Hackers who stole sensitive customer information from the cheating site AshleyMadison.com appear to have made good on their threat to post the data online.

A data dump, 9.7 gigabytes in size, was posted on Tuesday to the dark web using an Onion address accessible only through the Tor browser. The files appear to include account details and log-ins for some 32 million users of the social networking site, touted as the premier site for married individuals seeking partners for affairs. Seven years worth of credit card and other payment transaction details are also part of the dump, going back to 2007. The data, which amounts to millions of payment transactions, includes names, street address, email address and amount paid, but not credit card numbers; instead it includes four digits for each transaction that may be the last four digits of the credit card or simply a transaction ID unique to each charge. AshleyMadison.com claimed to have nearly 40 million users at the time of the breach about a month ago, all apparently in the market for clandestine hookups.

“Ashley Madison is the most famous name in infidelity and married dating,” the site asserts on its homepage. “Have an Affair today on Ashley Madison. Thousands of cheating wives and cheating husbands signup everyday looking for an affair…. With Our affair guarantee package we guarantee you will find the perfect affair partner.”

The data released by the hackers includes names, addresses and phone numbers submitted by users of the site, though it’s unclear if members provided legitimate details. A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses. Continue reading at Wired.com.

KYC (Know Your Customer) compliance, the regulatory standards that demand to know who you are and what you are doing with your money, are being adopted by Bitcoin exchanges more and more. But with hacks as large as the OPM hack and the high costs of Identity theft, is this secure?

KYC, AML and ABC (Anti-bribery and corruption) compliance are water to the sharks, whales and bubble fish of the financial industry. The collection of customer identity and activity data is such a tradition that even during a recession, the compliance officer industry is booming. Regulator's role is to pressure banks and exchanges into compliance, while law enforcement attempts to hook onto the bigger fish.

This relationship has intensified over recent years with increased pressure on financial institutions to collect and mine user generated data. This is driven in part by a large uptick of 'financial crimes' and fraud of the legacy financial system.

According to BankTech, “'In 2011 banks and financial institutions generated more than one million SARS (Suspicious Activity Reports), of which the IRS reviewed 775,000. Thus far in 2012, the IRS has reviewed 500,000 SARS with case size in the hundreds of millions of dollars.” Producing a steady income for lawyers and the compliance industry in general.

BankTech adds that “Among the growing and most troubling trends is the double income tax return refund fraud. The IRS has seen a disturbing number of cases of identity theft where social security numbers and other personal information are stolen -- usually by well-organized Eastern European crime networks -- and used to submit a duplicate tax return and claim a refund.” There were 500 cases prosecuted in 2012.

This is believed to be because of growing dependence on the Internet to expand the effectiveness of financial services, both corporate and governmental. Many government websites today take in claims through automated forms, and most major banks are heavy on online banking.

The problem is that their security rests on a foundation that is continually being shaken, that of third parties securely handling customer's personal information. And with online and telephone means of accessing financial services growing, the value of individual's personal information is also on the rise. Particularly to those willing to commit identity theft. Continue reading at The CoinTelegraph....

Protect your identity with IDShield.

The U.S. Internal Revenue Service (IRS) said Monday a hacking attack into one of its computer databases revealed in May was much more extensive than previously thought, with nearly three times as many taxpayers hit by data theft.

The IRS said in late May the tax return information of about 114,000 U.S. taxpayers had been illegally accessed by cyber criminals over the preceding four months, with another 111,000 unsuccessful attempts made.

A new review has identified 220,000 additional incidents where data was breached, the tax collection agency said. It identified another 170,000 suspected failed attempts by third parties to gain access to taxpayer data.

The attackers sought to gain access to personal tax information through the agency’s “Get Transcript” online application, which allowed taxpayers to call up information from previous returns. The system was shut down after the May attacks.

“The IRS believes some of this information may have been gathered for potentially filing fraudulent tax returns during the upcoming 2016 filing season,” the agency said in a statement. Continue reading at One America News....

Protect your identity with IDShield.

The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time -- United Airlines.

United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists -- including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests -- which include information on flights’ passengers, origins and destinations -- according to one person familiar with the carrier’s investigation.

