Global Payment Inc-Update

Global Payment has officially confirmed the breach of information although they are saying that it is contained and that no names or Social security number were lost.  The estimate is that 1.5 million cardholders were affected.  They have also confirmed that VISA has dropped them from their registry of provider that meet security standards.


Please do not misunderstand what it means by VISA ‘dropped’ them.  Global is indeed still processing payments for VISA.  Global expects to be reinstated.  What this means is that if you have a VISA card you can still be affected by this security breach.

It is also possible that this information is being used right now.  You need to be alert and be aware.  Steps that you can take:

  • Just because names and SSNs were not lost does not mean that anyone is safe.  Thieves can still access information about you online.  Update your passwords to your accounts.
  • Make sure that your browser, antispyware, and antivirus protection is up to date.
  • Do not overlook a missing credit card statement, it could be an indication that your account has been stolen and the thief turned in a change of address, redirecting that statement to them.
  • Check your credit card statement closely for fraudulent charges no matter how small.  Thieves often test cards by submitting charges for as little as five cents.
  • Put identity theft protection in place now before you become a victim.

Identity Theft Shield will not only help you with getting the credit side fixed by working on your behalf with creditors, investigators will look for non-financial issues and help fix those too.



Global Payments Inc suffers dataloss and merchants could be on the hook!

Once again a payment processor suffers a dataloss. Sadly merchants could be bearing the financial burden on this even though they are not the ones who lost the information. That’s bad for the merchants.

It’s also bad for the consumers whose information was lost. While consumers may not have to shoulder the financial burden, Personally Identifying Information has been exposed. The exposure of your personal information puts you at risk of becoming an identity theft victim, and the financial burden is not the only problem you have to worry about. You are more than your credit score!

Global Payments Inc has scheduled a press conference for Monday morning, look for a more in depth update then.

Ladies and gentlemen we have a SNAFU!

If you are active duty military or a veteran you should recognize the acronym SNAFU.  For those who don’t it stands for Situation Normal, All F*cked Up. You learn to live with a lot of that in the military, it is just as common as ‘hurry up and wait’.  Unfortunately SNAFU carries over into our life as Veteran’s too.

All Veterans fall under the US Veteran’s Adminstration.  They have all of our information.  Many of us veterans are receiving some form of benefit from the VA.  I happen to receive medical benefits as a service connected disabled veteran.  Others maybe receiving educational benefits through their GI Bill.  Or even housing benefits through VHA loans.  No matter what benefits you receive (or not) the VA has your information.

The VA also has a less than golden track record on protecting our information.  Until the Heartland Payment System dataloss a couple of years ago, the VA held the record for the largest ever security breach with over 25 million veterans’ personal information exposed.  Unfortunately the VA continues to experience datalosses so often that it doesn’t even shock us anymore.


If you are a veteran of the U.S. Armed Forces; taking the threat of identity theft seriously is not an option, it is a requirement.  Your information has already been lost.  LegalShield can help by providing you with the assistance you will need when you become a victim of identity theft.

The following information comes from the Privacy Rights Clearinghouse.  This information is just the security breaches for 2011 involving VA or Military agencies.  Keep in mind this is only for 2011:

September 16, 2011 Veterans Administration Medical Center (Biloxi)
Biloxi, Mississippi


The VA believes an employee’s office at the Veterans Administration Medical Center in Biloxi was inappropriately accessed without proper authorization on July 21.  A number of medical files with veteran names, Social Security numbers, dates of birth and other personal information like medical diagnoses were found spread on the office floor.  The breach could affect veterans, deceased veterans and VA employees in seven counties in southern Mississippi, four counties in southern Alabama, and seven counties in the Florida Panhandle.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 1,814


September 15, 2011 United States Army
Alexandria, Virginia


A CD with sensitive Non-Appropriated Fund retiree information was lost in the mail between Alexandria, Virginia and San Antonio, Texas.  The CD never officially arrived after being sent during the last week of August.  It contained retiree records with names, Social Security numbers, retirement date, type of retirement, amount of life insurance carried, term data, dates of service, and other retirement data.

