Tag Archives: social security number

Breach Brief – SunTrust Bank

SunTrust Bank has reported a data breach that may have compromised the personal information of up to 1.5 million customers. According to reports the bank believes a former employee may have stolen customer information to give to a criminal third party.

SunTrust first became aware of improper access to customer records in February. An internal investigation implicated the ex-employee for the alleged theft. According to the Wall Street Journal the employee tried to print the records and share them with a “criminal third party.”

According to SunTrust the names, addresses, phone numbers and account balances of 1.5 million customers were breached. However the bank does not believe that Social Security numbers, account numbers, passwords, and driver’s license information were accessed. SunTrust also stated that there’s no indication that fraudulent activity has occurred with the affected accounts.

The bank has begun  the process of contacting customers whose info may have been compromised. SunTrust is also planing to provide free identity protection to all its customers whether they have been impacted by the breach or not. 

SunTrust customers can go to this website to see if they are affected by the breach.

The incident is under investigation and the bank continues to work closely with law enforcement and outside experts.

How to Check Your Child’s Credit Report

Originally published on CreditCards.com

Written by Dinah Wisenberg Brin

Parents place the utmost attention on their children’s safety, education, health and happiness, but even the most conscientious parent may overlook another matter that can affect their child’s future: the child’s credit report.

With some exceptions, most children under age 18 should not have a credit report at all. Minors, however, are not immune to identity theft and credit fraud. So you need to see if your youngster has a credit report – and you need to know what is on it.

“Ideally, and in the vast majority of instances, your child would not have a credit report,” says Rod Griffin, director of public education for credit reporting agency Experian. “It’s a good idea for a parent to check.”

Checking is especially important if you suspect your young child is the victim of identity theft. Teens also should check for credit reports in their names if they suspect someone may be using their identity and Social Security number to open fraudulent accounts.

Unless identity theft and credit fraud are caught and corrected, they can hinder a child’s ability to get loans, jobs or housing once they reach adulthood.

Protect your child’s financial future

In some cases, a child might legitimately have a credit report. For example, a teen might have one if a parent authorized him as a user on a credit card.

In most other cases, however, the existence of a credit report tied to a child is a sign of nefarious activity. Identity thieves can use a child’s Social Security number to open credit card accounts, apply for loans or government benefits or rent an apartment, the Federal Trade Commission notes.

“It’s a good idea to check whether your child has a credit report close to the child’s 16th birthday. If there is one – and it has errors due to fraud or misuse – you will have time to correct it before the child applies for a job, a loan for tuition or a car, or needs to rent an apartment,” the FTC says on its website.

Talk to your children about keeping their information safe: The Identity Theft Resource Center says you should tell your children they should try to avoid using their Social Security number, especially on the internet or when applying for financial aid or summer jobs. Parents and college-age kids should keep all sensitive information locked in a secure place, use a locked mailbox to send and receive mail, and take precautions when filling our forms for school and sports activities.

Do not delay if you see signs that credit thieves already have established a report in your child’s name.

The Identity Theft Resource Center cites several warning flags, including:

  • Calls from collection agencies, bills or credit cards sent to your home in your child’s name.
  • A child receiving preapproved credit card applications, or government notices related to taxes, benefits or even traffic violations.
  • A child having a bank account application denied because of poor credit history.
  • The mere existence of a credit report in the child’s name.

How to find a child’s credit status.

The three national credit-reporting companies – TransUnion, Equifax and Experian – do not knowingly keep data on children younger than 13, according to AnnualCreditReport.com.

That website – which is the official website where you can get free access to your credit reports – outlines steps to take if you suspect fraud involving your child’s identity. Such steps include alerting all three credit reporting agencies, filing a police report and filing a complaint with the Consumer Financial Protection Bureau. You also can file a complaint with the FTC. You can also call the Identity Theft Resource Center at 800-400-5530.

IDEALLY, AND IN THE VAST MAJORITY OF INSTANCES, YOUR CHILD WOULD NOT HAVE A CREDIT REPORT. HOWEVER, IF YOU SUSPECT FRAUD, YOU NEED TO TAKE SOME SPECIFIC STEPS.

For example, each of the bureaus provides specific directions for requesting a minor child’s credit report. Making a request is the first step in clearing the record if an inaccurate or fraudulent file exists.

