Hudson Valley Pharmacy Compromises Patients’ Information

Not that we needed any more reasons to monitor our credit cards and the like, but right here in our Hudson Valley a Rite Aid Pharmacy is the scene of identity theft to an unknown level.

Anyone who shopped at Rite Aid’s 238 Hooker Ave. store in the past year should keep an eye on their bank and credit card statements, according to the Rite Aid Corporation.

A Rite Aid associate at the Poughkeepsie location “may have obtained limited customer information” including customer names, addresses and payment card information in order to make “unauthorized payment card transactions,” according to a press release from the corporation.

The Rite Aid associate accused of the thefts is no longer employed at the store, according to Rite Aid. City of Poughkeepsie Police charged Kevin Thomas, 26, of the Town of Poughkeepsie, on Nov. 24 with second-degree identify theft, a class E felony.

The exact number of victims of the alleged thefts is unknown, police said. Rite Aid and the City of Poughkeepsie police are still investigating the incident and are asking customers to report any unaccounted for transactions.

More charges may be filed against Thomas if additional victims come forward, according to city police.

There is no indication that customer health information or Social Security numbers, or any customer information from other Rite Aid stores, was compromised.

Rite Aid is encouraging all customers at the 238 Hooker Ave. location to monitor and review payment card account statements.

Those who believe they have been affected should contact their bank or payment card company, according to the release. Customers with questions about the incident can call 1-800-877-2611 or email privacyoffice@riteaid.com.

 

For more information on best practices for identity theft protection, please visit www.legalshredinc.com

More on Tax Time Vigilance

Picking up where we left off last week, tax time is a time to step up our vigilance regarding identity theft.

Once again, identity theft still tops the list of taxpayer concerns. According to the most recent Javelin Strategy & Research, identity thieves stole $16 billion from 12.7 million US consumers in 2014.

More tips for best practices in identity theft protection:

  1. Be mindful of the information you are sharing on-line.  Data-mining is the practice where companies gather information people are sharing about themselves on line.  When making purchases or signing up for newsletters, only provide the information that the company needs: you don’t have to give out all of your information. When you do opt in to offer personal information, check the site’s privacy policy to find out how that information might be shared with other companies.
  2. It’s an old chorus but that because it’s critical: use smart passwords.  Use a password keeper to help you keep track but do not cut corners on passwords!
  3. Games and memes are fun—but also frequently ask for personal information like your mother’s maiden name or the street you grew up on. Definitely DO NOT post such information on your social media—that’s like opening your wallet and giving it away!
  4. Be wary of phishing schemes. Phishing often comes in the form of an unsolicited email or a fake website that poses as a legitimate site such as the IRS or your bank in order  to get you to disclose your personal or financial information. Don’t follow any links from these e-mails to any websites where you might be asked for your personal information. Verify that you’re on a legitimate site before sharing your data; if you must access a particular site, log out from any links that you’re not sure about and navigate directly to the site instead. And remember: the IRS will not initiate contact with you by email (or phone) to discuss your account.

We’ll finish with one more round of tips next week.

We always invite you to view more on identity theft protection at www.legalshredinc.com

Tax Season 2016: Time to Step Up Vigilance

As we enter tax season 2016, it’s that time of year to reset our vigilance and remind ourselves of best practices regarding identity theft protection particularly as they relate to filing taxes.

 

Identity theft still tops the list of taxpayer concerns. According to the most recent Javelin Strategy & Research, identity thieves stole $16 billion from 12.7 million US consumers in 2014.

 

Still, some good news was reported: the numbers are actually down from the previous year. The drop is likely the result of an increased awareness from consumers together with increased protections in place from industry and government. The more you know about how to protect yourself, the better chance you have to not be a victim.

 

We will spend the next couple of weeks emphasizing best practices.