Information Source:
Databreaches.netrecords from this breach used in our total: 25,000


August 8, 2011 Department of Veterans Affairs
Fayetteville, North Carolina


A dishonest VA worker used his tax return preparation business to submit fraudulent tax returns.  VA patient personal information such as names, Social Security numbers and birth dates were used to create fake dependents on people’s tax returns.  The VA worker then collected fees from customers in exchange for fraudulently increasing the dollar amount of their tax returns. He was convicted in February and sentenced to 11 years in federal prison. The employee handled information from VA patients in North Carolina and Virginia.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 0


August 3, 2011 Department of Veterans Affairs
Washington, District Of Columbia


The inspector general at the VA found that IT contractors had accessed the VA’s electronic health record system without appropriate security clearances.  An tipster had left a message about the situation on a departmental hotline in the summer of 2010.  Contractor personnel were found to be improperly sharing user accounts when accessing VA networks and the Veterans Health Information System and Technology Architecture systems. Employees of the contracting company were unaware of proper IT security protocol.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 0


April 8, 2011 V.A. Medical Center
Aiken, South Carolina


Please call (706) 729-5893 for more information.

A V.A. employee may have thrown the personal information of over 2,600 veterans into the trash. The breach was originally discovered over a month before the official notification and reported by a news channel. The V.A. admitted that appointment records with Social Security numbers, dates of birth and other information were accidentally thrown into the trash instead of being shredded. The records were from January 2010 through January 2011.  All veterans from that period were contacted, but not all were affected.

Information Source:
Databreaches.netrecords from this breach used in our total: 2,600


March 21, 2011 Portland Veterans Affairs Medical Center
Portland, Oregon

50 (Between 50 and 75)

Between 50 and 75 patient ID cards were lost in January. Social Security numbers, dates of birth and other personal information were on the cards. The cards had previously been mailed to the wrong addresses and were being stored in the hospital’s enrollment office.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 50


January 29, 2011 Veteran’s Affairs Medical Center
White River Junction, Vermont

114 (No full SSNs or financial information reported)

A client device owned by Dartmouth allowed an unknown amount of people to anonymously log on to a computer network. A document that contained Veteran and Dartmouth patient information could be viewed once people had logged on using the client device. The document contained a list of Dartmouth and Veteran patients. Last names, last four digits of Social Security number, clinical diagnosis and comments were exposed. At least one patient had their full name and date of birth exposed. The problem had existed for an unknown amount of time.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 0


January 13, 2011 New Mexico National Guard
Sante Fe, New Mexico


A computer with the deployment records and Social Security information of soldiers throughout the state was stolen from the National Guard Headquarters in Sante Fe.  The theft occurred sometime between December 23 and 28.

Information Source:
Databreaches.netrecords from this breach used in our total: 650



Here’s a new hit song for identity thieves!

This song is blowing up the Top Ten on the Identity Identity Theft Hit Parade!  Da Dumpster Dive!  These guys may be diving in for old Kool Aid and Bagels, but Identity thieves dive in for a different reason.

By now most of us are understanding the need to shred our old personal documents.  An in home shredder is no longer a luxury, it is a necessity.  And we know that it needs to be DOD Approved and not a ribbon shredder.  Ribbon shredders just create jigsaw puzzles for identity thieves, strips can be pieced back together to harvest information.  With individual getting more savvy about the destruction of information, your home trash is much less attractive to identity thieves than this item.

Why are dumpsters so attractive to identity thieves?  Well you always find dumpsters near businesses.  Businesses gather all sorts of personal information from their clients and customers.   Names, addresses, phone numbers, account numbers and the list goes on.  And businesses do not always follow the law when it comes to disposal on this information.

It is a fairly common event to turn on your local news to see a report about files dumped in dumpsters.   Honest people come across these files and report it to news reporters, police or others and it ends up on your evening news.  For every honest person that reports the situation, how many dishonest people are taking the information for nefarious purposes.

Personal information found in dumpsters is a gold mine.  The thief does not have to use you information personally.  There is a huge black market out there for personal information and the thieves know this.  They can make a fortune selling what they find in these dumpsters.

If a business you have dealt with improperly disposes of your personal information in a dumpster, and a thief gets his hands on it; well that information can be sold as many times as the thief wants.  Multiple people can buy and use your information.  This is why it is important to have a plan, to be able to react quickly and at any time to respond to identity theft issues.

Sold!!! To the Highest Bidder!

This is a short excerpt from Frances Ellen Watkins poem The Slave Auction


The sale began—young girls were there,
   Defenseless in their wretchedness,
Whose stifled sobs of deep despair
   Revealed their anguish and distress.


And mothers stood, with streaming eyes,
   And saw their dearest children sold;
Unheeded rose their bitter cries,
   While tyrants bartered them for gold.


