Jun 09 2011

Citi credit card security breach discovered

Category: Security BreachDISC @ 10:42 am
Citigroup

Image via Wikipedia

“Citigroup says it has discovered a security breach in which a hacker accessed personal information from hundreds of thousands of accounts.

Citigroup said the breach occurred last month and affected about 200,000 customers.”

“During routine monitoring, we recently discovered unauthorized access to Citi’s account online,” said Citigroup, in a prepared statement. “A limited number — roughly 1 percent – of Citi bankcard customers’ accounting information (such as name, account number and contact information including email address) was viewed.”

According to its annual report, Citigroup has about 21 million credit card accounts in North America, where the breach occurred.

The statement went on to say that the customers’ Social Security numbers, dates of birth, card expiration dates and card security codes “were not compromised.”

Well the routine monitoring discovered the Citi Group incident which clearly shows that intrusion was not discovered during the incident but after the incident had happened.
Cyber intrusion cost will increase and depend upon how late the incident was detected. The organizations should change their corporate strategy to more proactive approach where they can maintain, monitor and improve security controls based on the current value of the information asset.

If you’re a Citibank customer, we suggest you take a look at your account and immediately report any irregularities.

Stopping Identity Theft: 10 Easy Steps to Security

http://www.youtube.com/watch?v=KH0zno_6d9M

Tags: Citigroup, Credit card, Customer, Financial Times, Online service provider, PlayStation Network, Security, Social Security number


Aug 09 2010

Identity theft: How to protect your kids

Category: Identity TheftDISC @ 10:34 am
identity theft
Image by TheTruthAbout… via Flickr

Stopping Identity Theft: 10 Easy Steps to Security

Identity theft that targets children is rising. Here are five steps to protect your family

By Alissa Figueroa

Identity theft has grown into a multibillion-dollar problem. And it’s not only adults who are targeted.

At least 7 percent of the reported cases of identity theft target children. The number could actually be much higher, since many families don’t discover theft until a child applies for credit.

And the problem is likely to get worse before it gets better, the Associated Press reports, as identity thieves steal children’s dormant Social Security numbers and use them to create phony lines of credit and rack up debt, sometimes for years.

The scam, which has popped up only in the last year, is difficult to guard against, says Linda Foley, cofounder of the Identity Theft Resource Center (ITRC), an organization that offers counseling and resources to identity theft victims. The ITRC has seen a notable jump in the number of children identity-theft cases in the last year, reaching about 9 percent of its caseload this month.

“There’s no way to protect your child completely,” says Ms. Foley. That’s partly because these thieves are likely using sophisticated programs that mine for dormant numbers through school or doctor’s offices databases, which often require that children’s Social Security numbers be provided. And partly because tactics for selling the numbers are constantly evolving, making this kind of theft difficult to track.

Since credit issuers do not keep track of the age of Social Security number holders, they cannot alert families when a child’s number is being used. That’s something Foley’s organization has been trying to change since 2005, and a protection she considers vital for preventing child identity theft on a large scale.

There is some advice that parents can follow, though, to reduce the risk of identity theft:

1. Be cautious with your child’s Social Security number. Always ask why an organization needs the number and when possible, do not give it out. Be careful about which individuals, even friends and family, have access to your child’s number. Many identity thieves know their victims. Destroy extra documents that list your child’s number.

2. Talk to your kids about identity theft. Teach children not to divulge their personal information on the telephone and online.

3. Do not check your child’s credit report unless you have reason to believe there’s a problem. A minor should not have a report unless someone has applied for credit using that child’s Social Security number. To order reports unnecessarily can establish a credit report, opening a door to thieves, according to the ITRC.

4. Watch for red flags. If you receive pre-approved credit card offers or calls from collection agencies, run a credit report on your child immediately to see if there has been fraud.

5. Contact an identity theft specialist if you suspect a problem. There are several resources for families concerned with issues of identity theft. Visit the ITRC’s website for facts and information, or call its hotline at (888) 400-5530. You can also find information on the Federal Trade Commission’s identity-theft-prevention website.

Tags: Credit card, crime, Federal Trade Commission, Identity Theft, ITRC, Linda Foley, Social Security number, Theft


Mar 10 2010

Anti-fraud service bamboozle consumers

Category: Identity TheftDISC @ 1:42 am

Seal of the United States Federal Trade Commis...
Image via Wikipedia

by Edward Wyatt
provided by – NYTimes.com

Lifelock, the company that brazenly broadcast its chief executive’s Social Security number as part of its claim that it could protect anyone against identity theft, agreed on Tuesday to pay $12 million to settle charges that it misled consumers about the effectiveness of its service.

The settlement, announced by the Federal Trade Commission and a group of 35 state attorneys general, requires Lifelock to refrain from making further deceptive claims and take more stringent measures to safeguard the personal information that it collects from customers.

Jon Leibowitz, the chairman of the trade commission, said that “several hundred persons, at least,” who were Lifelock customers had become victims of identity fraud while using the company’s services. Customers typically paid $10 a month for the services, he said.

