So, our headline may be a bit misleading. It turns out that Acholonu was able to gain access to a massive amount of mail when he worked for a private contractor to the U.S. Postal Service. He was actually seen leaving work holding piles of credit card offers from the mail. He did not actually do any dumpster diving. But, he did get busted when investigators searched the trash bin outside of his apartment building and found the incriminating evidence.

It is ironic. We really do think…

A U.S. District Judge has ruled to dismiss the majority of claims included in a multi-institution suit against Heartland Payment Systems, which in 2008 was hacked, ultimately compromising 130 million U.S. debit and credit cards.

The Heartland breach, announced in January 2009, was the first card processor breach to attract international attention. A multiparty complaint against Heartland ultimately resulted, after the Judicial Panel on Multidistrict Litigation consolidated individual suits filed by consumers and U.S. banking institutions seeking financial compensation for losses suffered as a result of systems breach.

But earlier this month, after more than two years of litigation, District Judge Lee Rosenthal dismissed the majority of those claims, saying the plaintiffs failed “to state a claim upon which relief can be granted.”

One exception, however, was noted in Rosenthal’s ruling. A violation of the Florida Deceptive and Unfair Trade Practices Act claimed in one of the banking institution suits may be amended. Rosenthal found that the banks’ and credit unions’ claim could be heard if amended to include more than one state’s law and inclusion of more specific details about alleged contractual violations.

Read the full BankInforSecurity.com article here.

Twenty-three shoppers at the Lucky Supermarket chain were not so lucky when these types of skimming devices stole their identities.  When the store did “routine maintenance” at 19 of their locations, suspicious devices were attached to the self-service scanners.

One thing is for sure.  We will be exercising patience by waiting it out in the traditional check-out line.  As they say, patience is a virtue.

10 Tips to Avoid Cyber Monday Scams
It seems that the holiday shopping season comes earlier and earlier each year. Luckily, in the digital age, you can ditch the long lines of Black Friday and join the Cyber Monday crew by doing all your shopping online. However, even though shopping online is quick and convenient, there are risks involved. According to Forrester Research, online shopping this holiday season is expected to generate almost $59.5 billion. And 90% of consumers will shop online, according to PriceGrabber’s winter holiday shopping survey. This increased traffic turns the virtual marketplace into a winter wonderland for hackers, who are gearing up to swipe credit cards and personal information to commit fraud and identify theft. Check out more from Mashable here.

Senators Try to Block ID Theft of the Deceased
ID thieves would have a harder time trying to profit off the deaths of children and others under a House bill introduced last week to limit access to Social Security numbers available online. When Rep. Sam Johnson (R-Texas) unveiled the “Keeping IDs Safe Act of 2011,” he criticized Social Security’s publicly released Death Master File, which has been used for at least a decade by thieves to access Social Security numbers, file bogus tax returns to the Internal Revenue Service and collect refunds. Johnson’s “KIDS Act” would effectively end public access to the death file, which now can be searched for a small fee or even for free on genealogy and other online sites. The files contain the Social Security numbers and other personal information that can easily be used by identity thieves. Read more from the Chicago Sun Times here.

AT&T Hackers Have Terrorist Connections, Say Philippines Police
The U.S. Federal Bureau of Investigation and police in the Philippines have jointly busted a ring of four alleged hackers in Manila with connections to a terrorist group in Saudi Arabia, the Criminal Investigation and Detection Group of the Philippines police said last week. FBI agents, who have been investigating hacking of telecommunication companies in the U.S. and in the country since 1999, have uncovered a “paper trail” of various bank transactions allegedly linking the local hackers to the cell in Saudi Arabia, whose activities include financing terrorist activities, CIDG said in a statement. Check out the full PC World article here.

Scammers Steal IRS Refunds with Ease
Almost one year ago, in broad daylight, North Miami postal carrier Bruce Parton was killed for his key — a master key, authorities say, that unlocked personal financial information to residents of a North Miami-Dade condo building. The two men charged with the 60-year-old’s murder used his so-called Arrow Key to steal the information from dozens of residents’ mailboxes. Like magic, the pair converted the identities of others into an electronic stream of cash, by filing fabricated income tax returns in the victims’ names over the Internet, according to court documents.Their unwitting accomplice turned out to be the Internal Revenue Service. The IRS, without verifying their false income claims, loaded the refunds onto debit cards the men allegedly used in others’ names at Winn-Dixie supermarkets, 7-Eleven convenience stores and Chase Bank, records show. Read the full Miami Herald story here.

