Archive for September, 2017

Can Equifax’s Offerings Actually Protect Your Identity?

Saturday, September 30th, 2017

News about the massive Equifax data breach has been unrelenting since the credit bureau publicly disclosed its lapse at the beginning of September. It’s difficult to keep up with all the company’s blunders, not to mention the complicated fiscal policy and regulatory debates the incident has fueled. But weeks later, most consumers in the United States are still just trying to figure out what the whole thing means for them, and how to steel themselves against identity theft and fraud.

To this end, Equifax’s interim CEO Paulino do Rego Barros Jr. (former CEO Richard F. Smith “retired” on Tuesday) published an update to consumers in The Wall Street Journal on Wednesday humbling himself before Equifax’s critics and announcing an additional identity protection service that the company will give consumers for life beginning in January. At this point, Equifax has at least three similar-sounding identity protection offerings as part of its breach response. But there’s always that pesky question in security that has plagued the company before—do they work?

    More Equifax

  • Equifax Officially Has No Excuse

  • How to Protect Yourself From That Massive Equifax Breach

  • The Equifax Breach Exposes America’s Identity Crisis

“In the event something goes wrong, which unfortunately is inevitable, companies need to respond urgently, transparently, and empathetically—none of which Equifax did,” says Adam Levin, founder of the data security and privacy firm CyberScout and a former director of the New Jersey Division of Consumer Affairs. “So now they’re playing catch up and they’re coming up with all these options, like try this, try that.”

Experts maintain that Equifax’s offerings are ultimately productive, but caution that consumers need to really understand what the choices are so they can make the right defense decisions for themselves long-term.

For a Limited Time Only

Regos Barros announced in his public letter that Equifax will be extending the enrollment period for its credit monitoring and freezing services through January. Credit monitoring sends you alerts so you can catch any suspicious activity early, while credit freezes actually lock down your credit files so institutions you don’t already do business with can’t access your data without specific permission from you and special PIN numbers. A freeze significantly reduces the chance that a fraudster will be able to do things like take out a line of credit in your name. Personal identity security advocates have long favored freezes, but acknowledge that the measure isn’t necessarily for everyone (say, someone who anticipates applying for student loans) since it is fairly rigid and restrictive.

It is worth utilizing one or both of these tools, but at the end of the free year 143 million social security numbers (not to mention other valuable data) will still have been compromised in the breach, necessitating ongoing defense. “We generally tell people that if an entity is offering a free service they should strongly consider taking advantage of it,” says Eva Velasquez, president of the nonprofit Identity Theft Resource Center. “Consumers have to demand security over convenience so that businesses will respond. Just don’t be the low hanging fruit. Anything is better than nothing long term.”

The free monitoring and freezes have a short timespan, perhaps because they are services Equifax wants to resume capitalizing on as quickly as possible.

Longer View

The third service Regos Barros mentioned on Wednesday, a so-called “credit lock” tool, will debut in January, and will be a more flexible option through which consumers can lock and unlock access to their credit data whenever they want. “By allowing consumers to conveniently lock and unlock their credit files and monitor their Equifax credit report, this new service will prevent new accounts from being opened without the consumer’s consent,” an Equifax spokesperson told WIRED in a statement.

The other two major credit bureaus (Experian and TransUnion) already offer this type of proprietary service, but credit locks are a sort of black box compared to credit freezes, which have a set procedure codified by legislation. “We’re still neutral on it—we don’t know yet if it’s the best way to go,” the Identity Theft Resource Center’s Velasquez says. “What it locks and doesn’t or how the data can be moved and accessed with a lock is unclear. I’m not saying they aren’t identical [to freezes] we just genuinely don’t know.”

Experts agree that to protect themselves, consumers need to see past the gimmicks and noise to the long game of utilizing what Equifax and other companies that have experienced data breaches provide while planning to supplement as needed. If your data is compromised in multiple breaches over time you may be able to daisy chain years of free services together. And everyone can pull and review one complete credit report per year for free from Additionally, consumers need to be aware that credit monitoring, locks, and freezes alike don’t protect against things like tax fraud and medical fraud, in which identity thieves can file bogus tax returns on your behalf to claim your refund or jeopardize your insurance coverage by scamming your provider.