It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said. Read more at Bloomberg....


Protect your personal information with IDShield.

An Arizona woman has been sent to jail for six years for masterminding a tax rebate scam which used Facebook to find and target unemployed people for identity theft.

34-year-old Elaine Monique Zavala-Charres of Winslow, Arizona scammed over $400,000 out of the US revenue system, and on top of her jail sentence will have to pay a similar amount, $411,309, back in restitution as well as spending another three years in "supervised release" at the end of her spell inside.

A co-conspirator of Zavala-Charres, 27-year-old Lacey Hollinger of Massena, New York, used social media including Facebook to pick out likely locals, who she then contacted, posing as a government representative working on an economic stimulus program.

"Several dozen" people responded to Hollinger, providing plenty of sensitive personal information for use in identity theft. This information was then passed on to Zavala-Charres, who pooled it with additional data harvested from Arizona locals by other members of the team, and then used the pile of identity info to make multiple tax claims.

Most of the identities used belonged to unemployed people, presumably to minimize the risk that the scam would be spotted early - in many cases of ID theft tax refund scams, the targets are not aware that their information has been taken and made use of until they try to submit their own tax returns later in the tax year. Continue reading at Naked Security....

Tracy Mitchell was sentenced to about 13 years in prison on Friday for her role in a stolen identity theft ring, which involved more than 1,000 stolen identities, 9,000 false tax returns, which claimed more than $24 million and resulted in about $9 million paid out by the IRS in fraudulent refunds.

“The amount of money involved (in this scheme) is mind boggling,” said U.S. District Judge Kristi DuBose.

Mitchell, a Phenix City woman who was employed at the hospital at Fort Benning, was considered one of the ring leaders of the eight co-defendants who were also sentenced for this crime. She was responsible for stealing the identities of 99 soldiers, some of whom were deployed to Afghanistan when their identities were stolen.

Family of the victims wrote the U.S. Attorney’s Office for the Middle District of Alabama, describing the effect of this crime.

“This news was devastating, to think that my 19-year-old son, who was defending the very freedom this country stands for, was wronged by one of those people he was willing to die for,” one mother wrote. Continue reading at the Montgomery Advertiser....

Protect your identity with IDShield.

Moonlighting on the job, a Miami-Dade County cop wrote 159 police reports claiming people with bad credit histories were “victims” of identity theft, according to court records.

The reality: Veteran Miami-Dade police officer George Price fabricated the reports and sold them so they could be used to remove blemishes from the purported victims' credit histories.

Price, 42, pleaded guilty to a conspiracy charge Friday for his supporting role in an alleged credit-repair ring. Price, who joined the force in 1999, must resign by next week.

He faces up to 20 years in prison on his fraud conviction, but is expected to receive a significantly shorter sentence because he pleaded guilty and has agreed to assist the FBI and U.S. attorney’s office in their investigation, according to a plea deal signed by Price, his defense attorney, Marshall Dore Louis, and the prosecutor, Michael Davis. Read more at the Miami Herald....

Protect your identity with IDShield.

Odessa, Texas police are dealing with an increasing problem of people possessing fake government-issued IDs and many are believed to be illegal aliens.

The Odessa Police Department says they are seeing these cases “weekly and sometimes even on a daily basis,” NewsWest 9 reports. Fraudulent use or possession of identifying information can include having a fake social security card, fake resident card, or fake Texas drivers license.

“If we come in contact with someone or even arrest somebody, we’re not going to ask that person if they’re an illegal alien. However, if it is determined that somebody is possibly illegal, then they basically get booked into the jail and they can be turned over to Homeland Security,” Cpl. Steve LeSueur of the Odessa PD says.

LeSueur says it’s usually pretty easy to spot the fakes. Continue reading at the American Mirror....

A Veterans Affairs hospital in South Dakota has waited more than two months to notify 1,100 patients that files containing their Social Security numbers and other personal information were dumped in a trash bin.

The Rapid City Journal reports that the data breach at the VA Hot Springs hospital took place in May, but it wasn't until July 29 that anyone was notified. The paper said the breach was the most recent in a string of embarrassments that has engulfed the nation’s VA system over charges of doctored wait lists, poor care and wasteful spending.

