Thursday, 31 August 2017

Verizon Unable To Shake Off Lawsuits Over Yahoo Data Breach

There’s some bad legal news for Verizon, new owner of the internet services and content portions of Yahoo. A federal judge in San Jose denied Verizon’s motion to dismiss lawsuits from Yahoo users whose accounts were part of a series of breaches that affected an unprecedented number of users.

Yahoo had moved to dismiss the case, claiming that plaintiffs did not show that the data breach had harmed them in specific enough ways, and that the harm could not be directly linked to the breach of their Yahoo accounts. While the judge agreed to dismiss parts of the case, her order [PDF] says that Yahoo users’ lawsuits can go forward.

The named plaintiffs in the case were from different states and even different countries, and represented different ways that customers had been harmed due to the data breach. Yahoo users who had credit card and banking statements alleged that the account breaches led to credit card fraud.

Another named plaintiff notes that he continues to pay for commercial identity theft protection, and another was a victim of U.S. tax return identity theft.

“All plaintiffs have alleged a risk of future identity theft, in addition to loss of value of their personal identification information,” U.S. District Judge Lucy Koh noted in her order.

That is a real risk in modern life, and users will need to keep in mind that their information could be floating around for the rest of their lives, and even after they’ve died.

One of the plaintiffs’ lawyers noted in an interview with Reuters that the Yahoo account breach is “the biggest data breach in the history of the world.” It meant that Verizon got a significant discount when it purchased the remains of Yahoo, but now Verizon still must face litigation.


by Laura Northrup via Consumerist

Gambling Services Use Big Data To Target Recovering Gamblers, Low-Income Families

We’re becoming inured to seeing online ads that are targeted to our locations, our browsing histories, and maybe even our offline shopping behavior,, but is there a difference between advertising home theater systems to someone who has been searching for 80″ TVs and advertising online gambling services to people you’ve identified as having problems with gambling?

Narrowing it down

Gambling, like any other business, only works if you have customers. And, again like any other business, gambling outfits find customers through marketing.

But running ad campaigns can be expensive, with results that are scattershot at best. Facebook built its world-dominating business on hyper-targeted ads, after all, and by now basically every industry has turned to fine-tuned, highly-targeted advertising that tries to place itself in front of the most likely customers.

Why advertise to people who will never, ever be receptive to what you’re selling, the thought goes, when you can aim yourself directly at the most likely repeat customers?

That’s one thing when you’re, say, trying to sell shoes to people who bought your shoes before, or trying to sling something like cosmetics at a population like “women between 18 and 45 who live within 25 miles of New York City.”

But as the Guardian reports, it’s something else entirely when it means an industry like gambling can narrowly target a segment like recovering gamblers.

Data broker roulette

Just like every other industry, gambling outfits are using data brokers to learn what they want to know.

Information about potential customers comes from all corners and gets recombined in every possible way to narrow down the audience.

“Third-party data providers allowed us to target their email lists with precision,” a digital marketer told the Guardian. Low-income households in particular were susceptible to gambling houses’ advertising.

But advertisers can zero in on any demographic segment — “users who are on less than £25k a year [$32,000], own a credit card and have three kids,” as that same marketer told the paper — in order to increase the chances of a hit.

One of the segments gambling companies advertise to? People who have done it before but then stopped. Sure, some of those who no longer play may simply not have thought to — but some, as the Guardian notes, may well be recovering from a serious gambling problem and avoiding it on purpose.

The ads lapsed gamblers can receive are designed to hook them back in, the Guardian explains: sign up ads that get more enticing over time. One week, an ad might offer a £10 free bet, one industry source said, then up that to a £20 free bet in week two, £30 in week three, and ever onward. Those tacatics, a source told the Guardian, are “extremely effective.”

A global issue

While the Guardian specifically looked at advertising in the U.K. and British regulations, companies in the U.S. are almost certainly using similar tactics.

Related: Without internet privacy rules, how can I protect my data?

We are all basically walking dossiers of data points, at this stage; everything digital we interact with keeps a record, and most of those records are sold, traded, and repurposed in thousands of ways without our knowledge. Your “anonymous” data totally isn’t, and even when you don’t think you’re giving away any information, you still probably are.


by Kate Cox via Consumerist

Federal Disaster Loans Could Be Difficult To Obtain After Harvey

Around 80% of homeowners in areas devastated by flooding from Hurricane Harvey don’t have insurance policies that will cover much of the damage done to their properties. Federal disaster loans offer victims one pathway toward recovery, but obtaining that financing could be a difficult, drawn-out endeavor.

The full extent of damage from Harvey, which is still ravaging the Gulf Coast, has yet to be calculated, but there’s no doubt that affected homeowners in the region will face hefty bills just to make their houses inhabitable again.

Federal Disaster Loans

In an attempt to better handle these bills, the federal government has long provided eligible consumers with disaster relief loans.

These loans, issued by the Small Business Administration Office of Disaster Assistance, can be used to repair or replace the following items damaged or destroyed in a declared disaster: real estate, personal property, machinery and equipment, and inventory and business assets.

Read More: If You’re Getting Robocalls About Flood Insurance, They’re Scams

The loans have assisted those affected by previous disasters such as Hurricane Katrina and Superstorm Sandy.

Politico reports that in the case of Katrina, SBA issued more than $11 billion in loans, while Sandy saw another $2 billion in loans issues.

There are two types of loans available to homeowners in Texas:

• Homeowners may borrow up to $200,000 to repair/replace disaster damaged primary residence. The loans may not be used to upgrade homes or make additions, unless required by local building code.

