Datapalooza , Tax Returns and Identity Theft

Protecting personal information is important. It is extremely important in the online world. Identity theft is a real problem. Thieves who steal information often gather it easily from unsuspecting victims who willingly give out personal information to the wrong person or those who give out the information unwillingly but didn’t have their information protected.

Identity theft might become an even bigger problem with the announcements that were made at the White House’s “Datapalooza” event. “Datapalooza” is an ambitious new agenda that has been outlined by President Obama to combat rising college costs and to make college more affordable for American families.  It was a meeting of policy leaders and innovators exploring how open government data could help the education system in the United States. Part of the plan includes using technology for tools, services, and apps to help students evaluate and select colleges.

Apps will be used to help students access information about colleges including statistical data, program data, and form data (i.e. FAFSA).  Third party apps are also being considered for integration into the U.S. Department of Education’s financial aid toolkits. These applications should be viewed skeptically by students.  If the apps do not have the proper protections and encryptions against hack attacks then hackers might have “datapalooza” with student’s personal information.  Identity theft is a real concern with the potential data that would need to be stored online to use the governments’ apps.

The White House announced at “Datapalooza” that Americans will now be able to download their tax returns directly from the IRS’ new service Get Transcript.  Tax information is not easily accessible and for good reason. Tax papers have very personal information on them including names, birthdates, social security numbers, and wage information.  To obtain tax information before one would have to fill out a questionnaire, send it back and wait 5-10 business days for physical forms to arrive. Get Transcript makes it much easier for people to download their tax information instead of waiting to get the physical forms. But it also means that much more personal information is at risk of being stolen.

Legitimate debt collector or fraudulent data colletor?

Data collection scams and debt collection scams have risen dramatically in the last few years.  Mal-ware at point of sale terminals has been used to steal customer data. Emails that phish for information have been used to steal consumer information and fake debt collectors who threaten victims with lawsuits and arrests have used information gained to exploit consumers.

“Unscrupulous scams hurt consumers and unnecessarily impedes legitimate debt collection efforts,” said ACA International CEO Pat Morris. “The recovery of consumer debt is vitally important to our local, state, and national economies. Those who purposely violate the law to exploit consumers should be held fully accountable for their actions.”

Consumers need to protect personal data and they need to know the difference between a legitimate debt collector and a fake scam being conducted to steal personal information.

ACA International recommends several important items in discerning a legitimate attempt to recover a debt. The first item is that a debt collector may not contact a consumer at times known to be inconvenient. Generally, a legitimate debt collector may not contact a consumer before 8 a.m. or after 9 p.m. in the consumers’ time zone.

Another item is that a debt collector must disclose its identity to the consumer and notify the consumer that the communication is from a debt collector, and (in the initial communication) that any information obtained will be used to effect collection of the debt. Debt collectors are not allowed to make false representations and may not threaten to take action against a consumer if it doesn’t actually intend to seek such action. Consumers also need to be aware that they can dispute the validity of the debt and during the time the debt is being dispute the debt collector must cease collection activity until verification of the debt has been provided. More guidelines can be found at ACA International.

Consumers can protect their personal data by checking credit and debit cards vigilantly and reporting any charges that appear questionable, even small amounts. Consumers can also monitor their credit profiles along with their card activity and consumers need to keep in mind that phishing scams for information don’t just happen via email and the phone. Phishing scams can come through snail mail also.  Shred paper with personal information before throwing it away, make online passwords stronger by using a mix of capital and lowercase letters, symbols and numbers, and take great care when giving out credit or debit card numbers, Social Security numbers or other personal information online and offline.

As Target breach grows, retailer embraces security options

Target’s data breach over the holiday season turned out to span far wider than the original numbers estimated.  The major retailer said the breach that happened between Nov. 27 and Dec. 15, 2013 compromised the financial information of approximately 40 million shoppers shortly after the breach occurred. Recently, the company informed consumers that it had uncovered an additional 70 million to 110 million customers who may have had their names, mailing addresses, phone numbers and email addresses stolen.

The data stolen from Target was originally thought to come from the terminals where customers swipe credit and debit cards. The retailer said originally that the only information affected was the information stored in the magnetic strips on the back of customers’ cards. The retailer learned shortly after that customers’ encrypted PIN data had also been obtained. The latest revelation by Target is raising more concerns because personal information isn’t stored on the magnetic strips on credit and debit cards.

Target’s data breach has severely impacted the company and will continue to as long as more information about the breach becomes known. The retailer has apologizes to customers for the broadening violations of customers’ private information.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg W. Steinhafel, Target’s chief executive, said in a statement to the New York Times.

Target is now offering free credit monitoring and identity theft protection to customer’s for one-year free.  The one-year offer includes a credit report, daily credit monitoring, identity theft resolution, identity theft insurance and ProtectMyID ExtendCARE, personalized assistance from a highly-trained Fraud Resolution Agent after the one-year period expires.

Target has listed tips for customers who wish to protect their information:

“Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number. Delete texts immediately from numbers or names you don’t recognize. Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.”

A FAQ page has been set up on Target’s website to deal with information regarding the data breach and information related to other scams.

Snapchat Suffers Major Security Breach Plans to Make App More Secure

Snapchat suffered a major security breach on New Year’s Eve when a reported 4 million usernames and passwords were collected by hackers.  Snapchat had been warned twice by security experts about a vulnerability in its system, according to Yahoo News.

Snapchat is a private company that has marketed itself on being a more secure alternative that Facebook and Instagram. It lets users send photo and video messages that disappear once viewed.  According to the New York Times, users of the self-destruct message service were sending 350 million photos a day in September –increased from 200 million in June.

Related content:  Are Instagram and Snapchat safe for Kids?

Security researchers were not convinced that the app actually deleted information.  The hackers who stole the usernames and passwords from Snapchat were actually security researchers with Gibson security who were able to hack into Snapchat’s servers and find the data that had been stored in a database similar to other big internet companies.

The security researchers posted the hacked information onto a website called SnapchatDB.info after privately warning Snapchat about the weakness in its system.  The researchers then posted a warning about the security hole online on Christmas Eve after the notice was ignored. Snapchat did patch the hole in the system but it didn’t do enough.  The data was not encrypted nor were there any basic security measures in place to prevent hacking.

The usernames and passwords put online in the data dump on New Year’s Eve had the last two digits of phone numbers removed. Snapchatdb.info has since been suspended for the data dump, but not before word spread of the breach.

The breach severely tarnishes Snapchat’s reputation and image. It could threaten the company’s rapid growth.

Gibson Security says users can delete their Snapchat accounts and ask their phone company to change their phone number in order to protect their information. Although, they warn that deleting the account won’t remove information from the leaked database information.

“Ensure that your security settings are up to scratch on your social media profiles. Be careful about what data you give away to sites when you sign up –if you don’t think a service requires your phone number, don’t give it to them,” Gibson told the Associated Press.

Snapchat is trying to reassure users’ that is has adopted security measures that would prevent spam and abuse. They also claim they are working to prevent “future attempts to abuse our service.”