Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Storm coming and nobody is worried.
Old 03-24-2015, 08:08 AM   #1
Thinks s/he gets paid by the post
 
Join Date: Sep 2012
Location: Seattle
Posts: 2,905
Storm coming and nobody is worried.

We were just recently informed that our medical records at our insurance provider were hacked, with stolen information of birth date, SS#, etc. potentially accessed.

Add to that the Home Depot, Target, Gmail, and other hacked sites/places and I am starting to picture a fairly good database being formed on the average citizen.

Our work requires fingerprint identification...when will that data base be hacked and the information leaked into the web...or has it already and they just don't realize?

Some of these places graciously offer one to two years of credit monitoring (likely in a plan that if you forget to cancel they start charging you $$ per year).

This doesn't help the fact that birth date, SS number are still out there and cannot be changed. Two items that are almost universally used to verify identity when talking to financial institutions.

Sorry for the rant, but it seems nobody is listening. I feel helpless that all of our dollars are digital and will be so easily hacked.

Didn't Benjamin Franklin say "Those who give up their security for easy financial life deserve neither" ?
__________________

__________________
Fermion is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 03-24-2015, 08:22 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,459
Ben Franklin said something like: “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”

But on the drive of corporations to collect our essential data and yet their apparent lack of concern for protecting this sensitive data, I hear ya man. It's horrible. I think there are some rumblings. I suspect they will get louder - way too many Americans have been affected by this now. And I think they are quite worried.

It will still take a long time for the current mentality of not taking data security seriously to turn around. It's like turning an ocean tanker.

In the meantime we each have to protect ourselves by turning on credit freezes, setting up email alerts and two part authentication on financial accounts, frequently monitoring such accounts, and arranging for ID PINs with the IRS.

I read Krebs on Security fairly often, and it's like watching the Three Stooges in action reading about US corporations falling victim to security breaches and how they handle the aftermath.
__________________

__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is offline   Reply With Quote
Old 03-24-2015, 08:42 AM   #3
Thinks s/he gets paid by the post
DFW_M5's Avatar
 
Join Date: Sep 2003
Posts: 4,982
Hey, I'm worried and I want a lb of flesh from Anthem for putting my entire family in jeopardy for ID theft for the rest of our lives. Two years of monitoring is not going to cut it.
__________________
Doing things today that others won't, to do things tomorrow that others can't. Of course I'm referring to workouts, not robbing banks.
DFW_M5 is offline   Reply With Quote
Old 03-24-2015, 08:54 AM   #4
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
Quote:
Originally Posted by Fermion View Post
We were just recently informed that our medical records at our insurance provider were hacked, with stolen information of birth date, SS#, etc. potentially accessed.

Add to that the Home Depot, Target, Gmail, and other hacked sites/places and I am starting to picture a fairly good database being formed on the average citizen.

Our work requires fingerprint identification...when will that data base be hacked and the information leaked into the web...or has it already and they just don't realize?

Some of these places graciously offer one to two years of credit monitoring (likely in a plan that if you forget to cancel they start charging you $$ per year).

This doesn't help the fact that birth date, SS number are still out there and cannot be changed. Two items that are almost universally used to verify identity when talking to financial institutions.

Sorry for the rant, but it seems nobody is listening. I feel helpless that all of our dollars are digital and will be so easily hacked.

Didn't Benjamin Franklin say "Those who give up their security for easy financial life deserve neither" ?
I've mentioned similar thoughts about a perfect storm that is coming with regard to security. I try to remain non-alarmist about this, but one does sound like chicken little when discussing these issues of identity data compromise.

It's gonna happen, and I feel strongly about it. The problem exists because our systems are large, and we present these juicy targets for criminals and friends alike. New advances in tech and security design get us equal or ahead of the threat. However, the attackers are not organized within a geo-boundary as with a conventional enemy. They are smaller groups or elements and quickly find other vulnerabilities.

We are also disorganized, and do not have a defined, unified response to these intrusions. Some companies do not report things properly, or try to deflect the blame.
__________________
target2019 is offline   Reply With Quote
Old 03-24-2015, 09:12 AM   #5
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Beginning to look like the safest course is to be poor, and we're halfway there.
Cash it in, buy gold, and hide it in the cellar.

Just received my chip CC but no one uses the other side yet. Don't use on-line banking except for a few times a year and then can't enter the site, because they block it if it's unused for 60 days.

Have an Amazon account, but never figured out how I got it.
Credit rating gets shared with everybody, as we get card offers and investment letters from everybody and his dog.

You can find out who I am, the names of my family and neighbors, telephone number and for $5.95 find out about my 1991 speeding ticket in Sanford Florida.