• Homeowners may borrow up to $40,000 to repair/replace damaged personal property.

These loans will carry an interest rate of 4% if borrowers can not obtain credit elsewhere. For those who can obtain credit elsewhere, the interest rate on the SBA loan will not exceed 8%.

Read More: Insurance Won’t Cover Damage To 80% Of Homes Flooded By Hurricane Harvey

In some cases, SBA can refinance all or part of a previous mortgage when the applicant does not have credit available elsewhere and has suffered substantial disaster damage not covered by insurance.

Consumers who make improvements that help prevent the risk of future property damage caused by a similar disaster, you may be eligible for up to a 20% loan amount increase above the real estate damage, as verified by the SBA.

A Tough Time

Obtaining these loans can be burdensome and difficult for homeowners.

SBA, which works with FEMA, creates Disaster and Business Recovery Centers in areas of natural disasters. At the centers, home and business owners can apply for loans or get counseling on their options.

Politico reports that in the past technical difficulties have affected consumers’ ability to obtain loans.

For instance, after Katrina and Sandy the agency didn’t have enough staff to keep up with the loan process, creating delays that lasted months.

One homeowner tells The New York Times that she applied for a SBA loan following Superstorm Sandy. The loan, she recalls, would have cost her more than $900/month to repay.

To make matters worse, because she had qualified for the loan she was no longer eligible for a FEMA grant. In the end, she received help from the NY Rising Community Reconstruction Program, but it took her two years to obtain the $36,000 relief.

In an effort to avoid a similar issues with delays, SBA has already called on temporary workers to assist with applications following Harvey.

So far, Politico reports the agency has received 1,210 applications.

“The SBA is prepared — for the long haul — to respond to the recovery needs of residents and business owners rebuilding their lives in the aftermath of Hurricane Harvey,” a spokesperson for the agency said.


by Ashlee Kieler via Consumerist

Mom Spots 2-Year-Old In Hot Car At Target, Alerts Police

Even though summer is winding down, temperatures can still be pretty hot, and it’s especially dangerous to leave children or pets behind in your car. That’s why it was fortunate that one shopper at an Ontario, CA, Target store happened to notice a small child in the backseat of a locked car in the store’s parking lot.

Fortunately, she knew exactly what to do. She called 9-1-1 and attempted to free the little girl herself, sticking her hands in the slightly-open window and attempting to break it.

“As a mom you want to prevent a tragedy,” she told CBS Los Angeles. (Warning: auto-play video at that link)

Local police arrived and freed the little girl, comforting her until her mother emerged from the Target store. The girl, whose father is currently out of the country, went with child protective services, and her mother was arrested.

The toddler was left alone for at least 15 minutes while her mother was inside the store shopping, and police say that the temperature inside reached 104 degrees.

“I just think I was in the right place at the right time and that was God,” the woman who noticed the child and called for help told reporters.

According to advocacy group Kids and Cars, an average of 37 children die every year after they’re locked in a hot car, often in a rear-facing child safety seat where a caregiver might not notice them when the family’s routine has been disrupted. That’s more than 800 child deaths since 1990, and some lawmakers are pushing to require automakers to include alert systems in new vehicles to prevent hot car tragedies.


by Laura Northrup via Consumerist

16 USPS Workers Join Mail Carrier Hall Of Shame For Allegedly Taking Bribes To Deliver Drugs

It looks like The Mail Carrier Of Shame may soon have a slew of new members: Federal officials have accused 16 Atlanta-area U.S. Postal Service workers of accepting bribes in exchange for delivering cocaine along their routes.

Federal prosecutors say that 16 USPS employees working in locations around Atlanta have been charged with bribery in three separate federal indictments.

According to officials, these individuals allegedly gave special addresses to a person they believed to be a drug trafficker, who in turn could use those addresses to ship packages of cocaine. The mail carriers then intercepted those packages and delivered them to the purported drug trafficker, prosecutors allege.

Unbeknownst to them, the packages contained fake drugs and the drug trafficker wasn’t really a drug trafficker, but someone working with law enforcement as part of a sting operation.

Some employees are accused of going further and recruiting others to take part in the alleged criminal scheme, officials said, and took additional money for drug packages delivered by their recruits.

The case is being investigated by the Federal Bureau of Investigation, DeKalb County District Attorney’s Office, and U.S. Postal Service Office of Inspector General.

“Postal employees are entrusted to perform a vital service as they travel through our communities, often visiting our homes and interacting personally with our citizens,” said U.S. Attorney John Horn. “The defendants in this case allegedly sold that trust out to someone they knew to be a drug dealer, and simply for cash in their pockets they were willing to endanger themselves and the residents on their routes and bring harmful drugs into the community.”

They all could be joining their brethren in The Mail Carrier Hall Of Shame:

July 2017: Florida mail carrier who admitted to taking bribes in exchange for delivering marijuana to a man along her route.

February 2017: A North Carolina USPS worker admitted to failing to deliver thousands of pieces of mail to residents over at least 14 years.

October 2016: USPS investigates an employee accused of dumping hundreds of pieces of mail into a ditch — while a local filmed the whole thing.

August 2016: USPS worker accused of chucking mail in a pizzeria’s trash bin.

December 2015: Authorities said a Queens mailman dumped more than 1,000 pieces of mail in the trash because he was “overwhelmed” by his heavy holiday mail load.

