Latest news with #identityTheft
Yahoo
12 hours ago
- Business
- Yahoo
Two Million People Affected by US Retail Data Breach
Ahold Delhaize data breach compromised 2.2M records, including sensitive personal, financial, and health information. Employees' data like SSNs, passport, and bank info were stolen - potential for identity theft. Customers not directly affected, but former employees should freeze credit reports and monitor for fraud. Not all data breaches come from the major apps and services you use every day. Some of them come from the places you least expect. If you used to work at any of Ahold Delhaize's brands, including Food Lion or Stop & Shop, you might want to run and get some freezes on your credit reports when you get a chance. Global food retail conglomerate Ahold Delhaize has officially confirmed that a ransomware attack last November compromised the sensitive data of more than 2.2 million people in the US. The breach exposed a vast trove of personal, financial, and health information belonging to current and former employees. According to the disclosure, attackers first gained access to the company's internal US business systems on November 6, 2024. The filing officially states that 2,242,521 individuals were impacted. The company is now in the process of notifying those affected. The stolen data varies by individual, but since there seem to be employee records mixed around here, it's a lotof data. Compromised files may include a combination of full names, contact details such as postal and email addresses, phone numbers, and dates of birth. But it doesn't stop there. For some people they might also have Social Security numbers, passport numbers, driver's license numbers, and bank account information. Enough info for someone to siphon money out of your bank account, open credit cards in your name, or commit identity theft. Yikes. Furthermore, protected health information was stolen, including details related to workers' compensation claims and other medical information contained within employment files. Ahold Delhaize specified that based on its investigation, it has "no indication that customer payment or pharmacy systems were compromised" and found "no customer credit card numbers contained in the affected files." So, average buyers and shoppers shouldn't be affected much by this. From the sound of it, though, if you used to work here, it's pretty bad. Ahold Delhaize runs brands such as Food Lion, Stop & Shop, Giant Food, and Hannaford, with varying nationwide presences. So it's no surprise to see that so many people are affected. If you think you might be affected and that your SSN might be in the hands of malicious actors, it's a good idea to put freezes on your credit reports from major bureaus such as TransUnion and Equifax, and monitor them for any suspicious activity. Check out this link to know more info about next steps to take in case of identity fraud. Source: Bleeping Computer
Yahoo
3 days ago
- Yahoo
ICE raid at Kings Mountain factory stemmed from identity theft investigation; workers taken into custody
KINGS MOUNTAIN, N.C. () — U.S. Immigration and Customs Enforcement (ICE) officials said a raid on a Kings Mountain factory Wednesday afternoon was part of an investigation into identity theft. That blitz involved ICE agents taking workers at Buckeye Fire Equipment into custody. 'There's a bunch of cops here. And I was like, 'What are you talking about?' And I looked down the hall; there was a mass there. They had masks on. They had their guns drawn. They were like, Hey, we need everybody [to] go in the front,' said Erick. Eric Pinon shot video, and he and his coworkers gathered in one spot at Buckeye Fire. In the video, men in large vests and badges are seen standing behind the workers. He was able to grab this video before any agents stepped in to stop him. 'I was trying to record, and he told me, 'No recording, put your phone up.' He grabbed my phone, and like, that's when he took the record off, and he turned off my phone. He was like, 'Everybody turn off your phones now. It's not. You'll be detained,' Pinon said. PREVIOUS | Pinon, a U.S. citizen, said once everyone's phones were turned off, what appeared to be immigration agents led them to a small room for at least an hour before individual interrogations outside. 'That's when they were checking all of us. They were asking questions like, 'Are you a U.S. citizen? Anybody in there? You a citizen or not? You a citizen?' Or if, like, anybody that's working without papers or under a different name,' he said. Pinon chose not to answer any questions. Agents handed out blue wristbands to indicate who had legal citizenship. Dulce Cruz-Hernandez's mom works at the factory, and she has questions of her own. 'I would ask them why and if, like the company called them, or just like how did they end up in this factory specifically?' Cruz-Hernandez said. ICE spokesperson Lindsay Williams said agents were executing a warrant for aggravated identity theft and other crimes, which include potentially employing people illegally. 'Allegations of identity theft and you should take seriously. Would you want your identities used for someone else to work or do whatever they're going to do with them? So it's a serious federal crime,' Williams said. 'There have been some folks detained where somewhere in the dozen or so range, but that number may increase as we continue.' From the air, tents could be seen that looked like a staging area, and people lined up outside of the massive complex on Kings Road. FBI, ATF, DEA, CBP, US Marshals, Gaston County Police, and Gaston County deputies were on the scene. 'It's really sad because I just don't know what's going on with my mother. I don't know if she's going to come back home today, never, ever. I really don't know. My mom's the only guardian I have really, because my dad's unfortunately not in the country either,' Cruz-Hernandez said. Williams said the investigation is ongoing. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
3 days ago
- Business
- Yahoo
‘Unsafe and risky': Singapore orders end to IC number use as authentication in private sector
SINGAPORE, June 26 – Singapore's Ministry of Digital Development and Information (MDDI) has reportedly urged private sector entities to stop using National Registration Identity Card (NRIC) numbers as authentication tools or passwords due to security risks. In a formal advisory issued today, the Personal Data Protection Commission (PDPC) and the Cyber Security Agency (CSA) advised organisations to cease using NRIC numbers to verify an individual's identity when granting access to personal services or information. 'While organisations may use NRIC numbers to identify who a person is over the phone or when using digital services, NRIC numbers should not be used to prove that a person is who he claims to be ... for the purposes of trying to gain access to services or information meant only for that person,' MDDI said as quoted by CNA. The ministry highlighted that some organisations still require individuals to use NRIC numbers, sometimes as passwords, to access personal documents such as insurance files. 'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or record,' the ministry said. MDDI called on organisations to stop using full or partial NRIC numbers for authentication, including setting them as default passwords or combining them with other easily obtainable data like birth dates. 'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, security token or fingerprint identification,' it added. The government is working with key sectors such as finance, healthcare, and telecommunications to develop tailored guidelines on identity authentication practices. This comes as Singapore's Minister for Digital Development and Information Josephine Teo said in January that firms using NRIC numbers as authentication or default passwords must end the practice swiftly. The policy shift came after public backlash in December 2024 over a new Bizfile portal launched by the Accounting and Corporate Regulatory Authority (ACRA), which had exposed names and full NRIC numbers through its search function.
