Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Bank of America Calls Your Dad, Asks If He'd Like To Pay Your Bill For You
By May 23, 2008
Reader Dan says Bank of America called his old address and gave out his account details to the person who answered the phone. Luckily, that person turned out to be his father, though Bank of America didn’t know that. Once they did know they were speaking to a relative, they asked Dan’s dad to pay his bill for him.
It's Easy To Access Random Customer Info With Best Buy URLs
By May 2, 2008
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It’s still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn’t more careful with customer security.
The BBC Writes Application That Steals Personal Info From Facebook
By May 2, 2008
Feel wary about giving applications access to your Facebook page? Worried one of those quizzes or games might be maliciously harvesting your data? You were right to worry. The BBC had the same idea, so they decided to write a program to do just that. And it worked. Not only did it steal the data of Facebook users who installed the application, it also victimized all of their “friends.”
Fake Credit Card Reader Found At California Grocery Store Linked To Thefts
By April 30, 2008
A small California grocery store chain and its…
Postal Worker Steals Your New Credit Cards, Goes On Shopping Spree
By April 22, 2008
Police have arrested Paul Hank, a distribution clerk at the Smithtown, NY post office, after he stole credit cards from the mail and went on a shopping spree, says Newsday
Watch Out For Scammers Pretending To Be Your Credit Card Company's Fraud Department
By April 15, 2008
This should have been one of the first things your parents told you about avoiding scams, but in case they were busy watching TV or something — here you go:
Scammers Want Your Stimulus Check And Tax Refund
By April 14, 2008
Phoung Cat Le from the Seattle Post-Intelligencer reports that a colleague of hers is the victim of income tax ID theft. A scammer filed her income taxes before she did, hoping to get a hold of her refund and stimulus check.
Wal-Mart Holds Your Credit Card and ID Hostage When You Complain
By April 14, 2008
When reader Steve went to Wal-Mart to buy Rock Star for his daughter, he reluctantly presented the cashier with a state issued ID containing just his picture, name and signature. Steve’s job is to consult with law enforcement about identity theft, so he’s more careful than the average bear.
Leukemia Survivor Who Had Identity Stolen By Lab Tech Tells His Story
By April 10, 2008
We wrote about Eric Drew a few weeks ago—his personal information was stolen by a shady lab technician while he was undergoing treatment in 2004.
Your Credit Card Information Is Worth About 40 Cents
By April 9, 2008
You may think that your credit card and banking information is worth a lot of money to potential crooks. If you do, you’re wrong. There’s so much stolen personal information out there and banks are getting so good at cutting off compromised credit cards quickly that it’s driving the price down.
H&R Block Sends You A Refund Check For $5,666.10, Even Though You Haven't Filed Your Taxes
By April 1, 2008
H&R Block is an extremely generous company! They’ve sent you a $5,666.10 refund check and you didn’t even file your taxes with them! Isn’t that nice?
Maryland's Dental HMO Security Breach Was One Of Nearly 40 In The State Since January
By April 1, 2008
A few days ago we linked to a Baltimore Sun article that investigated the recent accidental release of private patient data online by The Dental Network. Now the reporter who broke the story, Liz F. Kay, has contacted us with news that “this was the largest of nearly 40 breaches affecting Maryland residents” since a disclosure law went into effect in January:
Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.
Prison Officials Lose Flash Drive With Data On 3,500 Volunteers And Visitors
By March 31, 2008
The San Francisco Chronicle has reported that “a flash memory drive containing names, birth dates and driver’s license numbers of more than 3,500 people who either volunteered or visited San Quentin State Prison in a group tour has been lost.” Our reader Paul, who sent us the tip, adds, “When I read it my first thought was, “Gee, I wonder what the chances are of this personal data ending up in criminal hands? Mmm, maybe 100%.” Our favorite part of the story: the data wasn’t encrypted, but prison officials have said that now they’re going to start encrypting it.
Hannaford Credit Card Theft Caused By Malware, Not Database Breach
By March 31, 2008
Most corporate credit card data theft happens at the database level, like the massive T.J. Maxx breach. But Hannaford has notified investigators that the recent theft of 4.2 million accounts was caused by malware that was installed on the servers at each of its 300 locations. The software “intercepted data from customers as they paid with plastic at checkout counters and sent data overseas,” reports CNET.
CareFirst Dental HMO Exposes SSNs, Says You Should "Take It Seriously"
By March 28, 2008
Last month, The Dental Network—a dental HMO owned by CareFirst BlueCross Blue Shield—discovered it had accidentally revealed personal data and Social Security numbers online for about 75,000 of its customers. It told the members about the screw-up three weeks later. “The company says that to its knowledge, no one has misused the information. But it says ‘the risk … should be taken seriously,’” and it’s offering affected members one year of credit monitoring. After that, as you know, the thread of identity theft plummets. Wait, what?
Leukemia Survivor Settles ID Theft Lawsuit With TransUnion; Five More Companies To Go
By March 27, 2008
When Eric Drew was in the hospital being treated for leukemia five years ago, a lab technician stole his personal information and began opening up credit card accounts in his name.