July 2015: A Philadelphia postal worker was accused of delivering 22,000 pieces of mail straight to his garage.

July 2015: A New York City mailman was accused of stealing more than $1 million in tax refunds in a scheme spanning years.

June 2015: Three Manhattan postal workers were in hot water after being accused of stealing from the “Operation Santa” program like a bunch of Grinches.

December 2014: USPS worker was accused of swiping as many as 2,000 pieces of mail she was supposed to deliver, out of sheer boredom in Detroit.

December 2014: Eight postal workers were accused of stealing packages filled with marijuana in Long Island.

June 2014: A 20-year veteran of the postal system was accused of stealing 20,000 pieces of mail, collecting credit cards, and stacks of DVDs.

April 2014: A mailman in western Kentucky was sentenced to six months in prison for failing to deliver 44,900 pieces of mail, because he wanted to speed up his route.

August 2012: A mail carrier in suburban Chicago pled guilty to pilfering $275,000 in donations that were heading to a charity on his route, after being charged for stealing more than 29,400 pieces of mail in the effort.

May 2012: A 15-year-veteran of the USPS was accused of stealing prescription painkillers mailed to war vets in her area, and then selling those drugs to others on her route.

October 2011: Authorities said a Missouri mail carrier stole 120 Netflix DVDs, which would be a feat now considering the decline in the DVD business. He was also accused of swiping gift cards and other mail that never reached their destination.

January 2006: Colorado police charged two postal workers for plucking Netflix DVDs from the mail, for a total of around 503 discs.


by Mary Beth Quirk via Consumerist

Trump Administration Won’t Commit To Putting Harriet Tubman On $20 Bill

Anyone expecting to someday see Harriet Tubman’s image grace the front of the $20 bill may be in for a long wait. In a new interview, Treasury Secretary Steve Mnuchin hinted that the Trump administration may back off the planned change that would have had Tubman take Andrew Jackson’s place on the bill.

Speaking to CNBC today, Mnuchin would only say that the Treasury will “consider” whether or not to move forward with the change from Jackson to Tubman.

The $20 bill is up for a scheduled redesign in 2020, regardless of whose face is on the front. However, the former Goldman Sachs vice president turned movie producer said today that the main reason for making a change to currency is to make it more difficult to counterfeit, “So the issues of what we change will be primarily related to what we need to do for security purposes. I’ve received classified briefings on that. And that’s what I’m focused on for the most part.”

On the campaign trail, then-candidate Trump called abolitionist and suffragist Tubman “fantastic” but said he preferred to keep the seventh U.S. president on the $20 bill. At the time, Trump suggested putting Tubman on new currency, despite the fact that Americans are using cash less frequently and there is no apparent need for a new denomination.

Mnuchin seemed to echo Trump’s support for Jackson’s continued presence on the bill, telling CNBC “People have been on the bills for a long period of time… Right now, we’ve got a lot more important issues to focus on.”

The Treasury had originally planned on updating the $10 bill with a famous female figure from history, since that denomination was scheduled for an earlier re-design. Then came the Broadway musical Hamilton, which renewed the public’s interest in the country’s first Treasury Secretary, resulting in the decision to change the $20 bill instead.

The Bureau of Engraving and Printing is still years away from its slated redesign of the $20 bill so it remains to be seen whether Mnuchin’s apparent lack of enthusiasm for the change is a sign that Tubman will not replace Jackson, or if it’s just a matter of the redesign not being on his agenda at this point.

It’s been more than a century since any female figures have been printed on U.S. currency. In the 19th century, both Martha Washington and Pocahontas featured on bills issued by the Treasury. Since then, women have only appeared on coins in the U.S., and only in limited runs like the Susan B. Anthony and Sacagawea dollar coins.


by Chris Morran via Consumerist

CVS Accused Of Revealing HIV Status Of 4,000 Ohio Customers

Days after insurance giant Aenta was accused of revealing the HIV medication use of 12,000 customers, CVS has found itself in a similar boat: The pharmacy giant allegedly sent letters to customers that inadvertently revealed their HIV status.

CVS Caremark confirmed to Consumerist that the company recently mailed pharmacy benefit information to approximately 4,000 members of Ohio’s AIDS Drug Assistance Program. Those letters visibly referenced HIV.

The mailing campaign has since been discontinued.

 

ADAP pays for HIV medication for low-income consumers without insurance, or whose insurance won’t cover the medication.

One envelope viewed by The Blade included the notation “PM 6402 HIV” above a customer’s name and address, visible through the window of the envelope.

A rep for CVS tells Consumerist that the reference code was intended to refer to the name of the program, not the customer’s health status.

“CVS Health places the highest priority on protecting the privacy of our patients and we take our responsibility to safeguard confidential patient information very seriously,” the rep said. “We immediately halted the mailings and are currently taking steps to eliminate the reference to the plan name in any future mailings.”

The AIDS activist who provided a copy of the mailing to The Blade urges customers affected by the letters to contact the state’s ADAP coordinator to report what he considers a breach of clients’ privacy.


by Ashlee Kieler via Consumerist

Amazon Sued Over Allegedly Defective Eclipse Glasses

Before the nationwide solar eclipse earlier this month, experts, including some at NASA, warned that solar eclipse glasses on the market may not meet normal standards for eye protection that one should normally wear when staring at the sun. The decentralized nature of Amazon’s marketplace meant that the site was a popular source for potentially insufficient eclipse glasses, and now people who bought them have filed a class action lawsuit against Amazon.

A South Carolina couple accuses Amazon of selling “unfit” eclipse glasses that caused immediate headaches and made their eyes water, and later caused distorted and blurry vision in the days following the eclipse.

In their initial complaint [PDF], the couple argues that they only looked into the sky while wearing their glasses, and that their symptoms must have been caused by defective glasses.

“Defendant owed a duty of care to Plaintiffs and the proposed class to distribute and sell the Eclipse Glasses such that they were neither defective nor unreasonably dangerous when used as intended, to inspect and ensure the glasses that it provided were in fact safe, to warn of any post-sale defects discovered in its products, and recall dangerous products,” their attorneys argue in the case’s initial complaint.

About those eclipse glasses…

Warnings from astronomy experts about the possibility that some eclipse glasses on the market might be counterfeit or not offer enough protection began cicrulating more than a month before the solar event.

Amazon began to notify customers that it was recalling certain glasses sold on the site less than two weeks before the eclipse, with one message going out the weekend before, too late to order replacements online. Amazon has not stated how many vendors were involved in this recall, or how many pairs of unfit glasses were sold.

That left people who had planned ahead and ordered their glasses in advance scrambling at the last minute for protective eyewear made with certified lenses.

“Foreseeable and preventable harm”

The couple in South Carolina claims that they heard nothing at all from Amazon, the site where they bought the allegedly unfit glasses, before the event. The initial complaint in this class action acknowledges that Amazon sent a recall email two days before the eclipse, but doesn’t specify whether they received it.

“The inadequacy of Defendant’s efforts to recall the defective Eclipse Glasses resulted in foreseeable and preventable harm to customers including Plaintiffs,” they note in the initial complaint.

Depending on who officially sold allegedly defective glasses to the lead plaintiffs, Amazon may argue that the official merchant was one of its Marketplace sellers, and that responsibility for ensuring the safety of the glasses belonged with that seller, not with Amazon.

Consumerist contacted Amazon for comment, and will add what the company has to say when we hear back.

(via Reuters)


by Laura Northrup via Consumerist

If You’re Getting Robocalls About Flood Insurance, They’re Scams

The world is full of really horrible, lazy people looking to steal your money while putting in the least amount of effort. Take, for example, the scammers who are blasting out automated, pre-recorded robocalls that try to scare people into believing they have to pay up or lose their flood insurance.

The Federal Emergency Management Agency says that people in Texas have reported receiving robocalls with false alerts that their flood insurance premiums are past due. The fraudulent call then tells the homeowner that they must make a payment immediately in order to keep their insurance from lapsing.

There are a number of problems with this, says FEMA. First, companies that sell flood insurance don’t blast out robocalls to homeowners who are behind on their premiums. Second, these companies would never demand immediate payment without prior warnings.

If a homeowner with flood insurance does miss payments, FEMA says the insurer will contact them in writing, not via automated phone calls. Additionally, policyholders get multiple warnings from their insurer — at 90, 60, and 30 days before a policy expires.

Regardless of whether you have this insurance or your account status, hang up on one of these robocalls. If you are concerned that your insurance might be at risk, contact your insurer directly.

In addition to hanging up on the robocall, it would really help if you took some additional steps to help the feds catch these scammers. If you receive a bogus flood insurance robocall, call the FEMA Disaster Fraud Hotline toll free at 1-866-720-5721. You should also report the robocall through the Federal Trade Commission’s online complaint portal.

Tracking down a robocall scammer is often a complex and drawn-out process; every bit of available information on these fraudsters helps in this hunt.


by Chris Morran via Consumerist

Uber, Mall Team Up To Offer Dedicated Pickup Spots, Human Customer Service Reps

In a move designed to lure shoppers back to brick-and-mortar stores, mall giant Westfield is patterning up with Uber to offer dedicated drop-off and pick-up spots in 33 shopping centers — and some will feature real live humans to help with customer service.

The new best friends announced a partnership today to create special areas for Uber customers to be dropped off or catch a ride home from their shopping trip. Starting this fall, these spots will appear on the map in the Uber app.

Each of the 33 U.S. shopping centers involved will get anywhere between one and 10 Uber stations, some of which will include kiosks with customer service employees available to help with any ride-hailing issues, as well as “brand ambassadors trained to engage with customers and facilitate their Uber experience.”

And at Westfield Century City shopping mall in Los Angeles, Uber will open a dedicated rider lounge so passengers can wait for their car while charging their phones, sipping a free beverage, or perusing free newspapers and magazines.

“The number one objective is that we need to be able to provide convenience,” Bill Hecht, Westfield’s COO in the U.S. told Business of Fashion. “We have a plethora of shops and restaurants in one location, we have technology in place for the search side of it, and now we are providing a way of being able to get to and from the shopping centre in a much easier, more ambient way.”


by Mary Beth Quirk via Consumerist

Feds Shut Down Debt Collector That Allegedly Collected $1.2M In Unowed Debts

Once again, as part of its ongoing efforts to crack down on unscrupulous debt collectors, the Federal Trade Commission has accused a North Carolina company of running a “phantom” debt collection scheme that went after people for money that they did not actually owe.

The FTC announced today that it had filed a complaint accusing the debt collection operation with using intimidation and deception to extract more than $2.1 million from consumers.

The operation used a variety of names, such as Lombardo, Daniels & Moss; Barron, Gibson & Phillips; and Cohen, Daniels & Moss, in its attempt to collect debts.

According to the complaint [PDF], since March 2013 the operation began to perpetrated a scheme to defraud individuals through the collection and process of payments for debts that were not actually owed, or which the companies had no authority to collect.

To do so, the FTC alleges that the operation contacted individuals by phone, claiming that individuals were delinquent on payday loans or other debts.

In an effort to appear legitimate, the collectors claimed to know individual’s personal information, such as Social Security numbers, bank account numbers, or names and contact information of relatives.

The collectors then threatened the individuals with arrest or other formal legal action if they did not pay, the complaint alleges.

For example, the operators allegedly told consumers that they would be sued, have their wages garnished, or have their bank accounts frozen if payment was not made.

In some cases when the individuals did not make payment, the FTC claims the operators allegedly called consumers repeatedly and regularly used profanity.

For instance, the FTC claims that one collector told a customer he was a “lying son of a b****,” “white trash,” and “not fit to hold a job.”

Additionally, the collectors allegedly disclosed purported debts to third parties, failed to disclose that they were debt collectors calling to collect a debt and that any information consumers provided could be used for that purpose, and failed to send consumers legally required written notices with the debt amount and the creditor’s name, giving consumers an opportunity to dispute the debt, according to the FTC.

Customers who questioned the debts and contacted creditors found that they never had any debts with those creditors or that their debts had already been paid, the complaint states.

In all, the FTC claims that the operations violated the FTC Act and the Fair Debt Collection Practices Act. A federal court temporarily halted the scheme and froze its assets at the request of the FTC, which seeks to end the practices.


by Ashlee Kieler via Consumerist

Unruly Passenger Owes Hawaiian Airlines $98,000 For Interfering With Flight Crew

The next time you’re even thinking about doing something you shouldn’t on an airplane, take a second and ask yourself: Is this worth tens of thousands of dollars? One Hawaiian Airlines passenger has learned not to mess with flight crew the hard way, and is now on the hook for almost $98,000.

A federal judge ordered a passenger whose disruptive behavior forced the pilot of a flight from Honolulu to New York to turn the plane around last November to pay Hawaiian Airlines $97,817, reports the Honolulu Star-Advertiser. He’d pleaded guilty in February to interfering with flight crew, and has also been sentenced to three years of probation.

RELATED: Could Badly-Behaved Airline Passengers Lead To A Better Flying Experience for Everyone?

His bad behavior started before the plane took off, officials said, and he then threatened his girlfriend, her kids, other passengers, and crew members once the flight as in the air. He was also accused of making contact with a flight attendant on her shoulder with the back of his hand.

U.S. District Senior Judge Susan Oki Mollway ordered the man to repay the airline for the extra costs of having to turn the plane around, including fuel, maintenance, ground crew, replacement crew, landing fee, other costs.

That $98,000 is also going to cover what Hawaiian paid to rebook passengers on other airlines, but it doesn’t include the $46,900 worth of meal vouchers the airline gave to delayed passengers heading to New York and those who were supposed to be on the return flight to Honolulu.

Every time an unruly passenger prompts a flight diversion or emergency landing, it hits airlines hard: It can cost up to $200,000 to cover all the expenses involved.

Not all airlines will go after passengers to recoup those costs, however, as doing so could hurt the airline in the long run.


by Mary Beth Quirk via Consumerist

Wells Fargo Fake Account Fiasco Grows By 1.5 Million Customers

It’s been nearly a year since Wells Fargo was slapped with a $185 million fine for pushing their employees to increase their sales numbers by opening new accounts without proper authorization from the customer. Now the bank has revealed a new estimated number of so-called ‘fake accounts‘ that is 1.5 million higher than the bank had previously disclosed.  This brings the new total to 3.5 million.

Wells Fargo revealed the increase today following the completion of a third-party review of retail banking accounts opened as far back as 2009. These accounts are referred to as ‘fake,’ but are very real for the customers who didn’t authorize their creation.

Expanded Search

In all, from Jan. 2009 to Sept. 2016, employees opened approximately 3.5 million unauthorized consumer and small business accounts.

Originally, the bank said that about 2.55 million accounts were opened from May 2011 to mid-2015, following a review of 93.5 million accounts.

After expanding the investigation to include a review of 165 million accounts opened between Jan. 2009 and Sept. 2016, investigators uncovered that an additional 981,000 accounts had been opened without customers’ permission.

Read More: Will The Federal Reserve Fire Wells Fargo Board For Fake Account Fiasco?

Of the newly uncovered fake accounts, Wells Fargo estimates that 190,000 incurred fees and charges. This is an increase from the 130,000 accounts previously believed to have incurred fees and charges.

While Wells Fargo confirmed the additional accounts today, just three months ago, downplayed reports that 3.5 million accounts had been opened fraudulently, calling allegations “hypothetical.”

More Unauthorized Activity

Wells Fargo notes that the recently concluded analysis included a review of online bill pay services.

The review found employees completed about 528,000 potentially unauthorized online bill pay enrollments.

According to Wells, potentially unauthorized accounts were identified as those with only one minimal payment and no further use of the service.

The company cautioned that because some customers may have made an authorized introductory payment and then elected not to use the service, the review did not definitively determine if an enrollment was authorized by a customer or not. As a result, some authorized enrollments may be among the 528,000 accounts.

Wells says that it will refund $910,000 to customers who incurred fees or charges from the unauthorized bill pay enrollments.

More Refunds

Now that the company has completed the third-party review of accounts, executives say the bank is turning its focus toward making things right with customers.

To do this, Wells Fargo says it will provide another $2.8 million in refunds and credits. These refunds come in addition to the $3.3 million previously refunded after the initial investigation.

(The bank reports that it has already provided $3.7 million in refunds based on customer complaints and mediation claims between Sept. 8, 2016, and July 31, 2017.)

Read More: Wells Fargo Shareholders Say Bank Staff “Rounded Up” Undocumented Workers As Part Of Phony Account Scam

 

Additionally, the company says that customers may receive compensation under the recent $142 million class-action settlement for claims dating back to 2002. Wells Fargo said in a statement last month that over the next three months it will begin broad outreach to current and former customers, including providing information about the process for making claims.

“We want to ensure we make things right for each and every customer who may have concerns about the impact of unacceptable sales practices,” Mary Mack, head of Community Banking, said in a statement.


by Ashlee Kieler via Consumerist

Best Buy Expanding Same-Day Delivery To More Cities, Cutting Price

If you need a gadget or cord on short notice and don’t have time to go to the store, same-day delivery from Amazon is probably the first option that you think of. Best Buy wants to change that, and is slashing the price for its own same-day delivery service while expanding the list of cities where it’s available.

Best Buy announced today that it will be expanding same-day order availability to Austin, Charlotte, Cincinnati, Columbus, Denver, Kansas City, Minneapolis/St. Paul, Orlando, Phoenix, Pittsburgh, Sacramento, San Antonio, San Diego, and Tampa. Previously, the service was only in 13 cities.

The company is also cutting the price of each delivery from $14.99 per order to just $5.99 as of Sept. 6. The chain promises delivery by 9 P.M. of orders placed by 3 P.M.

By the end of the year, the service will reach another dozen or so markets, which haven’t yet been named. By “end of the year,” of course, we mean the holiday gifting season.

“We’re happy that by the holidays, many more customers will be able to choose same-day delivery and have it be an option on more items than ever before,” Allison Peterson, BestBuy.com president, said in a statement.

Best Buy’s online sales, whether they’re delivered to customer homes or picked up in stores, have been a major growth area for the company.

Best Buy uses outside gig economy firms to actually carry out the deliveries, including app-based delivery dispatching service Deliv and another outside firm that the company didn’t name.

For Best Buy, competing with Amazon is crucial, especially as Amazon expands its same-day and two-hour delivery options to more cities.


by Laura Northrup via Consumerist

Limited Flights To Houston Resume; Full Service Will Take Several More Days

You can fly over floods… but only if there’s a place to take off and a place to land. Houston’s airports, like the rest of the city, have been dealing with high water and torrential rain caused by Hurricane Harvey, and while the runways are dry, it’s going to take some time for air travel to and through the area to get anything like back to normal.

Houston is home to two major airports, George Bush Intercontinental Airport (IAH) and William P. Hobby Airport (HOU). Many major carriers fly through one or both, including Alaska, American, Delta, JetBlue, Southwest, United, and a number of international carriers.

The Houston airports announced today that they have resumed “limited domestic airline passenger service.” The airports will be slowly ramping up operations, with full service expected to resume over Labor Day weekend.

Limited really does mean limited. As Bloomberg notes, IAH is a major hub for United, which usually operates 480 flights per day out of the airport (to say nothing of all the arrivals). For now, they’re starting with a total of six: three in, three out.

American Airlines, which operates out of both HOU and IAH, will be resuming limited flights today. Southwest will be waiting until Saturday, Sept. 2, to resume limited service from HOU.

One analyst and former airline executive told Bloomberg that with as much water still remains in Houston, “It’s not going to be a full operation without concerns probably for another five days” — a solid ten days since the airports first closed down.

Roads to both IAH and HOU are largely accessible at this point, the airports authority says — but that doesn’t mean you can get from the airport to where you want to be.

The airports authority also strongly urges anyone who doesn’t need to be at the airport to stay well away, saying, “only those with a ticket for a confirmed scheduled flight” should come to the airport. In other words, don’t go to the airport to see if your flight happens to be taking off; check with your airline first and stay away if your flight is cancelled.

The major domestic airlines all have dedicated alerts to help passengers on affected flights rebook or check flight status:


by Kate Cox via Consumerist

Main Fuel Pipeline Temporarily Closes, What’s Going To Happen To Gas Prices?

Hurricane Harvey’s impact on fuel prices nationally might be more costly than first anticipated: The country’s largest fuel system, the Colonial Pipeline, shut down its main fuel lines.

Colonial Pipeline announced Wednesday evening that it would temporarily close two of its fuel lines that send an estimated 100 million gallons of gasoline, jet fuel, and diesel from Houston to the East Coast.

According to Colonial Pipeline, Line 2 — which transports diesel and aviation fuel — closed Wednesday, while Line 1 — which transports gasoline between Houston and the East Coast — stopped operations today.

The company noted that the shutdowns were made “due to supply constraints caused by storm-related refinery shutdowns.”

Once Colonial is able to ensure that its facilities are safe to operate and refiners have the ability to move product, the systems will resume operation.

What’s It Mean For Your Wallet?

While many drivers have seen an increase in gas prices in the days following Harvey’s landfall, the latest pipeline closure could drive up costs even more.

The shutdowns have led to an increase in gasoline futures — the wholesale prices charged to gas stations — that are eventually passed down to customers.

As of Wednesday evening, gasoline futures jumped 7% to more than $2/gallon, CNN reports.

Although it might take time for the latest jump in futures to reach customers — likely in days or weeks — prices have already seen a slight increase since Harvey struck.

GasBuddy, a fuel tracking system, notes that fuel prices are up nearly $0.02 from yesterday, while the average price has increased $0.11 since last week.

Compared to this time last year, however, the price is up $0.24.

GasBuddy executives warned of the impending price increases shortly before the hurricane hit Texas, noting that the storm could lead to long-term issues in terms of gasoline supply for large portions of the country.

The company estimates that gas price increases could linger for one or two weeks after the storm.

Past Trouble

Hurricane Harvey isn’t the first event to wreak havoc on nation’s pipelines.

In Sept. 2016, a spill of gasoline from the Colonial Pipeline in Alabama resulted in higher gas prices. Repairs of the issue, which was declared a state of emergency in Alabama and Georgia, were delayed, causing shortages and further price increases.

Three months later in Dec. 2016, the Colonial Pipeline shutdown again after an explosion and fire killed a worker.


by Ashlee Kieler via Consumerist

Pizza Hut Workers Use Kayaks To Deliver Food To Hurricane Harvey Victims

In the aftermath of Hurricane Harvey, flood waters have wreaked havoc on much of southeastern Texas. So when a Pizza Hut manager heard there were families trapped in their homes without food, she decided that if she couldn’t get to them by land, she’d send pizza over the water — by kayak.

The manager of a Houston-area Pizza Hut says she acted after one of her shift managers told her there were people in a certain neighborhood who were hungry and running low on food.

“When I heard there were families in need, I knew we needed to act fast,” she told Click2Houston. “I called my husband and asked him to gather up kayaks and meet me at the restaurant.”

They then packed 120 pizzas into kayaks, and workers set out to deliver them.

“The people in the houses didn’t expect us to come,” the manager told Chron.com. “It was so nice to see their smiles after so much gloom.”

The franchisee said he was proud of the team “for seeing a need, stepping up, and helping the community in a time of devastation.”

Pizza Hut corporate also chimed in to applaud the workers’ efforts:


by Mary Beth Quirk via Consumerist

Wednesday, 30 August 2017

Dish Soap Marketed For Baby Bottles Recalled For Potential Bacterial Contamination

Soap has one job. It’s supposed to help clean things. Instead, Dr. Brown’s soap, which is marketed as “natural” and sold for use on dishes and baby bottles, has been recalled because it may be contaminated with bacteria.

What to do

The bottles of dish soap are contaminated with what’s described as just “harmful bacteria,” and the company will replace them with new, reformulated soap. Call 877-962-2525 or visit the company’s recall page for information about getting a replacement bottle.

The company asks that customers stop using the product immediately. If you’ve used the soap to wash bottles or dishes, you should boil them or run them through a sanitizer cycle on your dishwasher if it has that option.

What to look for

Products included in this recall were sold from September 2016 to June 2017. You might have purchased them from Amazon.com, or 4 Our Little Ones, Babies R’ Us, Bebeang, Buy Buy Baby, Drugland Pharmacy, Family First Pharmacy, Global Nutrition Trading, Macro, or Turquoise.

 


by Laura Northrup via Consumerist

A Reminder: Cable Companies Are Lying When They Say They Support Net Neutrality

As the FCC winds down its lip-service commenting period on Chairman Ajit Pai’s plan to roll back net neutrality rules that stop internet service providers from interfering with the things you do and see online, we wanted to remind you of that time we challenged more than a dozen cable companies — all of whom publicly claimed to love the core ideas of neutrality — if they would put those rules into a legally binding contract; not one of them said yes.


by Chris Morran via Consumerist

Organic Doritos Are A Thing, But Would Whole Foods Sell Them?

PepsiCo, the snack corporation that has brought us simple culinary delights such as Flamin’ Hot Cheetos and Doritos Locos Tacos flavored Doritos, has a new product line geared to current consumers’ tastes. The Simply line is organic versions of 11 of the company’s main chip brands, including Lay’s, Cheetos, Doritos, and Tostitos.

Bloomberg News reports (warning: auto-play video at that link) that the products are now in stores, including the grocery section of Amazon.com. That leads to an interesting question: Now that Amazon owns Whole Foods, a company with famously strict rules about what products it will carry, would Frito-Lay products from the organic line ever appear on the shelves of Whole Foods?

Better-for-you brands from Big Food

The new products meet all of the requirements that Whole Foods has for its food suppliers, and are made from certified organic ingredients. Unless the chain has some kind of philosophical opposition to PepsiCo itself, there’s no reason why they wouldn’t be for sale there.

“Amazon’s acquisition makes it much more likely that Whole Foods will carry these better-for-you brands, even if they’re made by large incumbent [consumer packaged goods] players,” a research analyst who follows snack companies told Bloomberg News. “The smaller brands just can’t keep up with the spending and velocity required from Amazon anymore.”

Either smaller brands and the companies that make private label items for Whole Foods will have to keep up, or the big players will start to appear on the store and virtual shelves.

Who would even buy that?

Are there customers out there who want both the Doritos brand and a guarantee that their food was grown without synthetic pesticides and genetic modification? Sure, the chief marketing officer at Frito-Lay says.

“The notion of clean and simple is very important to a segment of consumers,” she told Bloomberg in an interview. There are customers who want “simple” ingredients but who also like a salty, flavored corn chip made from non-GMO corn.


by Laura Northrup via Consumerist

What’s In That Smell? P&G Will List All Fragrance Ingredients Online

If you’ve ever looked at the list of ingredients on a can of air freshener and wondered what, exactly, is involved in that “sea breeze” scent, you’ll have some more answers soon: Procter & Gamble is joining other companies in the push for transparency with a promise that eventually all of its smelliest home and personal care offerings will detail exactly what substances make up “fragrance.”

