The Washington Post included a blurb from Bloomberg News on June 16th about changes being made by Google. Google is going to provide consumers with more controls allowing them to opt out of certain banner ads as well as to a larger set of ads.

Consumers will be able to use Google’s expanded “mute” feature to do so. That feature, per the Bloomberg News blurb, will be accessed through a new Google online portal called Ad Settings.

I tried doing so and found the Google instructions somewhat confusing. Having said that, anything that helps consumers limit the ads targeted to them is a benefit and worth trying to implement.

 

Michelle Singletary published a column on May 30th titled “You can soon freeze credit at no cost, a potent tool in identity-theft fight”. Ms. Singletary has done consumers a terrific service by highlighting a provision in a recently passed law — a provision that will make it easier for consumers to put credit freezes in place.

As she reports, the free credit freezes will take effect by September 21st. Why is this such a significant change? Because up to now, consumers have had to separately pay each credit reporting agency (i.e., Experian, Equifax, TransUnion) a fee to place — and then lift — a credit freeze with each of them. These credit freezes have gained increased importance given the cascading number of major data breaches that have occurred over the last few years.

A credit freeze means that the credit reporting agency can’t release any information about a consumer without her express permission. So — in the identity theft context — this helps prevent identity thieves from opening new lines of credit using personal identifying information stolen from a consumer.

Ms. Singletary’s column contains all the key details about the upcoming changes. I urge consumers to read it and get ready to place these credit freezes if they haven’t already done so.

I’ve written about the about the European Union’s (EU) General Data Protection Regulation (GDPR) several times over the last few years. It makes sweeping changes in the way global companies have to protect consumers’ personal, financial and medical information. It goes into effect today so U.S. companies are scrambling to comply.

Why? Because one of the most significant changes is that the GDPR applies to U.S. based companied that meet the various outlined criteria. Why is this so important? Because these U.S. companies are now updating their privacy policies to try and meet the GDPR’s requirements — so the privacy updates will also apply to individuals in the U.S.

The good news is that this potentially means stronger protections for individuals in the U.S. who engage with these companies and/or their websites. The slightly bad news? It makes it even more essential that individuals read the new privacy policies that they are receiving via email or even hard copy.

I won’t even begin to list all of the latest hacks of major systems (e.g., Lord & Taylor; PanaraBread’s online ordering system; Delta Airlines).  It seems as if these major breaches are being reported on a daily basis and often months or years after the hacks have been discovered — but corporate responsibility (or irresponsibility) is a topic for another day.

Today I want to share the latest reporting means that the Federal Trade Commission (FTC) and the IRS have developed for consumers. This new online method is important during tax season as well as year round —stolen personal and financial information happens year round and can create tax-related problems beyond tax season.

Tax-related identity theft happens when the thief uses the stolen SSN to file a fraudulent tax return  and get any refund that might be due to the individual.

Report any stolen personal and financial to the IRS using the IdentityTheft.gov site.

Anyone who booked travel in 2016 and 2017 using Expedia-owned Orbitz needs to be concerned. The company has announced that hundreds of thousands of people who used their credit cards to book travel using the Orbitz site might have had their credit card information hacked.

And it’s not just people who booked directly through Orbitz —the company said that people who used companies Orbitz services could also be included. Those companies include anyone who used American Express (Amextravel.com)to book travel.

What might have been stolen from consumers? Hackers might have stolen consumers’ names, their phone numbers, addresses and dates of birth — any and all of which can be used by thieves for an array of illegal scams.

What can consumers do? Keep vigilant about all of their financial information —that means credit card statements, bank statements and any other kind of financial information.

Brian Krebs has written an important and timely article reminding anyone — and everyone — impacted by the Equifax breach to check their credit report ASAP. In his article, Mr. Krebs cites a recently done consumer survey that found that many Americans haven’t yet done so although their personal and financial information was among that hacked by the Equifax breach.

