ID Fraud: A Running Journal

ID Fraud: A Running Journal

Here Are 10 of the Biggest Corporate Hacks in History

Who has been hacked? Perhaps the better question is "Who hasn't been hacked?" It might be easier to ask who hasn’t been hacked, as Fortune explores in the cover story of our Jul. 1 issue. The list below is just a sample of big companies and institutions struck by major data breaches in the past five years. As you can see, no industry has been spared. By now, the damage has afflicted billions of consumer accounts and is costing the companies tens or hundreds of millions. Alas, cyber-crime tools are getting cheaper and more prolific—which means the hacking nightmare is unlikely to end anytime soon.

LinkedIn, 2012


In 2012, the professional network said 6.5 million accounts had been hacked. In 2016, it emerged that the breach was much worse: Hackers were selling name and password info for more than 117 million accounts.

Target, 2013
In December 2013, 110 million customers’ personal and financial information was ­exposed. CEO Gregg Steinhafel later resigned as part of the fallout from the massive breach.

JPMorgan, 2014
Hackers hijacked one of ­JPMorgan Chase’s servers and stole data about millions of the bank’s accounts, which they allegedly used in fraud schemes yielding some $100 million. Home Depot, 2014

Hackers stole email and credit card data from more than 50 million customers. The breach cost the retail chain at least $179 million in settlements with consumers and credit card companies.

Sony, 2014
Hackers believed to be associated with North Korea rampaged through the servers of Sony Pictures Entertainment in retaliation for a film comedy showing North Korean leader Kim Jong-un’s face ­being melted off. Hilton Hotels, 2015

Hackers got inside the chain’s payment system and reportedly stole customer credit card data from dozens of ­Hilton and Starwood chains from across the country.

Law Firms, 2015
Chinese hackers accessed email accounts at firms Cravath Swaine & Moore and Weil Gotshal & Manges—and learned about upcoming corporate mergers. They allegedly made $4 million trading on the information.

Swift, 2016
North Korean hackers reportedly exploited weaknesses in the SWIFT payment system to steal $81 million from the Bangladesh Central Bank’s account at the New York Federal Reserve. Tesco, 2016

Hackers drained a total of around $3.2 million from more than 9,000 accounts in Tesco Bank, the bank run by the giant grocery chain. Tesco was forced to reimburse customers for the stolen money.

Chipotle, 2017
An Eastern European criminal gang reportedly used phishing to steal the credit card information of millions of Chipotle customers. The breach was part of a larger scam targeting restaurants.

Equifax Says Cyberattack May Have Affected 143 Million in the U.S.

Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.

Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

Other cyberattacks, such as the two breaches that Yahoo announced in 2016, have eclipsed the penetration at Equifax in sheer size, but the Equifax attack is worse in terms of severity. Thieves were able to siphon far more personal information — the keys that unlock consumers’ medical histories, bank accounts and employee accounts.

“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” said Avivah Litan, a fraud analyst at Gartner.

An F.B.I. spokesperson said the agency was aware of the breach and was tracking the situation.

Last year, identity thieves successfully made off with critical W-2 tax and salary data from an Equifax website. And earlier this year, thieves again stole W-2 tax data from an Equifax subsidiary, TALX, which provides online payroll, tax and human resources services to some of the nation’s largest corporations.

Cybersecurity professionals criticized Equifax on Thursday for not improving its security practices after those previous thefts, and they noted that thieves were able to get the company’s crown jewels through a simple website vulnerability.

“Equifax should have multiple layers of controls” so if hackers manage to break in, they can at least be stopped before they do too much damage, Ms. Litan said.

Potentially adding to criticism of the company, three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth almost $1.8 million in the days after the breach was discovered. The shares were not part of a sale planned in advance, Bloomberg reported.

The company handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.

Equifax also houses much of the data that is supposed to be a backstop against security breaches. The agency offers a service that provides companies with the questions and answers needed for their account recovery, in the event customers lose access to their accounts.

“If that information is breached, you’ve lost that backstop,” said Patrick Harding, the chief technology officer at Ping Identity, a Denver-based identity management company.

Equifax said that, in addition to reporting the breach to law enforcement, it had hired a cybersecurity firm to conduct a review to determine the scale of the invasion. The investigation is expected to wrap up in the next few weeks.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Richard F. Smith, chairman and chief executive of Equifax, said in a statement. “Confronting cybersecurity risks is a daily fight.”

Using the data stolen from Equifax, identity thieves can impersonate people with lenders, creditors and service providers, who rely on personal identity information from Equifax to make financial decisions regarding potential customers.

Equifax has created a website, www.equifaxsecurity2017.com, to help consumers determine whether their data was at risk.

People can go to the Equifax website to see if their information has been compromised. The site encourages customers to offer their last name and the last six digits of their Social Security number. When they do, however, they do not necessarily get confirmation about whether they were affected. Instead, the site provides an enrollment date for its protection service, and it may not start for several days.

The company also suggests getting a free copy of your credit report from the three major credit bureaus: Equifax, Experian and TransUnion. These are available at annualcreditreport.com. It also suggests contacting a law enforcement agency if you believe any stolen information has already been used in some way.

Equifax’s credit protection service, which is free for one year for consumers who enroll by Nov. 21, is available to everyone and not just the victims of the breach.

