Someone hacked this couple’s Sprint account, and bought four new phones on it, leaving these 12-year customers to pay over $2,500. Every time they called Sprint, the fraud department said not to worry and that the charges would be off the bill next month, but the disconnect notices kept arriving until Sprint shut off their phone. Only after a local consumer reporter got involved was the problem solved. When asked why it took so long, Sprint said, “it takes a while to complete a thorough investigation.” If you’re a legacy Nextel customer now with Sprint, you may want to ask about getting a PIN set up on your account. The account seemed to have been targeted (the fraud department said probably by someone inside Sprint) because it was an old Nextel account that didn’t have a PIN.
Scam Watch: Credit Card Shaving
Have you heard of “credit card shaving?” In this version of credit card fraud, thieves try out 16-digit number sequences until hitting one that works. Then they take gift cards from stores and shave off the digits and glue them onto a credit card. They scratch the magnetic strip so the clerk has to enter the credit card number by hand. It’s apparently all the rage in Portland There’s no defense against it except to monitor your statement for suspicious charges.
Prison Officials Lose Flash Drive With Data On 3,500 Volunteers And Visitors
The San Francisco Chronicle has reported that “a flash memory drive containing names, birth dates and driver’s license numbers of more than 3,500 people who either volunteered or visited San Quentin State Prison in a group tour has been lost.” Our reader Paul, who sent us the tip, adds, “When I read it my first thought was, “Gee, I wonder what the chances are of this personal data ending up in criminal hands? Mmm, maybe 100%.” Our favorite part of the story: the data wasn’t encrypted, but prison officials have said that now they’re going to start encrypting it.
Hannaford Credit Card Theft Caused By Malware, Not Database Breach
Most corporate credit card data theft happens at the database level, like the massive T.J. Maxx breach. But Hannaford has notified investigators that the recent theft of 4.2 million accounts was caused by malware that was installed on the servers at each of its 300 locations. The software “intercepted data from customers as they paid with plastic at checkout counters and sent data overseas,” reports CNET.
CareFirst Dental HMO Exposes SSNs, Says You Should "Take It Seriously"
Last month, The Dental Network—a dental HMO owned by CareFirst BlueCross Blue Shield—discovered it had accidentally revealed personal data and Social Security numbers online for about 75,000 of its customers. It told the members about the screw-up three weeks later. “The company says that to its knowledge, no one has misused the information. But it says ‘the risk … should be taken seriously,’” and it’s offering affected members one year of credit monitoring. After that, as you know, the thread of identity theft plummets. Wait, what?
Identity Theft + Mortgage Fraud = Home Stealing
* From time to time, it’s also a good idea to check all information pertaining to your house through your county’s deeds office. If you see any paperwork you don’t recognize or any signature that is not yours, look into it.
Thankfully they also say that “home stealing” so far does not appear to be very common.
Leukemia Survivor Settles ID Theft Lawsuit With TransUnion; Five More Companies To Go
When Eric Drew was in the hospital being treated for leukemia five years ago, a lab technician stole his personal information and began opening up credit card accounts in his name.
Phishers Target Google Calendars
Phishers have a new target: your Google Calendar. Nigerian-419-type scammers are spamming sending their messages as meeting invites on people’s Google’s Calendars. This happened to me a few days ago. One way to combat it is to change the “Automatically Add Invites To My Calendar” setting from Yes to No.
Don't Want A Debit Card? Key Bank Will Charge You $1 A Month
After hearing about Hannaford’s giant customer data breach yesterday, Brian decided to cancel the debit card he’d used there. That’s when he found out that Key Bank really wants you to have a debit card. In fact, they’ll charge you a small monthly fee to not have one linked to your “free checking” account. We figure that this means Key Bank makes about $12 a year more off of customers who have linked debit cards—and that if you want greater security on your account, it’s going to cost you.
4.2 Million Credit Cards Exposed In Hannaford Supermarket Security Breach
A security breach at the Hannaford east coast supermarket chain has lead to the exposure of some 4.2 million credit cards. The company said it was aware of at least 1,800 cases of fraud directly connected to the breach. If you shopped at Hannaford’s from Dec. 7 to March 10., when the breach is thought to have occurred, now is a great time to close your current credit and debit cards and get new ones. Side note: when clicking around their official website we found many sub-pages are down, saying they’re currently “undergoing site maintenance.”
Any Joe Sixpack Can Be A Phisher
The popular conception of phishers is of shadowy electronic masterminds, using a mix of technical prowess, deception and anonymity to trick consumers into handing over the bank account details. Actually, most of them are too stupid to design their own websites. That’s what two security researchers found when they delved deep into the online phishing community.
Chart: "10 Largest Data Breaches Since 2000"
The info-loving people at Flowing Data pulled the figures on data breaches (available at Attrition.org) and created a chart showing the top 10 biggest breaches in the past eight years. The most disturbing trend, which probably will surprise few Consumerist readers, is that the breaches are increasing in frequency.
Round 3: Ticketmaster vs Wachovia
This is round 3 in our Worst Company In America contest, Ticketmaster vs. Wachovia. Their crimes?
8 Ways To Opt Out Of Junk Mail Lists
Direct mailers don’t believe in the concept of opting in, so if you want to cut down on the amount of straight-to-the-trash mail you receive, you’ll need to contact them directly and request that your name is removed. ForestEthics—the group behind the Do Not Mail Registry petition we blogged about earlier, has gathered several ways to contact the offending parties.
FDIC Call Center: Former Employee Says It's A Great Place For Bank & Credit Union Info
A former FDIC employee writes that the FDIC’s call center (877-275-3342) is “a tremendously helpful place to get basic referral information if you’re having trouble with your bank, lender, or finance company.” They can’t help you with complaints, but they can route you to the correct agency, provide credit union contact info, and give you the names and numbers of state agencies where your bank is located.
Medical Records Sold As Scrap Paper
A fourth grade teacher in Salt Lake City, Utah, bought a box of scrap paper for $20 and discovered it was actually a box of medical records of 28 patients from Central Florida Regional Hospital. The hospital shipped the box via UPS to an audit company in Las Vegas last December. The hospital claims it had been tracking the box since February, but hadn’t told the patients. As for the teacher’s class, her next assignment for the students will be, “Apply for credit card offers using SSNs from the scrap paper box.”
Go Buy A Shredder Right Now
A shredder is an indispensable tool for keeping your identity safe and secure. If you receive credit card offers or have old bank statements littering your files, then you can’t do without a cross-cutting shredder to slice and dice your personal information into an indecipherable medley of confetti. Frugal For Life points out a few of the many reasons we all should be devout shredders.
Case Closed: HSBC Won't Tell You Someone In Bulgaria Is Stealing $2,000 From You
Last week reader Keith told us how scammers in Bulgaria siphoned $2,000 from his account, and his story snowballed into an entire HSBC class breach. Now Keith tells us that he has all the money back. He writes:
Once I was able to get in touch with Robert Olejniczak of corporate security he was extremely helpful, concerned and empathetic. The missing money was credited back to my account on 2/25, 6 business days after it went missing. I just received a letter in the mail stating that the “investigation is complete.” I guess they figured they didn’t need to do much investigating to determine that I couldn’t be swiping my card at a diner in Manhattan and in Bulgaria withdrawing large sums from an ATM at the same time.
They even gave him $.02 in interest, how nice.