Consumers also may have more resources available to them for free than they realize. Some tools like resolution services for active fraud or general identity monitoring are available as a perk from certain insurance companies, financial institutions, and even human resources departments of large employers. “There’s no silver bullet, but there are options,” CyberScout’s Levin says. “With a lock or whatever new thing it’s sort of like ‘mazel tov, you have a lock!’ It’s an advertising gimmick. But the bottom line is no matter what you use, you just need to know as quickly as possible when you have a problem, and you need to have a plan.”

If you’ve lost faith in Equifax (fair enough) you may not want to trust the protections the company offers. But with so much already beyond your control, take everything you can get. Channel your doubts instead into finding out what other services you have available and forming a more comprehensive plan than Equifax is offering.

Article source:

Technorati Tags: ,

Riverside traffic stop leads to identity theft suspect – Press

Saturday, September 30th, 2017

A traffic stop in Riverside Thursday, Sept. 28, led to the arrest of a man suspected of identity theft.

Riverside Police Department officers stopped a vehicle around 5 p.m. and a records check on the driver, Fidel Islas, 29, of Riverside, revealed he had an outstanding felony warrant for possession of stolen property, according to the department.

While searching his vehicle, officers located numerous items related to identity theft, including bank cards, identification and journal entries with personal information belonging to many different people, police said. They also found suspected methamphetamine and drug paraphernalia.

Based on the names on these items, officers were able to contact several victims and determined many of the items were stolen, police said.

Islas was booked into the Robert Presley Detention Center in Riverside on suspicion of identity theft, possession of stolen property, possession of burglary tools, illegal narcotics violations, and the outstanding warrant. His bail is set at $501,000, according to jail records.

Article source:

Technorati Tags: ,

Identity theft nightmares: ‘I’ve spent my lifetime building up my credit’

Saturday, September 30th, 2017
Freezing your credit after Equifax hack...not so easy

William Burnett, a retired pilot in Texas, says he’s afraid to go to his mailbox.

That’s where the 68-year-old first learned that someone had stolen his identity, and where he continues to receive evidence that fraudulent accounts have been opened in his name.

var storytext = document.getElementById(‘storytext’);
var heightToSkip = 0;

function resetValues()
totalHeight = 0;
targetChildElement = null;

// Check if story is in the blacklist of articles to remove smartassets
// [2017.07.27] Results of a one-off request from r.barbieri
if(BLACKLIST[location.pathname] === true) {
if(storytext == null)
console.log(“Error finding storytext element for SA embed”);

for ( i = 0; i 0)
heightToSkip -= storytext.childNodes[i].clientHeight;
else if(heightToSkip minHeight targetChildElement != null)
//console.log(“total height = ” + totalHeight);
//console.log(“childNode = ” + targetChildElement);

storytext.childNodes[targetChildElement].insertAdjacentHTML(‘afterend’, smartAssetDiv);
smartasset = document.getElementById(‘smartasset-article’); = ‘left’; // allows module to have text float to right =’20px’; =’25px’;


/* bail out since we’re done */


/* div with id=”smartassetcontainer”. Sanity check to only embed once */
else if (storytext.childNodes[i].nodeName.toLowerCase() === ‘div’ storytext.childNodes[i].id !== “undefined” storytext.childNodes[i].id === “smartassetcontainer”) {

/* div with id=”ie_column” */
else if (storytext.childNodes[i].nodeName.toLowerCase() === ‘div’ storytext.childNodes[i].id !== “undefined” storytext.childNodes[i].id === “ie_column”) {

/* embeds from twitter, facebook, youtube */
else if (storytext.childNodes[i].nodeName.toLowerCase() === ‘div’ storytext.childNodes[i].classList.contains(’embed’)) {

/* cnn video player */
else if (storytext.childNodes[i].nodeName.toLowerCase() === ‘div’ storytext.childNodes[i].classList.contains(‘cnnplayer’)) {

/* images */
else if (storytext.childNodes[i].nodeName.toLowerCase() === ‘img’)

/* images stored in figure tags */
else if (storytext.childNodes[i].nodeName.toLowerCase() === ‘figure’)

He first figured out there was a problem in August when he got a letter from his bank. Ever since, he’s been playing an endless game of whack-a-mole trying to shut down the fake accounts as quickly as they pop up. So far he has not lost any money as a result of the fraud, but his credit has taken a steep and fast nosedive.