Equifax is offering consumers the ability to freeze their Equifax credit reports, said John Ulzheimer, a consumer credit expert who often does expert witness work for banks and credit unions and worked at Equifax in the 1990s. Thieves could have information stolen from Equifax and used it to open accounts with creditors that use Experian or TransUnion.

“It’s like locking one of three doors in your house and leaving the other two unlocked,” Mr. Ulzheimer said. “You’re hoping the thief stumbles on the locked door.” He recommended that all those affected immediately place a fraud alert on all three of their credit files, which anyone can do for free.

Equifax’s offer of one year of free protection falls short of what consumers really need, because their information can be bought and sold by hackers for years to come, Mr. Ulzheimer added.

Beyond compromising the personal data of millions of consumers, the breach also poses a potential national security threat. In recent years, Chinese nation-state hackers have breached insurers like Anthem and federal agencies, siphoning detailed personal and medical information. These hackers go wide in their assaults in an effort to build databases of Americans’ personal information, which can be used for blackmail or future attacks.

Governments regularly buy stolen personal information on the so-called Dark Web, security experts say. The black market sites where this information is sold are far more exclusive than black markets where stolen credit card data is sold. Interested buyers are even asked to submit to background checks before they are admitted.

“Cyberwar is in large part conducted through data mining and cyberintelligence,” Ms. Litan said. “This is also a Homeland Security risk as enemy nation states build databases of Americans that they then use to get to their targets, for example a network operator at a power grid, or a defense contractor at a missile defense company.”

Sen. Mark R. Warner, a Virginia Democrat who co-founded the Senate Cybersecurity Caucus, said he believed the severity of the Equifax breach raised serious questions about whether Congress needed to rethink data protection policies.

“It is no exaggeration to suggest that a breach such as this — exposing highly sensitive personal and financial information central for identity management and access to credit — represents a real threat to the economic security of Americans,” he said in a statement.

Uber Data Breach Affects 57 Million Rider and Driver Accounts

Uber Technologies, Inc. disclosed that hackers stole the personal information of some 57 million customers and drivers from the ride-sharing company, according to a report by Bloomberg News. The news outlet also reported that, for more than a year, Uber concealed news of the data breach, which was discovered in late 2016.

In a statement on its website and attributed to CEO Dara Khosrowshahi, the company said the information included:
-- The names and driver’s license numbers of around 600,000 drivers in the United States.
-- Some personal information of 57 million Uber riders and drivers around the world. This information included names, email addresses and mobile phone numbers.

Uber rider or driver? Here’s what you need to know:

For Uber riders, the company says it doesn’t believe individuals need to take action. “We have seen no evidence of fraud or misuse tied to the incident,” its statement to riders said. “We are monitoring the affected accounts and have flagged them for additional fraud protection.”

That said, it is possible for identity thieves to launch phishing attacks, appearing to come from Uber, hoping to trick customers into providing personal information, such as account credentials or payment card information. It’s always important to check the actual email address to ensure a message is from the company or person it appears to be from. Also, don’t click on an emailed link or attachment without verifying the email’s authenticity.

Uber's massive hack: What we know

Uber's disclosure that hackers accessed the personal information of 57 million riders and drivers last year, a breach it didn't disclose publicly until Tuesday, adds new potential legal woes for the already troubled company.

At the time of the breach, Uber paid hackers $100,000 to destroy the data and did not tell regulators or users that their information was stolen.

Uber is trying to salvage its reputation following a number of high-profile controversies, including using software called Greyball to evade regulators, a court battle over allegedly stolen secrets from Google's self-driving car division, and a slew of complaints regarding sexual harassment and toxic company culture.

What happened

Uber CEO Dara Khosrowshahi said two hackers broke into the company in late 2016 and stole personal data, including phone numbers, email addresses, and names, of 57 million Uber users. Among those, the hackers stole 600,000 driver's license numbers of drivers for the company.

Khosrowshahi says hackers accessed the data through a third-party, cloud-based service. According to Bloomberg, they got into Uber's GitHub account, a site many engineers and companies use to store code and track projects. There, hackers found the username and password to access Uber user data stored in an Amazon server.

Jeremiah Grossman, chief of security strategy at security firm SentinelOne, says this was not a sophisticated hack. Companies frequently accidentally keep credentials in source code that is uploaded to GitHub, he said.

The $100,000 payment

Instead of alerting users and authorities to the breach as required by law, Uber paid the hackers $100,000.

Uber says it obtained assurances the data was destroyed.

Law enforcement advises companies to not pay hackers and report breaches to the authorities.

According to Andrea Matwyshyn, professor of law and computer science at Northeastern University, if companies help cyber criminals make money off hacks, they will only continue.

"The problem with viewing this as some sort of simple risk management decision is that it underestimates the basis for an attacker's business model," Matwyshyn told CNN Tech. "It doesn't address the underlying problem in your own organization -- your security practices need revision and you're failing to adequately protect your assets including your own proprietary information, and your customers' data."

Paying hackers to return data is common practice. For instance, it's expected ransomware payments -- paying hackers to unlock files after a cyberattack -- will top $2 billion this year, according to new research from cybersecurity firm Bitdefender.

Uber's payoff to prevent hackers from leaking the stolen data is more similar to recent extortion attempts on Netflix and HBO than ransomware campaigns. Hackers threatened to release TV shows unless the companies paid them. Neither firm paid the extortionists.

New legal troubles

Matwyshyn says it's possible Uber will face consequences from both state and federal agencies.

Forty-eight states have security breach notification laws which require companies to disclose when hackers access private information, including California, where Uber is headquartered.

