Tips, News and Advice from Credit Card Assist

Hackers Expose Credit Card Data from Chase and BofA Yet Again

by on September 8, 2011

Hackers Expose Credit Card Data from Chase and BofA Yet Again

2011 has been a banner year for consumer data breaches.

Here is a list of some of the biggest breaches so far this year:

    • February: Nasdaq confidential data sharing compromised
    • March: Security firm RSA loses SecurID data in cyber attack
    • April: Epsilon email marketing provider loses data on customers of 50 retailers including: Best Buy, Capital One, Chase, Citi, Home Shopping Network, JP Morgan, Target, US Bank, Target, and Verizon

  • April: Office of Texas Comptroller inadvertently discloses 3.5 million Social Security numbers
  • April: Sony is victim to perhaps the greatest data breach ever, affecting 77  million users of  Playstation and Qriocity services.
  • May: Citigroup reports that hackers obtain info on more than 360,000 credit card accounts
  • June: Hackers penetrate Citi’s network security and obtain personal information on 200,000 clients
  • June: Programming flaw allows Dropbox’s 25 million user accounts to be accessible without a password

And when she refused to go along with their hacking shenanigans, the other programmers rudely relegated Betty to ‘Old Round Screen.’

In August, a major security flaw was exposed in Bank of America and Chase’s phone systems that could make your personal information easily available to someone who knows your phone number and the last four digits of your Chase or BofA credit card number.

Here’s how it works: When you call up the automated credit card account information system, the system computer compares your phone number to the number that shows up on caller ID. This is usually your home phone. If they match, the system only requires the last four digits of your credit card number to access the account. The last four digits of your account generally show up on any sales receipts on which you’ve used your card.

So maybe you’re thinking, “Then if they don’t call from my house I’m OK.” However, something called caller ID spoofing can make it look like a person is calling from anywhere, and the technology for this is cheap and easy to get. It’s how British tabloid reporters were able to get into so many voicemail systems.

That snazzy new phone won’t seem so impressive once your 8th grade students learn to hack your voicemail.

Capital One, American Express, and Citigroup all require the entire credit card number to be entered every time you call the credit card account information system, regardless of where the call was originated. Right now, about the only thing you can do if you’re a Chase or BofA customer is let the company know that you want them to change their system to close this security loophole.

If you use your mobile phone as your home phone, be aware that AT&T, T-Mobile, and sprint don’t require customers to use a password on voice mail boxes. If you don’t set one up, someone using caller ID spoofing could disguise their phone as yours and get access to your messages, because these systems grant access to callers who appear to be calling from their own number.

The high number of data breaches in recent months gives you one more reason to shred credit card receipts and to regularly monitor your credit card and bank statements and contact the issuer or bank as soon as you notice anything amiss.

Image Credits:
Be Sociable, Share!
This content is not provided or commissioned by the company whose products are featured on this site. Any opinions, analyses, reviews or evaluations provided here are those of the author's alone, and have not been reviewed, approved or otherwise endorsed by the Advertiser. This site may be compensated through the Advertiser's affiliate programs.

Leave a Comment

Previous post:

Next post: