LifeLock » data breach protection

Business owners beware: Crooks can and will hack your system

admin — Mon, 25 Jul 2011 14:50:12 +0000

A Georgia man has been sentenced to 10 years in prison for hacking business computer networks and committing identity theft on a “massive scale,” said authorities.

Twenty-five-year-old Rogelio Hackett has pleaded guilty to counterfeit credit card trafficking and identity theft, which caused $36 million in losses, according to the U.S. Department of Justice.

Hackett had been trafficking in credit card information since 202, gleaning the information by hacking into business computer networks and downloading credit card databases, or by purchasing the information from others through Internet discussion groups known as “carding forums.”

Hackett sold the information, made and sold fake plastic cards, and used the credit card information to accumulate gift cards and merchandise.

When the Secret Service raided Hackett’s home, they retrieved more than 675,000 stolen credit card numbers and related information on his computers and in e-mail accounts. Credit card companies identified tens of thousands of fraudulent transactions using the card numbers found in his possession.

Hackett was ordered to pay a $100,000 fine in addition to his prison sentence.

Protect your business by checking out what LifeLock has to offer. LifeLock offers data breach services, in addition to employee benefits solutions. Give them a call today or go online at www.lifelock.com.

Data Breach

admin — Wed, 13 Jan 2010 22:06:21 +0000

2009 Identity Theft Resource Center Breach Report

The Identity Theft Resource Center’s numbers on last years’ data breaches are out, but despite some figures that are seemingly good news, the overall picture is muddled if not outright bleak.

Nearly 500 data breaches were reported last year – a 25% decrease from 2008. That’s the first decrease in reported data breaches since the ITRC began tracking data breaches in 2005. However, more than 220 million records were reported as lost or compromised, according to the 2009 ITRC Data Breach Report – a 630% increase from the 35 million reported in 2008.

Further clouding the question of whether data security is improving or worsening is that only two data breaches were responsible for nearly 96% of all reported lost or compromised records last year: Heartland Payment Systems and the National Archive and Records Administration (NARA).

Hackers attacked Heartland, a credit card payment processor, and stole 130 million records. Another 76 million records were compromised when NARA sent a hard drive with the unencrypted personal information of 76 million servicemen out for repair.

Among the bleakest news of all though, is that only six of all the data breaches last year involved encrypted records, only slightly more than 1% of the total.

“Why are organizations that have these massive amounts of our data still not encrypting it?” asks Linda Foley, ITRC director and co-founder. “When we know we have these super breaches going on, why are they resisting a technology that could prevent them?

But, in the end all the numbers are nearly meaningless in the overall picture because what can’t be measured are the number of unreported data breaches, and the numbers of affected records that are reported simply as “unknown.”

Other highlights:

Data breaches of paper records account for 26% of all reported breaches in 2009 (up 41% from 2008).
The business sector was responsible for 41% of all reported breaches last year (compared to 21% in 2008).

LifeLock review: 7 university data breaches in March

admin — Fri, 03 Apr 2009 19:22:44 +0000

The education sector was responsible for one-third of all reported data breaches between January 2005 and October 2008, with universities to blame for 79% of those, according to analysis by J. Campana and Associates LLC.

Given the number of university students and employees nationwide, it’s clear that millions of us are at risk of identity theft because of these security lapses.

Educational Security Incidents provided the following information about the seven data breaches that affected more than 50,000 students and employees in March.

Solano Community College, Cal.
Unknown number affected
Improper file disposal
Report containing names, addresses and Social Security numbers of 2008 graduates not shredded, dumped as scrap paper.
Huron University College, Ontario
25,000 affected
Server breached
Names, student ID numbers, birthdates of resident students (1999-present), applicants (1992-2008) and registered students (2004-present) possibly accessed.
University of West Georgia
1,300 affected
Stolen laptop
Laptop contained names, addresses, phone numbers and Social Security numbers of students and faculty.
Penn State University
1,000 affected
Computer virus
Infected computer stored names, Social Security numbers of employees in 2000.
University of Toledo, Ohio
24,450 affected
Stolen computer
Stolen computer contained directory, educational information of 24,000 students; names, Social Security numbers, birthdates of 450 faculty members stolen.
Western Oklahoma State College
1,500 affected
Server breached
Server controlled access to names, Social Security numbers, other personal information of campus library users 2004 to present.
University of Massachusetts
16 affected
Employee fraud
Illegal access to students’ Facebook accounts; nude photos stolen.

Too many data breaches for you NOT to have LifeLock

admin — Fri, 16 Jan 2009 22:36:05 +0000

A good bit of my identity theft and data breach info comes from A Chronology of Data Breaches, which is compiled by the good folks at Privacy Rights Clearinghouse. I periodically cruise through their site, checking to see what groups of numbskulls has lost how many records recently.

