Identity Theft and Phishing Schemes
Credit Monitoring Can Be an Important Part of the FHA Loan Process
Now more than ever, it is crucial to pay close attention to your credit reports due to elevated security breaches, hacks, and security compromises. No major corporation is immune to these attacks-including the credit reporting agencies themselves.
Smartphone company OnePlus suspended its’ support for mobile payments in 2018 after learning that unauthorized charges were showing up on its customers’ credit card statements. The hack is thought to be the work of a “malicious actor” who, according to one web security report, attacked a payment platform used by OnePlus customers rather than an attack on the company’s website or servers itself.
As many as 40 thousand accounts were affected between November 2017 and January 2018. The company claims the compromise only affected a small number of its’ customers, and like many companies affected by hacks and security breaches, OnePlus offered free credit monitoring to its’ users.
More than 140 million were affected by the 2017 Equifax data breach that included Social Security numbers, birth dates, addresses, and driver's license information. Some reports add that credit card data for more than 200 thousand consumers were exposed or stolen. Equifax is one of the “big three” credit reporting agencies tracking and rating the financial activity of American shoppers.
This 2017 hack of a marketing firm included the compromise of a database with information on or from 123 million individuals or households. The source of that database is thought to be from another “Big Three” credit reporting agency, Experian. The database included hundreds of “data points” on each individual or household in the database including home addresses, telephone numbers, shopping preferences, even the ages of the children in the home.
Cloudflare is an internet infrastructure company that experienced “random leaks” of customer data. One published report states Cloudflare has approximately six million customer websites including big names such as Fitbit and dating sites such as OKCupid. The leaks or compromises themselves were thought to be limited, but the nature of the data in those leaks were potentially quite sensitive. To complicate things, some of the leaked data may have been archived by search engines making it readily accessible via Google or Bing.
Credit cards, phone numbers, and Social Security Numbers aren’t the only types of personal data that can get hacked, compromised, or leaked. The company known as Deep Root Analytics hosted a misconfigured database on an Amazon server leaving “more than a terabyte of voter information” wide open to public view or possible copying. While it’s true that leaving a security vulnerability isn’t technically a hack, the data breach is troubling; the exposed data included the personal information for 198 million US voters going back many years. Any “black hat hacker” discovering this information would likely find some use for it, or know someone who does.
Dyn is a company that provides web services for enterprise-level companies including Twitter, Spotify, Github, etc. The 2016 botnet attack focused on Dyn's Domain Name System (DNS) management services infrastructure on the East Coast. A denial of service attack causes outages of service or availability of web resources; it can make websites slow or totally unresponsive.
A million and a half Verizon customers were affected by a security breach in the business-to-business division of the Fortune 500 company. According to Verizon, a security vulnerability allowed 1.5 million accounts to be compromised, but Verizon claims only “basic contact information” was accessed, rather than proprietary Verizon network data. This hack resulted in the compromised data being offered for sale in a variety of formats, leading some cybersecurity experts to speculate that a specific database platform was targeted for the attack.
Some reporters working this news item in 2016 pointed out that Verizon is usually the company telling others how and why they were hacked; a report published by KrebsOnSecurity.com noted that in past years, “Verizon Enterprise found that organized crime groups were the most frequently seen threat actor for Web application attacks of the sort likely exploited in this instance. ‘Virtually every attack in this data set (98 percent) was opportunistic in nature, all aimed at easy marks,’ the company explained.”
63,000 University of Central Florida (UCF) accounts were compromised in 2016 resulting in Privacy Act data being exposed. Alumni, current students, campus faculty, and staff all had personal data accessed including Social Security Numbers, but the university claims no credit card data was stolen. UCF offered the affected students, employees, and faculty a year of free credit monitoring and identity protection services. One of the more ironic aspects of this particular hacking incident is the fact that in 2015, UCF Cyber Defense Team won top honors at the Collegiate Cybersecurity Championship Cup. The UCF official site describes the team as having “the goal of fostering an information security-aware generation in Central Florida.”
The Federal Deposit Insurance Corporation, the company that insures deposits in banks to protect and maintain good faith in the U.S. banking system, reported a data compromise in 2016 resulting what the FDIC labeled an “inadvertent” data breach affecting 44,000 FDIC customers. According to the agency, the data was downloaded to a portable device that was taken inadvertently; this “hack” shows that accidents, negligence, and even things as benign as personnel changes can leave sensitive data exposed.