Comcast uses my router modem as a hot spot, but never told me. (shoulda read the 230,238 word agreement, so it's my own fault)

Am old enough to remember when the big worry was having burglars break in.
Today, not worth their time or effort.

Might be worthwhile to post all my personal info online... let the businesses, banks and healthcare facilities worry about their losses when I'm broke.
__________________
imoldernu is offline   Reply With Quote
Old 03-24-2015, 09:58 AM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,567
Quote:
Originally Posted by Fermion View Post

Sorry for the rant, but it seems nobody is listening. I feel helpless that all of our dollars are digital and will be so easily hacked.

Didn't Benjamin Franklin say "Those who give up their security for easy financial life deserve neither" ?
Great rant I do agree, many times over. These are stupid and the managment (IMHO) of the companies that lose our data should be jailed. How about the auditors that missed these, didn't one of these breaches go on for over a year? How can you miss that? How do the system admins miss queries that return an 80 million row result set. Maybe it was split up? But still the expectations when I did that j*b was you knew what was running and why.

The last couple the media says were "sophisticated". Really what I read was they were the result of social engineering and spear phishing. Does that sound sophisticated? Sounds to me like a lack of training!

Add to that not using all the available technology to protect against this. One of my mentors used the word malpractice in regard to IT folks not doing their jobs. Be golly he was right, it is malpractice!

The companies that lost our data should be accountable. Instead we read how sophisticated these attackers were. Poor us, we have your data and are too blankity blank cheap to spend the money to hire people that know how to protect it. Here's some credit monitoring that partially works, try this why we continue to ignore data security, adding to our profits. BS.


One thing to remember though, if your dollars are electronic, they technically could be restored to the point prior to being hacked.
__________________
MRG is offline   Reply With Quote
Old 03-24-2015, 10:08 AM   #7
Recycles dryer sheets
fidler4's Avatar
 
Join Date: Mar 2013
Posts: 207
I received my letter from Anthem about two weeks ago saying my data was hacked. The letter pointed out that my medical information was not compromised. Who cares about that? I would rather the hackers have my medical info than my financial info.

So they offer 2 years of credit monitoring. What's to prevent the hackers from sitting on the data for 2 years then using it? Plus my kids data was also hacked. What a PIA.


Sent from my TRS-80
__________________
fidler4 is offline   Reply With Quote
Old 03-24-2015, 10:13 AM   #8
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,082
Quote:
Originally Posted by fidler4 View Post
I received my letter from Anthem about two weeks ago saying my data was hacked. The letter pointed out that my medical information was not compromised. Who cares about that? I would rather the hackers have my medical info than my financial info.
+1

I don't care if they find out I have hemorrhoids, but don't let them have my SS#!
__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 03-24-2015, 10:19 AM   #9
Thinks s/he gets paid by the post
 
Join Date: Nov 2011
Posts: 2,360
Quote:
Originally Posted by imoldernu View Post
Might be worthwhile to post all my personal info online...
You might consider posting fake info so as to pollute the databases and obfuscate the correct info, aka the GIGO strategy.
__________________
GrayHare is online now   Reply With Quote
Old 03-24-2015, 10:23 AM   #10
Recycles dryer sheets
 
Join Date: Aug 2012
Posts: 138
These hacks are making me paranoid. I recently purchased Quicken software that wanted me to store in their cloud my financial information as well as the passwords to my IRAs, 401Ks and bank accounts so my financial information could be automatically updated. I turned off all of that functionality because I have no idea how secure they will keep my data...

It is the reason I won't use Mint that also wants the passwords to all my accounts. It seems that everyday we hear of another hack --
__________________
Live Free is offline   Reply With Quote
Old 03-24-2015, 10:25 AM   #11
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,851
I don't know if it has happened lately, but I remember in the past companies often claimed that customer information was stolen from an unsecured laptop that was outside the office, in somebody's car or on the train. That's simply insane in this day and age.

As far as I'm concerned, when they say that they might as well be saying, "We sold it to hackers on the internet!" and maybe they did. I'd be willing to bet they could make considerable money under the table by selling customer information.

The one time that happened to me, was when personal information related to government credit cards (including mine, for work purposes only) was stolen from an unencrypted laptop left in the trunk of a car. They offered me free credit monitoring for a year, which would then, probably without warning, automatically roll over to credit monitoring I would have to pay for unless I took the time and effort to figure out how to cancel it. Yeah, an extra monthly bill due to their idiocy.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is online now   Reply With Quote
Old 03-24-2015, 10:36 AM   #12
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
Have to echo MRG thoughts about the scope and persistence of these exploits. I feel that a large piece of that is over-reliance on the standard solutions for protection. The admins and security people often need to think outside the box and look for significant items by using tools like splunk and many other things. The answer is right there in the haystack of data, just gotta find it.
__________________
target2019 is offline   Reply With Quote
Old 03-24-2015, 11:14 AM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,459
There is no question that a lot of the recent large security breaches have been successful through targeting employees through fake emails. That's really bad. These companies have no sense of how vulnerable their employees are to such ploys? Give me a break!