This week there have been eight newly reported data breaches. Unlike last week when news broke about the CheckFree Corp. hacking that exposed the personal and financial information of somewhere between 160,000 and 5,000,000 consumers, there haven’t been any big breaches that we know of. As is so often the case, some of this week’s data breaches affected an unknown number of people.

University of Rochester, NY: Hackers stole personal information including the Social Security numbers of about 450 current and former UR students.
Columbus City Schools, OH: Police officers who went to home to serve arrest warrants for drug and car theft charges found the stolen personal information including Social Security numbers of 100 of the school district’s employees. (Add a warrant for identity theft to the list.)
University of Oregon: A laptop containing the personal information including Social Security numbers of an unknown number of Youth Transition Program participants was stolen.
Innodata Isogen: A laptop containing current and former employees’ personal information including Social Security numbers was stolen. The number of affected records is unknown.
Seventh Day Adventist Church, Silver Springs, MD: A laptop containing the personal information including the Social Security numbers of 292 people was stolen and recovered.
Continental Airlines: A laptop that containing the personal information including fingerprints and Social Security numbers of 230 employees was stolen.
Blue Ridge Community Action, Morganton, NC: An external hard drive containing the personal information including Social Security numbers of 300 clients is missing and may have been stolen.
Occidental Petroleum Corporation: A former employee emailed the personal information including Social Security numbers of other employees to his home computer. The number of affected employees is unknown.

These incidents bring the total number of records known to have been involved in data breaches since January 2005 to 251,155,441.

Visit LifeLock.com and enroll using the LifeLock promo code Defense to get a discount on their identity theft protection services chosen by nearly 1.5 million Americans.

Data breach big as Texas hits 89,000 lottery winners. It’s time for LifeLock.

admin — Mon, 03 Nov 2008 18:59:35 +0000

It’s true what they say about everything being bigger in Texas: big hair, big ranches and now, a big data breach.

More than 89,000 lucky lottery winners are getting the bad news from the Texas Lottery Commission that a former employee took their names, addresses, Social Security numbers and their prize amounts with him when he was fired last year.

The computer analyst copied the information onto computer disks that he took with him when he started his new job in the Texas Comptroller’s Office. He also took with him information on thousands of commission employees and lottery retailer and vendors.

The perpetrator said he wanted the information “for possible future reference as a programmer at other state agencies.”

Dawn Nettles, the commission’s unofficial security guru, said the files weren’t password protected, so the blame shouldn’t be limited to just the former employee.

“He should not have had any personal data on his work computer. However, he should not have been able to copy the files. There should have been a password required,” Nettles said.

A commission spokesman said officials are considering new security measures to better protect sensitive information, but have not yet adopted any new procedures.

The Travis County District Attorney’s office is still investigating the data breach. The former commission employee has not been charged.

The data breach victims are being advised to put fraud alerts on their credit records.

LifeLock begins their members’ identity theft protection with fraud alerts, but that’s only a small part of their comprehensive program. Visit LifeLock.com to learn more about WalletLock™, TrueAddress™ and eRecon™, their innovative and exclusive tools that help to protect your credit and your name.

If you decide to enroll in the identity theft protection program chosen by almost 1.5 million Americans, us the LifeLock promotion code Defense and get a discount on service.

Data breaches up 69%. You need LifeLock.

admin — Fri, 31 Oct 2008 15:40:11 +0000

“We’re from the government, and we’re hear to help you.” Everybody knows when they hear those words that things are about to go downhill fast.

“The check’s in the mail.” Yeah, right. Anytime a creditor hears those words, he knows the check’s not in the mail, and probably never will be.

Add this to the list of skepticism-inducing lines: “We deeply regret this incident, and believe the risk that the information will be used is low.”

It seems every time there’s a data breach one of the organization’s stooges is going to have to make that cynical statement to the people whose information has been lost, stolen or posted on the Internet. Then the guy has to say that they’re taking care of their people by offering them credit monitoring.

What they’re really saying is they regret this breach has become public, and they’re going to give their employees or customers the very cheapest, ineffective identity theft “protection” they can find. Credit monitoring will only tell the identity-theft vulnerable masses after their identity has already been stolen and used by the thieves to receive credit in the victims’ names.

Do department heads have to draw straws or play Rock, Scissors, Paper to determine which of them is going to take the fall before the media? Or do a bunch of them get together and compete to see which of them is best able to most believably tell a bald-faced lie?

Data breaches in the first half of 2008 were up 69% over the same period in 2007. Almost 250 million records have been exposed in data breaches. Apparently the people who are handling your personal and financial information aren’t handling it responsibly. If you can’t trust them to protect your information before a data breach, why should you trust them to protect you after?

Put your identity theft protection in the hands of professionals. Visit LifeLock.com to learn more about what effective, reliable identity theft protection really looks like. Enroll using the LifeLock promotion code Defense and receive a discount on service.