This incident is not considered to be malicious hacking, nor is there any indication that this particular mishandling of data resulted in any financial losses. An internal investigation reinforced this belief, FDIC Chairman Martin J. Gruenberg said in a memo that, “The FDIC’s investigation does not indicate that any sensitive information has been disseminated or compromised”.
The Year Old Hacks Came Back to Haunt Us
The full extent of these hacks was either not known, or not revealed at the time of the original announcements, and it’s only in later years that data has become available as to the true nature of these hacks.
A 2012 LinkedIn breach, reported at the time to have affected as many as six million people, actually affected 117 million LinkedIn users. That may be the entire LinkedIn community according to some published reports.
In another older incident, hackers compromised the databases of Myspace, and now it is revealed that the hackers got away with more than 400 million passwords.
An older Tumblr hack, it was revealed in 2016, resulted in compromised accounts for 65 million users. In 2012, Dropbox was compromised, but it wasn’t until 2016 that the extent of the damage-to the tune of 68 million user accounts with potential security compromises-was fully revealed.
Ride-sharing company Uber experienced a hack exposing 57 million driver and rider accounts; Uber was reported to have kept the data breach secret for more than a year after paying a $100,000 ransom to the hackers themselves. That means that customer and driver data was exploitable for a full year before any problem was reported to the public.
A hack compromised approximately 30 million customer accounts on the dating website Ashley Madison. It was claimed at the time that no full credit card numbers were breached though it was reported that email addresses, names, and telephone numbers were compromised. The Ashley Madison hack was significant for multiple reasons, but privacy issues in this case were front-and-center; Ashley Madison is considered a resource for those seeking affairs or “extramarital” encounters; this hack was unique in that the sensitive nature of the data breach went far beyond the financial/legal implications of the hack.
A hacker attack on the healthcare company Anthem which actually began in 2014 came to the attention of Anthem officials in early 2015, but by the time anyone noticed, 80 million patient and employee records had been compromised. The data breach resulted in the release of names, dates of birth, Social Security numbers, email, employment information, and more. This hack may have cost Anthem $100 million.
The web giant experienced not one, but TWO hacks in the span of nearly two years that resulted in major compromises in customer account data. The later hack affected 500 million accounts in 2014, but Yahoo disclosed sometime after THAT attack that a 2013 hack compromised an astonishing one billion user accounts including names, passwords, security questions, and telephone numbers.
The online auction giant was attacked and compromised resulting in 145 million customer accounts being affected. Names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth were all stolen; eBay claims no credit card or financial data was taken.It’s impossible to know the true extent of the intrusion; sometimes the only way authorities discover the full extent of the damage is to catch black market sellers trying to profit by selling the data on the "dark web."
Home Depot account information was stolen from a vendor doing business with the home improvement giant back in 2014, resulting in 56 million credit card accounts and 53 million email addresses falling into unauthorized hands. This hack cost home Depot approximately $80 million.
40 million credit and debit card accounts were compromised thanks to this hack, costing Target more than $250 million. This hack is different than some of the others mentioned here as the attack affected shoppers from a specific range of dates (November 27-December 15, 2013). Initial reports saw the company staying quiet about the source of the hacks, but security experts believe this particular incident was aimed at the company’s point-of-sale systems, making customers who did not pay cash in the store open to potential data theft.
1.5 million card accounts were affected by intrusions of Global Payments servers, costing the company above $90 million. Credit and debit card information were exposed in the hack.
2011 saw 360,000 credit card holders potentially affected by a “known technical vulnerability” in Citibank’s online banking service. The company was targeted by the Connecticut State Attorney General for this issue; Citibank settled with a payment of $55,000.
This company’s services include being the official health insurance provider for members of the United States Military and their families. In 2011, approximately 5 million Tricare beneficiaries were potentially affected by the theft of physical computer backups which contained unencrypted personal data on military members. The cost of this hack is estimated at $130 million.
In 2009, 130 million credit cards were potentially affected by a network compromise costing the company approximately $2.8 billion. Heartland is a credit card processing company, so the full implications of such a breach beyond the data reported here are unknown; like so many of the other significant hacks listed here, it’s best to assume you were affected by this hack if you have transactions or other dealings processed by or directly with the company.
Identity Thefts Role in the FHA Loan Process is available in the following areas/cities
Browse for additional mortgage experience in other cities with products and services provided by übermortgage.