For more information, review our step-by-step instructions for requesting a child’s credit report from each bureau. Otherwise, below is a summary of the rules for the three credit bureau:

TransUnion offers an online form to help determine whether your child may be an identity theft victim. If the company finds a credit file on your child, it will seek more information from you.

Equifax instructs parents to contact its Minor Child Department in writing, and to provide copies of the child’s birth certificate and Social Security card, proof that you are the child’s parent or legal guardian, and a copy of your driver’s license or other government identification. Equifax says it will notify you and remove the child’s file if it exists.
Experian requires parents to mail in or digitally submit documentation if they want to know whether the company has a credit file on their child age 13 or younger. Experian provides a form for doing so. If a child does have a credit history, Griffin says, Experian will add a security alert to the file, include a note to say the child is a potential fraud victim, and freeze the file at no cost. When the child is older, he or she can lift the freeze and have access to his or her report, Griffin says. Check the credit freeze laws in your state by clicking here.

Family members and credit fraud

In some cases, family members themselves are the ones obtaining credit fraudulently in a child’s name. Foster children are particularly vulnerable to identity theft. “They’re a target, unfortunately, in many cases,” Griffin says.

Griffin has worked with teachers who try to help students to address fraud issues. In such cases, the minors may need to file police reports and affidavits against family members. “It’s a really heart-wrenching, difficult circumstance,” he says.

Federal law requires child welfare agencies to obtain annual credit reports for foster care youths ages 16 and older, and to help them clear up their records in cases of identity theft, according to the FTC.

Data breaches at health insurers and other companies also may expose children to identity theft. Do not ignore any notices you receive indicating that you or your family may have had personal information exposed in a data breach. Instead, respond appropriately, Griffin says. “You need to be actively engaged in protecting your information and your children’s,” he says.

National Cyber Security Awareness Month – Identity Theft

Identity theft is big business. And if you have been paying attention you probably know that data theft is exploding globally, especially so in the U.S. According to the Identity Theft and Resource Center and CyberScout  data breaches have hit  791 incidents in the first half of 2017 alone. Up 29 percent from last year.

Lets talk money. Last year over 15 million Americans were victims of identity theft. For the crooks that pulled in a staggering $16 billion. According to an Identity Fraud Study by Javelin Strategy & Research, since 2011 identity thieves have stolen $107 billion from U.S. consumers.

African-American consumers are as vulnerable as any other Americans to identity theft. But here is the problem. Many data breaches are not reported for days and even months sometimes. Is that against the law? Not exactly. Sometimes law enforcement will ask the company not to publicly disclose the breach as part of the investigation. So, as I always say, your cyber security is your responsibility.

How do you know if your identity has been stolen?

The answer to that question is, it’s hard to tell without constant vigilance. The bottom line is that you have to be on the lookout for not only the obvious signs but subtle clues as well. Again, you are responsible for your cyber security and your money. Don’t expect banks or credit card companies to do all the work. Yeah, they have algorithms that can spot unusual transactions but they are not perfect by any means. Here are some clues you need to be alert for.

