Stanislaus State University email Oops!

Sensei Posted in Identity Theft
0

Private information accidentally sent in mass university e-mail. Workers in the financial aid department at Stanislaus State University in California are notifying thousands of students after an e-mail containing their private information was inadvertently sent to 97 students. On Thursday, February 2 employees were sending a mass e-mail notifying students about scholarships and other financial aid issues, but private information including Social Security numbers for 9,200 students was mistakenly cut and pasted into the message. “As soon as the e-mail went out, we caught it and aborted it within a minute, but it reached 97 students,” said Roger Pugh, assistant vice president for enrollment services management. Now the school is tracking down all 97 students who received the e-mail to make sure they delete it and don’t misuse the information. Administrators have also sent out letters to the 9,200 students — the entire student body — to warn them their information has been compromised. Pugh said the employee who pasted in the information has not been disciplined.
A couple observations…how many employees does it take to cut-n-paste? Also, have the laws gone to far? In this case a mass announcement must be made when there is minimal exposure, and all parties are known. The only reason I am running this is to see what people think about the need to disclose in a situation like this.
Source

Bad news… Rhode Island, USA 0 … Russian Hackers 53,000

Sensei Posted in Identity Theft
0

Hackers steal credit card info from Rhode Island Website. Russian hackers broke into a Rhode Island government Website and allegedly stole credit card data from individuals who have done business online with state agencies. The Providence Journal reports that the hackers boasted two weeks ago on a Russianlanguage Website that they broke into the government Website and stole credit card information for as many as 53,000 transactions. State officials said the Website was breached Wednesday, December 28, 2005. The site is managed by New England Interactive, which that manages 17 other state portals. Renee Loring, a spokesperson for the Website, confirmed that a server database was breached and encrypted credit card information was obtained. The company is working with law enforcement officials to resolve the matter. Internal and external security audits were conducted with a thirdparty provider since the incident. The Russian Website displayed images of how the hackers were breaking into the state portal. According to the newspaper, the final image shows “a list of 38 credit card accounts the hackers claim to have stolen…Part of the screen is blocked by a black rectangle emblazoned ‘CENSORED’ in white letters in English. The rectangle covers part of the credit card number, but some digits are not hidden.”
For more information go to: RI Website or Source

ALERT: Ameriprise Customer Data Theft

Sensei Posted in Identity Theft
0

Ameriprise Financial Inc. said Wednesday, January 25, it has notified about 226,000 people that personal data were stored on a laptop computer that was stolen from an employee’s vehicle. Ameriprise said it has alerted 68,000 current and former financial advisers whose names and Social Security numbers were also stored on the same computer. About 158,000 clients had only their names and internal account numbers exposed. Ameriprise said it had received no reports that the data lost in the theft had been used improperly. Ameriprise said the theft appeared to be a “random criminal act” and that it has been working with law enforcement to recover the laptop, which it said was stolen from an employee’s locked vehicle that was parked offsite. Company spokesperson Steve Connolly said the laptop was stolen in late December outside Minnesota, but he declined to say where. Ameriprise said there was no other client-identifying information on the computer such as Social security numbers, addresses, phone numbers, or birth dates. Client
accounts could not be accessed with the information that was stored on the computer because Ameriprise does not allow access via account numbers alone without additional personal information provided only by the client.
This is a perfect example of why laptops (which are great business tools) are easy targets for thieves. Businesses should take pay more attention to the security of laptop systems and other mobile devices. ALL laptops that have any sort of sensitive or confidential information on them should have an encrypted file system. Encrypted file systems cannot be accessed without the encryption key which should not be store on the laptop. This does not mean that the thief can not “crack” the encryption however the probability of that happening is extremely low. Wake up business world and pay more attention to your security model, us customers are tired of having our personal data exposed to people who may do us harm!
[ Source ]

No One is Safe from Curiosity

Sensei Posted in Identity Theft
0

The British Parliament was attacked late last year by hackers who tried to exploit a recent serious Microsoft Windows flaw (WMF exploit), security experts confirmed on Friday, January 20. MessageLabs, the e-mail-filtering provider for the UK government, said that targeted e-mails were sent to various individuals within government departments in an attempt to take control of their computers. The e-mails harbored an exploit for the Windows Meta File (WMF) vulnerability. The attack occurred over the Christmas period and came from China, said Mark Toshack, manager of antivirus operations at MessageLabs, who added that the e-mails were intercepted before they reached the government’s systems.
The vulnerability with the way that WMF images are handled by Windows was discovered in November 2005. In a WMF attack, exploit code is hidden within a seemingly normal image that can be spread via e-mail or instant messages. The attack was individually tailored and sent to 70 people in the government, MessageLabs said. It played on people’s natural curiosity by purporting to come from a government security organization. The Trojan was hidden as an attachment called “map.wmf”.
It is nice to see that the UK governments IT department was aware of this vulnerability and that they took defensive action to avoid it!
Source

Fake Credit Card Alert Seeks Your Information

Sensei Posted in Identity Theft
0

This story serves as a reminder to always verify communications that ask for your personal data.
Trojan blitz poses as credit card warning. Businesses in the United Kingdom faced a barrage of 115,000 e-mails containing a new Trojan on Friday, January 20, before anti-virus vendors scrambled out an update, according to e-mail filtering firm BlackSpider Technologies. The Trojan downloader malware — called Agent-ADO — comes in the payload to a message that poses as a warning about a user’s credit card limits being exceeded. BlackSpider detected the malware at 9:10 a.m. GMT Friday, January 20. But it was three-and-a-half hours before the first anti-virus vendor used by BlackSpider issued a patch, once again illustrating the shortcomings of conventional anti-virus scanners in fighting fast-moving virus outbreaks. Infected emails commonly have the subject line “ERROR:YOUR CREDIT CARD OVERDRAFT EXCEED!” and an infected attachment, a packed executable file called FILE1185 which is 5592 bytes long. Analysis of the malware is ongoing. System administrators are encouraged to set up rules to block the malware at the gateway. Virus writers commonly use networks of compromised PCs to seed infection over a short space of time but the ferocity of the latest attack is unusual.
[ Source ]

