“I took the CISSP exam and I PASSED! The Intense School material is great and your presentation was excellent. Thank you for your help with this process, and I wish you continued success.”
Ron Lam
CISSP
New loss of ID info, Richard J. Dalton Jr., New York Newsday
Publish Date:
March 10, 2005
Hackers stole the Social Security numbers and other personal data of tens of thousands of Americans, including 2,600 New York state residents, a spokesman for online data warehouse Seisint said yesterday.
The break-in is the latest in a string of security breaches involving several companies in recent months. The breaches have focused public attention on identity theft and sparked calls for tighter scrutiny of data warehouses.
At Bank of America, some customers in the Northeast received the statements of other bank customers earlier this year, a person familiar with the situation said yesterday. The bank last month confirmed a breach involving 1.2 million federal employees who are charge card customers.
At DSW Shoe Warehouse, which has seven stores on Long Island and in New York City, credit card numbers of customers at more than half their stores were recently stolen, a spokesman said yesterday.
Last month, ChoicePoint, of Alpharetta, Ga., a data warehouse like Seisint, said it had unwittingly released personal information on 145,000 Americans.
"These problems are on the rise," said David Zumwalt, chief executive of Privacy, Inc., a Dallas security company. "People have found ways to guess or steal access information that ... gives them the keys to the kingdom."
The stolen Seisint data, including names, addresses, Social Security numbers and driver's license information could put 32,000 Americans at risk of identity theft. LexisNexis, of Dayton, Ohio, which bought Seisint in September, suspected fraud after the purchase and alerted law enforcement officials, a LexisNexis spokesman said.
Neither breach at the data warehouses involved breaking in via an electronic back door. Thieves got at Seisint's data by obtaining a legitimate password. The ChoicePoint information was stolen by a group posing as small-business owners who signed up as ChoicePoint customers.
"A malicious hacker is always going to use the weakest link, which is just people," said Ralph Echemendia, lead instructor at The Intense School, a Fort Lauderdale-based school that teaches hacking to reveal security breaches.
LexisNexis is searching for other potential security breaches, parent company Reed Elsevier said in a statement. The company said it will notify affected individuals and offer ongoing credit monitoring.
LexisNexis said it's working to keep its data secure and will enhance identification and password administration.
Separately, a "small number" of Bank of America customers in the Northeast, including New York, inadvertently received statements of other customers in addition to their own statements in January, a person familiar with the error said yesterday. Affected customers were offered free credit monitoring.
"We identified and isolated the population where this problem occurred, and it was immediately rectified," said spokeswoman Tara Burke. She wouldn't elaborate.
At DSW Warehouse, a national shoe store with three locations on Long Island and four in New York City, thieves stole credit card numbers of shoppers in 103 of their 175 stores during the past three months, spokesman Rob Whitehouse said. He wouldn't provide further details, but encouraged customers who have shopped there in the past three months to check credit card statements.
How to protect yourself
Here's how you can fight identity theft and, if necessary, promptly discover a breach and recover from it.
Check your credit reports at least annually.
Guard your Social Security number.
Be suspicious of any unsolicited contacts on the phone or online.
Call 888-5OPTOUT to opt out of unsolicited credit card offers.
Shred personal documents.
Don't use your mother's maiden name to protect accounts; choose your own password.
Deposit mail in post-office collection boxes.
On your personal computer, use antivirus software and a firewall.
If you're victimized, place a fraud alert on your credit file at one of the three credit bureaus. The other two bureaus will be automatically notified.
Close affected accounts.
Report incidents to police.
Identity theft insurance for $50 or less a year can provide up to $25,000 worth of coverage to pay for phone bills, lost wages, mailing and sometimes legal fees.