His sterling credit score tumbled around 150 points across the three credit monitoring agencies — Equifax, Experian and TransUnion — in a matter of weeks.

“Like many Americans I’ve spent my lifetime building up my credit,” says Burnett. “Each time they try to take out accounts in your name, your credit takes a hit.”

Burnett was already trying to reclaim his identity when he heard about the recent Equifax data breach, in which 143 million people’s personal and financial data were accessed, including Social Security numbers, dates of birth and addresses.

Earlier this month, he learned from Equifax that he was one of the ones affected.

But by then he had already contacted the credit agency to dispute fraudulent accounts and paid for additional credit monitoring. That was in August, a time when the company says it already knew of the breach.

Now he wonders if the Equifax hack is how the thieves got his information. He’s also wondering how many other people are out there are pretending to be him.

Finding the fraud

Burnett, who lives in rural northeast Texas, says his bank, Wells Fargo, was the first to notify him that there was fraud.

“Someone in Yucca Valley, California, was trying to set up a new checking and savings account in my name and change my bank mailing address to California.”

Wells Fargo shut down the new account. Unfortunately, that was only the beginning.

He now has a stack of mail from more than 30 companies that he’s never done business with. All of them are notifying him that someone has tried to open a new account or new line of credit in his name.

The list is long, and he says it includes many web-based financial companies like Allied Direct, Web Bank, Prosper Marketplace and PayPal, as well as other traditional lenders like Citi and Capital One auto finance.

There were also retail cards.

“I’m a retired pilot, I live out here in northeast Texas to be away from the hustle and bustle of cities,” he says in a Texan drawl. “Supposedly, I tried to set up a Victoria’s Secret account?”

Related: What to do if your identity was stolen after the Equifax hack

When the thief opened an account at a retailer where Burnett also has an account — Sears — the company alerted him that it had put a hold on his own credit card because they felt something funny was going on.

Hearing about Equifax

Although Equifax learned about its data breach in July, hackers accessed the personal and financial information between May and July. The company did not notify consumers until September.

Burnett had assumed his identity was stolen because a doctor or dentist office had been careless with his Social Security number.

Then he found out about the Equifax breach.

“Oh boy, I was really hot to trot,” he said.

There is no way to know for sure how thieves got his information, but the situation Burnett is dealing with is exactly the kind of thing a thief could do with the data they got from Equifax.

And Burnett has no sympathy for the credit agency: “If they go out of business, tough, they aren’t doing anything to help us.”

CNNMoney asked Equifax about Burnett’s situation, and the company selling credit protection services to consumers during the time that the company was aware of the breach. Wyatt Jefferies, a spokesman for Equifax, acknowledged the questions but did not respond to either query.

How to shut down thieves

Burnett has become something of an accidental expert in shutting down accounts and alerting authorities.

The first thing he did when he learned he was a victim of identity fraud was to notify the Federal Trade Commission. He also notified the Social Security Administration and local law enforcement officials.

Next he set out to deal with the individual accounts that had been opened.

When he calls the customer service numbers to alert them to a fake account in his name, the first thing he always says is, “I would like to speak to your fraud department, please.”

Many have been very helpful, he said. “Only a few have been nasty.”

Even though he took and paid for the credit monitoring Equifax offered before it announced the data breach, Burnett has now taken the more extreme step of freezing his credit with all three credit agencies.

A credit freeze prevents anyone from being approved for credit or opening a new account in his name. It is the strongest way to stop this type of fraud.

But by stopping the thieves from getting credit, he stops himself, too.

“If I want to buy my wife a new car I have to lift that freeze,” he said. The freeze can be lifted by notifying the credit agencies of an intention to apply for credit several days before applying.

“It’s going to create a new hassle for us,” Burnett says, “but nothing compared to what we’ve been through.”

Article source:

Technorati Tags: ,

Kempner: Identity theft emptied his 401(k) retirement. Who’s next?

Saturday, September 30th, 2017

Haven’t checked your retirement account balance in awhile? Um, now might be a good time.

Few financial nightmares are as frightening as life savings being looted through identity theft. It isn’t easy, but it’s also not quite as difficult as I had thought.

Steven Voss checked his 401(k) account balance a couple months back. It was empty.

“It’s an awful feeling,” he told me.

“It’s taking away your future and giving to somebody who has done nothin’ but lie, cheat and steal from somebody who worked all their life.”

Good news: He had moved most of his money out of that account months earlier. And the retired engineer, who lives near Salt Lake City, was made whole for the $42,000 loss he did have.

Bad news: other bad guys are eyeing retirement accounts.

In Voss’ case, looters had called the investment company that holds his account, industry giant Prudential Financial. A caller pretending to be Voss apparently used surprisingly little information — Voss’ name, address, date of birth and Social Security number — to order a check to cash out his 401(k) account. The check was slated to be delivered to Voss’ home address, but a caller later asked for it to be diverted to a local UPS store.

Because Voss checked his balance and discovered the scam, police were able to get there first.

They arrested two Georgia men, Abdulrasheed Adeola Yusuf, 29, of Lilburn and Temilade Damilare Adekunle, 31, of Lawrenceville, according to local media reports. There were multiple IDs in their car and an $85,000 check from another victim, according to an FBI statement in court filings.

 Abdulrasheed Adeola Yusuf, 29, of Lilburn, Ga. was booked on a variety of charges, according to the Salt Lake County Sheriff’s photo
The Atlanta Journal-Constitution

The Atlanta Journal-Constitution

Abdulrasheed Adeola Yusuf, 29, of Lilburn, Ga. was booked on a variety of charges, according to the Salt Lake County Sheriff’s … read more

The FBI and Newark-based Prudential told me the investigation is ongoing, but spokesmen declined to share details about its scope.

“We are working with other financial services companies and sharing information about this,” said Erez Liebermann, Prudential’s chief counsel for cybersecurity and privacy.

He told me that Prudential routinely reviews its authentification practices based on threats it sees.

Voss said he was one of at least five people at his company who had their retirement accounts hit. And he read a letter to me that he said he got from his employer about the investigation: “other retirement providers are experiencing similar fraud incidents on accounts they administer.”

This kind of stuff is really rare, right? Well ….

There appears to be little or no data on how often it happens and how many investors have discovered their retirement accounts were emptied through identity theft.

I checked with a bunch of abbreviations: the FBI, the FTC, FINRA, the U.S. DOL’s EBSA, etc. They didn’t have stats or didn’t have any readily available.

Fraud fighters told me that identity theft involving retirement accounts appears to be increasing, expanding from fraud involving bank accounts and home equity lines of credit. It often involves what’s called an account takeover, where the fraudster calls or goes online to take control of an account.

“It’s a daily battle that industry is dealing with,” said Matt LaVigna, who leads the National Cyber-Forensics Training Alliance, a Pittsburgh-based nonprofit that pulls together corporate and law enforcement investigators.

LaVigna said he suspects there may be hundreds of thousands of attempts a day on all kinds of financial accounts in the United States.

“We are dealing with a persistent criminal threat,” he said. “They are very determined, and they are more organized than people can believe.”

 Temilade Demilere Adekunle, 31, of Lawrenceville, Ga., was booked on a variety of charges, according to the Salt Lake County Sheriff’s photo
The Atlanta Journal-Constitution

The Atlanta Journal-Constitution

Temilade Demilere Adekunle, 31, of Lawrenceville, Ga., was booked on a variety of charges, according to the Salt Lake County Sheriff’s … read more

Massive cyber attacks that expose consumers’ personal information, such as what happened in the recent Equifax data breach, can give identity thieves fresh material to work with, he said.

The Equifax breach included primarily names, Social Security numbers, birth dates, addresses. That’s the same type of of data thieves used to loot Voss’ retirement account, though Voss said there is no indication that the Equifax breach is tied to his situation.

Ed Koby, a supervisory special agent in the FBI’s Newark office, told me identity thieves he’s tracked try to get a variety of information on potential victims, including account numbers. But Social Security numbers are “a critical piece to have.”

Do we really have to think about this?

We already have more than enough stuff to give us night sweats: Nuclear war, North Korea, our polarized society, whether we should kneel or stand, the wage gap, the health gap, robots taking our jobs.

Is the security of our retirement accounts really something we have to worry about?

“Yes,” anti-fraud experts told me. Not “yes,” like we need to panic. But “yes” like, with life savings on the line, it’s worth taking smart steps right now to limit the risk.

I’ve got some steps for you in a minute. But first…

How hard is it for thieves to pull this off?

It’s generally far easier and faster for identity thieves to abuse credit card accounts, the FBI’s Koby and others told me. But some thieves are drawn to the bigger potential payout of a retirement account.

A credit card gig might net $3,000 before it’s discovered, he said. A successful attack on a single retirement account that can net hundreds of thousands or more.

Personal information about potential victims can sometimes be bought online from cyber thieves. Sometimes thieves use that material to trick helpful customer service representatives at investment companies into providing more personal data on the victims.

How’s that for a twist? Nice and helpful can be bad and costly.

The thieves also need mailing addresses or bank accounts where the money can be sent without making financial institutions suspicious.

There are other tactics.

In 2012, a worker at a New Jersey call center for retirement accounts used confidential customer information, including PIN numbers to take over accounts. He and others snagged more than $750,000 in checks before being arrested, according to the U.S. Department of Justice.

And in 2009 a former worker at a Kansas City casino was sentenced to prison after using a co-worker’s Social Security number and PIN to pull $18,000 from a 401(k) account, according to the U.S. Department of Labor.

If thieves ransack my 401(k) or similar retirement account, will anybody reimburse me?

Probably. So far, people who work in this area tell me investment companies have reimbursed all the money victims had in their accounts if it’s clear that identity thieves stole their money.

That doesn’t mean you should relax. It’s your life savings; take steps to protect your financial future.

Here’s what some of the fraud fighters I spoke with suggested:

— Check your retirement account often. Check the balance and your listed addresses, phone numbers and emails. Promptly notify the company if there’s a problem.

— Don’t ignore notices from your company about account changes.

— Restrict access to computer and mobile devices the account management company recognizes.

— Add email alerts on the account to notify you when important changes are made.

— Use a tough username and password for online access to the account. It should differ from other usersnames and passwords you have.

— Avoid choosing security questions that scammers could find the answers for online or in social media.

— Request two-factor authentication to gain access to your account. This involves one-time access codes emailed or texted to the account holder.

Related coverage:

Equifax breach: How to protect yourself from what’s coming next

Life’s sure things: death, taxes, identity theft

143 million reasons to be mad at Equifax’s (ex) CEO

Equifax breach fiasco? It’s actually a stunning repeat

Find Matt on Facebook and Twitter or email him at

Other Kempner’s Unofficial Business columns

Article source:

Technorati Tags: ,

Winsted police charge man with identity theft

Saturday, September 30th, 2017

  • The Winchester Police Department in Winsted. Photo: Ben Lambert / Hearst Connecticut Media



WINSTED — A man arrested Wednesday is accused of using a local resident’s personal information to secure a credit card and obtain cash advances totaling $8,000 from various banks across the state, according to a release.

Jeffry Batista-Hernandez, 26, of West 160th Street, Bronx, New York, was charged with third-degree identity theft, police said in the release.

Batista-Hernandez, who used a Pennsylvania license, was identified through bank surveillance and found in the Bronx. He was released on $5,000 bail and issued a court date of Oct. 6.

Article source:

Technorati Tags: ,

Identity theft protection increasingly important to employees

Saturday, September 30th, 2017
Only half of HR professionals report that they currently offer identity theft protection to their employees. (Photo: Getty)
Only half of HR professionals report that they currently offer identity theft protection to their employees. (Photo: Getty)

As the War for Talent keeps escalating, more employers are offering additional benefits and perks to attract, retain and motivate talented employees — including identity theft protection, according to IdentityForce’s 2017 Progressive Benefits Survey.

The survey polled 105 human resource professionals and found that two-thirds (68 percent) consider identity theft protection an increasingly important employee benefit, while only half currently offer identity theft protection to their employees.

Article source:

Technorati Tags: ,

Los Fresnos Man Claims Falling Victim to Identity Theft, Fears L

Friday, September 29th, 2017

LOS FRESNOS – A Los Fresnos man is worried he could lose his government benefits.

He claims his identity was stolen and now he’s left trying to prove his identity.

A bad accident while working in the oil rigs years ago left Robert Celaya with severe injuries to his back and hands. He said he depends on his disability check and food stamps to get by.

“I’m right here, disabled 100 percent,” Celaya said. “I can move them (my hands), but with a lot of pain. I can’t stand for an 8-hour period because of my back problems, and arthritis is created all on my right side.”