  1. Monitor your mail. Are your bills and other mail failing to arrive as usual? This maybe an indication that your identity has been compromised and the thief has changed your mailing address. Cyber crooks are smarter than you think. You maybe getting some mail but the crook has re-directed items like your bank statement or credit card bills.  If bills are late follow up with creditors as soon as possible.
  2. You’re turned down for credit. If you apply for credit and denied or you try to increase your credit limit and are rejected without good reason you need to be suspicious.  Especially if you have excellent credit. Being denied credit or being offered credit with a high-interest rate is a sign your identity may have been compromised. Take the time to contact the creditor to discuss what the problem is.
  3. Mysterious bills for items you didn’t purchase. This is a good sign that your identity has been compromised. Especially bills that come from collection agencies.  You should contact the creditor immediately and inform them that you have been a victim of identity theft and it is not your debt. Report the situation to the police and your legitimate creditors and all three credit agencies as soon as possible. Also place a freeze on your credit to protect yourself from further damage. Some creditors will persist with collection efforts and even place negative information on your credit report. Write letters and keep good records. You need to establish communication and a paper trail to protect yourself.
  4. Monitor accounts for fraudulent transactions. Regularly check all your credit accounts for fraud. This includes brokerage accounts. Immediately challenge any charges or changes you cannot identify as yours.  Look for test charges. Thieves will charge a dollar or two on a credit card or debit card to see it if it will go through. Don’t ignore these if you find them. File a police report and demand that the fraudulent activity be stopped and the institution reimburse you for any losses.  As a victim of identity theft you have rights. Check IdentityTheft.gov to learn more.
  5. Your taxes. You need to be especially alert in this area.  Millions of African-Americans file their tax returns electronically every year. If your tax return is rejected act immediately! Your return was probably rejected because the thief has filed a tax return in your name and stolen your refund.   Also, be alert for a tax refund you were not expecting or do not qualify for. This is another red flag. Has a tax transcript arrived in the mail you did not request? It’s possible that a cyber criminal was attempting to download your tax information and failed a security test. The IRS then mailed the transcript to you believing you requested it. Anytime your taxes are concerned you need to be alarmed.
  6. Someone files for unemployment using your name and Social Security Number. If a hacker gets a hold of your Social Security number and the name of your current employer they may attempt to collect unemployment benefits in your name. You may get a call from your company HR depart that something is amiss. Social media, Facebook, is a good place for thief to look to see if you recently changed jobs or quit. Using this information they file for unemployment benefits. You are clueless until you get a nasty letter from your former employer or the unemployment agency.
  7. Your credit score goes up. Strangely this could be a clue that something is happening with your identity. Check your credit reports frequently for new accounts you didn’t open or credit inquiries which could reveal that cyber thieves are trying to get credit in your name.
  8. Direct mail and phone solicitations. Are you suddenly getting catalogs and offers from companies you never do business with. Or phone calls from marketers? You could have ended up on that mailing or phone list because someone is shopping with your credit card at expensive stores.You may get calls from car dealers, calls for loans and home improvement, or high end retail catalogs. You may be the victim of a high priced shopping spree on one or more of your credit accounts.

Now you know.

Experian Scans the Dark Web for Your Information

ExperianIn case you haven’t heard there is such a thing as the dark web, This is the side of the Internet that is not where you want to go. Here is where the child molesters, pedophiles, drug dealers, terrorist, human traffickers and other nasty people go to do business. The dark web is where you buy stolen information among other things. The dark web is aptly named, it is dark, hidden, dangerous and mostly illegal.

The AACR did a report on the dark web and we found that much of the Internet is indeed dark. According to DeepWeb.com only about 4 percent of the information on the web is available to search engines like Google or Yahoo! This is known as the “Visible Web” or “Surface Web.” So if you did the math you can see that 96 percent of information online is hidden from sight.

But now the question must be asked; how much of that information is yours? Your home address, phone number, email address, your social security number, your medical records, you passport number, and who knows what else. Most information you read about as being hacked or stolen ends up on the dark web.

There are ways and methods to scan the dark web for your information. Some legitimate companies and websites are eager to help you find and secure your information. Experian for example is offering to scan the dark web for your email address. The credit reporting company offers this website that will scan the dark web for your email address. The scan takes just a few seconds and the results are emailed to the email address you entered and it is completely free. At least the the email scan is. Experian will scan for your medical records, Social Security number, bank accounts, phone numbers, credit and debit cards, driver’s license and passport for a fee of $9.99 a month. You can try it for 30 days free. Its not a bad deal, and let’s be real, with all the data breaches happening you need to know. 

Now you know.

 

 

 

Back to School – Student Identity Theft

Identity theft is rampant. It it the fastest growing Internet crime and black college students should be aware of the vulnerability of their personal information.

According to the Better Business Bureau college students are prime targets because their credit records are usually clean.  College students are also more willing to share information in person and online. Visit any college campus, especially during the first week, and you will find numerous credit card companies offering their services to new and returning students. There are also other companies and marketers working to gather student information for their sales efforts. Students would be wise to avoid these information collectors. Be extremely careful what forms or surveys you fill out and what information you release to someone you really don’t know.

Combine that with the powerful urge to be social and you will find students sharing far too much information on social media sites like Facebook and Instagram and other campus forums.

