AshleyMadison offers free full delete option in light of data breach

Cheating spouses beware.  The tagline “Life is Short, Have an Affair” has Ashley Madison users worrying whether their adulterous affairs will be exposed in yet another reported data breach. Hackers have threatened to leak the full details—names, addresses, sexual fantasies and nude photos— of 37 million Ashley Madison users worldwide if demands to disable the website are not met. 

Branding themselves “The Impact Team,” hackers have posted a small sample of sensitive data stolen from Avid Life Media, the company that owns Ashley Madison, along with other hookup websites such as Cougar Life and Established Men.  The sensitive data 

“We are the Impact Team. We have taken over all systems in the entire office and production domains, all customer information databases, source code repositories, financial records, emails,” the message said, before going on to demand that Ashley Madison, as well EstablishedMen.com be shut down.

“Shutting down AM and EM will cost you, but non-compliance will cost you more,” the message continued. “We will release all customer records, profiles with all customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails.”

Avid Life Media, which owns Toronto-based cheating website AshleyMadison.com – among others – called the attack an “act of cyberterrorism” and vowed to hold those behind the security breach responsible for their actions.

“We apologize for this unprovoked and criminal intrusion into our customers’ information,” Ashley Madison indicated in a prepared release. “We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place.”

Speaking to Brian Krebs and the online security blog KrebsOnSecurity, ALM Chief Executive Noel Biderman confirmed the hack, condemned it as a “criminal act,” and indicated that Ashley Madison was working hard to have the data removed from the Internet.

“The psychosocial consequence of releasing this personally identifiable information can potentially have a destructive affect upon many of these AshleyMadison users,” Ruth Swissa Kline, clinical director for Bridges to Change, in Fort Lauderdale, told South Florida Reporter.  “Many of these cheating spouses may have behavioral health needs or sexual addictions and be at risk even under threat of exposure.” 

“The Impact Team” claimed to have hacked Ashley Madison to expose alleged false statements given customers about a service that allowed members to erase profile information for a $19 fee. The hackers allegedly pose as “the good guys,” campaigning against a lying company possessing a treasure trove of personal information, credit card details and e-mail addresses.

Avid Life, early Monday refuted the allegations about the “paid-delete” option on Ashley Madison, stating:

“The ‘paid-delete’ option offered by AshleyMadison.com does in fact remove all information related to a member’s profile and communications activity,” it said. “The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes.”

In light of the cyber-attack, Ashley Madison said it was offering its full-delete option free to any member and noted that it was taking “every possible step towards mitigating the attack.”

“Our team has now successfully removed all the posts related to this incident as well as all personally identifiable information about our users published online,” Ashley Madison indicated in a prepared release. “Our team of forensics experts and security professionals, in addition to law enforcement, are continuing to investigate this incident.”

The Ashley Madison security breach comes about two months after dating site AdultFriendFinder.com suffered a similar cyber-attack.

“While these cheating spouses may not escape the consequences of their adulterous actions, they did have an expectation of privacy in using the Ashley Madison website,” concluded Swissa Kline.

Target data breach: credit monitoring will not protect you from identity theft

Target data breach

Attention Target shoppers. Expect more, pay less has brought new meaning as an offer of free credit monitoring may not be enough to prevent identity theft, according to Consumer Reports. The offer of “free” credit monitoring may also give shoppers a false sense of security into believing they are totally protected from identity theft.

Following the massive security breach in December that impacted more than 110 million customers, Target offered “peace of mind” to customers worried about identity theft by providing a free credit monitoring service through one of the nation’s largest credit reporting agencies, Experian.

Here are step-by-step instructions on how to enroll in the Target credit monitoring program.

“The problem is that each of the three major credit bureaus — Equifax, TransUnion, and Experian — can collect different information. So unless you’re checking all of them, you can miss someone trying to steal your identity and open new credit,” said Margot Gilman of Consumer Reports.

Target customers can register for the service — provided by Experian, regardless of whether they have been personally affected by the theft of customer data records at the discount store chain.

The credit monitoring service offered by Experian is an ongoing review of your current credit history. If an identity thief opens a new account using your name and personal information, you will receive an alert by email or text message. What the free credit monitoring service through Experian does not do is to monitor transactions — the actual, day-to-day purchases made on your credit and debit cards. That is something you must do yourself.

The Target data breach allegedly involves the use of active account information and not the opening of new accounts.

“So if I understand this correctly, I’m not protected from identity theft at all,” Bina Fink Kohl, herself an identity theft victim and Target shopper, said. “Sounds like another possible scam. Why would I give my information back to the very company that lost it to start with?”

To protect yourself from new accounts being opened without your permission, Gilman suggests placing a security freeze on their credit profile.

“A security freeze is one of the best protections,” Gilman said. “It blocks access to your credit information and makes it more difficult for a crook to open a new account under your name.”