Avoiding Internet Scams

Sensei Posted in Identity Theft
0

The Federal Trade Commission launched site to fight cybercrime. Responding to the rising cybercrime threat, the Federal Trade Commission (FTC) on Tuesday, January 10, unveiled an online tool designed to help consumers avoid becoming victims of Internet scams. At the Website, consumers can take interactive quizzes designed to enlighten them about ID theft, phishing, spam and online-shopping scams. If the user selects a wrong answer, the program explains why that particular misconception about Internet security can lead to trouble. Elsewhere on the site, consumers can find detailed guidance on how to monitor their credit histories, use effective passwords and recover from identity theft. “We’re trying to make the information as accessible as possible, with tips so people can take action,” said Nat Wood, the FTC’s assistant director for consumer and business education. The education push comes as the tide of cybercrime continues to rise. Five federal agencies and 13 private organizations partnered to sponsor the OnGuard
Online Website. Information on the site is not copyrighted, and the FTC encourages companies and other organizations to download and widely disseminate the information. Website: http://www.onguardonline.gov
[ Source ]

No vacation for these resort vacationer’s

Sensei Posted in Identity Theft
0

IDs of 50,000 Bahamas resort guests stolen. The identities of more than 50,000 customers of major Bahamas resort Atlantis have been exposed to possible identity fraud following the theft of personal information from the hotel, the owners said. Kerzner International Ltd., owner of a 2,300-room Atlantis resort on Paradise Island, revealed details of the data theft in a document filed with the Bahamas Securities and Exchange Commission. Information stolen included names, addresses, credit card details, social security numbers, drivers license numbers, and bank account data, the filing said. The information appears to have gone missing from the hotel’s computer database and was the work of either an insider or outside hacker. The Atlantis hotel management is notifying affected customers so they can take steps to protect themselves from possible identify fraud. The hotel is also providing, at no cost to customers, a credit monitoring service for a year. The filing by Kerzner said around 55,000 customers are thought to be affected. “To date, the resort has not received any evidence that the information has been used to commit identity fraud or in any other manner adverse to its customers,” the statement said. Atlantis has notified Bahamian and U.S. law enforcement agencies and is cooperating with them.
[ Source ]

Some Good News for a Change

Sensei Posted in Identity Theft
0

Customers’ lost bank information found. A wayward computer tape that contained personal data for more than two million LaSalle Bank mortgage customers has been safely returned after turning up amid a mound of unmarked packages. After a month of fruitless searching, an employee of the DHL courier service found an unopened package in a stash of parcels in Wilmington, OH, that had lost their identifying air bills, bank officials said Tuesday, December 20. When workers opened the package, they found the computer tape and a return address and shipped it back to LaSalle Bank subsidiary ABM AMRO Mortgage Group Inc., where it arrived on Monday, December 19. This ended the month-long mystery of what happened to millions of names, addresses, Social Security numbers and other bits of information that were lost in transit from Chicago to Texas. ABN AMRO officials said there’s no reason to suspect the package was opened or otherwise tampered with, but the company cannot guarantee the tape didn’t get into the wrong hands during the four weeks it was missing.
[ Source ]

Hackers using Police Credit Card Accounts

Sensei Posted in Identity Theft
1

A database hack exposes police financial data! Reevesnamepins.com, a company that manufacturers the plastic and metal name tags that police officers around the country wear on their uniforms, had its customer database hacked recently, exposing credit card and other personal data for a number of police departments. The discovery was made by investigators at CardCops.com, which monitors online sites and forums for evidence of stolen credit and consumer data. CEO Dan Clements said his company spotted the stolen credit card information while trolling an Internet relay chat (IRC) room dedicated to credit card fraud. Among information posted into the forum was corporate and personal accounts registered to officers and police departments nationwide, including the New York City Police Dept., the Alamosa, CO, Sheriff’s Department, and the Idaho State Police, Clements said.
[ Source ]

Security Firm Hacked!

Sensei Posted in Identity Theft
0

Hackers break into computer-security firm’s customer database. Guidance Software — the leading provider of software used to diagnose hacker break-ins — has itself been hacked, resulting in the exposure of financial and personal data connected to thousands of law enforcement officials and network-security professionals. Guidance alerted customers to the incident in a letter sent last week, saying it discovered on December 7 that hackers had broken into a company database and made off with approximately 3,800 customer credit card numbers. Guidance’s EnCase software is used by security researchers and law enforcement agencies worldwide. John Colbert, the company’s chief executive officer, said Guidance alerted all of its customers less than two days after discovering the break-in, and that it would no longer store customer credit card data.
Guidance stored customer records in unencrypted databases, and indefinitely retained customers’ “card value verification” (CVV) numbers, the three-digit codes on the back of credit cards that are meant to protect against fraud in online and telephone sales, according to Colbert and the notification letter sent to customers. Merchant guidelines published by both Visa and MasterCard require sellers to encrypt customer credit-card databases. They are also prohibited from retaining CVV numbers for any longer than it takes to verify a given transaction.
[ Source ]