State Attorneys General from New York and Massachusetts have opened investigations into the data breach.

In Washington, D.C., Senator Richard Blumenthal urged the Federal Trade Commission to take action against the company and impose "significant penalties."

"Senate Commerce Committee should hold hearing to demand Uber explain their outrageous breach - and inexplicable delay in informing its consumers and drivers," Blumenthal, a Connecticut Democrat, said in a tweet on Wednesday.

An FTC spokesman said in a statement: "We are aware of press reports describing a breach in late 2016 at Uber and Uber officials' actions after that breach. We are closely evaluating the serious issues raised."

In January, Uber agreed to pay $20 million to settle FTC charges it misled drivers about how much they could make using the platform.

The company also settled FTC allegations that it made deceptive privacy and security claims in August. A hacker accessed Uber data on more than 100,000 drivers in May 2014. Further, the FTC said Uber did not properly monitor employee access to customer information.

The agency gave Uber 180 days to obtain an independent audit into its privacy and security practices. Tuesday's data breach notification falls within that time frame.

International attention

Other countries have similar rules regarding breaches. The U.K.'s top data privacy organization slammed Uber on Wednesday.

"If U.K. citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed," James Dipple-Johnstone, deputy commissioner of the Information Commissioner's Office, said in a statement. "Deliberately concealing breaches from regulators and citizens could attract higher fines for companies."

The Office of the Australian Information and Privacy Commissioner said it was aware of the hack, and had "commenced inquiries with Uber."

The Italian Data Protection Authority said it assessing the scale of the breach. "We are dismayed by the poor transparency shown towards users, which we intend to investigate," authority president Antonello Soro said in a statement.

In the Philippines, the National Privacy Commission summoned local Uber officials to a meeting on Thursday.

Yet another data breach

In terms of scale, Uber's hack doesn't measure up to other major breaches. Cyber criminals targeted Equifax earlier this year, compromising the personal information -- including names, addresses and social security numbers -- of over 145 million people. In 2013, a hack of Yahoo impacted very single account -- 3 billion in total.

Former executives from both of these companies have testified in front of Congress in recent months regarding their security failures and the potential risks to consumers.

But Uber's breach is different -- the company tried to cover it up and did not alert authorities or users of the issue.

Consumers might find this latest Uber scandal more troubling than its other legal or public relations problems now that they're the victims. Fifty-seven million people is a significant chunk of Uber's user base, which hit 40 million monthly active riders last year.

Grossman says the breach may not change consumer behavior, but it will be costly for the company.

"At best, it will impact their bottom line. The cost of dealing with this -- they're going to have lawsuits and legal fees," Grossman said.

He also said the disclosure helps get it out in the open so the company can begin moving toward repairing its reputation.

Uber's future plans

When Khosrowshahi became CEO in August, he inherited a slew of controversial problems. In addition to its legal troubles, Uber has faced criticism for sexual harassment issues, underpaying and deceiving drivers, questioning a rape victim, and surge pricing during times of crisis.

The new CEO wants to improve Uber's reputation and on Tuesday said, "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."

Khosrowshahi said the company fired two individuals who led security response. Joe Sullivan, Uber's chief security officer, is no longer with the company, it said.

CEO Travis Kalanick, who was in charge when the hack took place, is still on the company's board of directors. While Khosrowshahi is promising change, Kalanick's place in a leadership role serves as a reminder they are keeping someone who signed off on controversial issues tied to the company.

Uber is expected to go public in 2019.

ID Fraud

According to a report released by the US Department of Justice, more than 11 million Americans fall victim to identity fraud or stolen identity every year. Most of these might just be drops in the bucket and might not grab national headlines but if you add this up, close to $21 billion was lost in 2013.
The probability of becoming a stolen identity victim is real. In a world where personal information is regularly used for any type of transaction, whether it’s opening a bank or credit card account to even simple things such as filling up an online form. And don’t forget keeping your wallets safe, personal identity theft need not be high tech. Personal identity theft is a nightmare just waiting to happen.

YOUR EQUIFAX DEFENSE

DATA BREACHES HAPPEN SO OFTEN
These days that it’s tempting to shrug your shoulders and hope for the best. But when Equifax announced in early September that it had exposed the names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers of consumers—affecting as many as 146 million people in the U.S.—the news ignited an un-precedented outpouring of outrage and prompted investigations by mem-bers of Congress, the FBI, the Federal Trade Commission, the Consumer Financial Protection Bureau and the attorneys general of many states. As one of the three big credit agen-cies, Equifax is a gatekeeper of the sensitive personal data of a huge swath of people.

The breach touches almost three-fourths of those who have a credit report on file, according to the National Consumer Law Center. “This is the mother lode of data for identity thieves,” says Chi Chi Wu, staff attor-ney for the NCLC. The bits of infor-mation compromised are the keys crooks need to open new credit and loan accounts, file tax returns, or even apply for jobs or receive medical care. Hackers also accessed the credit card numbers of about 209,000 consumers, as well as “dispute documents” (pre-sumably from those who challenged inaccuracies on their credit reports) containing the personal information of about 182,000 people.