There is a negative side to a total security freeze, though. Any inquiry into your credit history will be totally blocked, meaning an application for credit, goods, benefits, services and/or employment can be delayed or even denied. The credit freeze remains in place until the consumer removes it for a specific purpose or time frame.

More than 110 million shoppers have been impacted by the Target data breach. Each of them has been offered the free credit monitoring service for 12 months. But — according to Consumer Reports — the “free” service is riddled with defects and enticements.

• Once consumers enroll in the “free” credit monitoring service, they are enticed with an offer to purchase an Equifax and TransUnion credit report for up to $74 more to supplement the free report provided by Experian. “An Experian ad … pitched me to buy my ‘total credit picture. Why wait? View all three of your credit reports and scores now’ for $14.95.”
• The type of free credit monitoring offered by Target monitors only one credit reporting agency — Experian — and not the credit history files maintained by Equifax and TransUnion. This a huge disadvantage, as the data reported from the three major credit bureaus can differ significantly across the country.
• The type of free credit monitoring offered by Target is “old school” as it monitors new account activity and inquiries rather than unauthorized charges to existing accounts. These services are already available through most credit and debit card issuers, especially the major banks and financial institutions.
• Some of the Experian ads exploit consumers who are ignorant of their rights under federal law. For instance, consumer protection laws already allow identity theft or potential identity theft victims to place a free 90-day fraud alert on their credit report. Placement of the 90-day fraud alert will allow consumers to obtain their credit reports from Equifax, Experian and TransUnion absolutely free.

“I’m alarmed that Target is providing me with a credit monitoring service that may not fully protect my good name and reputation within the community,” said Remington Longstreth, a frequent Target shopper. “When I first learned of the offer, I immediately signed up. Now I’m left wondering if that was the right thing to do.”

In addition to or as an alternative to the Target credit monitoring service offered by Experian, impacted consumers may protect themselves from potential identity theft.

Periodically review your credit report

By keeping close tabs on your credit report at Equifax, Experian and TransUnion credit reporting agencies, you can detect signs of identity theft early. If you find an account not opened by you and have identified it as fraudulent, enter a dispute directly with the creditor as well as with the credit reporting agencies. You may be required to provide them with a valid police report and FTC Affidavit of Identity Theft.

You can obtain a free credit report at www.annualcreditreport.com or 877-322-8228.

Place a 90-day fraud alert on your credit report

Contact each of the credit reporting agencies and request a 90-day initial fraud alert. Not only will this trigger a free credit report but will advise potential creditors to investigate any application prior to issuing credit or providing services.

Equifax can be contacted at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-916-8800. Be sure to renew the alert every three months.

Freeze your credit report

Without access to your credit report, identity thieves are frozen in their tracks as creditors will not have access to your credit history. In many states, you are entitled to temporarily “freeze” access to your credit profile without cost if you are over 65 years of age or are a verified victim of identity theft. All others may be required to pay a small fee. Without access to your credit report, no lender will issue credit in your name.

Stop unsolicited credit card or insurance offers

Opting out of pre-screened approval offers for credit or insurance at www.optoutprescreen.com or 888-5OPT-OUT will stop most unsolicited applications and reduce the incidence of identity theft. Opting out refers to the process of removing your name, address and personal identifiers from lists supplied by the Equifax, Experian, TransUnion and Innovis credit reporting agencies to be used for preapproved/prescreened offers of credit or insurance.

“As a single mother, I can hardly afford to lose access to my debit and credit cards let alone become a victim of identity theft,” Target shopper Marina Sweat explained. “I used to shop at Target all the time and although I now shop at Walmart, I’m not any less a target. I’m not happy with the way this whole data breach situation is being handled.”

Target data breach – free credit monitoring and identity theft insurance

Target data breach results in free credit monitoring for all customers

Expect more, pay less has brought new meaning as Target announced this week how shoppers can enroll in a free credit monitoring and identity theft protection service in the wake of a massive data heist.

According to a specially dedicated website, the retailer will offer customers the service for one year.

Target customers can register for the service — regardless whether they have been personally affected by the theft of customer data records at the discount store chain.

Step-by-step instructions on how to enroll in the Target credit monitoring program.

The announcement comes after Target revealed last week that the massive security breach may have affected up to 110 million of its customers during the holiday shopping season and included more types of confidential information than previously disclosed.

Target had previously reported that about 40 million credit and debit cards may have been affected by the breach that occurred between Nov. 27 and Dec. 15.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” stated Gregg Steinhafel, chairman, president and chief executive officer for Target in a written statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”

While continuing to investigate, Target now indicates that an additional 70 million customers were impacted by the theft of their names, phone numbers, and email and mailing addresses. Some of the information stolen in the data breach belonged to customers who shopped before the holiday season.

“They all claim to care about protecting us from identity theft, but their very similar privacy policies don’t appear to support these claims,” stated Denise Richardson, herself a victim of identity theft and author of “Give Me Back My Credit.” “It’s difficult to believe they are as interested in protecting our personal info as they are in protecting their business model in an ecosystem comprised of undisclosed partners, affiliates, vendors, alliances, resellers and contractors who, along with any other undisclosed third party they warn they buy, sell or share our data with.”