The VA Black Hills Health Care System blamed the breach on an employee who mistakenly tossed the patient files in a Dumpster. The records were found two days later by another employee who fished them out of the trash and notified hospital security guards.

“The investigation found that during a regular office move, that the box of files were inadvertently throw in the receptacle, VA Black Hills spokeswoman Teresa Forbes told the paper, calling it “an unfortunate mistake.” Read more at Fox News....


Protect your identity with IDShield.

A Troy, Alabama, man was sentenced to prison yesterday in U.S. District Court for the Middle District of Alabama for his involvement in a stolen identity tax refund fraud scheme, announced U.S. Attorney George L. Beck Jr. of the Middle District of Alabama, and Acting Assistant Attorney General Caroline D. Ciraolo of the Department of Justice’s Tax Division.

Devon Tucker, 31, a former jailer of the Troy Police Department at the city jail, pleaded guilty earlier this year to one count of conspiracy to defraud the United States and one count of aggravated identity theft. U.S. District Judge Callie V.S. Granade sentenced Tucker to serve 32 months in prison and three years of supervised release, and ordered him to pay $13,162 in restitution to the Internal Revenue Service (IRS).

According to court documents, from January 2014 to January 2015, Tucker stole the personal identification information of approximately 150 individuals who were processed into the Troy city jail. Tucker provided those identities to his co-conspirators for the purpose of filing false federal income tax returns claiming fraudulent refunds from the U.S. Treasury. Tucker was paid in pre-paid debit cards in the names of the identity theft victims for his involvement in the scheme. Read more at WTVY....

Protect your identity with IDShield.

According to the Federal Trade Commission’s 2014 Consumer Sentinel Network Data Book, identity theft once again tops consumer complaint categories in 2014. Identity theft can be committed in many ways: from non-technical methods such as stealing purses or “dumpster diving” for documents that have been thrown away that contain sensitive data; to technical methods such as deceptive phishing e-mails that include malware containing spyware or Trojan horses.

When it comes to phishing and social engineering scams, scammers use fake email addresses and websites to try to make them look like they are coming from a legitimate organization. They try to gain your trust and will then trick you into divulging personal information. Even if you don’t divulge any info, malware downloaded from clicking suspicious links, downloading fake apps or attachments, or visiting suspicious websites can still penetrate your computer and install keystroke loggers to steal data or capture account credentials as you type them. Read more at the Norton website....

Protect your identity with IDShield.

The following is a press release from the U.S. Dept. of Justice, July 31, 2015

Houston, Texas -- Thirteen members of the Texas Guard have received their sentences for their roles in wide-ranging bribery and fraud schemes that caused more than $170,000 in losses to the United States. Seven of those members were sentenced this past week in Houston.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and U.S. Attorney Kenneth Magidson of the Southern District of Texas made the announcement.   

• Jammie Martin, 38, of Katy, Texas, and Michelle Davis, 34, of Houston, were convicted in February of this year after a five-day trial of conspiracy, bribery, wire fraud and aggravated identity theft. Martin was sentenced to serve 102 months in prison and Davis was sentenced to serve 57 months in prison.   
  
  
• Vanessa Phillips, 37, of Houston, pleaded guilty to one count of conspiracy and one count of bribery and was sentenced to three years probation. 
  
  
• Zaunmine “Orlando” Duncan, 39, of Douglasville, Georgia, pleaded guilty to one count of conspiracy, one count of bribery and one count of aggravated identity theft. He was sentenced to serve 70 months in prison. 
  
  
• Annika Chambers, 29, of Houston, and Lashae Hawkins, 29, of San Antonio, pleaded guilty to one count of conspiracy and one count of bribery. Chambers was sentenced to serve six months in prison.  Hawkins received one year and one day in prison. 
  
  
• Christopher Renfro, 27, of Houston, pleaded guilty to one count of conspiracy, one count of bribery, one count of aggravated identity theft and two counts of wire fraud. He was sentenced to serve 36 months in prison. 
  