Whose Fault Is Identity Theft?
In many situations, we have little control over how our personal information is used, and who can gain access to that information. Our identifying information is stored in dozens of databases with government agencies, doctors’ offices, creditors, banks, lenders, schools and more. Providing personal information like a Social Security number is a precondition of obtaining any number of services. So, even though we feel like we shouldn’t be giving this information out, we often have no choice. As a result, we’re vulnerable to identity theft from numerous access points that we have no ability to protect. You can be extremely careful with your data in your everyday life, with a locked mailbox, shredder and secure home network, and still become a victim. Here are some of the people who may be at fault if your identity has been stolen, despite your best efforts. Read the full SFgate story here.

The High Price of Data Breaches
As consumers, we transmit valuable personal information to the companies with which we do business. In doing so, we trust that information will remain secure. Over the past year, however, we have learned of a number of instances in which vast quantities of personal data have been compromised. Last spring, for instance, breaches at Sony Corp. affected more than 100 million customers, putting their credit card numbers, email addresses and passwords at risk. Another recent breach exposed email addresses of customers of companies such as Best Buy, Citibank, Disney, JPMorgan Chase, the Home Shopping Network, Hilton, Marriott and the College Board. Read more of James Cole’s, the U.S. deputy attorney general, Op-Ed here.

‘Anonymous’ Hackers Target Pepper-Spraying UC Davis Police Officer
The Internet hacking group Anonymous has launched its latest attack on the UC Davis police officer accused of pepper-spraying student by posting a video online that lists his personal contact information. In a 10-minute video attributed to the group, a computer-altered voice publicizes the home address, home telephone and cellphone numbers and email address belonging to Lt. John Pike. A call to the listed cellphone number was answered by a voicemail announcement naming Pike as its owner, but said no space was available to leave a message. Check out the full LA Times story here.

Crystal Thorne, a coordinator at the Jewish Community Services of South Florida, offered to sell the allegedly stolen Holocaust victims’ IDs to a confidential police informant.  Thorne’s job gave her access to the personal information of clients –names, addresses, dates of birth and Social Security numbers — who regularly seek help from the Holocaust Survivors Assistance Program.

Kudos to law enforcement for arresting Thorne on identity theft charges.  And, while this may seem like a small case, it reinforces that the criminals will continue to sink lower and lower.  We will be covering this case in the coming months. Stay tuned for more …

NY ID-Theft Ring Recruited Waiters to Steal Info
An ambitious and organized identity-theft ring recruited waiters at steakhouses and other high-end restaurants to steal diners’ credit-card information, then used it for luxury shopping sprees, authorities said last week. Some 27 people have been indicted on racketeering and other charges. Arraignments were ongoing Friday. The group had waiters use so-called “skimming” devices to copy at least 50 restaurant-goers’ credit-card data surreptitiously while running their tabs at such powerhouse eateries as Smith & Wollensky and Wolfgang’s Steakhouse, Manhattan District Attorney Cyrus R. Vance Jr. said. His office, the New York Police Department and the U.S. Secret Service built the case. Read the full AP story here.

‘Modern Warfare 3′ Takes on the Hackers
Modern Warfare 3 is not a cyber-warfare game, but the “modern” in the title might be out of date already. The real threat of modern warfare is the very real possibility of cyber warfare. It turns out the real war taking place behind the scenes for MW3 is very much a high-tech war between the game’s developers and hackers who are exploiting loopholes in the game to cheat: As the saying goes, cheaters never win. While it doesn’t always prove true, a huge number of cheaters definitely won’t make it to the end of Call of Duty: Modern Warfare 3. Infinity Ward has banned more than 1,600 players from MW3 for cheating using glitches uncovered in the new game. The number of banned MW3 players is expected to rise as more people exploit these illegal loopholes. Check out the full Forbes story here.

Healthcare Breach Exposes Nearly 4 Million Patients’ Data
A desktop computer stolen from healthcare organization Sutter Medical Foundation has potentially exposed the personal information of nearly 4 million patients. The password-protected but unencrypted machine contained a patient database. Ironically, the Sacramento, Calif.-based healthcare organization had been implementing encryption across the organization at the time of the theft. Unfortunately, the machine that was stolen was not yet encrypted. Read the full InformationWeek story here.

Why SMBs Are Attractive to Hackers
A Symantec global survey of nearly 2,000 SMBs showed that 50% did not consider themselves an attack target. However, looking at today’s threat landscape, this is clearly a misconception. If a site is online, regardless of its popularity, it will be targeted, according to Imperva. Hackers are going after low hanging fruits. These are the companies who are less security aware and do not have the proper defenses in place. According to the 2011 Verizon Data Breach Investigations Report, hackers are increasingly targeting smaller, softer, less reactive targets since these provide a lower-risk alternative to financial institutions. Read the full HelpNetSecurity post here.

Hackers Launch Sewer Jihad
Hackers are coordinating with radical Muslim terrorists in the United States to destroy the nation’s sewer systems. Hence, U.S. navy sailors will not be the only Americans to endure clogged toilets and suffer the unpleasant consequences. According to the Houston Chronicle, “a hacker identified only as ‘prof’ posted diagrams of the south Houston sewer system (located in U.S. Rep. Sheila Jackson Lee’s (D.-Tx.) Congressional District) online to show how easy it is to infiltrate the system.” On Saturday, South Houston Mayor Joe Soto disclosed that now harm was caused to the sewer system, and the control system called Supervisory Control and Data Acquisition, has been taken offline. Check out the full Dallas Blog post here.

Unemployed Romanian Hacker Accused of Breaking Into NASA
Romanian authorities have arrested a 26-year old hacker who is accused of breaking into multiple NASA servers and causing US$500,000 in damages to the U.S. space agency’s systems. Robert Butyka, 26, was arrested on Tuesday in Cluj, a city in Western Romania, following an investigation by the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT). According to local reports, the hacker used the online moniker of “Iceman.” He does not have a higher education or an occupation, a DIICOT spokeswoman said. Check out the full PC World story here.

Kindle Fire Has Already Been Hacked
If there’s one thing you can say about the Android developer and hacker community, it’s that it moves incredibly fast. Each time a new smartphone or tablet finds its way into the market, the modders and hackers get to work, trying to root the device. And now, just days two days after its release, the Amazon Kindle Fire has become the latest target. Gaining root-level access gives users the ability not only to install applications from additional sources, but also it allows for the removal of the standard software. Potentially that means that developers and tech-savvy enthusiasts could load their own ROMs onto the $200 Kindle Fire, opening the door to Honeycomb and, possibly, Ice Cream Sandwich. Check out the full CNET story here.

This is exactly what Mike Winder, the mayor of West Valley City, Utah did, as he wrote stories under the name of Richard Burwash.  Here’s the kicker though: the real Richard Burwash lives in Cape Coral, Florida and had this to say to the Washington Post:

“I have no idea what you’re talking about. . . . I haven’t written any stories,” says the real Richard Burwash after a quick explanation of the circumstances. After a bit more discussion, the real Richard Burwash quips, “I’m famous and I don’t even know it.”

What is even crazier about this story is that Mayor Winder is not at all remorseful for is actions.  He told the told the Deseret News: “There will be people who will be disappointed in me because of this, but there will also be people who respect me for putting my neck on the line to get good [news] coverage for our city.”

In the end, all that matters, we suppose, is good press.

Welcome to the Monday Morning News Kick Off post from the ITAC blog. Once again it is Monday and here we are with a whole myriad of identity theft, data breach and cyber crime news to share. From news of Facebook’s new Timeline being a boon for hackers to updates on data breach legislation and another notorious hacker being arrested, we have it all in one place for your reading pleasure. Happy Monday!

Facebook’s Timeline Will Be Boon for Hackers
Facebook’s new Timeline will make it even easier for criminals and others to mine the social network for personal information they can use to launch malicious attacks and steal passwords, a researcher said today. Timeline, which Facebook unveiled yesterday at a developer conference and plans to roll out to users in a few weeks, summarizes important past events in a one-page display. Read the full Computerworld post here.

