We know you take care of your personal information in your own home by shredding documents, right? And you probably expect that your bank and other financial institutions take the same precautions too?

But according to this WMAR-TV report last week, an M&T Bank branch in Rodgers Forge had tossed documents listing customers' personal information into a dumpster without shredding or otherwise destroying them first. Reporters found recent letters, papers with account numbers and even a copy of one customer's driver's license, according to the story.

The branch was originally part of Bradford Bank, which was taken over by M&T in August.

An M&T spokesman said the mistake stemmed from one employee's error. Most of the data was old or obsolete, he told WMAR, and credit monitoring has been offered to affected customers.

But the breach violates both federal and state regulations, according to ... 

Continue reading "M&T Bank dumps personal information: Naughty Business of the Week" »

Posted by Liz Kay at 12:08 PM | Permalink | Comments (0)
Categories: Identity theft, Naughty businesses/NBotW
        

Passwords may seem like the bane of our electronic existence, but don't let the tedium of entering (and remembering) passwords leave you vulnerable for identity theft or fraud.

The Privacy Rights Clearinghouse has provided these tips for choosing strong passwords that will thwart determined hackers using computing power to get your data.

1. Avoid using dictionary words. These passwords are easy for hackers to figure out using an electronic dictionary.

2. Don’t use personal information. Any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.

3. Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.

4. If the web site supports it, try to use special characters, such as $, #, and &. Most passwords are case sensitive, so use a mixture of upper case and lower case letters, as well as numbers. (Here's a tip: try replacing some letters such as "o" or "i" with the numerals "1" or "0". --- lfk.)

5. Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute- force attack can easily defeat a password with seven or fewer characters. Microsoft has an online password strength checker at www.microsoft.com/protect/yourself/password/checker.mspx

6. To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password. Be sure to add in numbers and/or special characters.

7. Create different passwords for different accounts and applications. That way, if one password is breached, your other accounts won’t be put at risk too. Do not use the same or variations of the same password for different applications.

8. Despite admonitions to the contrary, one easy way to remember your passwords is to write them down and keep them in a securely locked place. Never leave them on a Post-It note on your monitor, in an address book, in a desk drawer, or under your keyboard or mouse pad (or any other obvious place).

9. Consider using a secure password manager. The Firefox browser has a password manager already built in. The Firefox password manager and 4 others are reviewed at http://lifehacker.com/5042616/five-best-password-managers.

10. If you have already established a password that is not strong, change it! Web sites have a variety of procedures that govern how you can change your password. Look for a link (such as "my account") somewhere on the site's homepage that goes to an area of the site that allows password and account management.

Continue reading "Choose a hacker-proof password" »

Posted by Liz Kay at 9:00 AM | Permalink | Comments (0)
Categories: Identity theft
        

Heads up: Annapolis Police believe a skimming device had been installed on a Bank of America ATM in Annapolis between June 25 and July 5 to steal customers' debit card information, and they're looking for two suspects.

Bank employees reported that a customer spotted a suspicious box on the ATM on July 5. Annapolis detectives also noted several reports of bank fraud in which the victims had used that Church Circle ATM.

Skimmers are devices that copy the information from the magnetic stripe on ATM users' cards. The Annapolis Police have surveillance images of two suspects they believe installed the device onto the ATM.

Later, the card numbers were used to make online purchases, including cell phones in the United Kingdom as well as memberships to porn and other sites. 

If you, too, were prey to these criminals, contact the Annapolis Police at 410-268-9000.

Nicole Nastacie, spokeswoman for Bank of America, said the company does not comment on specific incidents but does work with law enforcement as well as monitors its ATMs for unusual activity. Anyone who spots fraudulent charges should contact their bank. 

How can you protect yourself from skimmers?

Continue reading "Skimmer suspected at Annapolis ATM" »

Posted by Liz Kay at 8:58 AM | Permalink | Comments (0)
Categories: Consumer protection, Credit cards, Identity theft
        

Maryland and nearly 40 other states have reached a $9.75 million settlement with TJX Cos., which suffered a massive data breach in 2005 and 2006.

Under the settlement, TJX — which denied any wrongdoing — agreed to improve its security practices and to pay a $5.5 million penalty and $1.75 million in attorney costs to the states. The retailer also agreed to set up a $2.5 million data security fund that can be used by the states to finance their security initiatives, according to Maryland’s Attorney General.

Maryland’s share of the settlement will be $92,790, says spokeswoman Raquel Guillory.

Security breaches several years ago led to the theft of 100 million credit card transactions involving consumers who shopped at company stores TJ Maxx, HomeGoods, A.J. Write and Marshall’s stores.

Posted by Eileen Ambrose at 12:32 PM | Permalink | Comments (0)
Categories: Identity theft
        

Freecreditreport.com will be curtailed even further within nine months, when the recently passed credit card reform bill goes into effect, according to the U.S. PIRG blog.