  

In June, six other members of the Texas Guard were sentenced for their roles in the scheme.   

• Michael Rambaran, 52, of Pearland, Texas, pleaded guilty to one count of conspiracy, one count of bribery and one count of aggravated identity theft. He was sentenced to serve 60 months in prison.   
  
  
• Edia Antoine, 29, and Ernest A. Millien III, 51, both of Houston, and Melanie Moraida, 35, of Pearland, pleaded guilty to one count of conspiracy and one count of bribery. Each received 12 months and one day in prison.   
  
  

Elisha Ceja, 28, of Barboursville, West Virginia, and Kimberly Hartgraves, 30, of League City, Texas, pleaded guilty to one count of conspiracy and one count of bribery. Ceja was sentenced to serve nine months in prison and Hartgraves received probation.

U.S. District Judge Lee H. Rosenthal in the Southern District of Texas imposed the prison terms and also ordered all 13 defendants to pay restitution. One remaining defendant, Danielle Applin 29, of Harker Heights, Texas, who previously pleaded guilty to one count of conspiracy and one count of bribery, is scheduled to be sentenced on Sept. 2, 2015, in Houston. 

In approximately September 2005, the National Guard Bureau entered into a contract with Document and Packaging Broker Inc. to administer the Guard Recruiting Assistance Program (G-RAP). Through this program, a participating soldier, known as a recruiting assistant, could receive bonus payments for referring another individual to join the National Guard. Based on certain milestones achieved by the referred soldier, a participating soldier would receive payment through direct deposit into the participating soldier’s designated bank account. To participate in the program, recruiting assistants were required to create online accounts.

According to the evidence presented at trial and in connection with various guilty pleas, Phillips and Davis, both of whom participated in the G-RAP as recruiting assistants, conspired with Martin, a recruiter, to defraud the program by falsely claiming that they were responsible for referring potential soldiers to join the National Guard. The trial evidence showed that Martin used his position to obtain the names and Social Security numbers of potential soldiers which he provided to recruiting assistants so that they could use the information to obtain fraudulent recruiting referral bonuses. The evidence at trial showed that, in exchange for the information, Martin, who organized and led the scheme, personally received approximately $15,000 in payments from the recruiting assistants. This scheme resulted in more than $30,000 in losses to the National Guard Bureau.

In a separate scheme that resulted in an additional $70,000 in losses, recruiting assistants Antoine, Millien, Moraida and Renfro admitted to paying Rambaran, a recruiter who organized and led the scheme, for the personal information of potential soldiers. They then used that information to obtain fraudulent bonuses by falsely claiming they referred those individuals to join the National Guard. Rambaran admitted that, in exchange for the recruit information, he personally received a total of approximately $29,000 in payments from the recruiting assistants. 

In connection with his guilty plea in a scheme he organized and led, Duncan, a recruiter, admitted he personally received approximately $24,000 in payments from recruiting assistants in exchange for personal information of potential soldiers. Those recruiting assistants – Ceja, Chambers, Hartgraves and Hawkins – admitted to paying Duncan for the information and using it to obtain fraudulent bonuses by falsely claiming they referred those individuals to join the National Guard. This scheme resulted in another $70,000 in losses to the National Guard Bureau.

The cases were investigated by the San Antonio Fraud Resident Agency of Army Criminal Investigation Command’s Major Procurement Fraud Unit. These cases are being prosecuted by Trial Attorneys Sean F. Mulryne, Heidi Boutros Gesch and Mark J. Cipolletti of the Criminal Division’s Public Integrity Section and Assistant U.S. Attorney John Pearson of the Southern District of Texas. 

Protect your social security number with IDShield.

The massive data breach at the federal Office of Personnel Management that was revealed last month has exposed the Social Security numbers and personnel records nearly every federal worker.

The implications for federal employees, military service members and the intelligence community could be huge. But at a very basic level, US service members have been at high risk for identity theft for decades.

Former Navy linguist Linsdsay Church holds military ID tags for her grandfather, mother and her. The two later tags contain social security numbers. The numbers have been obscured in this photo to protect their identities.

