Ridgewood NJ, Ridgewood Police report that on Sunday, October 11, 2015, a Corsa Terrace resident reported that his/her computer had been hacked resulting in his/her identity being stolen. The victim, who had implemented a program to improve his/her computer’s performance and remove viruses, was contacted by a male caller claiming to represent “Celox Support”. The caller persuaded the victim to allow him remote access to his/her computer and credit card account information.
It is suggested that consumers provide credit card account information only after positively verifying that they are dealing with a legitimate service provider. The Ridgewood Police Department is also aware that this is a very popular scam at this time and residents should always be wary of someone contacting them by phone and offering to “fix” computer problems.
Patreon: Some user names, e-mail and mailing addresses stolen
At least passwords were encrypted with 2048-bit RSA, hashed via bcrypt, and salted.
by Cyrus Farivar – Oct 1, 2015 3:30pm EDT
Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announced late Wednesday that it had sustained a security breach.
The site said some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public.
Jack Conte, the co-founder and CEO, wrote in a statement:
We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted with a 2048-bit RSA key.
Conte specified that user passwords are hashed with bcrypt and salted as well, but he encouraged patrons to change their password anyway as a precaution.
The Office of Personnel Management announced Wednesday that 5.6 million people are now estimated to have had their fingerprint information stolen.
That number was originally thought to be about 1.1 million, OPM said in a statement. About 21.5 million individuals had their Social Security Numbers and other sensitive information affected by the hack.
According to OPM, “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” The office acknowledged, however, that future technologies could take advantage of this information.
Despite a hack two years ago that publicly exposed Hillary Clinton’s emails, the State Department took no action to shore up the security of the former secretary of state’s private computer server.
A State Department official said the department could not do anything in response to the March 2013 hack of longtime Clinton confidant Sidney Blumenthal because it occurred on a non-governmental computer system. The hacked emails, which included Blumenthal’s frequent correspondence with Clinton while she was in office in 2012, were sent by the Romanian hacker to media organizations, which later posted them online.
The disclosure renews questions of when State Department officials first learned that Clinton was doing department business on a private server and what steps they took to safeguard her sensitive diplomatic communications, some of which have been deemed classified.
Aug 17, 3:50 PM EDT
BY STEPHEN OHLEMACHER
ASSOCIATED PRESS
WASHINGTON (AP) — A computer breach at the IRS in which thieves stole tax information from thousands of taxpayers is much bigger than the agency originally disclosed.
An additional 220,000 potential victims had information stolen from an IRS website as part of a sophisticated scheme to use stolen identities to claim fraudulent tax refunds, the IRS said Monday. The revelation more than doubles the total number of potential victims, to 334,000.
The breach also started earlier than investigators initially thought. The tax agency first disclosed the breach in May.
The thieves accessed a system called “Get Transcript,” where taxpayers can get tax returns and other filings from previous years. In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address, the IRS said.
The personal information was presumably stolen from other sources. The IRS believes the thieves were accessing the IRS website to get even more information about the taxpayers, which could help them claim fraudulent tax refunds in the future.
“As it did in May, the IRS is moving aggressively to protect taxpayers whose account information may have been accessed,” the IRS said in a statement. “The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to `Get Transcript’ taxpayer account information.”
Ridgewood NJ, Ridgewood Police report that on Tuesday August 4, 2015 a West side resident reported discovering fraudulent charges had been made on one of his/her credit card accounts. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.
Earlier on Monday July 27, 2015 a resident reported that an unidentified actor had opened several credit cards accounts utilizing his/her personal information. The matter is being investigated by the detective bureau. Information concerning prevention/reporting identity theft is available at the Ridgewood Police Department. While reports of similar incidents continue to be on the rise it is prudent to closely monitor your credit history as well as incoming mail at your residence.
Identity Theft Protection Tips
Identity theft is a crime in which an impostor obtains key pieces of personal identifying information (PII) such as Social Security numbers and driver’s license numbers and uses them for their own personal gain. It can start with lost or stolen wallets, stolen mail, a data breach, computer virus, “phishing” scams, or paper documents thrown out by you or a business (dumpster ).
How can I minimize my risk of becoming an identity theft victim?
As consumers, you have little ability to stop or prevent identity theft. However, there are some positive steps to take which will decrease your risk.
