Storm coming and nobody is worried.

F

Fermion

Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Joined
Sep 12, 2012
Messages
6,023
Location
Seattle
We were just recently informed that our medical records at our insurance provider were hacked, with stolen information of birth date, SS#, etc. potentially accessed.

Add to that the Home Depot, Target, Gmail, and other hacked sites/places and I am starting to picture a fairly good database being formed on the average citizen.

Our work requires fingerprint identification...when will that data base be hacked and the information leaked into the web...or has it already and they just don't realize?

Some of these places graciously offer one to two years of credit monitoring (likely in a plan that if you forget to cancel they start charging you $$ per year).

This doesn't help the fact that birth date, SS number are still out there and cannot be changed. Two items that are almost universally used to verify identity when talking to financial institutions.

Sorry for the rant, but it seems nobody is listening. I feel helpless that all of our dollars are digital and will be so easily hacked.

Didn't Benjamin Franklin say "Those who give up their security for easy financial life deserve neither" ?
 
Ben Franklin said something like: “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”

But on the drive of corporations to collect our essential data and yet their apparent lack of concern for protecting this sensitive data, I hear ya man. It's horrible. I think there are some rumblings. I suspect they will get louder - way too many Americans have been affected by this now. And I think they are quite worried.

It will still take a long time for the current mentality of not taking data security seriously to turn around. It's like turning an ocean tanker.

In the meantime we each have to protect ourselves by turning on credit freezes, setting up email alerts and two part authentication on financial accounts, frequently monitoring such accounts, and arranging for ID PINs with the IRS.

I read Krebs on Security fairly often, and it's like watching the Three Stooges in action reading about US corporations falling victim to security breaches and how they handle the aftermath.
 
Last edited:
Hey, I'm worried and I want a lb of flesh from Anthem for putting my entire family in jeopardy for ID theft for the rest of our lives. Two years of monitoring is not going to cut it.:mad:
 
Fermion said:
We were just recently informed that our medical records at our insurance provider were hacked, with stolen information of birth date, SS#, etc. potentially accessed.

Add to that the Home Depot, Target, Gmail, and other hacked sites/places and I am starting to picture a fairly good database being formed on the average citizen.

Our work requires fingerprint identification...when will that data base be hacked and the information leaked into the web...or has it already and they just don't realize?

Some of these places graciously offer one to two years of credit monitoring (likely in a plan that if you forget to cancel they start charging you $$ per year).

This doesn't help the fact that birth date, SS number are still out there and cannot be changed. Two items that are almost universally used to verify identity when talking to financial institutions.

Sorry for the rant, but it seems nobody is listening. I feel helpless that all of our dollars are digital and will be so easily hacked.

Didn't Benjamin Franklin say "Those who give up their security for easy financial life deserve neither" ?
Click to expand...
I've mentioned similar thoughts about a perfect storm that is coming with regard to security. I try to remain non-alarmist about this, but one does sound like chicken little when discussing these issues of identity data compromise.

It's gonna happen, and I feel strongly about it. The problem exists because our systems are large, and we present these juicy targets for criminals and friends alike. New advances in tech and security design get us equal or ahead of the threat. However, the attackers are not organized within a geo-boundary as with a conventional enemy. They are smaller groups or elements and quickly find other vulnerabilities.

We are also disorganized, and do not have a defined, unified response to these intrusions. Some companies do not report things properly, or try to deflect the blame.
 
Beginning to look like the safest course is to be poor, and we're halfway there.
Cash it in, buy gold, and hide it in the cellar.

Just received my chip CC but no one uses the other side yet. Don't use on-line banking except for a few times a year and then can't enter the site, because they block it if it's unused for 60 days.

Have an Amazon account, but never figured out how I got it.
Credit rating gets shared with everybody, as we get card offers and investment letters from everybody and his dog.

You can find out who I am, the names of my family and neighbors, telephone number and for $5.95 find out about my 1991 speeding ticket in Sanford Florida.

Comcast uses my router modem as a hot spot, but never told me. (shoulda read the 230,238 word agreement, so it's my own fault)

Am old enough to remember when the big worry was having burglars break in.
Today, not worth their time or effort.

Might be worthwhile to post all my personal info online... let the businesses, banks and healthcare facilities worry about their losses when I'm broke.
 
Fermion said:
Sorry for the rant, but it seems nobody is listening. I feel helpless that all of our dollars are digital and will be so easily hacked.

Didn't Benjamin Franklin say "Those who give up their security for easy financial life deserve neither" ?
Click to expand...

