Security Bytes: Debt collector's arrest rattles banks, customers

Also, New York sues a firm for distributing spyware; smartphones risky but used for sensitive transactions. California may limit RFID technology's use.

This Content Component encountered an error

Debt collector charged with stealing 500,000 customer banking records New Jersey residents are still reeling from the arrest of a freelance debt collector who allegedly stole information from more than a half million customer accounts with the help of seven employees at various bank branches. Orazio "Ozzy" Lembo, 35, of Hackensack, N.J., reportedly paid his conspirators $10 per customer record, then sold the stolen data to collections...

agencies and collections-oriented law firms for $70 to $100 each. The Newark Star-Ledger said Lembo earned between $2 million and $4 million, while the bank employees in Bergen, Passaic and Essex counties took in tens of thousands of dollars.

In addition, Lembo was charged with secretly working with a New Jersey Department of Labor official to obtain job and salary information on residents. That employee, Orlando Rivera of New Milford, N.J., has been suspended without pay after being charged with misconduct, conspiracy and disclosing data.

Police believe the scheme dates back four years and involved customers at Commerce Bank, Bank of America, Wachovia Bank and PNC Bank. Lembo was charged with racketeering, disclosing data from a database, forgery, theft and several drug counts. An unnamed source told the New Jersey newspaper Lembo's crimes may have been fueled by a $3,000-a-day cocaine habit and frequent use of prostitutes. The seven employees were immediately fired. Authorities also are investigating why the collections agencies and law firms didn't question how Lembo was able to obtain so much information so quickly.

NY's Spitzer sues Internet marketing firm for use of spyware and adware
Eliot Spitzer, New York's attorney general, filed a civil suit against IntermixMedia Inc. last week, accusing the Internet marketing firm of delivering unwanted ads and adding unnecessary toolbars to Web browsers. The announcement followed a six-month investigation, which concluded that the Los Angeles-based company and its agents downloaded more than 3.7 million programs to New York residents' machines and "tens of millions more to users across the nation." Research firm Meta Group, now part of Gartner Inc., estimates that cleaning infected clients can represent 20% or more of IT help desk efforts.

The spyware and adware makes its way onto users' computers when they download free software such as screensavers or games, according to SearchWindowsSecurity.com. Once on the system, the software cannot be removed through the "add/remove" function, does not have an "uninstall" option and actually reinstalls itself if deleted, the attorney general's office said. In other cases, a toolbar is added to users' Web browsers. Spitzer said his suit seeks a court order enjoining Intermix from secretly installing spyware, an account of all revenues made on these products and an undisclosed payment of penalties.

Christopher Lipp, senior vice president and general counsel for Intermix, said in a statement that the company does not promote or condone the use of spyware and does not use its redirect applications to collect personal information. The company stopped distributing the applications on April 15, Lipp said.

Firefox Web browser now 50 million users strong
On Friday, the Mozilla Foundation's Firefox Web browser passed the 50 millionth download since its official release in November. The foundation is planning to honor the milestone by giving away 50 limited-edition coins to people who helped spread the word about Firefox. It's also considering awarding a prize to the person behind the 50 millionth download, according to CNET News.com. Many believe the growing number of security holes in Microsoft's Internet Explorer, long the king of browsers, is behind Firefox's soaring popularity. Microsoft has responded by releasing the security-enhanced IE 7.0 this summer -- ahead of its next operating system, Longhorn. Firefox, built upon the Netscape browser, also has had to patch serious security flaws in the past several months, but its proponents continue to sing its security virtues.

Californians considering banning RFID in state ID documents
California is again hoping to set a precedent with a bill banning RFID technology in state ID documents, such as student ID cards, state employee badges and driver's licenses. Created in the wake of a small-town school scandal, the Identity Information Protection Act would be among the nation's first to outlaw embedded radio frequency identification tags in ID cards or badges, according to Wired News. SB 682 also would prohibit skimming to discourage unauthorized users with RFID readers to swipe chips' information. The bill was introduced in February shortly after a Sutter, Calif., elementary school started requiring students to wear photo IDs embedded with an RFID chip. Upset parents forced the school to pull the project.

California was the first in the country to require state victims of database breaches to be notified when certain unencrypted personal data put them at risk of ID theft. That law is credited with bringing to light the rash of data thefts at companies like ChoicePoint and Lexis-Nexis, which both sell private consumer information to clients. In light of those cases and other widely publicized security lapses, Congress and state governments are working to provide blanket notification coverage to any consumer impacted by security breaches.

Survey: Smartphones risky but used for sensitive transactions
Despite awareness that Bluetooth-enabled devices are susceptible to viruses and attackers, more than one-third of smartphone users utilize its wireless networking capabilities. And 41% of 300 respondents to a Symantec Corp. survey released last week admit to online banking via their smartphones. According to a report by CNET News.com, 55% stored sensitive personal information, 37% stored confidential business data and 28% kept clients' details in their devices. Nearly three-quarters of respondents were aware of malicious code and other attacks targeting smart phones and did express some concern that their data was at risk.

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close