Tuesday, May 26, 2009

Lifelock loses suit by Experian on automatic renewal of fraud alerts

U.S. District Judge Andrew Guilford of the Central District of California ruled recently that Lifelock cannot automatically renew its fraud alerts for consumers without specific requests, after a ruling on a lawsuit filed by Experian, which maintains that it incurs involuntary expenses when the alerts are renewed.

Experian had argued that this was an “unfair business practice”. It indicated that the Fair Credit Reporting Act requires consumers to apply for the alerts themselves.

The “Redtape” story on MSNBC is by Bob Sullivan, link here.

When fraud alerts are in place, lenders call consumers or go through extra due diligence to verify identity. It’s been the contention of this blog that a due diligence system could be set up to be used in all cases.

Wednesday, May 20, 2009

It's all to easy to eavesdrop on cell phones -- how to protect yourself? Local TV station reports

Reporter Ross McLaughlin from WJLA-7 (an ABC affiliate in Washington DC and Arlington VA) demonstrated today (on the local news) how cell phone spying can take place, of both conversations carried on near the phone, and of texting, even when the machine is turned off, if the phone has been infected with certain spyware. The link with the transcript of the report is here.

It was not completely clear from the report how the user can protect herself, other than by keeping the phone physically secure and being prudent about what Internet sites are visited. Symptoms would include increased minutes used and more rapid draining of a battery. It is prudent to check your wireless account online periodically, just as it is prudent to check bank accounts.

Link to the blog on the report. That indicates that usually the spyware would be installed when the phone is out of your possession.

Tuesday, May 12, 2009

DC agency accidentally emails personal info of student loan applicants

The Office of the State Superintendent of Education (OSSE) of the District of Columbia (Washington DC) accidentally, with an email from a worker in the Higher Education Financial Services Program, accidentally included an attachment that gave out personal information of 2400 applicants and sent it to more than 1000 recipients.

The attachment was an Excel spread sheet, and anyone who (even legitimately) emails a lot of material knows there are ways that sometimes email programs can leave attachments in place for future emails.

The District agency asked all recipients to destroy the copy of the spreadsheet.

This is the third major government personal information breach reported around the country in the past five days. Last week, a major breach was reported at a Virginia agency that could affect millions, theoretically. Another was reported at the University of California.

Bill Turque has the story in The Washington Post, Tuesday May 12, Metro Section, link here.

All of these cases speak to the need for a more systematic due diligence procedure in identifying consumers applying for credit. That’s been proposed on this blog (see Sept. 2006). Yet, “know thy customer” rules have serious hazards, too.

Friday, May 08, 2009

Virginia prescription monitoring site hacked, could compromise identity of most Virginians

On May 3, the site Wikileaks reported that secure state government website of the Virginia Prescription Monitoring Program had been breached and a ransom demand had been placed on the site, based on over 8 million patient records and 35 million prescriptions. Possibly any resident of the Commonwealth using a prescription could have his personal information taken.

The report is here.

The site is pmp.dhp.virginia.gov and on Friday morning (May 8) it was still timing out.

The FBI and Virginia State Police are investigating. The story has appeared on Washington and Richmond television stations and in the Washington Post (written by Brian Krebs and Anita Kumar) here Friday May 8.

My own reaction is, keep watching my own financial information online. Log in and check it frequently. Get a free credit report at least once a year, or maybe more frequently. Currently I have two Medicare prescriptions, which could have been disclosed.

In another story of where hackers compromised consumer information on a government-related site, Chloe Albanesius of PCMag reports "Hackers Obtain 160,000 Records from U.C. Berkeley", May 8, link here.

Friday, May 01, 2009

Beware of security deposits or earnest money for "stolen" foreclosed properties

Media outlets in the Washington DC area have reported a new kind of quasi identity theft scheme with phony rental offers.

A family, homeless for a while, had saved up cash for a security department to rent a townhouse in a distant Virginia suburb, and made the deposit. Then the “landlord” disappeared. It turned out that the “landlord” was a woman who had broken into a foreclosed home to offer it.

The problem has been reported in other areas, such as Florida, such as with this posting by the Attorney General of Florida.

The other risk would be schemes to collect earnest money for “stolen” homes.