Surpassing an incident uncovered in 2007 that saw more than 45 million credit and debit cards stolen from Marshalls and T.J. Maxx, the Target data breach is the largest reported ever for a retailer.

“Within a day of enrolling in the credit monitoring service, I received details to check my credit,” Remington Longstreth, a frequent Target shopper told Examiner. “I’m going to use this service to supplement what I already have to protect my good name and reputation in the community.”

In addition to the Target credit monitoring service, impacted customers may also protect themselves from potential identity theft.

Periodically review your credit report

By keeping close tabs on your credit report, you can detect signs of identity theft early. If you find an account not opened by you and have identified it as fraudulent, enter a dispute directly with the creditor as well as with the credit reporting agencies of Equifax, Experian and TransUnion.

You can obtain a free credit report at www.annualcreditreport.com or 877-322-8228.

Place a 90-day initial fraud alert on your credit report

Contact the credit reporting agencies and request a 90-day initial fraud alert on your credit report. Not only will this trigger a free credit report but will advise potential creditors to investigate any application prior to issuing credit, goods, benefits and/or services.

Equifax can be contacted at 800-525-6285, Experian at 888-397-3742 and Trans Union at 800-916-8800. Be sure to renew the alert every three months.

Freeze your credit report

Identity thieves are frozen in their tracks without access to your credit report as potential creditors will not have access to your credit history. In most states, you are entitled to temporarily “freeze” access to your credit profile without cost if you are over 65 years of age or are a verified victim of identity theft. All others may be required to pay a small fee. Without access to your credit report, a responsible lender will not issue credit.

Stop unsolicited credit card offers

Opting out at www.optoutprescreen.com or 888-5OPT-OUT will stop most unsolicited pre-approved applications and reduce the incidence of identity theft. Opting out refers to the process of removing your name and address from lists supplied by the Equifax, Experian, Trans Union and Innovis credit reporting agencies to be used for firm (preapproved/ prescreened) offers of credit or insurance.

“Freezing our credit and keeping a vigilant eye on our accounts ourselves continues to be the only way we have any control over our data, at least until there is far more transparency and a lot less sharing of data,” concluded Richardson.

Bill Lewis is principal of William E. Lewis Jr. & Associates, a solutions based professional consulting firm specializing in the discriminating individual, business or governmental entity.

Data breach: 40 million Target customers may be impacted at Christmas

Expect more, pay less has brought new meaning to the Christmas shopping rush as Target confirmed early Thursday that information from nearly 40 million of its customer credit and debit cards may have been compromised by a data breach during the height of the holiday shopping season.

Occurring at nearly all of their stores nationwide, the data breach occurred between November 27 and December 15, 2013.  Target said it immediately contacted authorities and financial institutions once it became aware of the security breach.

“Target’s first priority is preserving the trust of our guests, and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” stated Gregg Steinhafel, chairman, president and chief executive officer, in a prepared statement early Thursday. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.  The Minneapolis based-company also reported that they were teaming with a third-party forensics firm to investigate the breach.

Security news writer Brian Krebs – who broke the story for KrebsOnSecurity.com on Wednesday – said the data breach could not have come at a worse time for shoppers and Target.

“I can’t think of another day in the calendar when target or anyone else could expect to have more people in stores. More deals, traffic, more swipes — perfect day to launch an attack,” Krebs told ABC News.

The breach is believed to have affected nearly 40,000 card machines at nearly 1,797 Target stores nationwide.  While millions of cardholder accounts are potentially vulnerable, online purchases have not been affected.

“The information that’s stored on the magnetic strip — name, card number, expiration date, other info — if bad guys can steal that card … they can actually create a second copy,” Krebs said. “If thieves can create a second copy and were able to intercept a PIN number, that could allow them to withdraw money from ATMs.”

Customers who may have been affected should pay close attention to their credit card and debit statements, said Krebs.

“Advice to customers — be vigilant, pay attention to your statement if something doesn’t look right,” Krebs cautioned. “Whether or not you feel like you might be impacted by this breach, it’s a really good idea, particularly around this time of year, to pay attention to what’s on your debit and credit card statements.”

While consumers will be reimbursed for any fraudulent charges, the refund might not come until after Christmas, creating another headache for shoppers who are operating on limited funds.

For more information, please visit Target’s corporate website.  Consumers who suspect unauthorized or fraudulent activity may contact Target at 866-852-8680.

*********

Bill Lewis is principal of William E. Lewis Jr. & Associates, a solutions based professional consulting specializing in the discriminating individual, business or governmental entity.

For daily updates on The Credit Report with Bill Lewis, you can join Bill’s 15,500 plus fans on Facebook at: http://www.facebook.com/thecreditreportwithbilllewis.