How Will The Recession, The Mortgage Mess, and The Financial Crisis Affect Identity Theft?
The OTHER Rev. Dr. Martin Luther King and President-elect Obama

Checkfree Data Breach Exposes 5 Million Consumers' Data

Checkfree is now part of Fiserv The new year is not even a month old and we already have had the first major company data breach. And this breach is at a U.S. financial institution. On January 6, ComputerWorld reported:

"CheckFree Corp. and some of the banks that use its electronic bill payment service are notifying more than 5 million customers that criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine."

This data breach is important because:

"... in a notice filed with the New Hampshire Attorney General, CheckFree disclosed that it was warning many more customers than previously thought."

Basically, two groups of consumers were affected by the data breach:

"... 1.) those who we were able to identify who had attempted to pay bills from our client's bill pay sites and minus those who actually completed sessions on our site, and 2.) anyone enrolled in mycheckfree.com."

How bad was the hack and data breach? It was this bad:

"Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on the day of the attack were redirected to a Ukrainian Web server that used malicious software to try and install a password-stealing program on the victim's computer. The criminals were able to take control of several CheckFree Web domains after logging into the company's Internet domain registrar, Network Solutions, and changing the CheckFree DNS settings."

Because Checkfree lost control of its Web domains, the company doesn't know exactly how many consumers were affected. Checkfree believes that a smaller number of consumers (160,000) were likely affected with the malware, but because the company really doesn't know it is notifying 5 million consumers because that many could be affected.

Geez. So much for bullet-proof data security by a U.S. financial institution. If you don't know what banking services Checkfree performs:

"CheckFree processes bill payments for more than half of the banking institutions in the U.S... CheckFree has deals to provide electronic bill payment services to banks such as Wachovia and Bank of America. It is not clear whether or not these banks were affected by the attack."

My advice to consumers: if you receive notification or a free credit monitoring service offer from Checkfree, review it closely to see if it is better protection than you can get elsewhere. Also, check your online banking and financial account statements closely for fraud.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Check Free Web Security

Another breach may be underway. When you are logged into online banking, watch out for pages that create a new frame that are not quite formatted correctly and ask for your user name and password again. You can use the Contact Us link on cw411.checkfreeweb.com to tell us of any cases you see.

George

Consumers considering CheckFree Web may want to read consumer-written reviews at:
http://www.epinions.com/reviews/finc-Financial_Services-Online-Bills-CheckFree/pp_~1/sort_~date/sort_dir_~des/sec_~opinion_list#list

George
Editor
http://ivebeenmugged.typepad.com

The comments to this entry are closed.