  1. Understand that public wi-fi access really does mean public.  You may be sharing your information with more than you think.  Unless you know the wi-fi connection is 100% to be trusted, do not use it to access anything containing your private information
  2. Remember your paper documents are vulnerable as well. We get so excited about internet hackers we can forget the easiest thing to do is dumpster dive for your credit statements, bank receipts and copies of old tax returns.  Protect you private information on paper as well as on-line.
  3. Keep your mailing address current. More and more people are moving around more and more.  When you move, it’s vital to make sure you contact your financial institutions and tax authorities so your private information doesn’t just get delivered like a layup into the wrong hands.
  4. Along those lines, keep an eye out for bills including your credit card statements. Read them over and make sure they are accurate.  Also check credit reports a couple of times of year to scan for fishy activity.

More to come next week.  Yes, next week is February!

 

Always more available on www.legalshredinc.com

Setting up Secure Home Networks

This week’s blog is adapted from the FTC’s OnGuard OnLine Blog.  In a recent post, Attorney Lisa Weintraub Schifferle from the FTC Division of Consumer and Business Education addressed the importance of making sure home networks are set up securely.  To keep it secure, Weintrabu Schifferle urges homeowners to secure the router.

Why pay attention to that little box with the flashing lights? Your router lets you connect with the internet and communicate with other devices in your home. So, it’s your first line of defense in guarding against attacks by identity thieves and hackers.

How can you make your router more secure? Start with these steps:

  • Change the name of your router.The name of your router (also called the SSID or service set identifier) is usually a default ID assigned by the manufacturer. Change it to something only you know.
  • Change your router’s pre-set passwords.Your router also usually comes with a default password. Hackers know these default passwords. So, change yours to something unique, long and complex – think at least 12 characters, with a mix of numbers, symbols and upper and lower case letters.
  • Turn off any “remote management” features. Some routers offer remote management for tech support. Don’t leave these features enabled. Hackers can use them to get into your home network.

Maintenance is also important.  Once your router is set up, don’t just stick it in a corner gathering dust. Instead, keep it up to date. Over time, the software that comes with your router may need updates. Visit the manufacturer’s website periodically to see if there’s a new version available for download. Or register your router with the manufacturer and sign up to get updates. If you lease a router, check if your internet service provider issues updates automatically.

For more on best practices for identity theft protection and on-line safety, please visit www.legalshredinc.com

Resolve to Protect Your Identity in 2016

It’s that time of year for New Year’s resolutions and always a good time to take stock of how mindful you are of protecting one of your most valuable assets—your identity. Javelin Strategy & Research reported that about 12.6 million people were victims of identity theft in 2012, an increase of more than one million from the previous year. One likely reason: a spike in Web site data breaches. LinkedIn, Sony and Zappos are among the high-profile businesses attacked in recent years. Javelin found that nearly one in four people who were notified that their data had been compromised in a breach became victims of identity theft last year. The fix: Create a variety of passwords so that a thief won’t be able to use a password stolen from one site to enter another. Passwords for your e-mail and financial accounts, in particular, should be unique. Create longer passwords that contain a mix of upper- and lowercase letters, numbers, and symbols.

Resolve to review your credit reports quarterly this year and each bank and credit card statement you receive for unauthorized transactions. Bills from medical providers for services you never received could mean someone is posing as you to get treatment. Make a habit of shredding documents that contain sensitive information.

Resolve to be more protective of your phone number and birthday—avoid the temptation of sharing too much information on social media. It’s not just your “friends” who are monitoring your posts!

Resolve to keep your security software up to date and get notices from your bank and credit card companies for suspicious transactions.

For more on identity theft best practices, please visit www.hvshred.com

Vigilance Still Required with New Credit Card Chip

This week our blog post is adapted from a recent FBI press release.  In October 2015, most U.S. banks will have replaced hundreds of millions of traditional credit and debit cards, which rely on data stored on magnetic strips, with new payment cards containing a microchip known as an EMV chip. While EMV cards offer enhanced security, the FBI is warning law enforcement, merchants, and the general public that no one technology eliminates fraud and cybercriminals will continue to look for opportunities to steal payment information.