The commission also claimed that the “fraud alerts” Lifelock placed on individuals’ credit files protected only against certain types of identity theft, mainly the opening of new accounts, which is the cause of fewer than 1 in 5 cases of identity theft.

Lifelock’s customers were left vulnerable to having their current accounts misused, the most common form of the crime. About eight million Americans have their identity used illegally each year, the officials said.

“This was a fairly egregious case of deceptive advertising from our perspective,” Mr. Leibowitz said.

In an interview, Todd Davis, the Lifelock chief executive, said that the company had adopted a new advertising campaign that complied with the trade commission’s request. “We have differing views on what the intent of the message was” of the earlier ads, Mr. Davis said, adding that he believed the commission’s actions “set a standard for the entire industry to follow.”

Lisa Madigan, the Illinois attorney general, who joined Mr. Leibowitz in announcing the action at a news conference in Chicago, said that while Lifelock did provide some legitimate services, “most of what they did, you can do on your own and you can do it free.”

The biggest problem with the company’s claims, she said, was its guarantee to prevent identity theft from ever happening. “There is nothing you can do or you can purchase that is a 100 percent guarantee against identity theft,” Ms. Madigan said.

Mr. Davis knows the truth of that. After he began broadcasting his Social Security number, dozens of attempts were made to secure credit or identification using the information. At least one attempt succeeded, when a man in Texas secured a $500 payday loan using Mr. Davis’s Social Security number.

Tags: Attorney general, Federal Trade Commission, Identity Theft, Jon Leibowitz, LifeLock, Lisa Madigan, Social Security number, Todd Davis


Dec 16 2009

Internet security breach found at UCSF

Category: hipaa,Security BreachDISC @ 2:38 pm

University of California, San Francisco
Image via Wikipedia

By Erin Allday, SF Chronicle

Hackers may have had access to personal information for about 600 UCSF patients as a result of an Internet “phishing” scam, campus officials said Tuesday.

The security breach occurred in September when a faculty physician in the UCSF School of Medicine provided a user name and password in response to a scam e-mail message. The e-mail had been sent by hackers and made to look as though it came from UCSF workers who are responsible for upgrading security on internal computer servers.

The university is not identifying the physician.

A UCSF audit in October found that e-mails in the physician’s account included personal information about patients, including demographic and clinical data, and the Social Security numbers of four patients. It is unknown whether hackers actually accessed the e-mails.

The patients have all been notified of the security breach.

Phishing scams are designed to get people to reveal private information – such as Social Security numbers, credit card information and passwords – when they reply to e-mails that pretend to come from legitimate organizations.

For years, financial institutions and other corporations have been educating people to be cautious of such scams and wary of revealing private information on the Internet.

In response to the latest scam, UCSF officials said the university has been re-educating employees about protecting their user names and passwords.


Here we have another unnecessary healthcare data breach in a university due to phishing which resulted in a loss of private data demonstrating poor baseline security and lack of security awareness training. Healthcare organizations are not ready for HIPAA (ARRA and HITECH provision) compliance. Checkout why Healthcare Organizations May Not Be Prepared for HITECH and Other Security Challenges
Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.


Considering healthcare standard electronic transaction (compliance date, Jan 1, 2012) and HITECH provision (compliance date, Feb 17, 2010) are in the pipeline for healthcare organizations. Do you think it’s about time for them to get their house in order?

Reblog this post [with Zemanta]

Tags: arra and hitech, arra hitech provisions, Computer security, Credit card, Health Insurance Portability and Accountability Act, hipaa, Identity Theft, phishing, social security, Social Security number


Oct 26 2009

ChoicePoint fined for security breach

Category: Security BreachDISC @ 1:10 pm

Seal of the United States Federal Trade Commis...
Image via Wikipedia

Into The Breach; Protect Your Business by Managing People,

Atlanta Business Chronicle reported on Monday, October 26, 2009 that ChoicePoint Inc. will pay federal regulators $275,000 for a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft, the Federal Trade Commission reported.

The company, now owned by Reed Elsevier Inc., also agreed to strengthened data security requirements. ChoicePoint now must report to the FTC every two months for two years detailed information about how it is protecting the breached database and certain other databases and records containing personal information.

The moves settle Federal Trade Commission charges ChoicePoint failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order.

In April 2008, ChoicePoint turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention.

The FTC alleged that if the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach. The FTC also claimed ChoicePoint’s conduct violated a 2006 court order mandating that the company institute a comprehensive information security program reasonably designed to protect consumers’ sensitive personal information.

The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress.

Choice Point Victim
httpv://www.youtube.com/watch?v=90qWVtAuE_A

Reblog this post [with Zemanta]

Tags: ChoicePoint, Choicepoint breach, ChoicePoint fined, Federal Trade Commission, FTC, Identity Theft, Reed Elsevier, Security Breach, social security, Social Security number