And woman, with her love and truth—
   For these in sable forms may dwell—
Gazed on the husband of her youth,
   With anguish none may paint or tell.

There is a reason that I included that in this post.  Hi-tech ‘auctions’ put unsuspecting people on the auction block everyday.  Thousands of people are bought and sold at auction everyday and they don’t even know it!

Identity thieves put people up for sale everyday in underground chat rooms.  These thieves trade in our personal information Like Wall Street day traders haggling over pork bellies and we don’t even know it.  Security Breaches and datalosses occur almost everyday exposing our personal information.  What happens to that information when it is lost?

Losing information in a security breach is not like losing your sunglasses.  You can’t ‘get it back’.  Once it has been exposed it is exposed from that moment on.  That’s because Personal Information is not a physical item you can secure again.  You can get your sunglasses back and know that they are safe in your possession.  Tell someone your name and you cannot take it back and make them forget.  If you have ever been notified that your information was exposed or lost you need to keep in mind that it is still exposed months or even years later.  Lose it once and it is gone forever.


Training of employees is key to protecting information

We all assume that businesses holding our information will protect it, that is the law after all.   The Federal Trade Commission requires ‘reasonable measures’ in the disposal of sensitive and personally identifying information.  However datalosses and security breaches still occur on an (almost) daily basis.

Many business entities have implemented measures to protect this information.  They have established policies outlining how information should be disposed of, but something still happens.  Unfortunately for a Georgia attorney, recent events show that a system of policies and procedures can break down.

According to the news report; Ashley Bell was surprised to discover that his firm was the source of one of the most easily avoided types of dataloss-confidential documents  tossed in a dumpster.  After all there is an established procedure in place, confidential documents are to be shredded and recycled.  An internal investigation led to a college intern, who was perhaps a bit too eager to get the task done and dumped the files in an unsecured dumpster.  The procedure was there but it was not followed.

Shredding can be a tedious task, I know from experience.  I also know that the information you are shredding can be dangerous in the wrong hands so it is a vital step in any disposal procedure.  The key is that I know and understand this.  Employers need to make sure that employees are trained to understand that danger and the consequences if the information is exposed.  Was this intern trained?  The report does not tell us that, and even training an employee does not guarantee that they will follow procedures.  It can however greatly improve the chance that they will when they understand the consequences and the employer can show that they have taken steps to prevent a breach.

Many businesses are taking steps to implement these reasonable measures, They are acting in good faith to protect information such as in the case of Mr. Bell’s law office.   Unfortunately for every Ashley Bell there are business owners who will not take steps to protect information until after they have experienced a dataloss themselves.

Fido did what!

When it comes to identifying risks to your identity, you have to think out of the box.  After all criminals are geniuses at out of the box thinking.  They look at everyday items we consider ‘harmless’ and can figure out how to use them to commit crimes.  If you have seen the movie “Catch Me if You Can” you would see a perfect example of what I mean.

The movie was based on the exploits of Frank Abagnale Jr, a well known security expert.  Mr Abagnale in his youth was a very successful con artist who cashed over a million dollars worth of fraudulent checks.  And in the movie it was not just his ability to create a fake persona, but a very harmless item that factored in to his success.  Watch this clip from the movie starring Leonardo DiCaprio as Abagnale.

Did you spot the harmless item that enabled him to cash check after fraudulent check?  No, not that check numbering machine, it was something else.  For those who did spot it, congratulations!  For those who didn’t check the bathtub.  Dozens of model airplanes were soaking in the tub.  The model planes all had PanAm decals.  Decals that he  placed on forged checks to fool bank tellers into thinking that they were authentic, and that brings me to your lovable family pet.

Many pet owners chip their pets.  Don’t get me wrong, it does have a very good benefit that for many loving owners outweigh the risk.  That microchip means if Fido gets lost, he can be identified and returned home safely.  But there is a down side.  Fido’s chip not only identifies him, it identifies you.  If your pet is chipped, keep in mind that chip contains your information and can be a route for identity thieves to strike.

Your information is everywhere.  No matter how well you protect your information, you can only control what is in your possession.  You cannot control other places and every different place it has been stored is another avenue for a thief to strike.

Ohio residents affected by a Minnesota dataloss

Hundreds of Ohio residents could find themselves at risk of Identity Theft after the theft of a hard drive belonging to United Healthcare of Minnetonka, MN was stolen from a Vendor.  Who has access to your information is important, not just you you give it to, but who they share it with.