use your debit card for purchases.  Use a credit card  for purchases and monitor your card usage regularly for indications of fraud.

Scam of the day – September 3, 2014 – Major data breach at Home Depot

According to the old saying, “fool me once, shame on you, fool me twice, shame on me.”  Reports have surfaced of yet another major data breach similar to the kind we first saw with Target and repeated regularly since then.  As usual, it is not the company that is discovering the loss of data on credit  cards and debit cards used at the store, but rather banks that monitor the sale of stolen credit and debit cards on black market websites noting the common thread of the cards having been used at Home Depot.  First indications are that the data breach may have affected every one of Home Depot’s 2,200 stores throughout the United States.  The potential loss of data may well be far greater than suffered by Target.  It also appears that the breach may have been done by the same Eastern European hackers that stole data from Target, P.F. Chang’s and others using the same “backdraft” malware that I have warned you about for a long time and about which the Department of Homeland Security warned retailers on July 31st.  This will not be the last major data breach as retailers are still not doing enough to protect the security of their data or the privacy of their customers.  In addition, the loss of credit card data could have been avoided had retailers seen the writing on the wall when the Target data breach occurred and advanced the switch over to smart credit cards with computer chips that generate a unique code each time the card is swiped thereby thwarting hackers and identity thieves who would be stealing a number that was worthless for further use.  Present regulations put no incentive on retailers to switch to these cards which are used throughout the world, but not in the United States, until October of 2015.

So what do you do?

TIPS

For starters, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.  Another thing you should always do is monitor all of your financial accounts regularly for fraudulent use.