Graham Cluley has reported that the British Airways hack that was announced last month has just gotten bigger (“British Airways hack is worse than originally thought”; October 26, 2018; grahamcluley.com).

In September, British Airways announced that customer data and details of around 380,000 card payments had been stolen between August 21st and September 5th. Mr. Cluley unraveled British Airways latest update on its website — after doing so, he ascertained that an additional 185,000 customers’ payment cards were also likely stolen.

This hack impacts anyone who booked a British Airways flight between April 21st and July 28, 2018. British Airways claims there’s no indication that any of the stolen customer payment information has been misused.

However, that doesn’t mean that some customer financial information might not be misused in the future. Scammers and thieves know that people often become reassured if there are no immediate and obvious misuses of their personal and financial records following this kind of hack.

Anyone who booked a British Airways flight during the April to July 2018 period needs to be extra diligent about keeping close tabs on personal and financial records.

 

 

I’ve written before about credit freezes. These are freezes placed with Experian, TransUnion and Equifax so that no one can get credit or loans except the person who placed the freeze. They can be placed by going to the website of these credit rating agencies.

Why are credit freezes useful? Without taking further pro-active steps, any or all of your personal information could be used by identity thieves to open multiple new credit and other accounts, to get loans and ruin your credit. They’d not only use your personal information (e.g., SSNs, addresses) but might be using your name.

A credit freeze is more effective than simply buying credit monitoring or accepting such an offer from a company which has been hacked. Previously, consumers had to pay with each credit rating agency in order to place a credit freeze. Now thanks to recent legislation, consumers can place these freezes for free. Yes, a freeze has to be placed separately with each of the 3 credit rating agencies. And yes, consumers have to contact the credit rating agencies when they want to take out a loan or open a new credit card or financial account.

However, taking the time to create a credit freeze, and then doing a temporary “unfreeze” is a minor inconvenience in contrast to facing all the serious and cascading problems associated with identity theft.

Please share this information with others. There were  millions and millions of individuals whose personal and financial information was stolen by hackers during the breaches of Equifax, the Federal Government’s Office of Personnel Management or one of the seemingly endless number of breaches.

I received a very authentic looking email that purported to be from AT&T. The message was that I had until September 30, 2018 to let AT&T know whether I wanted to stop getting my paper mobile phone bill and go paperless. I was suspicious so spent time the other evening on the phone with various AT&T customer service representatives trying to find out if this was really a legitimate AT&T message.

This was an especially sophisticated spam message. Everything about the email made it appear to be legitimately from AT&T — the logo; the typeface; all the information about AT&T that’s usually contained in its messages (paper and electronic).

So what made me suspicious? The link that was included that would allow me to indicate that I wanted to keep getting paper bills. The link contained the word “Septmeber”. That single error made me very concerned as I knew/hoped AT&T wouldn’t be sending out emails with that kind of error.

I was right and this was a spam attempt to gain access to my personal information. The AT&T staff with whom I spoke checked my account and saw that no such email had been sent to me. One representative also said that this kind of bill payment decision would have to be generated by me, the customer, and that it would not be a forced decision by AT&T.

So beware and be suspicious if you get this, or similar, email that purports to be from AT&T — with or without a typo.  Call and confirm if it’s legitimate and do NOT click on any links until you’ve done so.

The phishing scams aimed at Apple users keep increasing and keep getting slicker.

The latest is a phishing scam that pops up as an “Apple Care” alert.  Delete it ASAP! Don’t open the email and absolutely DO NOT OPEN any links in the email.

Go to the Apple website if you want to check the authenticity of any Apple alerts or Apple emails that pop up on any or all of your mobile devices.

Just another time when “verify and confirm” is the best and safest approach.

 

The Washington Post included a blurb from Bloomberg News on June 16th about changes being made by Google. Google is going to provide consumers with more controls allowing them to opt out of certain banner ads as well as to a larger set of ads.

Consumers will be able to use Google’s expanded “mute” feature to do so. That feature, per the Bloomberg News blurb, will be accessed through a new Google online portal called Ad Settings.

I tried doing so and found the Google instructions somewhat confusing. Having said that, anything that helps consumers limit the ads targeted to them is a benefit and worth trying to implement.

 

Michelle Singletary published a column on May 30th titled “You can soon freeze credit at no cost, a potent tool in identity-theft fight”. Ms. Singletary has done consumers a terrific service by highlighting a provision in a recently passed law — a provision that will make it easier for consumers to put credit freezes in place.

As she reports, the free credit freezes will take effect by September 21st. Why is this such a significant change? Because up to now, consumers have had to separately pay each credit reporting agency (i.e., Experian, Equifax, TransUnion) a fee to place — and then lift — a credit freeze with each of them. These credit freezes have gained increased importance given the cascading number of major data breaches that have occurred over the last few years.

A credit freeze means that the credit reporting agency can’t release any information about a consumer without her express permission. So — in the identity theft context — this helps prevent identity thieves from opening new lines of credit using personal identifying information stolen from a consumer.

Ms. Singletary’s column contains all the key details about the upcoming changes. I urge consumers to read it and get ready to place these credit freezes if they haven’t already done so.

I’ve written about the about the European Union’s (EU) General Data Protection Regulation (GDPR) several times over the last few years. It makes sweeping changes in the way global companies have to protect consumers’ personal, financial and medical information. It goes into effect today so U.S. companies are scrambling to comply.

Why? Because one of the most significant changes is that the GDPR applies to U.S. based companied that meet the various outlined criteria. Why is this so important? Because these U.S. companies are now updating their privacy policies to try and meet the GDPR’s requirements — so the privacy updates will also apply to individuals in the U.S.

The good news is that this potentially means stronger protections for individuals in the U.S. who engage with these companies and/or their websites. The slightly bad news? It makes it even more essential that individuals read the new privacy policies that they are receiving via email or even hard copy.

I won’t even begin to list all of the latest hacks of major systems (e.g., Lord & Taylor; PanaraBread’s online ordering system; Delta Airlines).  It seems as if these major breaches are being reported on a daily basis and often months or years after the hacks have been discovered — but corporate responsibility (or irresponsibility) is a topic for another day.

Today I want to share the latest reporting means that the Federal Trade Commission (FTC) and the IRS have developed for consumers. This new online method is important during tax season as well as year round —stolen personal and financial information happens year round and can create tax-related problems beyond tax season.

Tax-related identity theft happens when the thief uses the stolen SSN to file a fraudulent tax return  and get any refund that might be due to the individual.

Report any stolen personal and financial to the IRS using the IdentityTheft.gov site.

Anyone who booked travel in 2016 and 2017 using Expedia-owned Orbitz needs to be concerned. The company has announced that hundreds of thousands of people who used their credit cards to book travel using the Orbitz site might have had their credit card information hacked.

And it’s not just people who booked directly through Orbitz —the company said that people who used companies Orbitz services could also be included. Those companies include anyone who used American Express (Amextravel.com)to book travel.

What might have been stolen from consumers? Hackers might have stolen consumers’ names, their phone numbers, addresses and dates of birth — any and all of which can be used by thieves for an array of illegal scams.

What can consumers do? Keep vigilant about all of their financial information —that means credit card statements, bank statements and any other kind of financial information.