Saturday, May 31, 2008

BoNY 4.5 Million Consumer's Data Loss

 BoNY 4.5 Million Consumer's Data Loss

This just in from the "when will they ever learn" file.

The Bank of New York (BNY Mellon) waited 8 weeks
after the Connecticut legal requirement to inform the
public of this very serious data loss involving personal
information which was unencrypted.

"On February 27, 2009, BNY Mellon was
transferring a load of computer tapes
containing information including names,
addresses, dates of birth and Social
Security numbers, when it lost a tape
carrying data on about 4.5 million people.

Under Connecticut state law, banks are
required to immediately notify customers
when such information is lost, but BNY Mellon
did not notify People’s of the true extent of the
breach until mid-May, some eight weeks later."

This is the second major data loss incident this
year for the Bank of New York who is the world's
largest custodian of assets.

According to a statement released by the bank
involving this second data security breach on
April 29th:

"... a backup data-storage tape containing
images of scanned checks and other payment
documents was lost while being moved from
Philadelphia to Pittsburgh, spokesmen for
the bank said Friday. It involved data of
47 institutional clients..."

Two time loser overall and two time loser
of unencrypted data.

Even worse, with BoNY apparently violating
a Connecticut law by failing to report
the data breach within the required
timely manner, it has now brought the
wrath of the states' governor who requested
subpoenas to be issued related to the loss of
bank customer data being transported.

Compounding the multiple events of data loss
of unencrypted, highly sensitive consumer data
is the suspicion that BoNY attempted to break
the law by not informing consumers in a timely

Is it perhaps because BoNY Mellon did not actually
know just who's data was lost so they were unable
to notify the correct individuals negatively impacted
by these data losses?:

"We'd like to provide people with a more current
characterization [of what happened], but we are
not yet in a position to make that available,"
said BNY Mellon spokesman Ron Sommer. "Our
intention is to make it available as soon as we can."

Well it seems the governor also wants the facts
straight for the record as well:

"... subpoenas seek details about the extent of
the data breach, the timeline and conditions
surrounding the tape loss, copies of any law
enforcement or security reports filed
following the loss, the names and addresses
of all Connecticut customers whose names
were included in any of the missing files and
other pertinent facts."

Meanwhile, a class action lawsuit has been
filed seeking 7 years of credit monitoring
services for the 40 individuals represented.

The Bank of New York (BNY Mellon Corp.)
has, to their credit, offered 1 year of free
credit monitoring services to any one
who has been negatively impacted.

So, our tip for today is directed towards
any of the 4,500,000 individuals who may
have been needlessly exposed to the potential
for identity theft and credit fraud.

Contact the Bank of New York immediately
to seek more information on safeguarding
your accounts as well as to get details of
their 1 year of free credit monitoring offer.

(212) 495-1784


(412) 234-5000

Finally, make sure to tell a friend or associate
of this important development involving the
opportunity for large scale identity theft so
they may also seek immediate preventative

PS: With such a large scale, repeated data loss
involving the industry leader in assets data,
credit monitoring alone will not protect you
from identity theft - here's why.

Monday, May 26, 2008

Identity Theft Hits Lifelock CEO From His Own Ads

In response to dares posed by the CEO of Lifelock, an
Arizona firm which has run ads featuring his Social
Security Number (SSN), an instance of identity theft
fraud was successfully perpetrated against Todd Davis.

"Davis acknowledged in an interview with The Associated
Press that his stunt has led to at least 87 instances in which
people have tried to steal his identity, and one succeeded:
a guy in Texas who duped an online payday loan operation
last year into giving him $500 using Davis' Social Security

Davis learned about the fraud in Texas when the payday-
loan outfit called to collect on the loan, he said. He didn't
get an alert beforehand because the company didn't go
through one of the three major credit bureaus before
approving the transaction."