A lot easier than getting malware into POS terminals, or adding hardware to card swiping inputs.

Recent story on this. The lack of corporate controls has been shocking: Spoofing the Boss Turns Thieves a Tidy Profit - Krebs on Security
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is offline   Reply With Quote
Old 03-24-2015, 11:23 AM   #14
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 1,471
We docs can get fined $50K if one iota of "protected information" (like a newborn's sodium level or somebody's last name) escapes because a computer screen was pointing toward a window that somebody could look through or we scribbled a result on a scrap of paper. Gee, maybe we can sue the USPS for putting our name on our mail. It's ridiculous. Seems like Anthem needs to get fined $50K x millions for HIPPA violations. Maybe then someone will get serious about encryption when and where it matters.
__________________
EastWest Gal is offline   Reply With Quote
Old 03-24-2015, 11:24 AM   #15
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Posts: 1,648
Yesterday I had a friend tell me he had $50,000 swiped from his checking account. It was cold and windy and we didn't stay in the parking lot discussing it for very long. He promised me more details later. Also, told me their had been a 2nd swipe that paled in comparison to this one.
He has Lifelock. Unfortunately, the swipe happened over 3 months ago and he didn't notice it. I know that seems hard to believe. But, he has 4 huge (20 bedroom plus) resort rentals and a lot of money goes in and out of that account each month. The swipe had "Capital One" in the subject line so he didn't question it at first. They have tracked the person to a particular state. As it turns out, this person had enough of his information along with the Route and Transit number to simply "steal" the money. I know…it happens. They found it on year-end reconciliation with his accountant. Lifelock will not reimburse him since it was over the 90 day window.
In our discussion we talked about freezing our checkings, savings and other accounts from ACH withdrawals and he told me the bank(s) won't do that. I have not verified that. But it seems to me a great way for the banks to reduce their fraud via ACH and wire transfers. Unfreeze while you are doing online banking or transfers and put the freeze back on when done (with a pin number of course).
Lessons? Check all accounts frequently. Sign up for all the protections on your accounts that your bank offers.
It's beginning to seem like if you aren't a victim it is just luck!
__________________
sheehs1 is offline   Reply With Quote
Old 03-24-2015, 11:33 AM   #16
Recycles dryer sheets
 
Join Date: May 2014
Location: Yuma AZ
Posts: 270
Ok, electronic info & assets are at great risk…

Cash? Withdraw “too much” (Apparently $5,000) and you may get a visit…

Justice Department rolls out an early form of capital controls in America

“…“[W]e encourage those institutions to consider whether to take more action: specifically, to alert law enforcement authorities about the problem, who may be able to seize the funds, initiate an investigation, or take other proactive steps.”


So what exactly constitutes ‘suspicious activity’? Basically anything.


According to the handbook for the Federal Financial Institution Examination Council, banks are required to file a SAR with respect to:


“Transactions conducted or attempted by, at, or through the bank (or an affiliate) and aggregating $5,000 or more…”
__________________
unno2002 is offline   Reply With Quote
Old 03-24-2015, 11:55 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
calmloki's Avatar
 
Join Date: Jan 2007
Location: Independence
Posts: 5,459
Quote:
Originally Posted by imoldernu View Post
Beginning to look like the safest course is to be poor, and we're halfway there.
Cash it in, buy gold, and hide it in the cellar.

Just received my chip CC but no one uses the other side yet. Don't use on-line banking except for a few times a year and then can't enter the site, because they block it if it's unused for 60 days.

Have an Amazon account, but never figured out how I got it.
Credit rating gets shared with everybody, as we get card offers and investment letters from everybody and his dog.

You can find out who I am, the names of my family and neighbors, telephone number and for $5.95 find out about my 1991 speeding ticket in Sanford Florida.

Comcast uses my router modem as a hot spot, but never told me. (shoulda read the 230,238 word agreement, so it's my own fault)

Am old enough to remember when the big worry was having burglars break in.
Today, not worth their time or effort.

Might be worthwhile to post all my personal info online... let the businesses, banks and healthcare facilities worry about their losses when I'm broke.

I'm with you fellers. I go on the wildebeest herd theory. Sure, the lions and crocodiles pick off some of the herd, but by being in a huge herd the vast majority make it through. I'm much less concerned about hackers stealing some money and more concerned about our own government scooping up all our conversations. Now we can think about Stingray - not only are our conversations monitored, but our locations in real time are known.

