Data Breaches
Through no fault of your own and without you even knowing it, you could become the victim of identity theft because of a data breach.
In January of 2008 information was released about a back up data tape containing credit card information from hundreds of U.
S.
retailers and how it went missing from a secure storage facility.
Even more alarming was that the tape was unencrypted.
The company responsible for the data was forced to warn customers that they may become victims of data fraud.
The tape contained in-store credit card details on 650,000 retail customers.
A total of 230 retail companies were affected by the breach and some are national retail organizations.
The tape also contained Social Security numbers of 150,000 people and your social Security number is the absolute way to identity theft.
When an identity thief can match a name and address to a Social Security number, illegal credit card accounts, among other things, can be arranged.
In 2006, a very large retailer that operates over 2,000 retail stores discovered that thieves had broken into it's computer networks and made off with an estimated 94 million credit and debit-card numbers.
The computer breach was on a portion of its network that handles credit card, debit card, check, and merchandise transactions in the U.
S.
and is now believed to have happened through the hacking of open wireless routers at subsidiaries of the company.
Another way of putting it is that the thieves intercepted wireless transfers of customer information.
How do you, as an ordinary consumer defend against open wireless routers.
(NAWAZ, PLEASE LINK LIFELOCK TO THESE WORDS) Police in Turkey have apparently arrested a man allegedly attempting to sell information stolen from the big retailer.
The Ukrainian National was taken into custody at a Turkish nightclub and he is believed to be a significant player in the stolen information as a reseller.
U.
S.
authorities will most likely attempt to extradite the man.
Data breaches will continue to occur because of the human factor.
Protect yourself.
A consumer data broker business that is a publicly traded company had to pay $10 million in civil penalties and $5 million in consumer redress to settle Federal Trade Commission charges that its security and record handling procedures violated consumers' privacy rights and federal laws.
More than 163,000 consumers in its database had been compromised.
This publicly traded company gathers and sells personal information of consumers, including their names, Social Security numbers, birth dates, employment information, and credit histories.
FTC Chairman Deborah Platt Majoras stated: "Consumers' private data must be protected from thieves.
" The FTC alleges that the company did not have reasonable procedures in place to screen those customers that they sold sensitive personal identifying information to.
The FTC further alleges that some of the people that were approved to receive the delicate information lied about their credentials and actually used commercial mail drops as business addresses.
As well, some of those applying for the personal identifying information reportedly used fax machines at public commercial locations to send multiple applications for purportedly separate companies.
According to the FTC, the company failed to strengthen its application approval process or monitor its customers even after receiving subpoenas from law enforcement authorities alerting the company to fraudulent activity going back to 2001.
It was further alleged that the company violated the Fair Credit Reporting Act (FCRA) by providing consumer reports - credit histories to customers who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to verify their identities and how they intended to use the information.
The settlement requires the company to implement new procedures that will make sure that only legitimate businesses receive the credit reports and that the reports be used only for lawful purposes.
The company must also establish a comprehensive information security program and receive audits from independent third-party security professionals every other year until 2026.
The FTC will monitor for compliance via compulsory record keeping and reporting provisions.
Further, the company is required to verify the identity of businesses that apply to receive consumer reports and must, in some cases make site visits to certain business premises and monitor some of their customers use of consumer reports.
The $10 million in civil penalties was the largest in FTC history.
In January of 2008 information was released about a back up data tape containing credit card information from hundreds of U.
S.
retailers and how it went missing from a secure storage facility.
Even more alarming was that the tape was unencrypted.
The company responsible for the data was forced to warn customers that they may become victims of data fraud.
The tape contained in-store credit card details on 650,000 retail customers.
A total of 230 retail companies were affected by the breach and some are national retail organizations.
The tape also contained Social Security numbers of 150,000 people and your social Security number is the absolute way to identity theft.
When an identity thief can match a name and address to a Social Security number, illegal credit card accounts, among other things, can be arranged.
In 2006, a very large retailer that operates over 2,000 retail stores discovered that thieves had broken into it's computer networks and made off with an estimated 94 million credit and debit-card numbers.
The computer breach was on a portion of its network that handles credit card, debit card, check, and merchandise transactions in the U.
S.
and is now believed to have happened through the hacking of open wireless routers at subsidiaries of the company.
Another way of putting it is that the thieves intercepted wireless transfers of customer information.
How do you, as an ordinary consumer defend against open wireless routers.
(NAWAZ, PLEASE LINK LIFELOCK TO THESE WORDS) Police in Turkey have apparently arrested a man allegedly attempting to sell information stolen from the big retailer.
The Ukrainian National was taken into custody at a Turkish nightclub and he is believed to be a significant player in the stolen information as a reseller.
U.
S.
authorities will most likely attempt to extradite the man.
Data breaches will continue to occur because of the human factor.
Protect yourself.
A consumer data broker business that is a publicly traded company had to pay $10 million in civil penalties and $5 million in consumer redress to settle Federal Trade Commission charges that its security and record handling procedures violated consumers' privacy rights and federal laws.
More than 163,000 consumers in its database had been compromised.
This publicly traded company gathers and sells personal information of consumers, including their names, Social Security numbers, birth dates, employment information, and credit histories.
FTC Chairman Deborah Platt Majoras stated: "Consumers' private data must be protected from thieves.
" The FTC alleges that the company did not have reasonable procedures in place to screen those customers that they sold sensitive personal identifying information to.
The FTC further alleges that some of the people that were approved to receive the delicate information lied about their credentials and actually used commercial mail drops as business addresses.
As well, some of those applying for the personal identifying information reportedly used fax machines at public commercial locations to send multiple applications for purportedly separate companies.
According to the FTC, the company failed to strengthen its application approval process or monitor its customers even after receiving subpoenas from law enforcement authorities alerting the company to fraudulent activity going back to 2001.
It was further alleged that the company violated the Fair Credit Reporting Act (FCRA) by providing consumer reports - credit histories to customers who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to verify their identities and how they intended to use the information.
The settlement requires the company to implement new procedures that will make sure that only legitimate businesses receive the credit reports and that the reports be used only for lawful purposes.
The company must also establish a comprehensive information security program and receive audits from independent third-party security professionals every other year until 2026.
The FTC will monitor for compliance via compulsory record keeping and reporting provisions.
Further, the company is required to verify the identity of businesses that apply to receive consumer reports and must, in some cases make site visits to certain business premises and monitor some of their customers use of consumer reports.
The $10 million in civil penalties was the largest in FTC history.
Source...