Data breaches are making headlines – how can you protect your customer’s information?

Forty-six states have now enacted data breach notification laws, whereby businesses must contact consumers to advise when personal data is lost or stolen. Laws also exist in the District of Columbia, Puerto Rico and the Virgin Islands. The remaining states are expected to also enact such laws.

But why are they necessary? Because breaches happen, and because those who are affected have a right to know that their sensitive data has been breached so that they can take action to protect themselves.

The number of incidents of data breach seems to be on the rise. Why is this? Being that most of them originate with human error, it seems likely that a combination of lack of awareness, lack of education, sloppiness and poor decisions are the reasons.

High profile breaches seem to happen on a constant basis. Among the new ideas in data protection is the banning of physical transfer of data. But it all seems to come down to one thing: training people in the proper handling of data and subsequent exercise of care. In other words, employees must show constant awareness of what they are doing, what they are putting where, why, when and how.

The culture of your organization will help you determine how to protect your customer’s information. It all boils down to electronic culture – knowing what you’re doing with electronic data and what that electronic data produces, such as paper and other physical records and repositories, or anything that can store and transport data. Policy, education and training can all lead to control.

Does your company conduct regular training sessions? You may want to include, on a regular basis, training on protecting the personal information of your client base.

Don’t let your company’s good standing be mauled by a data breach. The fallout – loss of trust, loss of reputation and reparations – can be huge.

The internet is buzzing with news stories of iPad owners being affected by a recent data breach. The data of owners of this AT&T device was hacked into and over 100,000 email addresses are at risk. It is reported that this data alone won’t give thieves access to the devices, but it will make it much easier for them to be able to access sensitive information.

The most recent news stories reflect that influential individuals, such as the Mayor of New York City and the White House Chief of Staff were affected by this recent data breach.

The breach is a result of a flaw with a web site owned by AT&T, not with the iPad itself. This breach was found by a private security expert who personally owns an iPad and was toying around with the device. By Tuesday of this week, AT&T reported that the issue had been fixed.

“AT&T was informed by a business customer on Monday of the potential exposure of their iPad,” AT&T spokeswoman Susan Bell said. “The only information that can be derived from the ICC IDS [customer identification system] is the e-mail address attached to that device. This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.”

Both the FBI and the FCC have responded to this recent data breach by increasing their investigation into any threat this might pose.

The ABC News website has recently released an article that summarized the top 10 data breaches of the decade. When adding the total number affected together, along with the fact that these are only the top 10, it is easy to see why it is so critical to regularly monitor your credit and question or refute ANY discrepancies that you see.

1)    Heartland Payment Systems
Year: 2009
Number Affected: undetermined
Description:     Hackers were able to access millions of credit card transactions via     computer.

2)    TJX Companies
Year: 2007
Number Affected: 45 million
Description:    Affected several companies, such as T.J. Maxx and Marshalls. 45 million customer records were stolen from years 2003-2004, however, the breach was reported in 2007.

3)    U.S. Department of Veterans Affairs
Year: 2009
Number Affected: 76 million
Description: A defective data drive containing data of veterans was sent for repair.

4)    Card systems
Year: 2005
Number Affected: 40 million
Description: This credit card processor exposed cards to potential fraud and it was reported that hackers did use many of those card numbers.

5)    U.S. Veterans Affairs
Year: 2006
Number Affected: 17.5 million
Description: A laptop containing personal information of veterans was stolen from an employee’s home. FBI did report that the laptop was found and the data was not compromised.

6)    Bank of New York Mellon
Year: 2008
Number Affected: 12.5 million
Description: A box of data tapes with personal information was lost while being transported to a storage facility. Those affected were offered credit monitoring services for 36 months, among other service.

7)    Certegy
Year: 2007
Number Affected: 8.5 million
Description: An employee of this financial services firm, based in Florida, stole customer financial records. They did later plead guilty and were sentenced to a fine and jail time.

8)    TD Ameritrade
Year: 2007
Number Affected: 6.3 million
Description: The database of this investment company was hacked and customer records stolen. Information stolen included names and email addresses, resulting in spam to customers.

9)    CheckFree
Year: 2008
Number Affected: 5 million
Description: This online bill payment company, out of Atlanta, was also hacked into. The company domain name was redirected to a Ukranian hosted website that tried to install malware on the computers of site visitors.