You may recognize freecreditreport.com from frequent commercials that hardly make a mention of the credit monitoring service it's really pitching.

U.S. PIRG reveals what they call a "hidden gem" in the CARD bill: Section 205, which curtails deceptive marketing of credit reports. Essentially it requires anyone advertising free credit reports must include language to inform consumers that "this is not the free credit report provided for by federal law" and to remind them to go to annualcreditreport.com.

U.S. PIRG also reminds readers that Marylanders are eligible for TWO free credit reports each year ... 

Continue reading "Freecreditreport.com limited by credit card reform bill " »

Posted by Liz Kay at 9:25 AM | Permalink | Comments (0)
Categories: Cheap/Frugal, Identity theft, Naughty businesses/NBotW
        

Maryland residents can review their credit reports from each of the three credit reporting bureaus twice a year. But what about the other organizations keeping tabs on your habits, including your insurance claims, your employment record and your rental history?

Under the Fair Credit Reporting Act, you're entitled to not only the credit reports but also other specialty reports, about your check-cashing history, your personal medical history if you have private insurance and other information. Details from these reports can affect whether you're approved for an insurance policy, the premium you're charged, your chances for getting a job or even a new lease on a home or apartment.

To check for errors ... 

Continue reading "Save money on insurance: Consumer Web Site of the Week" »

Posted by Liz Kay at 10:59 AM | Permalink | Comments (0)
Categories: Cheap/Frugal, Consumer Web Site of the Week, Credit reports, How To, Identity theft, Insurance
        

The Heartland data breach resulted in credit card fraud for only a small number of consumers, according to the company --- though they won't say how small is small. But dozens of banks and credit unions had to alert their customers to the potential that they, too, could have been affected, in some cases issuing new credit and debit cards, just in case. Provident Bank sent out new cards and put transaction limits on debit cards and Sovereign Bank will send customers a new card at their request.

Tom Field of bankinfosecurity.com pointed out the largest examples of similar data breaches weren’t banks themselves. For example, hackers used malware to capture millions of card numbers from the Maine-based Hannaford Bros. supermarket chain last March. And just two weeks ago, T.J.Maxx and Marshalls offered a 15 percent off sale to apologize to customers for a similar hacker attack in 2007.

"None of these happened to a bank and yet the banks are left having to explain to their customers, and to bear the cost of replacing the cards."

Unlike banks, which must have federally mandated security systems, companies such as Heartland aren’t held to the same standards, even though they handle TONS of financial data, Field said.

So how can you protect yourself?

Continue reading "Data breaches and credit card fraud: protecting yourself" »

Posted by Liz Kay at 10:02 AM | Permalink | Comments (0)
Categories: Banks, Consumer protection, Credit cards, Identity theft, Naughty businesses/NBotW
        

Some Provident Bank customers have been impacted by a data breach at Heartland Payment Systems, a Princeton, N.J. processor of credit card payments.

Apparently, hackers used malicious software -- 'malware' -- to steal credit and debit card numbers from the card payment processing company last year. Some estimate that the Heartland breach could affect tens of millions of cardholders nationwide.

Only customers who received a new card in the mail and a letter from Provident had their card numbers compromised, company officials say. If you got the new card, activate it and destroy the old one. 

Then, watch your statements --- and check old ones --- for problem transactions, because according to this Washington Post blog, Heartland doesn't know how long the malware was reading the numbers.

Some Provident customers thought the letter was a hoax or a scam,

Continue reading "Provident customers affected by Heartland data breach" »

Posted by Liz Kay at 1:30 PM | Permalink | Comments (1)
Categories: Banks, Consumer protection, Identity theft, Naughty businesses/NBotW
        

Happy Monday, everyone. I don't know about you, but I'm sick of candy already. I was visiting my Mom's and they had all of 9 trick or treaters so they were letting the kids grab handfuls from the candy bowl.

(ahem) I might have snuck a couple Junior Mints and M&Ms into my purse.

Anyhow, so did anyone going to the Waverly Farmer's Market notice how long that light is at Barclay Street? Well, thanks to Liz, the Department of Transportation has a fix set for the end of this month that will make those long car lines leaving the market go away faster. I feel like I need to go around the city and write down all the traffic signals that make me crazy because they're either way too long or way too short. 

There's one near Hopkins Hospital that is an accident waiting to happen since people run the left turn signal ALL the time. 

But I'm going to save my traffic light rant for another time. I don't want to start our Monday ranting... unless you feel like ranting?

Besides, I can't get to uppity since I have a confession to make about Social Security Number requests. I have to tell you that as much as I rail against companies that demand your SSN during a transactiion, I caved recently when I tried to renew my Verizon Wireless contract. The guy at Best Buy said he couldn't sign me up without it and I was pressed for time so instead of standing my ground and saying, "NO," I asked him if I could type it in myself... I hang my head in shame. 