Malay Mail
3 days ago
- Business
- Malay Mail
‘Unsafe and risky': Singapore orders end to IC number use as authentication in private sector
SINGAPORE, June 26 – Singapore's Ministry of Digital Development and Information (MDDI) has reportedly urged private sector entities to stop using National Registration Identity Card (NRIC) numbers as authentication tools or passwords due to security risks. In a formal advisory issued today, the Personal Data Protection Commission (PDPC) and the Cyber Security Agency (CSA) advised organisations to cease using NRIC numbers to verify an individual's identity when granting access to personal services or information. 'While organisations may use NRIC numbers to identify who a person is over the phone or when using digital services, NRIC numbers should not be used to prove that a person is who he claims to be ... for the purposes of trying to gain access to services or information meant only for that person,' MDDI said as quoted by CNA. The ministry highlighted that some organisations still require individuals to use NRIC numbers, sometimes as passwords, to access personal documents such as insurance files. 'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or record,' the ministry said. MDDI called on organisations to stop using full or partial NRIC numbers for authentication, including setting them as default passwords or combining them with other easily obtainable data like birth dates. 'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, security token or fingerprint identification,' it added. The government is working with key sectors such as finance, healthcare, and telecommunications to develop tailored guidelines on identity authentication practices. This comes as Singapore's Minister for Digital Development and Information Josephine Teo said in January that firms using NRIC numbers as authentication or default passwords must end the practice swiftly. The policy shift came after public backlash in December 2024 over a new Bizfile portal launched by the Accounting and Corporate Regulatory Authority (ACRA), which had exposed names and full NRIC numbers through its search function.
CBS News
7 days ago
- CBS News
Pennsylvania man indicted in Colorado on variety of nationwide fraud schemes
A Pennsylvania man was recently indicted on a dozen federal charges related to using more than 1,000 stolen or fake identities to file for unemployment benefits and COVID-19 relief funds in more than 30 states, including Colorado. He led an effort that hauled in $5.6 million. Adepoju Babatunde Salako, a 33-year-old resident of Elkins Park, Pennsylvania, a suburb of Philadelphia, was indicted by a federal grand jury in Denver in May. He appeared in Denver federal court June 13. He faces six counts of wire fraud, one count of conspiracy to commit wire fraud, one count of conspiracy to commit money laundering, and four counts of aggravated identity theft. Two of the four identity theft counts come from the stolen identities of Coloradans. Salako's alleged offenses began the same month (March 2020) the Coronavirus Aid, Relief, and Economic Security ("CARES") Act was signed by President Donald Trump and put in action, according to the grand jury indictment. Federal investigators claim Salako filed for expanded unemployment insurance benefits and applied for other funds provided by new Small Business Administration (SBA) programs - the Paycheck Protection Program ("PPP") and the Economic Injury Disaster Loan ("EIDL") - all enacted by the CARES Act. Salako worked with a resident of Nigerian to file and apply for the federal funds with stolen identities. They funneled much of the money to Salako's personal bank accounts or out of the country. The Nigerian resident, while known to the grand jury, was not named in the indictment. Salako, using names and addresses obtained through search websites like TruthFinder, submitted 15 fraudulent applications in two-and-a-half months for the unemployment insurance benefits. They used identities of Colorado, Maryland, Minnesota, New Hampshire, and New York residents. Salako's Nigerian counterpart turned in 54 applications in five months, per the indictment. Together, they asked for more than $700,000 in funds. They received just over $73,500. But the pair's work on the EIDL and PPP loans went deeper and proved much more fruitful, per the indictment. Working with a number of other unnamed people and using more than 1,000 stolen identities, Salako and the Nigerian co-conspirator filed fraudulent COVID-19 relief claims in 30 different states. They obtained $4,711,200 in EIDL funding alone. All the EIDL payments originated from an SBA finance center in Denver, and all the money went through Colorado bank accounts to other destinations. Additionally, the group hid money through romance scams. They allegedly used fake profiles on friendship or dating sites to lure victims into performing transfers of their ill-gotten funds. Salako deposed almost a half millions dollars in one such victim's bank account, then directed that person to make cash withdrawals, purchase money orders and send money via cashier's checks to Salako's personal cell phone business, according to the indictment. Salako forwarded much of that money to accounts in China, Nigeria and the United Arab Emirates. The case was (and still is being) investigated by the United States Postal Service Office of Inspector General, Internal Revenue Service Criminal Investigation, and Colorado Department of Labor and Employment. The Economic Crime Section of the United States Attorney's Office is prosecuting it.