Teach your student that not everyone on campus, student or not, is a friend. Half of all identity theft cases reported are executed by someone the victim knows. This is why it so important that all students, African-American especially, jealously guard their personal information.

The college dorm room is a vulnerability for careless students. BBB CEO Kelvin Collins said, “Protect your information. Don’t leave bank statements, credit card statements or your wallet just laying out for other people to find.”

Campus mailboxes are another vulnerability. Students should send sensitive mail to their permanent addresses. Students should also  check their financial statements often to look for suspicious activity or purchases.

Make sure you or your student are aware of the campus privacy policies. Ask questions about who the campus shares information with. You might be surprised. Some universities sell student SAT and ACT scores, their financial information such a student loan data and even what books they check out and classes they take.

There are steps that a student can take to protect their identity.

  1. Be aware of dumpster diving – Students receive a lot of offers through the mail. Don’t just throw these things away. Identity thieves are checking campus trash cans and will often find student’s personal information. They may find enough to apply for a credit card in the students name. This is really very common.  Make sure you use a shredder on all your unwanted mail. A good paper shredder can be as cheap as $10.00.  Make use of email delivered credit card bills or bank statements.
  2. Check you mailbox frequently – Breaking into student mailboxes is not uncommon.  Be alert, has your mail suddenly stopped?  An identity thief  may have filled out a change of address form against your address. Check with postal officials if something does not seem right.
  3. Monitor your identity…closely Make use of credit monitoring services. Check all your accounts at least once a month . This includes bank accounts, credit cards, and utility bills. Look for suspicious charges you didn’t authorize, no matter  how small.  Identity thieves will often test a charge account with a small purchase to see if they can use your identity. If they succeed they go on a spending spree.  Are you getting notifications in the mail or your e-mail about accounts you know nothing about?  Don’t just delete the notice, investigate. Calls from creditors or collection agencies may indicate you have already been victimized. Report this immediately to the police, your bank, your legitimate credit accounts and all the credit reporting agencies.  Get a yearly copy of your credit report. You can visit www.annualcreditreport.com, or call toll-free 877-322-8228 to receive your report.
  4. Know whats in your wallet or purseMost people, actually 95 percent, carry a wallet or purse with them at all times. But very few can tell you exactly what’s in it. The contents of your wallet or purse probably include your driver’s license, or social security card, extremely valuable forms of identification. These documents are the target of identity thieves. Guard your wallet or purse at all times. Don’t relax around you dorm roommates. Make a list of all identity documents and credit cards you carry with you. Write down your driver’s license number and other important numbers. And be prepared to take action if your wallet or purse is stolen. In the event your wallet or purse is stolen notify every agency responsible for the items on your list immediately. Don’t wait to see if it re-appears or if someone turns in to lost and found.  Being proactive will save you the headache of trying to remember what you have in your wallet and the agony of having your identity stolen. And never, ever, keep your social security number on you. A favorite move of an experienced identity thief is to steal your purse or wallet, copy the information and then turn it in to lost and found or return it to you. This has the affect of causing you to relax and not alert the proper officials. Keep that in mind.  Memorize your social security number and lock it away in a safe location.
  5. Phishing attacks/Social engineeringA professional scammer is an expert at convincing you that they are someone else. On the phone its sometimes called social engineering. Using email its called a phishing attacks. They do this to manipulate you into revealing information. This activity is frequently associated with online scams, often using email messages that look official or seem to be from someone you know. But not always.  Students need to be especially alert to this. Be on the lookout for these types of scams, especially in your e-mail. You may get an email that looks like its from a school official. For example, it may look like its from the school financial aid office. Do not click on any link or attachment in the e-mail. Don’t reply if you have any suspicion at all. Make sure you know the school policy for contacting students via email or what they can discussed on the phone.  Identity thieves that use phishing attacks and social engineering are very skilled at making any e-mail look very legitimate or sound official on the phone. Don’t just assume because it has the school logo on it it is safe. Emails can be easily duplicated and email addresses can be spoofed. Be cautious, this is your personal information we are talking about.

Identity theft is the fastest growing crime online because it is profitable. Students can be careless and relaxed around their friends and classmates. But, again, most identity theft is done by people you know. Be aware and be alert to how identity thieves works and save yourself some headaches this school year.

