2011 has been a banner year for consumer data breaches.
Here is a list of some of the biggest breaches so far this year:
- February: Nasdaq confidential data sharing compromised
- March: Security firm RSA loses SecurID data in cyber attack
- April: Epsilon email marketing provider loses data on customers of 50 retailers including: Best Buy, Capital One, Chase, Citi, Home Shopping Network, JP Morgan, Target, US Bank, Target, and Verizon
- April: Office of Texas Comptroller inadvertently discloses 3.5 million Social Security numbers
- April: Sony is victim to perhaps the greatest data breach ever, affecting 77 million users of Playstation and Qriocity services.
- May: Citigroup reports that hackers obtain info on more than 360,000 credit card accounts
- June: Hackers penetrate Citi’s network security and obtain personal information on 200,000 clients
- June: Programming flaw allows Dropbox’s 25 million user accounts to be accessible without a password
In August, a major security flaw was exposed in Bank of America and Chase’s phone systems that could make your personal information easily available to someone who knows your phone number and the last four digits of your Chase or BofA credit card number.
Here’s how it works: When you call up the automated credit card account information system, the system computer compares your phone number to the number that shows up on caller ID. This is usually your home phone. If they match, the system only requires the last four digits of your credit card number to access the account. The last four digits of your account generally show up on any sales receipts on which you’ve used your card.
So maybe you’re thinking, “Then if they don’t call from my house I’m OK.” However, something called caller ID spoofing can make it look like a person is calling from anywhere, and the technology for this is cheap and easy to get. It’s how British tabloid reporters were able to get into so many voicemail systems.
Capital One, American Express, and Citigroup all require the entire credit card number to be entered every time you call the credit card account information system, regardless of where the call was originated. Right now, about the only thing you can do if you’re a Chase or BofA customer is let the company know that you want them to change their system to close this security loophole.
If you use your mobile phone as your home phone, be aware that AT&T, T-Mobile, and sprint don’t require customers to use a password on voice mail boxes. If you don’t set one up, someone using caller ID spoofing could disguise their phone as yours and get access to your messages, because these systems grant access to callers who appear to be calling from their own number.
The high number of data breaches in recent months gives you one more reason to shred credit card receipts and to regularly monitor your credit card and bank statements and contact the issuer or bank as soon as you notice anything amiss.