New England supermarket chain Hannaford Bros. left the gates open to
nearly 4.2 million credit and debit card numbers, which has already
led to approximately 1,800 documented cases of fraud. Another deeply
disturbing tale of a computer security breach and theft of personal
information and fraud.

This lapse in security lasted from December through early this month,
and cut across more than 270 Hannaford-owned and -managed stores
throughout Maine, New Hampshire, New York, Vermont, Massachusetts
and Florida.

In a prepared statement, Hannaford chief executive Ronald C. Hodge
said the data was "illegally accessed from our computer systems
during transmission of card authorization." The purloined data was
only credit and debit card numbers, without the associated names
or addresses.

Immediately prior to Hannaford disclosing the data breach, the
Massachusetts Bankers Association released a statement claiming
that a major retailer had suffered a breach, and MasterCard and
Visa issued a warning to nearly 70 banks in Massachusetts.
Hannaford is now urging all of its customers to keep a close eye
on their card statements and report any suspicious activity.

Annoyed With Junk Mail?
You can take action to reduce the amount of junk mail you receive. The Direct Marketing Association can remove you name from a large percentage of mailing lists where your name is included.

Send your request to:

Mail Preference Service
Direct Marketing Association
PO Box 9008
Farmington, NY 11735-9008

Be sure to include your full name, including any variations such as Jane Smith, Mrs. Jane Smith, Mrs. John Smith, J. Smith, etc. The service is updated quarterly, so it may take a few months before you begin to see results.

The Oregon Consumer Identity Theft Protection Act - passed by the 2007 legislature - means consumers will have more tools to protect themselves against identity theft, and Oregon businesses and government will have clear direction and expectations to ensure the safety of the personal identifying information they maintain. Personal information includes a consumer's name in combination with a Social Security number, Oregon drivers license number or Oregon identification card, financial, credit or debit card number along with a security or access code or password that would allow someone access to a consumer's financial account.

I heard this web site advertised on TV last night. It's a must visit for those who want to learn about the various scams that center around bogus payment instruments.

http://www.fakechecks.org

Slashdot is reporting that eBay was hacked today and the personally identifiable information of 1200 eBay users was posted on one of the eBay forums (message boards). eBay is putting a spin on the story that makes absolutely no sense to me.

Follow these links for more information:

http://it.slashdot.org/article.pl?sid=07/09/26/144210&from=rss

http://www.ebaychatter.com/the_chatter/2007/09/trust-safety-fo.html

http://www.informationweek.com/security/showArticle.jhtml?articleID=201807006

An attorney launching a class-action lawsuit against TD Ameritrade Holding
alleges the online brokerage knew a hacker had access to a customer
database as far back as a year ago.

Want to read a postmortem of the TJ Max dataloss? It is quite sad to see the lazy and lax IT policies those guys chose to partake in. All those people that got e-screwed just because some schlock IT manager isn't taking proper steps to secure terminals that are publicly accessible. If you work in IT as I do, you will be disgusted as I am.

http://www.informationweek.com/shared/printableArticle.jhtml?articleID=201400171

This is a GREAT article that actually shows you examples of what the emails being sent by these losers look like

http://netforbeginners.about.com/od/scamsandidentitytheft/ig/Phishing-Scams-and-Email-Cons/index.htm

It now looks like the number of victims is closer to 1 million. The ass wipe spin doctors are laying down that same old raft of BS that Providence did.

Tell me if this doesn't sound familiar.

"Gov. Ted Strickland again said there has been no indication that data on the device has been accessed and used. But his information technology director said this morning that the independent consultant the state hired to assist it was able to independently decipher the data from the device’s twin still in the state’s possession.

"He’s actually in line with our conclusions that it would be very difficult for someone without special knowledge and understanding to actually access that piece of information," said Director Steve Edmundson. "He’s very skilled in this area, so you would expect him to be able to gain access to this information."

What a bunch of LIARS. Highly skilled and specialized knowledge my ass. A database is no big deal to open. Find out what kind of database it is (MySQL, Oracle, Sybase..etc), install the database server software on a Windows server or a Linux box and voila...access

Whoo-wee. Some knucklehead intern with the State of Ohio allows 800K SS numbers (roughly 8% of the states population) to be stolen.

http://tech.blorge.com/Structure:%20/2007/07/26/800000-stolen-social-security-numbers-a-22-year-old-scapegoat/

This story reads SO MUCH like the Providence Home Services data loss that it isn't funny