Don’t give out your SSN unnecessarily (only for tax reasons, credit or verified employment.) Before providing personal identifiers, know how it will be used and if it will be shared.
Use a cross-cut shredder to dispose of documents with personal information. Also, use a specialized gel pen when writing out checks.
Place outgoing mail in collection boxes or the U.S. Post Office.
Know your billing cycles and contact creditors when bills fail to show up. Review bank and credit card statements carefully.
Password protect your financial accounts. A strong password should be more than eight characters in length, and contain both capital letters and at least one numeric or other non alphabetical character. Use of non-dictionary words is also recommended.
Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact.
Use firewall software to protect computer information. Keep virus and spyware software programs updated.
Reduce the number of preapproved credit card offers you receive: 888-5OPT-OUT
Order your free annual credit reports on-line at: www.annualcreditreport.com or by calling (877) 322-8228
You may also “freeze” your credit report. For more information on this, go to: State Resources
Booby-trapped MMS messages and websites exploit flaw in heart of Android.
Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message or the user is lured to a malicious website, a security researcher reported Monday.
The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in “Stagefright,” an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.
In a blog post published Monday, Zimperium researchers wrote:
A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojaned phone.
The vulnerability can be exploited using other attack techniques, including luring targets to malicious websites. Drake will outline six or so additional techniques at next month’s Black Hat security conference in Las Vegas, where he’s scheduled to deliver a talk titled Stagefright: Scary Code in the Heart of Android.
David Shepardson, Detroit News Washington Bureau3:53 p.m. EDT July 24, 2015
Washington — Under government pressure, Fiat Chrysler Automobiles NV agreed Friday to recall 1.4 million vehicles that can be cyber-hacked remotely — as Congress, automakers and regulators are raising increasing concerns about vehicle communications.
The first-of-its-kind callback came just days after a magazine report showed hackers could wirelessly take control of some functions of a Jeep Cherokee.
The National Highway Traffic Safety Administration said it will open an investigation into the recall to ensure all vehicles that could be affected are covered. “Opening this investigation will allow NHTSA to better assess the effectiveness of the remedy proposed by Fiat Chrysler,” NHTSA Administrator Mark Rosekind said in a statement, acknowledging the agency had urged the move.
Owners will get a USB device that they may use to upgrade vehicle software, which provides additional security features independent of the network-level measures that largely addresses the problem.
The federal personnel agency announced Thursday a massive hack.
BY KAVEH WADDELL AND DUSTIN VOLZ
More than 21 million Social Security numbers were compromised in a breach that affected a database of sensitive information on federal employees held by the Office of Personnel Management, the agency announced Thursday.
That number is in addition to the 4.2 million social security numbers that were compromised in another data breach at OPM that was made public in June.
Of the 21.5 million records that were stolen, 19.7 million belonged to individuals who had undergone background investigation, OPM said. The remaining 1.8 million records belonged to other individuals, mostly applicants’ families.
The records that were compromised include detailed, sensitive information about the individuals, including fingerprint data. OPM says 1.1 million compromised files included fingerprints.
Beyond the fingerprints and Social Security numbers, some of the files in the compromised database included “residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details,” OPM said.
(CBS) — It’s been a high-tech nightmare in the financial, and airline industries today because of separate glitches.
Trading was halted at the New York Stock Exchange for 3 1/2 hours after what has been described as an “internal problem.” Trading later resumed, with sizeable losses.
This was followed by temporary trouble accessing the Wall Street Journal’s website, and a flood of conspiracy theories on social media about a coordinated hack attack.
But before all this happened, United Airlines grounded flights across the country for nearly two hours, because of what they call a “router issue.”
CBS 2’s Mike Parker reports in every one of these incidents, it was computer technology breakdowns, not a hostile set of attacks. But one local expert says more of those are sure to come and we should be ready.
With the outages at the NYSE and United Airlines, some people wonder if this brave but vulnerable new world of computers could be open to a much bigger failure: a major enemy hack attack.
Anonymous issued cryptic tweet on eve of NYSE suspension
New York trading was suspended around 11:30 a.m. Wednesday due to a “technical issue,” the exchange said in a statement posted to Twitter.