Great rant I do agree, many times over. These are stupid and the managment (IMHO) of the companies that lose our data should be jailed. How about the auditors that missed these, didn't one of these breaches go on for over a year? How can you miss that? How do the system admins miss queries that return an 80 million row result set. Maybe it was split up? But still the expectations when I did that j*b was you knew what was running and why.

The last couple the media says were "sophisticated". Really what I read was they were the result of social engineering and spear phishing. Does that sound sophisticated? Sounds to me like a lack of training!

Add to that not using all the available technology to protect against this. One of my mentors used the word malpractice in regard to IT folks not doing their jobs. Be golly he was right, it is malpractice!

The companies that lost our data should be accountable. Instead we read how sophisticated these attackers were. Poor us, we have your data and are too blankity blank cheap to spend the money to hire people that know how to protect it. Here's some credit monitoring that partially works, try this why we continue to ignore data security, adding to our profits. BS.


One thing to remember though, if your dollars are electronic, they technically could be restored to the point prior to being hacked.
 
I received my letter from Anthem about two weeks ago saying my data was hacked. The letter pointed out that my medical information was not compromised. Who cares about that? I would rather the hackers have my medical info than my financial info.

So they offer 2 years of credit monitoring. What's to prevent the hackers from sitting on the data for 2 years then using it? Plus my kids data was also hacked. What a PIA.


Sent from my TRS-80
 
fidler4 said:
I received my letter from Anthem about two weeks ago saying my data was hacked. The letter pointed out that my medical information was not compromised. Who cares about that? I would rather the hackers have my medical info than my financial info.
Click to expand...

+1

I don't care if they find out I have hemorrhoids, but don't let them have my SS#!
 
imoldernu said:
Might be worthwhile to post all my personal info online...
Click to expand...

You might consider posting fake info so as to pollute the databases and obfuscate the correct info, aka the GIGO strategy.
 
These hacks are making me paranoid. I recently purchased Quicken software that wanted me to store in their cloud my financial information as well as the passwords to my IRAs, 401Ks and bank accounts so my financial information could be automatically updated. I turned off all of that functionality because I have no idea how secure they will keep my data...

It is the reason I won't use Mint that also wants the passwords to all my accounts. It seems that everyday we hear of another hack --
 
I don't know if it has happened lately, but I remember in the past companies often claimed that customer information was stolen from an unsecured laptop that was outside the office, in somebody's car or on the train. That's simply insane in this day and age.

As far as I'm concerned, when they say that they might as well be saying, "We sold it to hackers on the internet!" and maybe they did. I'd be willing to bet they could make considerable money under the table by selling customer information. :mad:

The one time that happened to me, was when personal information related to government credit cards (including mine, for work purposes only) was stolen from an unencrypted laptop left in the trunk of a car. They offered me free credit monitoring for a year, which would then, probably without warning, automatically roll over to credit monitoring I would have to pay for unless I took the time and effort to figure out how to cancel it. Yeah, an extra monthly bill due to their idiocy.
 
Have to echo MRG thoughts about the scope and persistence of these exploits. I feel that a large piece of that is over-reliance on the standard solutions for protection. The admins and security people often need to think outside the box and look for significant items by using tools like splunk and many other things. The answer is right there in the haystack of data, just gotta find it.
 
There is no question that a lot of the recent large security breaches have been successful through targeting employees through fake emails. That's really bad. These companies have no sense of how vulnerable their employees are to such ploys? Give me a break!

A lot easier than getting malware into POS terminals, or adding hardware to card swiping inputs.

Recent story on this. The lack of corporate controls has been shocking: Spoofing the Boss Turns Thieves a Tidy Profit - Krebs on Security
 
Last edited:
We docs can get fined $50K if one iota of "protected information" (like a newborn's sodium level or somebody's last name) escapes because a computer screen was pointing toward a window that somebody could look through or we scribbled a result on a scrap of paper. Gee, maybe we can sue the USPS for putting our name on our mail. It's ridiculous. Seems like Anthem needs to get fined $50K x millions for HIPPA violations. Maybe then someone will get serious about encryption when and where it matters.
 
Yesterday I had a friend tell me he had $50,000 swiped from his checking account. It was cold and windy and we didn't stay in the parking lot discussing it for very long. He promised me more details later. Also, told me their had been a 2nd swipe that paled in comparison to this one.
He has Lifelock. Unfortunately, the swipe happened over 3 months ago and he didn't notice it. I know that seems hard to believe. But, he has 4 huge (20 bedroom plus) resort rentals and a lot of money goes in and out of that account each month. The swipe had "Capital One" in the subject line so he didn't question it at first. They have tracked the person to a particular state. As it turns out, this person had enough of his information along with the Route and Transit number to simply "steal" the money. I know…it happens. They found it on year-end reconciliation with his accountant. Lifelock will not reimburse him since it was over the 90 day window.
In our discussion we talked about freezing our checkings, savings and other accounts from ACH withdrawals and he told me the bank(s) won't do that. I have not verified that. But it seems to me a great way for the banks to reduce their fraud via ACH and wire transfers. Unfreeze while you are doing online banking or transfers and put the freeze back on when done (with a pin number of course).
Lessons? Check all accounts frequently. Sign up for all the protections on your accounts that your bank offers.
It's beginning to seem like if you aren't a victim it is just luck!
 