The article further illustrated the danger in deliberately
provoking identity thieves to use his widely available
Social Security Number (SSN) as a publicity stunt in
promoting his company's fraud prevention services
in newspapers, on billboards, radio, & even MTV:

"Davis said it's possible driver's licenses have been issued
to other people in his name because of the widespread
availability of his personal information — and because
of what he described as the flimsy mechanisms in
place to
report that kind of fraud."

Look - anyone who's been involved with studying identity
theft from more than just a cursory perspective would
readily understand that identity theft fraud comes in
many forms and there are several very serious types
of identity theft that no credit bureau's profile
was ever set up to catch - let alone alert
you to

Medical ID Theft - where someone uses your name and SSN
to obtain medical care often times in a busy hospital emergency
room. Besides the medical insurance problems this can create
for you, even worse your life can be put in peril as the identity
theft fraudster will cause your blood type, medicine interactions,
and allergies to be listed incorrectly on your medical records.

SSN Fraud - where someone uses your social security number
to illegally work within the U.S. which as a result you run the
potential to have the Internal Revenue Service (IRS) send
you a delinquent tax payment demand due to supplemental
income not reported on your annual tax filings. With penalties
and interest, you could easily be looking at a 15% - 20%
incremental tax bill. Ask the lady in California who was served
a demand to pay a $1,000,000 back taxes bill.

Criminal Arrest Identity Theft - where a criminal uses your name
and SSN upon their arrest to avoid any prior offenses from showing
up. The result of this fraud perpetrated against your good name,
though, is you now have just entered the vast criminal information
network. Any unpaid parking tickets or failure to appear in court
notices listed under your name will lead to a potential arrest warrant
that can easily render you time in jail and job loss.

One of our long time editors, took the proactive step to check his
public information profile and was alarmed to find out a convicted
felon in Ohio shared the same first and last name (different middle

He could have easily been mistaken for the criminal who had been
convicted of assault and battery, but had skipped his bail hearing
and was eventually apprehended.

So, our tip for today is twofold.

Unlike the CEO of Lifelock, remove your social security number
from your wallet or purse to eliminate the potential for an identity
thief to gain easy access.

Secondly, get your public information profile (pip) and review it
for any instances of whether an identity theft fraudster has
already committed acts against your good reputation
social security number with medical or criminal

These simple, effective steps will immeasurably lower your
potential for identity theft.

PS: Make sure to tell a friend about this important development
in the war against identity theft scams and credit fraud.

Tuesday, May 06, 2008

LendingTree Sues over Data Breach

Two former Vice Presidents of LendingTree are alleged to
have stolen customer passwords which subsequently allowed
up to 5 home loan lenders to gain unauthorized access to
sensitive consumer information which could be used for
identity theft.

According to the LA Times article concerning Monday's
lawsuit filing by LendingTree:

Named as defendants in the lawsuit are
Newport Lending Corp., related company
Southern California Marketing, Sage Credit Co.,
Chapman Capital Inc. and Home Loan Consultants.

LendingTree accuses the firms of computer fraud
and of using consumer records -- including Social
Security numbers and income and employment
information -- to offer loans to its customers.

As a result, LendingTree was forced to send out
letters recently to its customers alerting
them to the potential for identity theft.

Those effected submitted loan-qualification data
between October 2006 and early this year.

While it was not disclosed exactly how many consumers
would receive the warning letters from LendingTree,
the number could reach into the millions as the firm
has processed over 23 million loan applications
since 1998 according to the LA Times.

Even LendingTree, on their company website, warns
consumers of the inevitable unsecure nature of data
and the need to take proactive steps to protect it:

"...although we take steps to secure your information,
we do not promise, and you should not expect, that
your personal information, searches, or other
communications will always remain secure. Users
should also take care with how they handle and
disclose their personal information."

So, our tip for today is for any consumers who have
utilized LendingTree's on-line loan application process
during the period of October, 2006 through March of
this year. Contact LendingTree immediately if you
suspect your personal data has been part of the group
which was compromised during this time period.

LendingTree can be reached toll free at


Contact Us Form

Company Chat Agent

Finally, please let a friend or associate know of this
important development in the war against identity
and unauthorized access to sensitive personal