A FUMBLED RESPONSE
The breach began May 13 and lasted through July 30, but Equifax waited until September 7 to own up to it pub-licly. Hackers found a way into an Equifax web application because the company failed to apply a security up-date that became available last March. (Equifax’s security chief retired soon after the announcement.) That’s all troubling, but the company also fum-bled its initial response to the fallout. It was “the epitome of everything you shouldn’t do,” says Adam Levin, founder of identity-protection service CyberScout and author of Swiped: How to Protect Yourself in a World

Full of Scammers, Phishers, Pharmers and Iden-tity Thieves.
Equifax seemed unprepared for the onslaught on its system from worried consumers. Reaching the call center was nearly impossible, and the tool Equifax set up for consumers to check whether they were affected was widely reported to be unreliable. The com-pany offered an identity-theft protec-tion and monitoring service free to all U.S. consumers for a year, but those who tried to sign up jumped through hoops and endured delays to finalize enrollment. The Equifax breach shines a bright light on the limited control consumers have over their personal information. Like TransUnion and Experian, the other two major credit agencies, Equi-fax collects mountains of data on con-sumers (whether they like it or not) and sells it to lenders and other enti-ties.

Ironically, the companies also sell monitoring services designed to help you spot theft related to that data. Public outcry spurred Equifax to offer free credit freezes on Equifax credit reports until the end of January and to waive an arbitration clause in rela-tion to the breach. Shareholders ex-acted a toll, too. With the closing price of Equifax stock dipping as much as 35% in the wake of the scandal, Equi-fax CEO Richard Smith retired in late September.At this point, it’s wise to assume at least some of your personal infor-mation has been exposed, whether through the Equifax incident or some other breach. It’s also wise to assume that the potential for you to be the victim of ID theft will linger for years to come. The primary type of informa-tion stolen “does not have a shelf life,” says Mike Litt, consumer advocate for the U.S. Public Interest Research Group. Unlike a credit or debit card number, which is easy to change, your Social Security number and birth date are permanent pieces of your profile that a thief could use years from now to snatch your identity.

MONITOR YOUR CREDIT
Make a habit of visiting www.annualcreditreport.com, where you can get a free credit report from each of the three major credit agencies every 12 months. You can get all three reports at once—and in response to the Equi-fax breach, that’s probably what you should do, says Litt. In the future, you could collect one report every four months, allowing you to watch for problems throughout the year. It doesn’t hurt to check your free annual report from Innovis, a fourth credit agency, at www.innovis.com.Review the reports for anything you don’t recognize—for example, an in-quiry from an unfamiliar lender, a credit card or loan account you never opened, a collection account for a debt you didn’t rack up, or an incorrect address.

If you do spot an issue, the credit agency may have made an error, or an identity thief may be at work. If you believe you’re a victim of identity theft, visit www.identitytheft.gov for an outline of steps to take. You can also call the Identity Theft Resource Center at 888-400-5530 for free help.

Consider signing up for a service that regularly scans your credit reports and alerts you by e-mail or text message if a notable change crops up. Equifax’s own TrustedID Premier product, which is free for a year, monitors your credit reports from all three major credit agencies, offering more complete de-tection than a service that monitors only one or two reports. You’ll also get access to your Equifax credit report, the ability to “lock” and “unlock” your Equifax report (see the box on page 36), monitoring of your Social Security number on black-market internet sites, and insurance to reimburse certain expenses if you become an identity-theft victim.

You have until January 31 to enroll at www.equifaxsecurity2017.com. TrustedID does not require payment information, so the service will not automatically renew for a fee after a year. If you prefer not to use a service from Equifax, given its track record, you have other options. Many paid identity-theft services offer credit-report monitoring, among other fea-tures. CreditKarma.com offers free daily monitoring of your Equifax and TransUnion credit reports. Plus, by logging in to Credit Karma, you can see a list of the accounts included in your credit reports and a Vantage-Score credit score from each of the two agencies. Some credit card issu-ers, banks, insurance companies and employers offer free credit monitoring or identity-theft protection services, too. Discover credit card holders, for example, can sign up for free alerts when a new account appears on their Experian credit report.

CONSIDER A CREDIT FREEZE
Monitoring detects identity theft only after it has already happened. A credit freeze is the strongest measure you can take to prevent thieves from opening new credit accounts in your name. That’s because when you freeze your reports, new creditors cannot view them to evaluate your eligibility for a credit card, loan or other product that requires a credit check. “We are telling people to strongly consider a credit freeze,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center. If you need to apply for credit, you can temporar-ily lift the freeze while you shop. Even if you already have a relation-ship with a lender, it will be blocked from checking your credit report in response to an application for a new account when a freeze is in place, ac-cording to Experian (but the lender can review your report in relation to your existing accounts). So if you have, say, a mortgage with Chase, a crook who applies for a Chase credit card in your name shouldn’t succeed. For the most complete protection, place a credit freeze on all your re-ports.

You must contact each credit agency individually (for links to each bureau, see kiplinger.com/links/ freeze). You’ll receive a PIN, which you’ll have to supply when you want to temporarily lift or permanently remove the freeze. If you froze your Equifax credit report prior to the breach announcement or in the first several days after, check your PIN. Equifax long generated PINs based on the date and time they were issued—not exactly a complex code. If your PIN follows the old formula, it’s not a bad idea to call Equifax at 866-349-5191 to get a new one. Equifax will refreeze your account and send you a new PIN in the mail.If you’re a victim of identity theft and submit documentation such as a police report, a credit freeze is usually free.