[FONT=&quot]Ok, electronic info & assets are at great risk…[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Cash? Withdraw “too much” (Apparently $5,000) and you may get a visit…[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Justice Department rolls out an early form of capital controls in America[/FONT]
[FONT=&quot] [/FONT]
“…“[W]e encourage those institutions to consider whether to take more action: specifically, to alert law enforcement authorities about the problem, who may be able to seize the funds, initiate an investigation, or take other proactive steps.”


So what exactly constitutes ‘suspicious activity’? Basically anything.


According to the handbook for the Federal Financial Institution Examination Council, banks are required to file a SAR with respect to:


“Transactions conducted or attempted by, at, or through the bank (or an affiliate) and aggregating $5,000 or more…”
 
imoldernu said:
Beginning to look like the safest course is to be poor, and we're halfway there.
Cash it in, buy gold, and hide it in the cellar.

Just received my chip CC but no one uses the other side yet. Don't use on-line banking except for a few times a year and then can't enter the site, because they block it if it's unused for 60 days.

Have an Amazon account, but never figured out how I got it.
Credit rating gets shared with everybody, as we get card offers and investment letters from everybody and his dog.

You can find out who I am, the names of my family and neighbors, telephone number and for $5.95 find out about my 1991 speeding ticket in Sanford Florida.

Comcast uses my router modem as a hot spot, but never told me. (shoulda read the 230,238 word agreement, so it's my own fault)

Am old enough to remember when the big worry was having burglars break in.
Today, not worth their time or effort.

Might be worthwhile to post all my personal info online... let the businesses, banks and healthcare facilities worry about their losses when I'm broke.
Click to expand...


I'm with you fellers. I go on the wildebeest herd theory. Sure, the lions and crocodiles pick off some of the herd, but by being in a huge herd the vast majority make it through. I'm much less concerned about hackers stealing some money and more concerned about our own government scooping up all our conversations. Now we can think about Stingray - not only are our conversations monitored, but our locations in real time are known.

Frankly, I'd rather lose some bucks than have my neighbor looking in my windows - and rather my neighbor than the mayor or police chief.

https://www.aclu.org/spy-files

As a defense, not having much worth stealing or being boring and homely just plain suck.
 
sheehs1 said:
Yesterday I had a friend tell me he had $50,000 swiped from his checking account. It was cold and windy and we didn't stay in the parking lot discussing it for very long. He promised me more details later. Also, told me their had been a 2nd swipe that paled in comparison to this one.
He has Lifelock. Unfortunately, the swipe happened over 3 months ago and he didn't notice it. I know that seems hard to believe. But, he has 4 huge (20 bedroom plus) resort rentals and a lot of money goes in and out of that account each month. The swipe had "Capital One" in the subject line so he didn't question it at first. They have tracked the person to a particular state. As it turns out, this person had enough of his information along with the Route and Transit number to simply "steal" the money. I know…it happens. They found it on year-end reconciliation with his accountant. Lifelock will not reimburse him since it was over the 90 day window.
In our discussion we talked about freezing our checkings, savings and other accounts from ACH withdrawals and he told me the bank(s) won't do that. I have not verified that. But it seems to me a great way for the banks to reduce their fraud via ACH and wire transfers. Unfreeze while you are doing online banking or transfers and put the freeze back on when done (with a pin number of course).
Lessons? Check all accounts frequently. Sign up for all the protections on your accounts that your bank offers.
It's beginning to seem like if you aren't a victim it is just luck!
Click to expand...
Set up two step verification for any transfer. That's what we do whenever possible. You have to enter a code that was sent to you via phone or email to confirm the transfer.

Two step verification is also used to confirm any new ebill pay to account.

We also get email notification on any credit card charge, check clear, ATM withdrawal, etc. above a certain $ amount. It's very unlikely you would not notice a large transfer within a few days - well under the 90 day window.
 
Yeah we got our Anthem letter shortly after Home Depot gave the same monitoring service. Then there's the maggots that were responding to my homeaway and vrbo hits with rock bottom prices if they wire $$ now, now, now.

Just glad my taxes weren't filed before I filed them .

Back to running with the herd.
 
