Jan 102018

Many pet owners already know that a lot of medications used to treat humans are also used to treat other species. I guess we shouldn’t be surprised when veterinary personnel engage in wrongdoing to access medications. Ellen Eldridge reports on some recent insider wrongdoing cases that include one from a veterinary hospital:

Shelby Oryan Scoville of Woodstock was a veterinary technician employed with Hollyberry Animal Clinic in Roswell when she allegedly created fake prescriptions in the name of her dog.

…  Tiffany Martin, a 30-year-old employee of WellStar Neurosurgery, was allegedly involved in stealing prescriptions written for patients. Officials said she stole insurance information from the WellStar office and turned in to pharmacies prescriptions for Oxycodone, an opioid pain medication.

The person who filled those prescriptions was also arrested. Tiffany Martin also called in prescriptions for Xanax, a brand name anxiety medication.

Read more on AJC.

Jan 012018

When it comes to the medical sector, the concern with ID theft is usually the theft of services or the corruption of someone’s medical records in ways that might harm them at some point.

But what if the ID theft resulted in someone posing as a doctor and then treating you? Lynh Bui reports that a man posing as “Dr. Akoda,” an obstetrician-gynecologist at  Prince George’s Hospital Center, was actually Oluwafemi Charles Igberase, who used a fake Social Security number to obtain his medical license in Maryland.

This case is understandably terribly upsetting to the patients who were seen by or treated by the “doctor.” And there are a lot of them. And there’s a long history of ID theft here….. hospitals all need to look at how their credentials check may have failed to detect the fraud this man was perpetrating in a number of states and at a number of entities.

Read more on Washington Post.

Dec 292017

Jason’s Deli (www.jasonsdeli.com) is a family owned business known for high-quality food and catering services for over 40 years. It is headquartered in Texas and operates or franchises 266 restaurants in 28 states, with a reputation for award-winning quality and a strong relationship with our customers.

On Friday, Dec. 22, 2017, our company was notified by payment processors – the organizations that manage the electronic connections between Jason’s Deli locations and payment card issuers – that MasterCard security personnel had informed it that a large quantity of payment card information had appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations.

Jason’s Deli’s management immediately activated our response plan, including engagement of a leading threat response team, involvement of other forensic experts, and cooperation with law enforcement. Among the questions that investigators are working to determine is whether in fact a breach took place, and if so, to determine its scope, the method employed, and whether there is any continuing breach or vulnerability.

The investigation is in its early stages and, as is typical in such situations, we expect it will take some time to determine exactly what happened. Jason’s Deli will provide as much information as possible as the inquiry progresses, bearing in mind that security and law enforcement considerations may limit the amount of detail we can provide.

In the meantime, customers should monitor their payment card accounts carefully and report any suspicious activity to their card issuer. Customers or financial institutions with any questions should contact [email protected] or 409-838-1976.

Jason’s Deli recognizes that the security of credit and debit card transactions is of the utmost importance to our customers. We have, over the years, continually reviewed and periodically strengthened our security systems, as have other retailers, to meet the constant challenge of sophisticated criminal activity. We will continue that process, and will carefully consider whatever further changes may be appropriate after a thorough forensic review of this event and our payment security systems.

We appreciate the dedication of our employees and others who are working during their Christmas break to respond to this matter and protect our customers, and we thank them and their families for their sacrifice. Most importantly, we appreciate the trust our customers place in us, and we regret any inconvenience that some may experience, especially during the holidays. Thank you for your support and understanding.

Nice of them to thank the employees like that.

If this is confirmed as a breach of their system, this would not be the first time.  In September, 2010, this site reported on a malware incident involving them.

Dec 282017

Chris Hayes reports:

ST. LOUIS COUNTY, Mo. – You could be a victim and not even know it. Police believe there may be other victims of Autoway Car Sales on St. Charles Rock Road.

This morning, Pagedale police officers weaved through the car lot looking for connections between vehicles and other potential victims. Owner Anas Alshurafa, who sometimes went by “Sam,” is now in federal custody.

“We’re seizing all these vehicles off this lot,” said Interim Pagedale Police Chief Eddie Simmons.

Chief Simmons said they already know about more than 20 potential victims.

“Anybody who’s been here and filled out paperwork, you could be a victim and don’t even know it,” he said.

Read more on Fox2Now.  And then recall how many leaks you’ve seen this year with people’s PII.  While this dealership owner allegedly misused information provided to him by potential customers, the information on so many people is easily available for a small fee on the dark web. Or just look for a leaky bucket on Amazon, like the one from Rhodes Auto Sales (although those data may be somewhat outdated).

It’s just too easy.

Dec 272017

Phoebe Tollefson reports:

An H&R Block employee let a man who sold him pot “help himself” to filing cabinets containing customer information earlier this year in order to settle a debt, prosecutors allege.

James Maurice Palmer, 27, faces charges of forgery and identity theft, both felonies, stemming from the incident in April.

Read more on Billings Gazette.