(If your personal information has been compromised in a breach but a criminal has not made fraudulent use of it, you are not considered a victim.) Some states also provide free freezes for seniors and military members. Otherwise, both placing and lifting a freeze often incur a fee, typically $5 to $10, depending on the state. Before you pull the trigger on a credit freeze, you may want to take care of some other housework. Al-though a freeze diminishes the like-lihood that an imposter will open new credit lines in your name, a credit-monitoring service can still be useful to identify errors on your report or, say, collection accounts resulting from Credit Band-Aid

Why a Freeze Beats a Lock
As an alternative to a credit freeze, the three big credit agencies offer the ability to “lock” your credit report to bar new creditors from viewing it and to “unlock” the report when you need to apply for credit. Equifax said that by January 31, it would allow all consumers to lock and unlock their Equifax reports free of charge for life. Equifax’s TrustedID Premier monitoring service (free for one year) also comes with the lock/unlock option for your Equifax credit report. Experian charges $10 a month for the option with its IdentityWorks Plus service, and Trans Union lets you lock your TransUnion report via its free TrueIdentity.

If you must enter your credit or debit card number when you sign up for any “free” service, that’s a sign you may be charged after a free trial. The lock appears to serve the same purpose as a freeze, and it may be simpler to use. But the lock often lasts only as long as you’re enrolled in the program offering it. A credit freeze remains until you remove it (except in Kentucky, Pennsylvania and South Dakota, where a freeze expires after seven years). Freezes are governed by state laws, and in some states, you may be able to sue in court over a violation of the law, says Chi Chi Wu, staff attorney for the National Consumer Law Center. The TransUnion and Experian services mentioned above both include arbitra-tion clauses. Bottom line: A freeze may require more money and effort, but it rests on firmer ground than the lock.

Below are three or four stolen identity stories:

Richard Todd Davis
Because he asked for it…. LifeLock CEO Todd Davis was so confident in his company’s ability to stop stolen identity cases that he began an advertising campaign that included sharing his social security number. Imagine posting your Social Security Number on billboards, commercials and even on the side of trucks. This was just trouble waiting to happen.
The marketing ploy ultimately backfired when several reports showed his social security number being compromised and used for taking out loans and opening new accounts. Rather than building confidence among LifeLock’s clients, it just casted more doubt about the credibility of his marketing campaign and how ill-advised this marketing strategy turned out. And coming from a personal identity theft company’s CEO, this spoke huge volumes not just about him but his company in particular.
An article published in June 2007 showed how Todd Davis himself became a victim of stolen identity. New came out that Davis had fallen victim to a man in Texas who had used his ID to take out a $500 loan. Todd Davis only found out of the theft after a collection agency informed him of his unsettled debt. After first trying to cover up the story and then trying to put a positive twist to it, Davis claimed that this was the first and only time this happened.
But it was later found out that this was not the only incident. Somewhere in Albany, Georgia another person had taken hold of Davis identity and opened an AT&T wireless account. The company later authorized a collection agency to recover a $2,390 debt. This was when LifeLock CEO Todd Davis became aware that his identity has again been used without his consent.
Lesson learned, if you want to protect your personal identity don’t go posting it over billboards or sharing it over commercials. The first cardinal rule of stolen identity protection is to always keep it safe in the first place. Amazing how an ounce of common sense could beat spending hundreds of dollars in identity protection services.

John Harrison

A twenty year old who took him for a ride…. Imagine the horror of waking up to news that you had accumulated hundreds of thousands in debt after someone used your identity for unauthorized purchases. This is exactly what happened to John Harrison, a Connecticut salesman. Jerry Phillips, the twenty year old who stole John Harrison’s identity went on a shopping spree that included purchases to Home Depot, JC Penny, Sears, Lowes and even bought two cars from Ford, a Kawasaki and a Harley. In just four months Jerry Phillips was able to accumulate $265,000 in purchases.
Jerry Phillips was later arrested and imprisoned for three years. He even went as far as to apologize to John Harrison saying, “Sorry. You know, I wish I could make it up to you.” John Harrison felt that the nightmare was over with the criminal behind bars and even verbally acknowledging his regret over the crime. But despite all of this and a letter from the Justice Department confirming that John Harrison was a victim, he still found himself owing $140,000 to different creditors.

Carlos M. Gomez

Waking up in the middle of the night realizing that federal agents has just entered your home with guns pointed and slapped with handcuffs certainly qualifies as one of the most horrifying ordeals in anyone’s life. And this is exactly what happened to Carlos Gomez, a UPS driver accused of being involved in a million dollar money laundering operation headed by a Wachovia bank employee.
Carlos spent close to two weeks in prison and another seven months under house arrest before federal prosecutors realized it was a mistake. With the prospect of losing his job because he was unable to inform his boss at UPS that he couldn’t report for work because he has just been arrested, Carlos contemplate the implication of his arrest.
Gomez was included in the list of 13 co-conspirators. He asked the agents what was he being charged with and the agents answered money laundering. He was also presented Wachovia checks bearing his name and replied that this was not his signature.
After spending nearly two weeks in detention, Carlos was released on a $100,000 bond. He resumed work for UPS but was only allowed to work during the day but remained under house arrest during the night.
In a country where everybody is presumed innocent, the burden of proving himself innocent was squarely on his shoulders. He took polygraph tests on his lawyer’s advice and passed. He then went to a local branch of Wells Fargo, the one who took over Wachovia and asked the address of the checking account used to launder money.
We preach the importance of identity protection every single day, but for this blog post, we’re letting these scary and real identity theft stories do the talking.