The Department of Homeland Security said there was no indication the NYSE had been hacked, according to Bloomberg and CNN. The exchange said the glitch could not be attribute to “a cyber breach.”
“The issue we are experiencing is an internal technical issue and is not the result of a cyber breach,” it said in another statement. “We chose to suspend trading on NYSE to avoid problems arising from our technical issue. NYSE-listed securities continue to trade unaffected on other market centers.”
The White House said President Obama had been briefed on the issue. Earlier in the day, United Airlines briefly grounded all of its flights due to a systemwide failure.
Anonymous has previously targeted Wall Street and made headlines in 2011 when it threatened to “destroy” the New York Stock Exchange.
The message could also be seen as an allusion to economic unrest in China and Greece, which has contributed to global market turmoil in recent days. U.S. stocks saw modest losses in the early hours of trading Wednesday.
WASHINGTON (AP) — A major federal union says the cyber theft of employee information is more damaging than it first appeared, asserting that hackers stole personnel data and Social Security numbers for every federal employee.
The Obama administration had acknowledged that up to 4 million current and former employees are affected by the December cyber breach of Office of Personnel Management data, but it had been vague about exactly what was taken.
But J. David Cox, president of the American Federation of Government Employees, said in a letter Thursday to OPM director Katherine Archuleta that based on incomplete information OPM provided to the union, “we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to 1 million former federal employees.”
The OPM data file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs.
The union believes the hackers stole military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; and age, gender and race data, he said.
Also Thursday, Sen. Harry Reid of Nevada, the Democratic Senate leader, said that the hack was carried out by “the Chinese” without specifying whether he meant the Chinese government or individuals. Reid is one of eight lawmakers briefed on the most secret intelligence information. U.S. officials have declined to publicly blame China, which has denied involvement.
More than 3.5 million people’s sexual preferences, fetishes and secrets have been exposed after dating site Adult FriendFinder was hacked.
Already, some of the adult website’s customers are being identified by name.
Adult FriendFinder asks customers to detail their interests and, based on those criteria, matches people for sexual encounters. The site, which boasts 64 million members, claims to have “helped millions of people find traditional partners, swinger groups, threesomes, and a variety of other alternative partners.”
The information Adult FriendFinder collects is extremely personal in nature. When signing up for an account, customers must enter their gender, which gender they’re interested in hooking up with and what kind of sexual situations they desire. Suggestions AdultFriendfinder provides for the “tell others about yourself” field include, “I like my partners to tell me what to do in the bedroom,” “I tend to be kinky” and “I’m willing to try some light bondage or blindfolds.”
The hack, which took place in March, was first uncovered by independent IT security consultant Bev Robb on her blog Teksecurity a month ago. But Robb did not name the site that was hacked. It wasn’t until this week, when England’s Channel 4 News reported on the hack, that Adult FriendFinder was named as the victim.
MAY 21, 2015, 5:51 PM LAST UPDATED: THURSDAY, MAY 21, 2015, 5:56 PM
BY COLLEEN DISKIN AND MARY JO LAYTON
STAFF WRITERS |
THE RECORD
Three Bergen County hospitals are alerting thousands of patients that their personal information may have been stolen by a billing clerk under federal investigation.
Valley Hospital in Ridgewood (pictured), Englewood Hospital and Holy Name Medical Center in Teaneck have informed patients of a data breach.
The Valley Hospital in Ridgewood, Englewood Hospital and Medical Center, and Holy Name Medical Center in Teaneck have informed patients treated in their emergency departments that their names, Social Security numbers and dates of birth may have been illegally given out by a company contracted to handle physician billing, officials said.
An employee at Medical Management, LLC, which provides billing services to 40 providers in several states, worked at the company from Feb. 2013 until March 2015 and copied personal information and illegally passed it on, officials said.
Warning: Undefined array key "sfsi_riaIcon_order" in /home/eagle1522/public_html/theridgewoodblog.net/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 165
Warning: Undefined array key "sfsi_inhaIcon_order" in /home/eagle1522/public_html/theridgewoodblog.net/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 166
Warning: Undefined array key "sfsi_mastodonIcon_order" in /home/eagle1522/public_html/theridgewoodblog.net/wp-content/plugins/ultimate-social-media-icons/libs/controllers/sfsi_frontpopUp.php on line 177
