Most corporate credit card data theft happens at the database level, like the massive T.J. Maxx breach. But Hannaford has notified investigators that the recent theft of 4.2 million accounts was caused by malware that was installed on the servers at each of its 300 locations. The software “intercepted data from customers as they paid with plastic at checkout counters and sent data overseas,” reports CNET.
identity theft
CareFirst Dental HMO Exposes SSNs, Says You Should "Take It Seriously"
By 3.28.08
Last month, The Dental Network—a dental HMO owned by CareFirst BlueCross Blue Shield—discovered it had accidentally revealed personal data and Social Security numbers online for about 75,000 of its customers. It told the members about the screw-up three weeks later. “The company says that to its knowledge, no one has misused the information. But it says ‘the risk … should be taken seriously,'” and it’s offering affected members one year of credit monitoring. After that, as you know, the thread of identity theft plummets. Wait, what?
Identity Theft + Mortgage Fraud = Home Stealing
By 3.28.08
* From time to time, it’s also a good idea to check all information pertaining to your house through your county’s deeds office. If you see any paperwork you don’t recognize or any signature that is not yours, look into it.
Thankfully they also say that “home stealing” so far does not appear to be very common.
Leukemia Survivor Settles ID Theft Lawsuit With TransUnion; Five More Companies To Go
By 3.27.08
When Eric Drew was in the hospital being treated for leukemia five years ago, a lab technician stole his personal information and began opening up credit card accounts in his name.
Phishers Target Google Calendars
By 3.20.08
Phishers have a new target: your Google Calendar. Nigerian-419-type scammers are spamming sending their messages as meeting invites on people’s Google’s Calendars. This happened to me a few days ago. One way to combat it is to change the “Automatically Add Invites To My Calendar” setting from Yes to No.
Don't Want A Debit Card? Key Bank Will Charge You $1 A Month
By 3.19.08
After hearing about Hannaford’s giant customer data breach yesterday, Brian decided to cancel the debit card he’d used there. That’s when he found out that Key Bank really wants you to have a debit card. In fact, they’ll charge you a small monthly fee to not have one linked to your “free checking” account. We figure that this means Key Bank makes about $12 a year more off of customers who have linked debit cards—and that if you want greater security on your account, it’s going to cost you.
4.2 Million Credit Cards Exposed In Hannaford Supermarket Security Breach
By 3.17.08
A security breach at the Hannaford east coast supermarket chain has lead to the exposure of some 4.2 million credit cards. The company said it was aware of at least 1,800 cases of fraud directly connected to the breach. If you shopped at Hannaford’s from Dec. 7 to March 10., when the breach is thought to have occurred, now is a great time to close your current credit and debit cards and get new ones. Side note: when clicking around their official website we found many sub-pages are down, saying they’re currently “undergoing site maintenance.”
Any Joe Sixpack Can Be A Phisher
By 3.17.08
The popular conception of phishers is of shadowy electronic masterminds, using a mix of technical prowess, deception and anonymity to trick consumers into handing over the bank account details. Actually, most of them are too stupid to design their own websites. That’s what two security researchers found when they delved deep into the online phishing community.
Chart: "10 Largest Data Breaches Since 2000"
By 3.17.08
The info-loving people at Flowing Data pulled the figures on data breaches (available at Attrition.org) and created a chart showing the top 10 biggest breaches in the past eight years. The most disturbing trend, which probably will surprise few Consumerist readers, is that the breaches are increasing in frequency.
Round 3: Ticketmaster vs Wachovia
By 3.14.08
This is round 3 in our Worst Company In America contest, Ticketmaster vs. Wachovia. Their crimes?
8 Ways To Opt Out Of Junk Mail Lists
By 3.13.08
Direct mailers don’t believe in the concept of opting in, so if you want to cut down on the amount of straight-to-the-trash mail you receive, you’ll need to contact them directly and request that your name is removed. ForestEthics—the group behind the Do Not Mail Registry petition we blogged about earlier, has gathered several ways to contact the offending parties.
FDIC Call Center: Former Employee Says It's A Great Place For Bank & Credit Union Info
By 3.13.08
A former FDIC employee writes that the FDIC’s call center (877-275-3342) is “a tremendously helpful place to get basic referral information if you’re having trouble with your bank, lender, or finance company.” They can’t help you with complaints, but they can route you to the correct agency, provide credit union contact info, and give you the names and numbers of state agencies where your bank is located.
Medical Records Sold As Scrap Paper
By 3.11.08
A fourth grade teacher in Salt Lake City, Utah, bought a box of scrap paper for $20 and discovered it was actually a box of medical records of 28 patients from Central Florida Regional Hospital. The hospital shipped the box via UPS to an audit company in Las Vegas last December. The hospital claims it had been tracking the box since February, but hadn’t told the patients. As for the teacher’s class, her next assignment for the students will be, “Apply for credit card offers using SSNs from the scrap paper box.”
Go Buy A Shredder Right Now
By 3.1.08
A shredder is an indispensable tool for keeping your identity safe and secure. If you receive credit card offers or have old bank statements littering your files, then you can’t do without a cross-cutting shredder to slice and dice your personal information into an indecipherable medley of confetti. Frugal For Life points out a few of the many reasons we all should be devout shredders.
Case Closed: HSBC Won't Tell You Someone In Bulgaria Is Stealing $2,000 From You
By 2.29.08
Last week reader Keith told us how scammers in Bulgaria siphoned $2,000 from his account, and his story snowballed into an entire HSBC class breach. Now Keith tells us that he has all the money back. He writes:
Once I was able to get in touch with Robert Olejniczak of corporate security he was extremely helpful, concerned and empathetic. The missing money was credited back to my account on 2/25, 6 business days after it went missing. I just received a letter in the mail stating that the “investigation is complete.” I guess they figured they didn’t need to do much investigating to determine that I couldn’t be swiping my card at a diner in Manhattan and in Bulgaria withdrawing large sums from an ATM at the same time.
They even gave him $.02 in interest, how nice.
HSBC Fraud Story On WNBC4
By 2.28.08
If you live in the New York Metro area, tune into NBC channel 4 like right now to see a followup on the widespread HSBC fraud story we broke. They interview Corey, the fiance of Emily, a Consumerist reader and HSBC fraud victim. WNBC tells us that the FBI said they they were generally aware of fraud in the area, but not this specific HSBC matter, and will be looking into the case. It’s par for the course that the bank would be more interested in avoiding bad publicity quiet than going after the scammers stealing your money. UPDATE: Just watched it, HSBC is saying that a credit card payment processor lost the customer data and so other banks could be affected too. However, when WNBC contacted other banks, Chase and Citi said they had not heard of missing money, Mastercard said they have not issued a system-wide alert, and VISA said they’re looking into it.
HSBC Confirms Customer Card Data Was Stolen
By 2.28.08
HSBC confirmed that thieves stole card payment data from the bank and they were reissuing 6,000 atm/debit cards to customers affected by the breach. One Consumerist reader, Keith, had $2000 stolen from him via an ATM in Bulgaria, and another, Emily, had $2,800 siphoned from her account from ATMs located clear across the country. (Emily also got interviewed on WCBS and we got a mention and a screenshot). Checking the comments section, it looks like 11 other Consumerist readers were affected by the HSBC fraud as well, with a number of the fraudulent withdrawals being made from Montreal and Canada. Sounds like the thieves stole the data, which contained both card numbers and PIN codes, and then cloned ATM/debit cards. If you’re an HSBC customer, might be a good time to change your PIN number.