Passport theft connects Australian woman to murder plot

An Australian woman, Nicole McCabe, was 6-months pregnant and living in Israel when she found out she was wanted for murder. She was listening to the radio and a news bulletin proclaimed that three Australians were being linked to a Dubai hit squad, Mossad, that was responsible for assassinating Hamas chief Mahmoud al-Mabhouh; her name was one of those read by the announcer.
It turns out that Nicole, along with the other two Australians, had their identities stolen. She was still in possession of her real passport, but the thieves used her personal information to create a new fake passport. Luckily, the fake passport did not have her picture on it — it was the thief’s photo — so the theft of her identity was a bit more obvious.

Meth addict house guest steals retiree’s life

When retired nurse Helen Anderson flew to visit her sick daughter, she let her niece Samantha housesit. She was, however, adamant that no friends were allowed over. When Helen returned home, she found Samantha in the house with her friend, Alice Lipski. Helen asked Alice to leave, but didn’t think anything of it.
It turns out that Alice was an expert identity thief and meth addict. After stealing mail and receipts from Helen’s home, she completely took over Helen’s identity, withdrawing money from existing bank accounts and opening new credit cards. She even signed up for a credit monitoring service so she could view Helen’s entire credit history. Alice reported every inactive card on Helen’s credit history as lost or stolen so she could get new cards, usernames, and passwords — locking Helen out of her own accounts. All of Helen’s mail was sent to Alice’s house.
She was finally caught after forgetting her purse at Macy’s, and charged with ten counts of identity theft; her and her friends had stolen nearly $1 million using the information of other people.

After mother’s passing, identity theft victim learns the truth

When Axton Betz-Hamilton learned her identity had been stolen, she had no clue who was responsible. Her parents had been victims of identity theft 20 years earlier, so she just assumed that whoever had stolen their identities had also stolen hers when she was a child. The truth came out, though, when her mother passed away.
Axton’s father found an old file box with a 12-year-old credit card statement in his daughter’s name. The card, however, had been issued in his wife’s name. Axton and her dad began going through all of her mom’s old belongings and they found a paper trail that revealed over 20 years of fraud. Her mom had stolen her identity, her father’s identity, and compromised her grandfather for about $1,500. They have no idea how much deeper the theft went, but most people never expect to be robbed by their own parents. Unfortunately, identity theft stories like this one aren’t all that uncommon.

IRS employee steals identities and commits tax fraud

Nakeisha Hall spent most of her career with the IRS working in Taxpayer Advocate Services, helping individuals who had been victims of tax fraud. In reality, she was actually stealing their identities from right under their noses. From 2008 until 2011, she used IRS computers to get access to names, birth dates, and social security numbers. She used the stolen information to submit fraudulent tax returns and requested the refunds on debit cards.
Overall, Nakeisha stole more than $400,000 — though that’s pocket change compared to the more than $1 million she tried to steal. She was ultimately convicted for her crimes and sentenced to nine years in federal prison.
Scared by these real identity theft stories? Identity theft happens to thousands of people around the world every single day. Learn more about receiving identity protection and restoration services from IdentityForce — it’s one of the smartest ways to help keep your identity safe from prying eyes.

The BIG Question

The big question here is how does your bank protect your personal information (Social Security Number) especially for closed accounts?
It doesn’t…. it’s security measures are used when NOT needed and NOT used when needed.

My Story

For example, this morning [2017-03-Nov.] I charged on my debit card a full tank of gas for my FJ Cruiser, and breakfast. This is not the first time this has happened.
In my case ID fraud has been off and on for years now, first notices when I was living in NYC about 30 years ago and noticed the credit bureaus were hashing other John Silva’s into my account like my cousin John Joseph Silva. I’m John A. Silva. Grant at one point we both lived at the same address on Atlantic Ave. B’klyn NY 11201.
However, at times with those stores that don’t require PIN codes, or I chose Credit vs debit and my card was declined. It seems to work ONLY when I used my PIN.
I logged on and found that the bank “noticed,” that there was unusual activities, in the use of my debit card, which I have been using for years. Yes, it has been used by others and yes some merchant has compromised my card at least once in the past, by charging twice $900 for Valet Service in B’klyn NY, that’s $1,800.00 to ransom some ones car from the Valet Service. I was in Sta. Maria area of Central California. Now I’m in Orlando FL area of Central Florida. So I understand bank security will setup a block on you debit/credit card(s) if one is not charging the card near where one lives per address of home of record.
My card had been charged by a company in Perth Amboy AU, to the tune of about $2,500 I never been there nor to my knowledge, authorized and/or used any virtual service that may have authorized such a transaction. Similar charges, of about ~$1,800 per year, are being taken out via the account to an outfit in Edmonton CAN, perhaps another ponsi scheme…
There has been most definitely, installment payments made to a ponzi scheme ZEEKREWARDS.com (ZEEKLER.com) of about ~$150.00 every two weeks or so via SolidTrust.com ( which is now Payza.com, I believe ) while I was in California working for the last one or two years of my tenure there. They moved offshore and became bidambassadors.com .and/or. bidsforkids.com and at least $10.00 was for a time withdrawn thereafter every month ‘till the debit card account was changed out, once discovered.
Washington, D.C., Aug. 17, 2012 -- The Securities and Exchange Commission today announced fraud charges and an emergency asset freeze to halt a $600 million Ponzi scheme on the verge of collapse. The emergency action assures that victims can recoup more of their money and potentially avoid devastating losses.
The SEC alleges that online marketer Paul Burks of Lexington, N.C. and his company Rex Venture Group have raised money from more than one million Internet customers nationwide and overseas through the website ZeekRewards.com, which they began in January 2011.
https://www.sec.gov/news/press-release/2012-2012-160htm