Here’s the summary blurb from, and the link to, Mr. Krebs article:

A recent consumer survey suggests that half of all Americans still haven’t
checked their credit report since the Equifax breach last year exposed the
Social Security numbers, dates of birth, addresses and other personal
information on nearly 150 million people. If you’re in that fifty percent,
please make an effort to remedy that soon.

Credit reports from the three major bureaus — Equifax, Experian and Trans
Union — can be obtained online for free at annualcreditreport.com — the only
Web site mandated by Congress to serve each American a free credit report
every year.

https://krebsonsecurity.com/2018/03/checked-your-credit-since-the-equifax-hack/

Please follow his great guidance and check your credit reports to see what, if any, malicious and illegal financial schemes might have been done using your personal and financial information.

The Equifax breach just got worse for consumers. Yes, worse if that’s even possible. When it first announced the breach, Equifax said that the hacker or hackers had gotten “only” (Equifax’s word, not mine) gotten consumers’ names, SSN, birth dates, addresses and the numbers of driver’s licenses and credit cards for some, but not all, of the consumers.

So what’s gotten worse? First, rather than alert the public, the new details about the broader scope of the breach was contained in a document Equifax gave to the Senate Banking Committee. In that document, Equifax revealed that its forensic investigation uncovered the hackers got even more information — including consumers’ tax identification numbers, email addresses, phone numbers, credit card expiration dates and the States that issued the driver’s licenses.

While claiming they didn’t mislead consumers, the reality is that Equifax did just that. And that’s just added to their cavalier handling of the magnitude of consumers’ most sensitive information.

Peter Holley has an important article in the January 16th Washington Post. He’s written about the clauses in many car lease agreements and/or service agreements that authorize the car maker to collect customer data from the car itself (peter.holley@washpost.com; “Cars collect reams of information on owners”; Page A1).

As Mr. Holley highlights, customers may be unaware of the magnitude of personal information that can be collected by agreeing to this “tracking provision”.  It’s information not just about the way in which the customer uses her car (e.g., the speed at which the car’s driven) but even more detailed information about such personal preferences as where the customer shops, what the customer likes to eat and even down to such details about where the customer parks her car.

It’s hard to read the lengthy service and/or lease agreements but customers should make the effort to do so when buying a new car. While the car manufacturers might claim they only collect customer information with their explicit permission, they can assume such permission when a customer doesn’t read and object to this kind of “tracking” provision that’s buried in small print in a multi-page document.

Geoffrey Fowler reviews tech issues for The Washington Post (geoffrey.fowler@washpost.com). I regularly read his columns because he provides insightful expertise. He’s written a column about the Amazon Key that I urge everyone to read (“Amazon wants a key to your house. I did it. I regretted it”; Sunday, December 10; page 1, Business).

Mr. Fowler’s first-hand  assessment is very objective notwithstanding that Jeff Bezos owns The Washington Post and is also Amazon’s Chief Executive.

His cautionary tale is important for anyone considering buying the $250.00 Amazon Key that allows Amazon delivery personnel access, via an Internet-connected lock, to Amazon Key users. Sounds like a good anti-theft device, right? As Mr. Fowler writes, that initial appeal pales in comparison to the reality that using the Amazon Key means giving Amazon  the ability to become the operating system for the user’s entire house.

Mr. Fowler provides details about using the Amazon Key, his reactions and those of his family and — ultimately — their decision to stop using Amazon Key.

Uber not only sustained a breach of 57 million accounts but it hid that information for over a year — outrageous!! The accounts hacked included payment information, names and other personal and financial information. The hacked data comes from accounts of Uber customers and drivers.

In announcing this massive breach, Uber said — as if this would be great news — that no Social Security Numbers were included in the data that was stolen.

Seriously, that’s cold comfort to the millions of people whose accounts were breached.

Uber customers and drivers must pay especially close attention to your financial accounts to see if your data’s being used by the hackers. That is particularly important with all the holidays during which so much spending with credit and debit cards happens.