10)    Hannaford Bros. Chain
Year: 2009
Number Affected: 4.2 million
Description: This is a supermarket chain based out of Maine. Stores affected were throughout the northeast and Florida. Over 1,500 cases of alleged fraud were reported as a result of this breach.

PC World has recently reported that over 10,000 Hotmail account usernames and passwords were posted online by hackers who wanted to show that they could gain access to sensitive information. The accounts posted included those that started with ‘A’ and ‘B’ in alphabetical order. The total number of accounts hacked could be upwords of 100,000 that were not posted, but are compromised.

PC World posted the following statement on their website: “According to Computerworld, a Microsoft spokeswoman stated “We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts” in an e-mail response.”

This information is being reported by many websites to have been the result of a phishing scam, where thieves send out emails or place website banners that look like they are generated by the company being hacked. They find that some computer users will fill out their personal information, thinking that the company is asking for it. Please keep in mind that no company should be contacting you via email, banner or link to ask you to give them your username and password to your account. This is information that you are to keep to yourself. If in doubt, you can report suspicious emails by contacting the support team of the website that is in question by TELEPHONE. You can also report suspicious emails to the Federal Trade Commission at www.ftc.gov.

Another helpful tip is that you should use the latest version of your Web Browser (Internet Explorer, Firefox, etc). These are updated to help protect you from these type of scams by warning you in advance if a link or website has been reported as potentially fraudulent.

It is now October and the year has almost come to an end. How fast this year has gone by and unfortunately, many thousands have been involved in countless identity theft scams and data breaches, including the following reported last week…

The Boston Globe is reporting a recent data breach that affects tens of thousands of health care providers, including physicians. The information that has been compromised does include social security numbers.

A stolen laptop is the culprit. “It took some time to figure out what type of data was on the laptop,’’ said Tara Murray, Blue Cross and Blue Shield of Massachusetts spokeswoman. “There is no reason to be believe the data has been used to steal people’s identity, but we are just being cautious . . . to notify them and offering free credit monitoring.’’

It is being reported that providers in Massachusetts were notified by letter in October, once Blue Cross-Blue Shield became aware of the data saved onto the laptop. The company does require that all information be encrypted, however, this copy was downloaded by an employee who saved an unencrypted version. The company is dealing with the matter accordingly and reviewing procedures that will help to improve the security of company data.

If you do not currently monitor your own credit and wish to enroll in LifeLock, use promo code DEFENSE to receive a 30-day free trial and discount.

Last week, a news stories published by CompterWorld was posted that the University of North Carolina at Chapel Hill began notifying over 100,000 women about the possible exposure of their social security numbers and other personal information. A computer hacker has breached the university computer system and it has been found that these records were accessed. It is not believed at this time that the data has been downloaded or modified.

Only women are affected since the server only contained the information of those who participated in a federally funded mammography research project. The breach was first discovered back in July 2009 when an authorized user had trouble logging in to the system. The data has not been available online since that time.

The chairman of the Department of Radiology at the university, Matt Mauro, reveled that the breach was first discovered back in July 2009 when an authorized user had trouble logging in to the system.  “Though the breach was discovered in July, there are indications that the actual intrusion may have taken place as long as two years ago, Mauro said. “We think we found some viruses that date back to 2007,” he said.

Unfortunately, stories of this nature are being reported more often due to problems with limited or no security on the computer servers of schools, businesses, medical facilities, etc. If you have not become a victim of identity theft, take precautions to be sure that you do what you can to ensure that you monitor your credit closely in case of unauthorized activity on your account. Millions have no control over whether their social security number is accessed because it is kept on the computers of so many different places. How often they check their own credit files and report questionable activity is extremely important.

According to their corporate website, Radisson Hotels & Resorts have had a recent data breach of credit card numbers between November 2008 and May 2009. They are working closely with law enforcement and other authorities to analyze the situation, however,  the number of names and credit card numbers affected has not yet been released. They are reporting that no social security numbers were accessed in this breach.

May are wondering whether they have been affected and also whether to book future stays. According to the letter posted to their customers online, they “are conducting a thorough review of the potentially affected computer systems for Radisson hotels, and to ensure the incident is properly addressed. Radisson also has implemented additional security measures designed to prevent a recurrence of such an attack and to protect guest privacy.”