But, when security measures was needed, that is when someone decided to hijack my ID and use my account to pay their bills to the tune of between ~$1,100 -- $1,200+ per month, going on about 6 years now not a peep was heard.
Yes, I investigated and several issues popped up that are plausible. Per, Social Security(SS) Admin, I must have owed, Student Loan(s), back Tax(es) [IRS, FL & CA Dept. of Revenue], Child Support(CS) Payments etc. My Passport has been pulled and FL - Driver’s License has been revoked.
So, out of about ~$1,900.00 payment by SS I get ~$511.00 per month. After the bank conducts it’s transactions that are pending or overdue I get ~$211.00 to spend for the month to include NSF fees for legit and illegit, that’s authorized and unauthorized transactions… they process debits, before credits, which seems to me counter productive and illogical, go figure.
Fine, but they were NOT sure, about ID Fraud and who was taking money out of my account, neither was the bank.
The amount from time to time -- fluctuates. CS, gets lifted when a child becomes 18 yo that happened in July 2016, my daughter became 18. ( However, it has the potential to get reinstated should she decide to go to college ‘til she’s 21 yo. She happens NOT to be incountry she’s in Dvo City, PI where she was born with her grandmother. ) But started again the following year. Both times I called and complained to CS. And shortly thereafter payments were lowered. Still NOT sure, all I owed was ~2,999.00 to CS. Now I’ve been paying CS-FL via payday garnishments all those years, every two weeks, from CA …so I don’t understand how I owe almost $2,999.00.
As I said payments were taken out at $1,100 for several years then $1,200 the last 4 months beginning July 2017. Could it be I owed CA Taxes, my x sent an email that was a FYI sent to her from CA - Dept. of Revenue or State of California Franchise Tax Board, saying I owed back taxes for last 2 years.
I haven’t lived there for the last two years, left circa April 2015, after I lost my job.
I called Child Support Enforcement and it turns out my estranged wife, the one who moved from Orlando FL to Chicago IL and didn’t tell me did file for child support.

My account has been credited with $1,444.00 at beginning of the month of 2017 November, apparently my "debt" if you can call it that, has been paid. I'm still short about ~$400.00 per SS benefits paid on the 3rd of the month. So, I'm NOT sure what is going on, no one can give to me a straight answer, not child support services or SSA or IRS etc My Tax refund for $987 processing is still being "procesed". "Your tax return is still being processed." "A refund date will be provided when available." And it's been almost a year, so something is wrong. Perhaps I didn't specifiy wheterh or not I have medical Insurance, but I'm 66 yo I have medicare, don't they know that? I wonder.

About LifeLock, it’s coverage must have lapse, I’ll have to check it out. ”We detected your identity on either the Dark Web, Deep Web or Peer-to-Peer Networks.” LifeLock...

Potentially Related to or Exposed At:
modbsolutions.com

“We will continue to monitor for any activity within our network and if we detect anything we will send another notification.

The only actions that are required at this time are:
1. Change your password associated with the effected website or service immediately.
2. Change the password for any other website/service that may be using the same password.
3. LifeLock also recommends setting up 2-factor authentication if available with that website/service.”

Note: I have done all these things, change to 2-factor authentication for the likes of brokerage investment bank accounts (password/ pin changes every 60 secs.), where possible and change password frequently for all my accounts.

Don’t Worry John! LifeLock Has You Covered.
• • Sent: Tue, Dec 20, 2016 at 8:21 PM
• & again at: Wed, Oct 5, 2016 at 7:02 PM

Yahoo has been compromised.

We want to make sure you are in the know whenever data security
breaches occur. As you may have heard, Yahoo has announced
another data security breach.

https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html
~1BB users compromised.

Don’t Worry John! LifeLock Has You Covered.
• Sent: Wed, Sept 20, 2017 at 8:21 PM
• & again at: Thrs, Oct 5, 2017 at 7:02 PM

Experian has been compromised.

We want to make sure you are in the know whenever data security
breaches occur. As you may have heard, Experian has announced
yet, another data security breach.

https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html
~143MM IDs compromised.
https://krebsonsecurity.com/2015/10/experian-breach-affects-15-million-consumers/

About LifeLock, it’s coverage must have lapse, coverage ended Mon, around and about Dec 5, 2016 at 9:41 AM. Story of my life, up sh!+s creek without a paddle…. At this time I ‘m homeless 4 months already…

LifeLock Cancellation Msg sent: Sat, Jan 28, 2017 at 4:29 PM.

I have been looking for work for 27 months now. It seems, I can’t get a job, because the fact that I’m bonded, licensed, insured and certified is now in question -- my security clearance is now in question, as a result.

Back to my x- this is not the first time she has done this - moved and didn't tell me. I was working overseas in Saudi Arabia, Kuwait/ Iraq and Afghanistan she I though was either in the Philippines, visiting her family and attending Nursing School that I put her through or in New England at our home in either Hudson or Nashua NH, area.