Frankly, I'd rather lose some bucks than have my neighbor looking in my windows - and rather my neighbor than the mayor or police chief.

https://www.aclu.org/spy-files

As a defense, not having much worth stealing or being boring and homely just plain suck.
__________________
calmloki is offline   Reply With Quote
Old 03-24-2015, 12:21 PM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,459
Quote:
Originally Posted by sheehs1 View Post
Yesterday I had a friend tell me he had $50,000 swiped from his checking account. It was cold and windy and we didn't stay in the parking lot discussing it for very long. He promised me more details later. Also, told me their had been a 2nd swipe that paled in comparison to this one.
He has Lifelock. Unfortunately, the swipe happened over 3 months ago and he didn't notice it. I know that seems hard to believe. But, he has 4 huge (20 bedroom plus) resort rentals and a lot of money goes in and out of that account each month. The swipe had "Capital One" in the subject line so he didn't question it at first. They have tracked the person to a particular state. As it turns out, this person had enough of his information along with the Route and Transit number to simply "steal" the money. I know…it happens. They found it on year-end reconciliation with his accountant. Lifelock will not reimburse him since it was over the 90 day window.
In our discussion we talked about freezing our checkings, savings and other accounts from ACH withdrawals and he told me the bank(s) won't do that. I have not verified that. But it seems to me a great way for the banks to reduce their fraud via ACH and wire transfers. Unfreeze while you are doing online banking or transfers and put the freeze back on when done (with a pin number of course).
Lessons? Check all accounts frequently. Sign up for all the protections on your accounts that your bank offers.
It's beginning to seem like if you aren't a victim it is just luck!
Set up two step verification for any transfer. That's what we do whenever possible. You have to enter a code that was sent to you via phone or email to confirm the transfer.

Two step verification is also used to confirm any new ebill pay to account.

We also get email notification on any credit card charge, check clear, ATM withdrawal, etc. above a certain $ amount. It's very unlikely you would not notice a large transfer within a few days - well under the 90 day window.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is offline   Reply With Quote
Old 03-24-2015, 01:13 PM   #19
Thinks s/he gets paid by the post
tryan's Avatar
 
Join Date: Mar 2005
Posts: 2,449
Yeah we got our Anthem letter shortly after Home Depot gave the same monitoring service. Then there's the maggots that were responding to my homeaway and vrbo hits with rock bottom prices if they wire $$ now, now, now.

Just glad my taxes weren't filed before I filed them .

Back to running with the herd.
__________________
FIRE'd since 2005
tryan is offline   Reply With Quote
Old 03-24-2015, 01:56 PM   #20
Thinks s/he gets paid by the post
 
Join Date: Jan 2008
Posts: 1,495
Quote:
Originally Posted by sheehs1 View Post
Yesterday I had a friend tell me he had $50,000 swiped from his checking account.

...

The swipe had "Capital One" in the subject line so he didn't question it at first. They have tracked the person to a particular state.
...
Lessons? Check all accounts frequently. Sign up for all the protections on your accounts that your bank offers.
...
Seriously? This individual didn't question a $50K swipe on their credit card? If one has been lucky enough to have acquired a sizable net worth through hard work, would't one work equally hard to track/protect that net worth? Of course all accounts should be checked frequently, in great detail. Leaving it to Lifelock or any other credit monitoring vendor is not the answer.

I've read that with the recent major hacks of Target, Sony, Home Depot, et al, hackers have learned a great deal about how people select passwords (hint: not very sophisticated). In fact, hackers have developed detailed new algorithms designed to break passwords in a matter of minutes, based on what they've learned from these new security breaches.

What to do? Get a password manager as soon as possible. Use the PM to generate random PW's to the maximum length allowed by your creditor's website (longer PW's reduce possibility of hack). Check all accounts in detail at least monthly. Order your free credit report from one of the 3 credit bureaus every 4 months so that you're consistently monitoring credit throughout the year. Remove identifying data from your computer (i.e., tax return databases, investment or net worth information, etc.). Consider eliminating use of debit cards as they remain a greater possibility for fraud than credit card use.

Yes, I've been a victim of Anthem's breach, but I've used all of this bad new to ensure that all of my financial data is secure as I can possibly make it. It was Ronald Reagan who said "trust, but verify."
__________________

__________________
Options is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What if they gave a Depression and nobody came? Hal3 FIRE Related Public Policy 15 03-21-2009 06:39 PM
Issues with "The Coming Generational Storm" Zoocat Life after FIRE 17 09-27-2006 10:59 AM
The Coming Generational Storm charlie Other topics 17 02-20-2005 06:40 AM
Scott Burns' book 'The Coming Generational Storm' intercst FIRE and Money 10 06-06-2004 11:13 AM

 

 
All times are GMT -6. The time now is 12:45 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.