Pentagon Extends Program to Defend Cyber Networks
As hackers and hostile nations launch increasingly sophisticated cyberattacks against U.S. defense contractors, the Pentagon is extending a pilot program to help protect its prime suppliers. That program could possibly serve as a model for other government agencies. It is being evaluated by the Department of Homeland Security, as part of a potential effort to extend similar protections to power plants, the electric grid and other critical infrastructure. Efforts to better harden the networks of defense contractors come as Pentagon analysts investigate a growing number of cases involving the mishandling or removal of classified data from military and corporate systems. Intrusions into defense networks are now close to 30 percent of the Pentagon’s Cyber Crime Center’s workload, according to senior defense officials. And they say it continues to increase. Read the full ABC News post here.

2 million in Massachusetts Victims of Data Breaches
The attorney general’s office says the personal information of about two million Massachusetts residents, or about one out of every three people who live in the state, has been compromised through electronic data breaches in the past 20 months. Attorney General Martha Coakley last week released a breakdown of notices it has received in response to a 2007 state law that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Read the full Boston Herald article here.

USA Today’s Twitter Account Falls Victim to Hackers
The same group that hacked NBC News’ Twitter account on September 9 and sent tweets about a bogus attack on Ground Zero apparently grabbed hold of USA Today’s Twitter feed yesterday and fired off a clutch of messages. The taunting tweets from someone claiming to be The Script Kiddies asked if Twitter had the courage to suspend the group again and encouraged Twitter users to vote for the next account to be hacked. “Fox News, Wal-mart, Unilevel, Pfizer, NBC and now USA Today. who’s next? Vote now!” read one of the tweets. As of this writing, it seemed USA Today had regained control of its feed. Read the full CNET post here.

Feds: Homeless Hacker ‘Commander X’ Arrested
Christopher Doyon, a 47-year-old homeless man, was one of two men arrested Thursday for carrying out cyber attacks on Santa Cruz County computers. The federal indictment alleges that Doyon used the screen name “Commander X” and he, along with Joshua John Covelli, carried out a distributed denial of service (DDoS) attack on Santa Cruz County computers last year as part of a protest against the county’s ban on outdoor sleeping. Both men are alleged to have ties to the hacking group Anonymous. Doyon’s attorney, Jay Leiderman, tells CBS News his client is homeless but would not confirm that Doyon was in fact the hacker known as Commander X. Read the full CBS News post here.

Panel Approves Data-Breach Bills Despite Partisan Rancor
The Senate Judiciary Committee approved three bills last Thursday aimed at setting national standards for security breaches involving personal data, but the party-line vote on the measures may complicate efforts to move them to the Senate floor. The three measures are similar in that each would require companies to take reasonable steps to secure personal information about consumers and to notify consumers when their personal data has been stolen as a result of a security breach. Read the full National Journal article here.

Medical Identity Theft a Growing Problem
Nearly four out of ten doctors and hospitals surveyed have caught a patient trying to use someone else’s identity in order to obtain healthcare services, according to a new survey from accounting firm PricewaterhouseCoopers (PwC). Patients seeking medical services under someone else’s name was the second most common privacy or security issue reported by healthcare providers, according to PwC’s nationwide survey of 600 executives from U.S. hospitals, doctors’ organizations, health insurance companies, pharmaceutical manufacturers, and life sciences companies. Medical identify theft is the fastest-growing form of identity theft, affecting 1.42 million Americans in 2010 and costing more than $28 billion, the report said. Read the full MedPage post here.

Traffic light cameras aimed at nabbing speeders will never win a popularity contest.   Who really likes receiving that letter in the mail stating that you were caught running a red light on Main Street?  Nobody.  Well, there’s a new scam that bad guys are using that will make you not like traffic light cameras even more.

Here’s how it works.  A bad guy will call you and tell you that you have an overdue red light camera fine.  Of course, the only way to avoid a significant late fee, a court case, or even jail time is to pay the bill right then and there over the phone.  You will ultimately be threatened with an arrest warrant if you don’t pony up the cash.

The criminals will even impersonate a police officer on the call.  So, keep in mind that the police WILL NOT call you about this.  So, if you receive a call like this, ask for their contact number, account number, job title, etc.  It may actually scare them off.   And be sure to (ironically) notify law enforcement about this.

And, the only way the police can follow up on late payment is via the mail.  Don’t take that call.