With traditional credit cards, the magnetic strip on the back of the card contains static personal information about the cardholder. This information is used to authenticate the card at the point of sale (PoS) terminal, before the purchase is authorized. When a consumer uses an EMV card at a chip PoS terminal, that transaction is protected using the technology in the microchip. Additionally, consumers will be able to continue to use the magnetic strip on the EMV card at retailers who have not yet implemented chip PoS terminals. When the card is equipped with a personal identification number (PIN), which is known only to the cardholder and the issuing financial institution, issuers will be able to verify the user’s identity. Currently, not all EMV cards are issued to consumers with the PIN capability and not all merchant PoS terminals can accept PIN entry. EMV transactions at chip PoS terminals provide more security of consumers’ personal data than magnetic strip PoS transactions. In addition, EMV card transactions transmit data between the merchant and the issuing bank with a special code that is unique to each individual transaction. This provides the cardholder greater security and makes the EMV card less vulnerable to criminal activity while the data is transmitted from the chip enabled PoS to the issuing bank.

Although EMV cards provide greater security than traditional magnetic strip cards, an EMV chip does not stop lost and stolen cards from being used in stores, or for online or telephone purchases when the chip is not physically provided to the merchant, referred to as a card-not-present transaction. Additionally, the data on the magnetic strip of an EMV card can still be stolen if the merchant has not upgraded to an EMV terminal and it becomes infected with data-capturing malware.

As always, consumers should closely safeguard the security of their EMV cards and PINs. This includes being vigilant in handling, signing, and activating a card as soon as it arrives in the mail, reviewing statements for irregularities, and promptly reporting lost or stolen credit cards to the issuing bank. Consumers should also shield the keypad from bystanders when entering a PIN, as PINs are vulnerable to cybercriminals who work to steal these numbers to commit ATM and cash-back crimes.

So too, merchants need to remain vigilant and the FBI encouraged adopting additional security measures to ensure the authenticity of cards used for transactions.

For consumers and merchants, vigilance remains key.

For more on best practices regarding identity theft please visit www.hvshred.com

Best Practices for On-line Safety-The Spooky Tale of Life After Death On-Line

Halloween has come and gone another year but before we move on to Thanksgiving, here’s one more spooky topic to consider. A recent post by Carol Kando-Pineda , Counsel at the FTC’s Division of Consumer & Business Education, we are reminded that we must consider the “life after death” of our virtual accounts.

Kando-Pineda recognizes most of us don’t really want to talk about: the truth is, we’re all going to die someday. Maybe you’ve already started thinking ahead: planning for your funeral, the care of loved ones and disposal of your property. But what about your online life? All the digital files, photos, posts and other accounts you leave behind might cause a lot of inconvenience – even fraud or identity theft – for your loved ones to clean up. Here are a few tips to figure out a plan for your online life after death.

  • Count your accounts. Make an inventory of your digital life, including accounts for email, social media, blogging, gaming, and cloud storage. Keep track of each site’s name, URL, your user name, password, your wishes for each, and other information that might be necessary for access. Some of your accounts may involve money – either real-world or online currencies – and may require additional attention. Keep your inventory secure and out of plain sight. Don’t attach your inventory to your will which becomes a public document after your death.
  • Get in the know – now. Many accounts will let you make arrangements now or name someone to manage the account after your death. Research your options.
  • Who can help? You might want to name a digital executor to handle all these tasks after your death, preferably someone who has experience with online accounts and will understand how to carry out your instructions – or make decisions about issues that you might not have foreseen. You can select a friend or family member to be your digital executor or you can hire a third-party service to help you.