Letty Puga, director at the Los Fresnos Housing Authority, told CHANNEL 5 NEWS they received a notification from the Social Security office alerting them that Celaya’s Social Security number showed he was employed with a company in Midland, Texas.

Celaya has been a housing resident for years, Puga said. However, they still had to ask him to provide documentation to prove he still qualified for housing assistance.

Celaya said he’s now scared to lose his benefits.

“I’m surviving with the benefits that I have,” he said. “If someone comes in and messes it up, I’m doomed. I have nowhere to go, I’ll be homeless.”

Celaya believes this identity theft stems from a wallet he lost nine years ago. He said it’s never been an issue until now.

Dolores Salinas, president of the Better Business Bureau in Weslaco, said identity theft doesn’t have a time limit.

“There’s no way of you knowing when, whoever got a hold of your information, is going to use it,” Salinas said. “If he would’ve taken the proper steps nine years ago, and reported everything in his wallet as lost and done an identity theft kit at that time, then it’s possible this could’ve been averted.”

The burden falls on Celaya now, Salinas said, to prove he still needs government help and not making money in Midland.

“You’re superseding the amount of money that you can have in income, coming into your household,” she said.

Salinas said identity theft cases can take years to clear-up. It can be done quickly, but you will need proper reporting and documentation.

Celaya said it’s taking a toll on him. He’s filed a police report with the Los Fresnos Police Department.

Officials at the housing authority said as soon as he provides them with that report, they’ll be able to continue helping him.

They added as long as someone keeps using his Social Security number, he will have to go through the process every year.

Article source:

Technorati Tags: ,

Suspect wanted for Identity theft, bank fraud in Md. |

Friday, September 29th, 2017

Article source:

Technorati Tags: ,

Equifax skips hearing on identity theft, data breach

Friday, September 29th, 2017


Vowing aggressive action in response to the massive Equifax data breach, a panel of New York lawmakers gathered Thursday to hear from consumer advocates and financial services firms alike about the best ways to safeguard sensitive information and prevent cyberattacks.

Equifax and the two other major credit monitoring firms didn’t show up.

The companies’ decision not to attend irked lawmakers, who said they’ll push ahead with plans for tougher regulations on credit monitoring firms following a cyberattack on Equifax that exposed sensitive information belonging to 143 million Americans, including 8 million New Yorkers.

“I see that as a real slap in the face to the 20 million residents who call New York home,” Sen. David Carlucci, a Rockland County Democrat, said of the companies’ decision to decline the invitation to appear. “We want answers. We want to find out what happened.”

In response, Equifax spokeswoman Marisa Salcines said that while her company “respectfully declined” to attend the hearing, “we are actively engaging with and being responsive to state and federal regulators, agencies and legislators and will continue to do so going forward.”

Messages left with the other two companies were not immediately returned Thursday.

Carlucci and other lawmakers say they will push ahead with legislation that would impose greater regulations on the credit monitoring industry. One proposal would require the companies to report any breach within 15 days. Others would require the companies to provide free credit freezes to people whose information has been exposed or allow consumers to request a credit freeze with all three companies with a single phone call.

While the companies themselves didn’t attend the hearing, some industry representatives did. One was Matthew Mincieli, executive director of TechNet, a national organization of leaders in technology companies. Mincieli warned lawmakers to be cautious with new regulations, noting they could inadvertently hamstring other industries.

“New rules that might be targeted to Equifax, if they were written broadly enough, could impact companies in the tech sector,” he said.

The state’s top financial watchdog, state Superintendent of Financial Services Maria Vullo, welcomed the call for more regulations on credit monitoring firms. She encouraged lawmakers to include “teeth” in any new regulations that would ensure companies follow the rules.

“If you don’t comply with the law, then you’re not entitled to the privilege of doing business in the state,” she said.

Attorney General Eric Schneiderman also is investigating the Equifax breach and has written to TransUnion and Experian seeking information on what security improvements, if any, they’ve made since the breach.

Article source:

Technorati Tags: ,

Knox County Schools teacher charged with identity theft

Friday, September 29th, 2017

The Knox County Sheriff’s Office allows people to anonymously submit tips on crimes they may have witnessed. Here are several ways you can submit a tip to Crime Stoppers.

Article source:

Technorati Tags: ,