In the military your nine-digit service ID number is used for everything, whether you're checking out gym equipment or picking up your laundry. Since the late 1960s that number has been a service member’s Social Security number.

And while the military is trying to change that, it’s a long process.  For many service members their Social Security number is still printed everywhere. Continue reading at Jefferson Public Radio....


Protect your social security number and your identity with IDShield.

GM Financial says information about approximately 2,200 of its customers was "inappropriately accessed" by a former employee who was recently charged in connection with an identity theft scheme, CBC News has learned. 

The charges stem from an incident in May, when an arrest in Burlington, Ont. of two women in a stolen car turned up counterfeit citizenship documents, SIN cards and other identification. 

The names and information in the documents were of other, actual people — eight of them — but had pictures of the two suspects.  

Halton Regional Police said the two women were in the process of opening bank accounts in the victims' names.

A common link between the eight victims, investigators determined, was that they had all financed their vehicles through GM Financial. 

Police, with help from GM Financial, say they followed the trail to an employee at the company, through which thousands of Canadians have bought GM vehicles. Continue reading at CBC News....


Protect yourself and your identity with IDShield.

A data breach reported by a Fort Wayne, Indiana-based electronic medical records company that affects nearly 4 million patients nationwide has resulted in a class-action lawsuit and the Indiana attorney general’s office urging Hoosiers whose information was accessed to consider freezing their credit.

Medical Informatics Engineering Inc. originally reported the data breach June 10. According to the company, on May 26, it noticed suspicious activity on one of its servers and subsequently found that “some personal and protected health information” of clients and individuals using MIE electronic health records had been accessed.

Among the data compromised during the cyber attack were patients’ Social Security numbers, lab results, medical conditions and health plan information. Read more at KPC News....


Protect your medical records with IDShield.

It was never a matter of if, but when.

As soon as the news broke about two major hacking incidents at the Office of Personnel Management, I knew what would come next. And I knew it wouldn’t be immediate cases of identity theft.

It could be months, if not years, before identity thieves victimize those whose information was compromised. They know people are more vigilant at the beginning. So they wait until everyone calms down.

But there is another group of scammers who strike quickly when a data breach is disclosed. Ironically, with nary a piece of information from a hacking incident, these criminals can ride the coattails of the caper by pretending to help potential victims.

And sure enough, the Federal Trade Commission recently issued a scam alert warning government employees, contractors and others affected by the hacks to look out for imposters pretending to be from the FTC and offering compensation to data-breach victims.

In April, the personnel office learned that personal information — birth dates, home addresses and Social Security numbers — for 4.2 million current and former federal employees had been stolen. Then in June came a massive breach involving 21.5 million individuals. In that case, the stolen information included background-investigation records of current, former and prospective federal employees and contractors.

With that many people now concerned about their personal information, scammers are likely to find quite a few who can be tricked into parting with their money or the very data that was stolen.

According to Lisa Weintraub Schifferle, an attorney for the FTC’s Division of Consumer and Business Education, here’s how one scam works: A man, who identifies himself as Dave Johnson, calls and says he’s from the FTC and the government is offering compensation to people affected by the personnel office breach. He says he’s from the agency’s Las Vegas office. But to get the money, you have to provide some personal information.

“Stop,” Schifferle writes in a blog post. “Don’t tell him anything. He’s not from the FTC.”

I can see how people might fall for this scam. The personnel office has announced that it’s offering people identity-theft protection, and a clever con artist could persuade folks that they’re getting money to pay for this service. Continue reading at the Columbus Dispatch....


Protect your identity with IDShield.

A Florida man attempted to chew off his fingerprints while in a patrol car to avoid being identified by the police.

On Thursday, Lee County Sheriff detectives noticed a 2015 Mercedes that had been reported stolen and after stopping the vehicle, they found the driver, Kenzo Roberts, was using a fake ID, had a concealed firearm and possessed three fraudulent credit cards.

Surveillance video shows Roberts unsuccessfully trying to bite off his own fingerprints while in the backseat of the patrol car. Lee County Sheriff officials say Roberts has two felony warrants for his arrest for aggravated assault with a deadly weapon.

Click here to see the video at 11Alive.com....