When I came home on vacation she was found to be in Florida 1500 miles away. She first moved to Clearwater then tamp and finally settled in Orlando FL working as an accountant for Orlando Housing Authority. In the process I'm missing about ~$10,000.00+ a house, a 1998 Mustang that was paid for and was apparently traded in for a Sebring Touring car, bought at an Enterprise Rental Car aftermarket dealership.

Recently I was working in California, for the last 7 or 8 years, and came home after I lost my job and found she had moved again, as previously mention, herein. I find out via posts to facebook pages, with geotags, for her and my daughter that they are in Wheaton Ctr., Wheaton IL, just outside of Chicago and work for you guessed it -- the Housing Authority - as an accountant or bookkeeper. The Housing Authority in Orlando is missing about $400,000.00 and they blame the accountants. The housing Authority in the Chicago area, is missing millions some say about $8MM and again the accountants are blamed. Someone in the Orlando area bought a house or should I say a mansion for about $1MM and is selling it for about $8MM, he has been accused of selling bogus insurance plans to the area housing authority in Chicago, go figure. They in addition have about $100MM in the bank, something they have been criticized for, since this amount should be invested in real estate for the benefit of the public, per their charter. Now, I am NOT saying one thing is connected to the other, or another thing -- I'm just saying ...but this is too coincidental. I'm sure she had nothing to do with it. ( She wasn't there, she didn't do it. She's a member of the witless protection program. )

Again, in the process I'm missing about ~$13,200.00+ per year, she claimed Child support, and another $1,600 for medical expense and insurance for my daughter ( per Child Support, agreement ), a house, and Hummer-H3 (Colorado) pickup truck, which she supposedly bought for me, since she felt guilty about taking my '98 Mustang -- but I ended up having to pay for it, because she couldn't. I later returned at the end of the lease term - 36 months - and owed ~$6,600.00 fee for overage in mileage.
I asked her, "What's up with that?" and she said, "I get excited when someone lends me lots of money, like that."
About credit, she's like a kid in a candy store, 'till the bill comes at the end of the month and she realizes she can't afford it. She also signed and cashed check(s) - for tax refund(s) that was mailed to the house, form either IRS or a Franchise Tax Board office like either from CA, FL or AL Dept of Revenue and didn't tell me. She would also cash checks that related to the Hummer-H3 vehicle, since it turned out to be a leased item and had extended warranty. So every time I changed the oil for example, bought a tire or other wise repaired the vehicle and paid for it a check(s) would be issued, and mailed as compensation, by US Warranty -- that I never saw.

When I caught up with her, I asked her, "Where did you get the money to move, like that?" She said, "I hit the Lottery!" I asked, "which one?," and got no answer.

Are you or your ID on the dark web, find out at https://www.experian.com/scan


Comments

Post a Comment

Popular posts from this blog

Set Expectations:Seven (7) Things You Should Stop Expecting from Others...

Image
 Life -Practical Tips for Productive Living: Live,  simply!  Laugh, often!  Love,  deeply!  Leave a Legacy!  The Power of Positive Expectation: Seven (7)  Things You Should Stop Expecting from Others...  To manage your life; don’t let others’ expectations define how you live. Expect more things to be grateful for, and you’ll attract more things to be grateful for. The pupose of life, is a life of purpose. And consider the converse of the two statements above.  No-one wants to be told how to live. Don’t expect people to live up to your expectations. That’s one of the hardest things in life:  we have a hard time understanding that people are not under our control. Similarly, people’s expectations are theirs; you have no obligation to fulfill them. Pushy influence always creates disappointment. ... how you live. Your glass is neither empty nor full; it's already broken. ... That's why most people don't live the life they want. Ever...
Read more

A rare subependymoma brain tumour

Image
John. S.  "> May have a similar story the hit n run accident resulted in a lill' brain hemorrhaging in2019, sezures and vertigo... A year and a half ago, a biopsy was performe, he under-went surgery to remove the tumour in 2020 but has been left with life-changing effects, including 50% blindness, weakness, fatigue, confusion and short term memory problems... As time goes by certain weakness become strengths and in about 6 months he's 99.9% himself again... Supposedly!?   Log into Facebook | Facebook Log into Facebook to start sharing and connecting with your friends, family, and people you know. Video of brain surgery.gif How long do you live after being diagnosed with brain canc er? Reports of survival rate or life expectancy greater that  five years  (which is considered to be long-term survival) vary from less than about 5% to a high of 86%, no matter what treatment plan is used; recovery (cure) from brain cancer is possible, but realistically, complete recovery...
Read more

Survivor of Hit-and-run Recovers from Brain Injury at Advent Health(gotmerly, Advent Health( formerly, Osceola Regional Medical Center)

Image
Survivor of Hit-and-run Recovers from Brain Injury at Advent Health(gotmerly, Osceola Regional Medical Center) John Silver recalls all the things he forgot.  "In the course of four hours, I lost the ability to walk, talk, read, write, or recall any of my life."  --Jungyeon Roh  Now, Silver wants to share his recovery with others. He knows recovering from a traumatic brain injury, a little bleeding in brain (hemorrhage) amongst the other numerous injuries he suffered like a broken finger, and several contusions and fractures can be discouraging, especially during the holidays. As he continues to work on his recovery he is forever training to be an electrical and electronic engineering and plans to continue drawing, taking pictures and writing. Jon Silver, a survivor of a hit-and-run, is starting just off the new year with hope and inspiration through art and words. Just short of decade ago Silver had a bright future ahead of him and he was looking forward to early retireme...
Read more