Last edited:
sheehs1 said:
Yesterday I had a friend tell me he had $50,000 swiped from his checking account.

...

The swipe had "Capital One" in the subject line so he didn't question it at first. They have tracked the person to a particular state.
...
Lessons? Check all accounts frequently. Sign up for all the protections on your accounts that your bank offers.
...
Click to expand...

Seriously? This individual didn't question a $50K swipe on their credit card? If one has been lucky enough to have acquired a sizable net worth through hard work, would't one work equally hard to track/protect that net worth? Of course all accounts should be checked frequently, in great detail. Leaving it to Lifelock or any other credit monitoring vendor is not the answer.

I've read that with the recent major hacks of Target, Sony, Home Depot, et al, hackers have learned a great deal about how people select passwords (hint: not very sophisticated). In fact, hackers have developed detailed new algorithms designed to break passwords in a matter of minutes, based on what they've learned from these new security breaches.

What to do? Get a password manager as soon as possible. Use the PM to generate random PW's to the maximum length allowed by your creditor's website (longer PW's reduce possibility of hack). Check all accounts in detail at least monthly. Order your free credit report from one of the 3 credit bureaus every 4 months so that you're consistently monitoring credit throughout the year. Remove identifying data from your computer (i.e., tax return databases, investment or net worth information, etc.). Consider eliminating use of debit cards as they remain a greater possibility for fraud than credit card use.

Yes, I've been a victim of Anthem's breach, but I've used all of this bad new to ensure that all of my financial data is secure as I can possibly make it. It was Ronald Reagan who said "trust, but verify."
 
I think it was withdrawn from checking.

He used the term "swipe" for steal.
 
audreyh1 said:
We also get email notification on any credit card charge, check clear, ATM withdrawal, etc. above a certain $ amount. It's very unlikely you would not notice a large transfer within a few days - well under the 90 day window.
Click to expand...

We do this and I don't know why everyone doesn't. We also track everything on mint.com.

In today's world you need to be aware of what's going on around you. Certainly you should be aware of any money flowing out of your accounts.

The tools are out there, learn how to use them!
 
Same concept. How do you not know $50K (or any amount for that matter) was stolen from your checking account--or any account--in the last 3 months?
 
audreyh1 said:
I think it was withdrawn from checking.

He used the term "swipe" for steal.
Click to expand...

It was from his checking account. I am sure there was that amount in deposits that month too. His places rent for $25K a week and there are 4 of them. So if he only looked at total balance, without thinking, it slid by him.

And yes, all I could do to not look at him and say, "and you didn't catch it within 90 days:confused:". But his Dad is elderly, process of moving him twice to facilities the last 3 months, he, himself, moved to a new house in Dec. and put the old one on the market, rentals on his resorts homes, two week vacation in the Dominican Republic this month….etc In other words a lot going on in his life. He does a lot of the rentals himself and the money managing…etc. If he had left the book keeping up to his accountant, I feel they would have caught it within that 90 days.

Good suggestion on the double verification step for transfer Audreyh1.
 
GrayHare said:
You might consider posting fake info so as to pollute the databases and obfuscate the correct info, aka the GIGO strategy.
Click to expand...

Don't want this to go political so I'll just stick to the issue and maybe someone will have solutions for me--

This is one of the big complaints I have with some of the new medical laws and the ACA. Megacorp demanded to know the SS# of my children to tie it to the medical insurance. I told them they had the SS# of my children for my taxes but not my insurance. This was before ACA and I didn't want any medical issues to be tied to my children going forward but technically it was required by law. After ACA it became an issue of tracking that I have insured my family--again they really have other ways of confirming that. What I think they really want is to track the medical info on everyone in the US. There are rules in place to allow them to do so and you no longer have any say in the matter. Its interesting that Megacorp has the SS data but technically they can't share it even to comply with the law. I've been told that the IRS may come calling at some point. So far I've resisted and it looks like I will make it out of Megacorp without giving in to this but I suspect I will have to provide that data to get family insurance after I leave.
 
You must log in or register to reply here.

Similar threads

A
Thanks for pulling me through
Replies
21
Views
2K
Koolau
Koolau
R
Travel Hack - Works for Me
2
Replies
27
Views
2K
CarbonaNotGlue
C
Qs Laptop
When Friends Claim They Need to Keep Working...and You are Doubtful
2 3
Replies
59
Views
4K
TheWizard
T
M
Applying for SS and the Government Shut Down
Replies
3
Views
453
ivinsfan
ivinsfan
aja8888
Show off your dog..or other pet..and how well he/she is treated (and fed)!
2 3
Replies
57
Views
2K
Gotadimple
Gotadimple

Latest posts

Back
Top Bottom