For more on identity theft best practices as well as tips for on-line safety, please visit www.hvshred.com

October is Cyber Awareness Month

It turns out, October is National Cyber Security Awareness Month, and it’s a great time to be #CyberAware. The Organization has crafted several resources to help the public including:

  • For parents and teachers, there is Net Cetera resources for tips on starting the conversation with kids about online safety.
  • For more information on identity theft remedies visit identitytheft.gov for step-by-step; find advice that can help you limit the damage, report identity theft, and fix your credit.

There are definitely some great resources to share with your family, friends, co-workers, and community.

We encourage all individuals to participate this October; it’s always a great time to raise awareness on how to be safe, secure, and responsible online.

For more on identity theft best practices, please visit www.hvshred.com

Best Practices for Identity Theft Protection of Devices

This week’s blog is adapted from a recent article by Lisa Gerstner from Kiplinger’s Personal Finance. She addresses what to do of your personal computer, smartphone, or other device is lost or stolen. We all know these devices are embedded with a treasure trove of personal information.

A thief who steals your device may be able to access your e-mail, view sensitive documents as well as gain access to your personal finances.

Always lock your devices with a fingerprint sensor, a password or a PIN—one with six or more characters, if possible. Password-protect banking, wallet and other sensitive apps, too. When you get notifications to download updates for your operating system, antivirus software and other programs, do it right away because they may patch security flaws. But never click on a link or attachment in a text message or e-mail from an unfamiliar source (or from what appears to be a familiar source, if anything about the message looks fishy) because it could infect your device with malware.

No matter how tempted you are, be sure that you are only using trusted Wi-Fi networks, preferably ones that are password-protected. Although encrypted Web sites (those that begin with “https”) add protection by making your activities unreadable by hackers, it’s better to be safe than sorry.

When using Wi-Fi, avoid online banking and other sensitive transactions. If you travel a lot, consider using a personal Virtual Private Network (VPN), which provides a secure network.

Before you download a mobile app, read reviews, check its privacy policy and permissions, and visit its Web site to see whether it looks legitimate. If an app requires, say, access to your phone’s camera or GPS for no apparent reason, take a pass on it. Be especially cautious with apps from the Google Play store because anyone can place an app on that market. Apple screens apps more rigorously.

With remote tracking and wiping capability, you can find a stolen or lost device’s location and erase its contents. Users of Apple’s computers, tablets and phones can set up the option through iCloud and with the Find My iPhone app. Android owners can use Google’s Android Device Manager app.

For more on best practices in the realm of identity theft protection, please visit www.hvshred.com

Identity Theft Protection in “The Internet of Things”

In our never-ending effort to keep our community informed of the best practices is identity theft protection, this week we adapt a recent post from the “Stop.  Think. Connect.” blog posted by the Department Of Homeland Security.  The post explains how important it is that we recognize that we now live in a “smart world,” where the Internet touches all aspects of our daily lives. We have wearables that track our eating, sleeping, and exercise habits. We utilize devices that provide us with a quicker route on a summer road trip. We own mechanisms that allow us to preheat our oven or adjust our thermostat on our way home from work before we even walk through the door. These types of devices are all part of our new, more connected world – commonly referred to as the Internet of Things.

The Internet of Things includes objects or devices that send or receive data automatically via the Internet. As more devices and objects become connected to the Internet – from phones and tablets to homes, vehicles, and medical devices – it is important to realize that the security of these devices is not always guaranteed.

Why does it matter?

  • 1.8 billion: the number of smartphone users*
  • 50 billion: the number of connected devices expected by 2020 (that’s 1 person to every 7 devices)*
  • $5 trillion: the amount the IoT market is expected to grow over the next 6 years*

Though this technology brings many conveniences to our lives, it also requires that we share more information than ever. Here are three simple steps to take to secure the devices that hold your valuable personal information.

  • Keep a clean machine. Just like your smartphone or laptop, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the mobile applications you use to control the device.
  • Think twice about your device. Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.
  • Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices.

For more information and tips on identity theft protection, please visit www.hvshred.com

*National Cyber Security Alliance Internet of Things Infographic