Continue reading "Consumer Sundays: Green says go, Social Security Numbers and Open Enrollment" »

Posted by Dan Thanh Dang at 7:08 AM | Permalink | Comments (0)
Categories: Complaints, Credit cards, Healthcare, Identity theft, Personal finance, Watchdog
        

It's mid-September and we've already had news of three major data breaches.

Over at Forever 21, the discount clothing company for people who want to dress young (hey... I'm not judging, I buy pencil skirts from there once in awhile), the company just notified customers that their system "may have been illegally accessed to obtain customer payment card information."

According to Forever 21's press release, based on a Secret Service investigation, "we believe that the unauthorized persons accessed older credit and debit card transaction data for approximately 98,930 credit and debit card numbers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data."

La Liz told you over the weekend about BNY Mellon Shareholder Services, which "informed an additional 144,000 Maryland residents that their personal information - including names, addresses and Social Security numbers - may have been compromised in a data security breach."

Continue reading "Corporate data breaches continue: Forever 21, Countrywide and BNY Mellon" »

Posted by Dan Thanh Dang at 7:17 AM | Permalink | Comments (0)
Categories: Consumer protection, Consumer safety, Identity theft, Naughty businesses/NBotW
        

Sometimes it amazes me that we leave the house at all what with all the people out there trying to trick us, scam us, and steal from us. Once you get wise to them -- stop clicking on links in e-mails you aren't familiar with -- they find a new way to mess with you.

Good Consumer (and awfully nice colleague) Justine alerted us to a scam she just avoided:

I just got a call on my cell phone from an automated voice saying my card from a bank in Lancaster had been suspended. (I used to live there, though I do not have any accounts there now, nor at the bank they said it was.) The number appearing on my phone was from somewhere in Florida (305-666-3333). I called the number I was instructed to (which was out of Pennsylvania, 717-431-0764) to see what they'd say, and it was a wholly automated system asking for the card number, the expiration date and the PIN. That automatron did not repeat the name of the bank where my card was apparently suspended.

Of course, this is plenty of information to link my name with a credit card number to make fradulent charges. I hope nobody's given correct information to this scam.

Continue reading "Scam Alert: Robo Identity Thieves" »

Posted by Dan Thanh Dang at 11:12 AM | Permalink | Comments (0)
Categories: Cellular/Landline/Voice over Internet, Identity theft, Scams
        

I wrote about credit monitoring services and how they don't fully protect you against identity theft in today's Q&A. If you haven't read it, check it out since we discuss LifeLock, an identity theft protection company whose CEO has been flaunting his Social Security Number all over the place in an attempt to prove to potential customers how safe he feels using his company's services..

Too bad he's had dozens of attempts by various people to steal his identity with at least one person being successful.

In the column, I talk about credit freezes so I just wanted to remind everyone how we've told you before how to request a credit freeze here.

Continue reading "Credit monitoring services can be costly and ineffective" »

Posted by Dan Thanh Dang at 1:20 PM | Permalink | Comments (0)
Categories: Consumer protection, Credit reports, Identity theft
        

Got old, sensitive documents that you don’t want any identity thieves to get their hands on?

Shred ’em. And this Saturday you don’t even need to own a shredder to do so.

The Attorney General’s office is hosting a shred-a-thon in Greenbelt on Saturday. Prince George’s County residents can have their junk mail and financial papers ripped apart by local shredder Torn2Shredz. The shredding runs from 9 a.m. to noon at Eleanor Roosevelt High School, 7601 Hanover Parkway.

There are limits on the amount of paper you can bring for shredding. Each household can bring in enough documents to fill two standard-sized paper grocery bags

Shred documents that will have personal information that would allow thieves to steal your identity. Those include ATM receipts, bank statements, canceled and voided checks, pre-approved credit card applications, employee pay stubs and medical and dental records.

Posted by Eileen Ambrose at 5:37 PM | Permalink | Comments (3)
Categories: Identity theft
        

Stories today and earlier this week about a security breach at The Dental Network, a CareFirst BlueCross BlueShield dental HMO, caused concern for some readers who are current or former plan members who worried their information might have been compromised.

The business accidentally posted names, addresses, dates of birth and Social Security numbers of 75,000 members on its Web site for two weeks last month. Under state law that went into effect in January, companies are required to notify consumers if their data has been disclosed.

Some people who did NOT receive letters from The Dental Network have contacted me as well as the Identity Theft Program of the state attorney general's office asking if they, too, were affected.

Continue reading "Identity theft: who's at risk?" »

Posted by Liz Kay at 7:38 AM | Permalink | Comments (0)