Exploit This

Security News, Exploits, and Vulnerabilities.

Breach at Equifax May Impact 143M Americans

Equifax, one of the “big-three” U.S. credit bureaus, said today that a data breach at the company may have affected 143 million Americans, jeopardizing consumer Social Security numbers, birth dates, addresses and some driver’s license numbers.

A Life or Death Case of Identity Theft?

Identity thieves have perfected a scam in which they impersonate existing customers at retail mobile phone stores, pay a small cash deposit on pricey new phones, and then charge the rest to the victim’s account. In most cases, switching on the new phones causes the victim account owner’s phone(s) to go dead. This is the story of a Pennsylvania man who allegedly died of a heart attack because his wife’s phone was switched off by ID thieves and she was temporarily unable to call for help.

SSA: Ixnay on txt msg reqmnt 4 e-acct, sry

The U.S. Social Security Administration says it is reversing a newly enacted policy that required a cell phone number from all Americans who wished to manage their retirement benefits at ssa.gov. The move comes after a policy rollout marred by technical difficulties and criticism that the new requirement did little to prevent identity thieves from siphoning benefits from Americans who hadn’t yet created accounts at ssa.gov for themselves.

Social Security Administration Now Requires Two-Factor Authentication

The U.S. Social Security Administration announced Friday that it will now require a cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. Unfortunately, the new security measure does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven’t yet created accounts for themselves.

IRS Re-Enables ‘Get Transcript’ Feature

The Internal Revenue Service has re-enabled a service on its Web site that allows taxpayers to get a copy of their previous year’s tax transcript. The renewed effort to beef up taxpayer authentication methods at irs.gov comes more than a year after the agency disabled the transcript service because tax refund fraudsters were using it to steal sensitive data on consumers.

From Stolen Wallet to ID Theft, Wrongful Arrest

It’s remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victim’s wrongful arrest. All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids.

FTC: Tax Fraud Behind 47% Spike in ID Theft

The U.S. Federal Trade Commission (FTC) today said it tracked a nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud. The announcement coincided with the debut of a beefed up FTC Web site aimed at making it easier for consumers to report and recover from all forms of ID theft.

OPM Breach: Credit Monitoring vs. Freeze

Many readers wrote in this past week to say they’d finally been officially notified that their fingerprints, background checks, Social Security numbers, and other sensitive information was jeopardized in the massive data breach discovered this year at the Office of Personnel Management (OPM). Almost as many complained that the OPM’s response — the offering of free credit monitoring services for up to three years — won’t work if readers have taken my advice and enacted a “security freeze” on one’s credit file with the major credit bureaus. This post is an attempt to explain what’s going on here.

Report: Everyone Should Get a Security Freeze

This author has frequently urged readers to place a freeze on their credit files as a means of proactively preventing identity theft. Now, a major consumer advocacy group is recommending the same: The U.S. Public Interest Research Group (US-PIRG) recently issued a call for all consumers to request credit file freezes before becoming victims of ID theft.

How I Learned to Stop Worrying and Embrace the Security Freeze

If you’ve been paying attention in recent years, you might have noticed that just about everyone is losing your personal data. Even if you haven’t noticed (or maybe you just haven’t actually received a breach notice), I’m here to tell you that if you’re an American, your basic personal data is already for sale. What follows is a primer on what you can do to avoid becoming a victim of identity theft as a result of all this data (s)pillage.

%d bloggers like this: