Category Archives: Identity Theft

New Ohio Identity Theft Law: Epic FAIL for Consumers

Filed under Identity Theft
Tagged as , ,

Freeze or Thaw?

I have to give the lawmakers in the state of Ohio some credit for attempting to take identity theft somewhat seriously. It’s actually about time since every other state in the US has had laws for a long time now. Unfortunately, they got it wrong. The problem is that they have made something that is fairly manageable for consumers into another way for the three credit agencies to make more money.

From the Cleveland Plain Dealer:

“When a new Ohio law kicks in on Labor Day, you’ll be able to freeze your credit reports for $5 a pop. Security freezes let you “lock up” your credit report and scores, making it more difficult for an identity thief to open accounts in your name. New account fraud isn’t the most common type of identity theft, but it’s one of the more expensive and time-consuming varieties to clear up. A freeze is an important tool in combating this financial crime.

To get the best protection, you’ll need to freeze your files at all three credit bureaus, meaning you’ll shell out up to $15.”

and to “thaw” your “freeze”…

“You’ll need to temporarily thaw a freeze when you shop for credit, buy insurance or do anything else that requires a credit check. Each thaw costs $5. Ohio’s law lets you thaw for a specific party or, if you’re applying to multiple lenders, for a specific period of time. If you’re thawing for a specific lender, ask which bureau it plans to use so you can minimize the cost and thaw only at that bureau. Make sure you have the lender’s correct name so it can access your report.”

Confused yet? Let me explain….

So fork out your first $15 to get this baby started. Now when you are ready to buy something that requires a credit check…don’t forget to call the credit agencies to “thaw” your “freeze”. But wait! Which one do you call? Not sure? Call all three and fork out another $15. Oh? I need a PIN to thaw my account? Most consumers will forget what the PIN was so thats another $5 to get a PIN reset. Is the freeze a pain in the ass to manage? No problem…fork out another $15 to remove the freeze to permanently thaw your credit.

There are two solutions that provide similar protection:

1. Every 90 days call each of the three credit agency’s and put a fraud alert on your credit reports. This costs nothing and is pretty effective…but a pain to remember.

or better yet…

2. Get a monitoring service like Debix. They will freeze your credit and provide real time monitoring. You can’t beat the service for $24 a year. Between the $15 freeze and if you need to open up your credit one time with all three agency’s, Debix is a cheaper, more reliable and safer with less work. If you want some good information on Debix and how it works check out Rich Mogull’s blog post.

Oh. If you read the full news article…check out the following (funny) information required if you want to hook this up via snail mail:

“By certified mail: Send your full name, with middle initial and generation (for example, Jr. or II); Social Security number; date of birth (month, day and year); current address and previous addresses for the past two years; and $5 fee (not cash) to…”

Good thing identity thieves don’t steal mail these days….who really sends certified mail anyway right? 🙂

Suspected Malware Infected Hannaford Servers

Filed under Identity Theft

Interesting developments in the Hannaford Supermarket breach that was reported a few weeks ago. Seems that malware infected 300 some servers that were located at each of the stores. This malware was apparently collecting and sending customer credit card data to overseas locations. I like the following part the best:

“Andrew Conry of InformationWeek adds that Hannaford, in addition to the breach, has two related class action lawsuits on its hands alleging negligence in maintaining customer security. And he suggests that there might be some truth to the claims, noting that Hannaford should have noticed that “internal servers were transmitting outside the network to a strange IP. This should’ve raised flags somewhere–server logs, IDS logs, firewall logs.””

No kidding…this should have triggered an alert somewhere don’t you think? Interesting to see this all play out now…

Hannaford Brothers Credit Card Breach

Filed under Identity Theft

Another day…another credit card breach!

This time 4.2 million credit cards were exposed. I personally smell a bit of TJX in this one…

“The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization,” said Hannaford CEO Ron Hodge, in a statement posted to the company’s Web site.

The key phrase being “transmission of card authorization”. Sniffed? Bad Wifi security? Only time will tell…much speculation at this point. However, has some good speculation about what might have happened.