Anyone who had a credit card on file with Radisson Hotel during the above mentioned dates, is encouraged by authorities to call your credit card company and alert them of this potential breach. You are also encouraged to look over your credit report and be sure there is no fraudulent activity reported.

Those who stayed with the hotel between November 2008 and May 2009, might be eligible to receive free credit monitoring for one year. You must contact the Radisson to find out if you are eligible and the deadline for calling to determine eligibility for this free service is November 18, 2009.

Review older articles on our blog to find more tips on how you can prevent identity theft.

Recently, the media has reported that an identity thief, said to be associated with the largest case of identity theft to date, has been caught. Albert Gonzalez, 28, ran an operation in which he hacked into over 100 million credit card accounts. Gonzalez (residing in Miami, FL) was charged on Monday for credit and debit card theft. He is reported to have stolen 40 million card numbers in the past, so this is at least his second offense. He was able to obtain the numbers by hacking into retail store computer networks. If convicted, Gonzalez faces up to 20 years in prison. Gonzalez was involved in the following data breaches (reported earlier): Heartland Payment Systems; 7-Eleven Inc, TJX Companies, Dave & Busters, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW and others. There are also unidentified company breaches that Gonzalez, and his conspirators, were involved with.

Gonzalez formerly worked for the US Secret Service to help hunt for computer hackers. He is being charged along with two others (not yet named) for stealing private information.

According to the Associated Press, these hackers used software that secretly monitored communications and led them to computers where the actual card transactions occur. They then could install software on those computers to monitor actual credit or debit card transactions. It is reported that this is bound to happen again and that although the credit card processor Heartland has taken measures to make their network more secure, many other processors have not and are still vulnerable to this type of criminal cyber-hacking.

According to a Sacramento news website, Sutter Health workers will soon be receiving a letter that their personal data has been compromised. The social security numbers’ of approximately 6,000 personnel was saved to a laptop that was reported missing back in 2007. The laptop recently was turned in to a repair shop. Once technicians at the repair shop realized what the file contained, they returned the hard drive to Sutter Health. They also wrote a certified letter stating that they did not retain any of the information contained on the hard drive.

Those who currently or have ever worked for Sutter can contact the company for more information until their letters are received. It is being reported that 6,000 are affected. The company is recommending that those affected contact credit reporting agencies and place fraud alerts on their credit files to counteract any negative activity as a result of this data breach. There will also be free access to a id theft service at no cost, for one year.

Sutter is reportedly working to ensure that this will not happen in the future by encrypting and password protecting employee data. Also by only saving files to network drives vs. computer hard drives and by tracking the disposal of old computers.

Many are affected by this data breach, however, it is hoped that no one accessed and used the data involved. Although it is being reported that the repair shop has certified that the data involved was not retained, it is not yet being revealed whether the party responsible for turning the laptop in to this repair shop has accessed this data. Therefore, following the recommendations of Sutter Health is critical for those involved.

LifeLock identity theft services are also available to those affected for a discounted rate. View our banner offer for details.

There are literally hundreds of thousands of people who have been exposed to a data breach in recent months. Data breach protection is on the minds of many. Even though you may protect your own data, you might be concerned with protecting yourself in the event that your data was involved in a company data breach.

Recently it has been reported that a laptop has been stolen that contained the data of over 80,000 University of North Dakota donors. The University used a software company to manage the data and an employee of that company had a laptop with them that was stolen while not at work. Those whose information is contained in the data files, have been notified of the incident and are being assisted in getting credit monitoring. The software company does have policies in place to prevent this from happening, however, the employee violated those policies which resulted in theft. Included in the data stole are social security numbers. The software company does ensure that the files are password protected, as well as encrypted, and that they are not aware of any access to that information at this time.

This type of story is very common and comes with today’s technology. Anyone who uses the internet, goes to the hospital or sees a doctor, purchases a car, goes to school or college, etc. is affected because all of those places use technology to keep electronic rather than paper records.

Monitoring your own credit is helpful or you can receive help by enrolling in an identity theft protection service like Lifelock. Using promotion code “DEFENSE” will give you a discount as shown on our website. Their services are well worth looking into.  See the LifeLock.com website for details.