Now you know.

Tax Season 2017 – Fighting Identity Theft

There are two seasons that cyber criminals celebrate; Christmas and tax season. African-Americans should understand that protecting themselves during this time is especially critical  A 2011 Federal Trade Commission national fraud survey revealed that African-Americans were almost twice as likely to be victims of fraud as whites.  African-Americans were victimized 17.3 percent of the time compared to 9 percent for whites.  For Hispanics 13.4 percent reported being fraud victims. To top off these disturbing numbers is the fact that black and minorities often don’t report fraud because of embarrasment.

Tax season used to be a multi-billion dollar hunting season for identity thieves. But the hunting may not be so good this year. Because of IRS work identity theft has plummeted by 46 percent.  376,000 fewer taxpayers had their identities stolen by criminals.

In the past two years the IRS, working with major tax preparers, started sharing information to improve tax payer security.  Congress has also given the IRS more tools to prevent criminals from getting fraudulent tax refunds. This allowed the IRS to identify and block over 1 million phony tax refunds last year. 

Federal authorities crushed a massive identity theft ring in Alabama and Georgia in 2015. Those thieves collected $10 million in fraudulent refunds. Cyber criminals are merciless. This scam even targeted veterans of the Afghanistan war being treated at Fort Benning’s hospital.

Last year another ring in the District of Columbia was taken down as they tried to steal more than $20 million in fraudulent tax refunds. The victims included people in assisted living facilities, drug addicts and prison inmates.

Technology deployed at the IRS in recent years identitfies potential fake tax returns. Now the IRS can flag dramatic differences in a taxpayer’s return from year to year for additional screening.

The earned income tax credit is a big target for identity thieves. The IRS was holding refunds until Feb. 15 for families claiming this credit. These credits provide payments to people who don’t make enough money to owe any federal income taxes. This makes them attractive to identity thieves.

Protect your personal nformation during tax season by following these steps.

  • File early, even if you owe. Filing  your return early prevents anyone who has stolen your information from filing a fradulent return. The IRS will only accept the first return even if the thief has your social securty number.
  • Encrypt your data. Encrypted data is secure even if your laptop is stolen. There  is plenty of free encryption software available. PC Magazine recently published The Best Encryption Software of 2017. And using it is not that hard. If you can create a password you can encrypt your data.
  • Buy a decent shredder. Destroy any document with any personal information, especially your Social Security number. Any small bit of information helps a cyber thief and they are not above going through your trash can. These thieves have been known to drive through neighborhoods picking up trash! Any personal papers that has your bank account or investment account information should be shredded before disposal.
  • Use strong passwords. Learn to construct powerful passowords that are easy to remember. And change them often.
  • Keep your computer software up to date. Use a good anti-virus/anti-malware. Some cyber thieves can install spyware on an unprotected computer and steal your information.
  • Be aware of phishing attacks. Phishing is when you recieve an email or call asking for information using very sneaky questions. This is a form of social engineering. Don’t respond or click on email attachments or links. Anybody calling claiming to be from your bank or the IRS should be hung up on and reported. Banks and the IRS don’t call asking for information. These callers can be insistent and even threatening. Just hang up and investigate on your on by calling the IRS or your bank. DON’T GIVE ANY INFORMATION OVER THE PHONE! And remember, if anyone calls asking for money you should be the one asking the questions.
  • The IRS does not ask for money NOW! The don’t ask for money to be tranferred via a payment card. They don’t ask for credit card or debit card information. The are not coming to your house to arrest you. If someone threatens you with anything like this they are thieves. If you get a suspicious email or phone call, do not respond. Immediately call the IRS Identity Protection Specialized Unit (IPSU) at 1-800-908-4490.
  • Is someone else preparing your taxes? Here what you need to be asking;
    • How will my data be stored?
    • Will it be encrypted?
    • What computer security software is used?
    • Who has access?
    • Have those with access been properly screened?
  • Do not transmit tax returns or sensitive personal data on public WiFi. That means Starbucks or the public library. This is prime hunting ground for cyber thieves. These hackers wait and watch wifi traffic for an unprotected computer. The can intercept and record your online activity stealing your information or even hijacking your computer.
  • Check you credit report at least annually. You can get all three free credit reports from AnnualCreditReport.com. Remember this is the only credit report website authorized by the federal government.

