Thursday, February 6, 2014

When Identity Theft Hits Home

By Molly Wood | The New York Times Bits Blog

When I first heard about the extensive Target hack in December, I sighed in mild irritation. Sure, the breach’s size and scope was shocking, but these things have become so common I just assumed I’d receive a new card in the mail and that would be the end of it.

It wouldn’t be the first time. I’ll sometimes mysteriously get a new card in the mail with a note saying it was replaced because of an unnamed security issue. Once, in Barcelona, I discovered my primary card had been frozen because of a security breach at a retailer — that was panic-inducing. Still, the biggest aggravation was logging into all my auto-pay sites like Amazon to update the card number (and memorizing the new one, which I like to do).

I expected a repeat after Target was hacked.

But it was a lot worse. I did get a new credit card in the mail — a replacement for the card I’d used at Target. I also received a letter from Sears, letting me know I’d been rejected for a new store card because of, among other things, “too many requests for credit.” Then, in the same batch of mail, I opened a letter from Best Buy, which said I’d been turned down for its top-tier store card, but approved for a lower-level version.

That is when I started to panic.

I called the fraud department at Best Buy and employees there assured me they had already marked the account as fraudulent. I immediately filed for a security alert with the three big credit bureaus, and I also filed an online police report. (This can sometimes be helpful if you’re trying to convince a retailer that fraud is afoot.) Over the next week, while I was out of town, I also received a store card from Kohl’s, one from Frye’s electronics and the one from Best Buy.

More worryingly, I also got a bill from a Macy’s store card account in my name, for $1,114.39. Apparently I bought $1,223 worth of “fine watches” at a Macy’s in Glendale, Ariz., but I received a discount of $109 for opening the account. Sounds like a pretty nice watch (or three).

Now, I’m not certain this sudden outbreak of identity theft is directly tied to the breach at Target, but the timing is suspect. I signed up for the credit and identity theft protection service that Target is offering, and after a few hops through low-level support, I was assigned a case number and a fraud resolution agent who will apparently call all these creditors on my behalf and conference me in.

The service promises to close the fraudulent accounts and get the credit requests and the accounts off my record.

I hope that is true. But even if the mess is easily cleared up, this is almost certainly not the last time such a thing will happen, especially now that my credit-worthy identity is up for sale out in the world. Make no mistake: yours probably is, too.

In December, the security researcher Brian Krebs identified a Ukrainian man who may be helping sell credit and debit card numbers for up to $100 each — all the more reason to simply cancel any debit card that was implicated in a security breach instead of waiting and hoping for the best. Card numbers are bundled in bunches and sold for pennies to criminals who simply go down the line, trying numbers until they work.

Those are just the card numbers; plenty more than that is for sale. A GigaOm post in August quoted security researchers who said thieves could spend $4 to $5 for a complete ID package that included a credit card number, its expiration date, your social security number, and your mother’s maiden name. That is almost everything you need to walk into a Macy’s and open up a store card and have a fun afternoon in the fine watches department.

Financial institutions have become better at identifying fraud and stopping major damage before it occurs, but large-scale security breaches are becoming more common all the time. Target’s hackers roamed around the databases for a month before they were detected, stealing personal information, card numbers and even encrypted PIN data. The current tally of affected customers is up to 110 million users.

And just since Target’s very bad month, Neiman Marcus has confirmed that its records were also breached, possibly by the same malware, and it has lost at least 1.1 million records (that apparently went undetected from July to December). The arts and crafts chain Michaels was also hit.

Yahoo was compromised. Bright Horizons childcare suffered an intrusion, and White Lodging, which manages some 168 Starwood, Marriott, and Hilton hotels in 21 states, is also investigating what is almost certain to be a large-scale hoovering of personal data.

One can assume those are just a few of the breaches happening at any given time. Target is paying for full-scale credit monitoring for 110 million people, Citibank is issuing new debit cards to to all customers, and millions of people like me are wasting valuable time on the phone trying to sort out messes.

I, for one, hope this is a tipping point in retail security. In the meantime, if you’ll excuse me, I’ve got some mopping up to do.

1 comment:

  1. Trik Menang Bermain Situs Judi Sabung Ayam Online Yang Jarang Diketahui Klik Di Sini

    Agen Sabung Ayam Online Terbaik Dan Juga Terpercaya http://www.bakarayam.co

    Informasi Terlengkap Mengenai Sabung Ayam

    http://bakarayam33033.blogspot.com/2018/08/model-ciri-serta-gambar-sabung-ayam.html/

    ReplyDelete