dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1278
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

Data breach affects 73,000 TD Bank customers in Mass.

TD Bank has lost unencrypted backup tapes that include account information and Social Security numbers for more than 73,000 customers in Massachusetts, Attorney General Martha Coakley announced today, saying her office had been informed by the bank.

The bank is sending notices to more than 267,000 customers nationwide, telling them that they may be affected due to the loss of two data tapes in March, Coakley's office reported.

In a statement, Coakley said her office would review the circumstances of the breach of personal information and the steps TD Bank takes to address the problem. Bank officials, according to Coakley's office, have said they are unaware of any misuse of the information on the tapes but could not rule that out as a possibility. Potentially affected customers should take advantage of credit monitoring services offered by the bank and should not respond to unsolicited calls or emails asking for information about their credit cards, bank accounts or Social Security numbers.

»www.southcoasttoday.com/apps/pbc···-1/rss36
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

"Waiting seven months to speak up after a security failure, says Linda Conti with the Attorney General's Office, is a little unusual. The statute allows for "reasonable and prompt" investigation, and only allows for a lengthy delay if law enforcement is involved.

Conti says that the Secret Service is the organization that handles such data breach investigations, and so far, she is not aware of its involvement.
"
»www.mpbn.net/News/MaineNewsArchi···ult.aspx

Even more unusual is the spin from TD Bank

""What I really want folks to know and understand is that there is no evidence that the data on these tapes are being used in any inappropriate way. That there's no security breach," Acevedo says"

For sure TD Bank is not aware of the ID history of a quarter million of it's customers spread across the country over the past ~7 months but they would have a sense of any spike in abuse occurring within their system.
The problem with that is the security breach can have adverse affects on the victims without abusing the affected TD Bank accounts
In the harshest light it looks as if TD Bank doesn't consider it a security breach as long as it doesn't affect them.
In the kindest light it makes them look like Bozo's.
Any of the not-notified-in-a-timely-manner victims that suffered any ID abuse over the past ~7 months is going to be blaming TD Bank whether it's accurate or not.
They banked on finding the tapes but lost that bet.
Too bad they were betting with other people's stuff.

Reporting requirements need to be overhauled if this much leeway is allowable.


Win7

join:2012-10-13
L5x3t4
reply to Name Game

"Potentially affected customers should take advantage of credit monitoring services offered by the bank”

Credit monitoring services offered by the bank are not free; I do not understand how I can "take advantage"

Few months ago TD contacted me and tried to persuade me into buying a subscription for credit monitoring services, around 20$/month per person, so 40$/month per family.

I refused but I had a feeling that something is not right.


HarryH3

join:2005-02-21
kudos:2

2 recommendations

reply to Name Game

First, they need to get a new IT staff. UNencrypted backup tapes? In 2012? There's no excuse for that.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to Name Game

They are my bank and I feel safe But just as I said in other threads on banking problems..a lot gets unreported until the banks figure out what really happened and how to cover potential losses..some of it we never find out.

Even cash seems to be missing lately in mysterious ways.

»money.cnn.com/2012/10/12/news/ec···pt=hp_t3
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Snowy

Banks are in Denial.....

Natwest's Get Cash app pulled, but NOTHING to do with frauds

Yes there were frauds, yes it is pulled, but NO NO NO

Mobile app..oops !
»www.theregister.co.uk/2012/10/09···removed/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 recommendation

reply to Name Game

Click for full size
bits n pieces spells bad news
said by Name Game:


They are my bank and I feel safe

I would too if I banked with them.
It's not as if the data exists in a vacuum though.
*If* the data is being used maliciously it will be merged on the black market with other PII data that's been harvested either legally or illegally to create a more detailed profile of an individual.
The more detailed a profile, the more $ it will sell for on the black market.

For general information...
Some of the PII items available for sale on the ID black market are:
An SSN/DOB (record will sell for a buck)
A CC # with exp (will sell for 1-20 dollars depending on certain factors).
An email address w/password (.50cents)

Along with other records, when put into a composite of an individual the record becomes known as a "full" or more commonly a "fullz"
What is generally expected to be included in a high quality "fullz"?
*********
First Name and Middle Initial :
Last Name :
Address :
Address 2 :
Apartment/Suite # :
City :
State :
Country :
ZipCode : 3
Country : US
Phone :
Birth Date :
Mother's Maiden Name :
Social Security Number :
Credit Card Information :
*********
Payment type : Debit
Card Type : VISA
Credit Card Number :
Exp. Date :
Name On Card :
Cvv2 :
Account Information :
*********
Email Address :
Password :
Account Security Question :
Answer :
*****

This "fullz" data is the Holy Grail of the ID theft industry.
It's an example of how the total is greater than the parts.
Sellers want them to commad higher selling prices, buyers want them for higher value ID thefts.
As the image shows - $70 for a single "fullz"
It's a bargain to the buyer, in the right hands the data can be turned into a financial bonanza in a matter of hours.

Short story: Look beyond abuse @ a TD Bank account because the potential for that PII to be abused elsewhere is huge.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

Understand Thanks..knew you were hiding the good stuff. Hope those guys are not charging sales tax.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

said by Name Game:

Hope those guys are not charging sales tax.

Nope, price includes free electronic delivery & a money back guarantee too!
If the data proves to be 'bad' you can get shop credit at the high end stores.
Their modeled after legit online retailers.
Shopping carts, search functions, contact us info with fast replies, everything you'd expect from a high end retailer that caters to it's clientele.
Admission is often by reference only.
A known/trusted member needs to send a prospective member an invitation to join the top CC Stores.
The fly by night stores will have an open registration policy but that's a trade off for dependability.