Don’t be a victim during this tax season. Be aware!

Breach Brief – U.S. Military Special Ops Healthcare

U.S. military healthcare professionals working with the Defense Department may have had highly sensitive personal information exposed by an employer IT error. Some of these personnel have top secret security clearances.

Chris Vickery of Mackeepers  found 11GB of exposed files, including the names, locations, Social Security Numbers, salaries, and assigned units for scores of healthcare professionals working at the U.S. military’s Special Operations Command (SOCOM).

 

Many of the personnel files exposed in the data breach belong to SOCOM’s Preservation of the Force and Families (POTFF) program. The program is designed to have unit specific healthcare professionals and counselors working to ease the psychological and physical strains that affect military special ops troops and their families. 

Vickery pointed out the exposed data and sloppiness of the government contractor known as Potomac Healthcare. The company is owned by the Booz Allen Hamilton. In his blogpost Vickery claimed to have to contact the company twice before any action was taken to remove the information.  

“It is not presently known why an unprotected remote synchronization (rsync) service was active at an IP address tied to Potomac. I do know that when I called one of the company’s CEOs this past Thursday to report the exposure, he did not seem to take me seriously,” said Vickery.

Booz Allen Hamilton employed the now infamous Edward Snowden who leaked documents to the press in 2013, revealing the extent of US government spying.

Breach Brief – Newkirk Solutions, Bon Secours

canstockphoto24985079The largest data breach of 2016 so far has hit a data server operated by Albany, N.Y. based Newkirk Products. Newkirk Products is a third-party vendor providing health insurance ID cards for the health care industry. According to Newkirk the breach was discovered on July 6th but actually occured on May 21st. Newkirk shut down the affected server and is working with forensic investigators to analyze the extent of the breach.

Data belonging to over 3.3 million people across the U.S including 277,000 Blue Cross and Blue Shield customers in North Carolina have been compromised.

According to Newkirk the server did not contain the most sensitive customer information like Social Security numbers, banking or credit card information, medical information or insurance claims. However information found on Blue Cross’s Medicare ID cards includes customer name, mailing address, type of plan, and member and group ID number maybe compromised. In a press release dated August 5th, Newkirk admitted hackers has gained unauthorized access to a server containing names, mailing addresses, plan types, member and group ID numbers, dependent names, primary care providers, dates of birth, premium invoice information, and Medicaid ID numbers. 

Customers affected by the breach will receive letters from Newkirk explaining the attack and offering two years of free identity pretection and restoration service. Blue Cross is instructing customers to check their accounts for suspicious activity. These customers are insured by a dozen organizations, including Blue Cross organizations in Kansas City as well as western and northeastern New York.

Currently there is no evidence that any of the personal information obtained in the attack has been misused. However Newkirk is urging affected customers to monitor their account statements and medical bills for suspicious activity.

For additional information customers are advised to call 855-303-9773 or go to http://newkirkproductsfacts.com.

 

Bon Secours

logo-bon-secoursBon Secours Health Systems of Richmond, VA is notifying approximately 655,000 of its patients that their information may have been compromised during an incident with a contractor in April. 

R-C Healthcare Management, a company doing work for Bon Secours accidently left files containing patient information accessible via the Internet while attempting to adjust their network settings from April 18th to April 21st. Bon Secours staff members discovered the error on June 14th  and they immediately notified R-C Healthcare to secure the files.

Information possibly compromised in the exposure include files that may have included patient name, health insurer’s name, health insurance identification number, social security number and limited clinical information.

A spokesperson for Bon Secours says 435,000 patients were affected in Virginia and an uknown number in South Carolina and Kentucky.

R-C Healthcare CEO said in a statement, “Upon learning of the incident R-C promptly hired a highly regarded outside forensic investigator. The investigator confirmed the incident has been fully remediated. All R-C customers who might be affected have been notified of the situation and its resolution. “

Bon Secours custmers affected by the data exposure have been sent a letter notifying them of the breach. Any patients with concerns or questions may call toll free at 1-888-522-8917, 9 a.m. – 9 p.m. EST, Monday-Friday.

See also: The real reason hackers want your medical records.