Magazine article American Banker

Security Watch

Magazine article American Banker

Security Watch

Article excerpt

Breaches

Fidelity Investments said Wednesday that a laptop computer with data on 196,000 Hewlett-Packard Co. retirement plan holders, including Social Security numbers and birth dates, was stolen last week.

The Boston mutual fund giant said that before the theft it had implemented extra authentication measures for access to the accounts in question, and that it usually does not have so much data on its laptops.

Fidelity is notifying the affected customers and is offering them free credit monitoring services, The Boston Globe reported Thursday.

Other retirement plan holders have fallen prey to data thieves recently. The Thrift Savings Plan, which serves federal employees, has been targeted by a phishing scam in which customers were led to a bogus Web site and prompted to provide their credit card and bank account numbers, The Washington Post reported Monday.

The Federal Retirement Thrift Investment Board, the government agency that administers the plan, shut down part of its Internet operations and stopped transactions on its site March 16. After the criminals turned off their bogus Web site a day later, officials restored full service on the TSP site.

Some people fell for the scheme, according to TSP officials, though they did not say how many. The plan, which has more than 3.5 million participants, uses the Internet to provide account information to participants and to process withdrawals, interfund transfers, and other transactions.

Hackers have infected hundreds of thousands of foreign computers with a particularly sophisticated Trojan horse program designed to steal sensitive consumer data, including bank account information.

The attacks, which have been going on for several weeks, appear to be targeting bank customers in the United Kingdom, Spain, and Germany, Computerworld reported Wednesday. The program generates e-mails prompting consumers to visit malicious Web sites that download the program on to the user's computer. The program then collects information and sends it back to the hackers.

Security experts say this program is particularly worrying, as it has a level of sophistication usually found only in professional information technology departments. For example, the attack instructions that are downloaded to a victim's computer can adapt to different operating systems.

In the United States, online auction sites like eBay Inc.'s are increasingly coming under attack by scammers who obtain sellers' account passwords through phishing, impersonate the sellers, and use their reliability profile to make bogus sales.

The feedback system, in which buyers post reviews of sellers, is crucial to building trust in online auction firms, but scammers are getting better and better at gaming the system, Newsweek reported this week.

However, auction sites are devoting more resources to fighting fraud. For example, eBay employs more than 1,000 "trust and safety" experts, who teach police officers how to spot fraudsters and build cases against them, the magazine reported.

Washington

The Internal Revenue Service's proposal to give tax preparers more leeway in selling personal information from customers' tax returns is getting heavy criticism from consumer groups and privacy advocates.

Tax preparers can already sell such information, with the taxpayer's written consent, but only to "affiliated groups," such as other units of the preparer's holding company. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.