Fragrance is… fragrance

For example, if you check out the current ingredient page for Febreze products, things like “Alcohol” and “Citric Acid” are included along with “fragrance*.”


Follow that asterisk and P&G says that Febreze perfumes are “formulated taking into account our stringent internal safety standards for every ingredient, as well as the safety standards set by the International Fragrance Association (IFRA).”

If you dig a little further on P&G’s site, you can find a list of ingredients in its “fragrance palette,” as well as those it does not use at all. However, there are no explanations as to what any of these things are, so if you want to know what “β-Farnesene” is, you’re on your own — at least for now.

Coming soon

P&G announced today that its new plan is to share all fragrance ingredients — for any substance present in concentrations of greater than 0.01% — online for its entire product portfolio in the U.S. and Canada by 2019. The company will start by focusing on fabric, home, and beauty care categories, listing what’s in certain Tide, Febreze, Herbal Essences, and Olay products.

Pointing out that it already lists all fragrance ingredients online, P&G says this move is an “additional level of detail” that will “offer consumers more reliable information to help choose what’s best for them and their families.”

Beyond simply saying what’s in these products, P&G says it will also add information like where else the ingredients can be found, “such as everyday fruits, foods, and other products.”

Of course, just because your face wash is made with the same thing that’s in grapefruit rinds doesn’t mean you should go rubbing it all over your face. If an ingredient and its possible side effects are unfamiliar to you, you’ll still have to do a bit of research on your own.

“While we applaud P&G’s actions today, we will also urge them to go further in protecting public health,” says U.S. PIRG Toxics Advocate Dev Gowda. “P&G should also provide full fragrance disclosure to consumers on product packages, regardless of the product category and whether the product contains fragrance ingredients over 100 parts per million.”

Transparency is trendy

P&G seems to be taking a page out of the playbook other companies are using to woo shoppers who want to know exactly what they’re putting on their skin or spraying in their kitchen.

In February, P&G competitor Unilever promised it would list its fragrance ingredients for its home and personal care goods online, which you can see in the wild over on the Seventh Generation website.

Brands like skincare company Beauty Counter as well as household names like SJC-owned Mrs. Meyer’s Clean Day also feature online ingredient glossaries, explaining things like what’s in each product — whether it’s synthetic or from a plant-based source — and what they do.

Retailers are jumping on the transparency bandwagon as well: After encouraging suppliers to remove eight controversial chemicals from products last year, Walmart is the latest company to join The Chemical Footprint Project, which rates companies on their use of chemicals.

Also this year, Target unveiled new guidelines for manufacturers that will require them them to remove certain chemicals from products and list all ingredients on products over the next five years.


by Mary Beth Quirk via Consumerist

Google Assistant Begins Takeover Of Home Appliances; Alexa & Cortana Make Friends

It was a big day in news for connected-home devices, with Google announcing plans to put its Home technology on a slew of new appliances, while two competing digital assistants — Amazon’s Alexa and Microsoft’s Cortana — began to make nice with each other.

Google Gadgets

Maybe your notion of a voice-activated appliance is you screaming at your dishwasher to just please work properly for once. It’s becoming increasingly likely that your next washer will be able to listen and talk back to you.

The Google Assistant launched with the Google Home smart speaker in 2016 and works on both the company’s Android operating system and Apple’s iOS.

This morning, Google announced a major expansion in platforms where Assistant can live. In addition to third-party connected speakers from Anker, Panasonic, and Mobvoi, the company is planning to integrate Assistant into a wide variety of appliances.

Forgot to turn the dishwasher on before you went to bed? Tell your Assistant-enabled phone or speaker, “OK Google, run the dishwasher,” and it should work. At least, if your dishwasher is one of the appliances coming from “manufacturers like LG” that has Assistant integration.

Google promises to keep updating its list of participating manufacturers as the week goes on.

Robots Make Friends

Meanwhile, some of the other voice assistants out there appear to be teaming up. As Reuters reports, Alexa and Cortana appear to be making friends.

Amazon and Microsoft have announced a bit of a partnership for their respective AI assistants, Reuters explains. The two will be able to talk to each other for a more seamless consumer experience.

Basically, you’ll be able to run one through the other. If you’re not near your Amazon device, but you’re using a laptop with Cortana enabled, you’ll be able to say, “Cortana, open Alexa,” and you’ll have access to your Amazon service, or vice versa.

Analysts told Reuters they were surprised the companies were working so closely together, since usually these services — and the massive troves of data and code used to drive them — are kept closely proprietary.

But, analysts also note, what Amazon has just gained is one more edge on Google. By beating Google to the smart-speaker market, Amazon managed to become the “accidental winner” of the home AI race, and Google — which only released Home in late 2016 — has been scrambling to catch up.

Google, meanwhile, recently teamed up with Walmart to try and gain on the Amazon behemoth.


by Kate Cox via Consumerist

Best Buy Claims $43 Cases Of Water Were Mistake, Not Post-Hurricane Price-Gouging

Most of us can walk into any big box or warehouse store and buy a case of bottled water for less than $10. But one Best Buy store in hurricane-devastated Texas was caught charging between $30 to $43 just for cases of water, leading to claims of price-gouging. Amid the blowback for its egregiously overpriced water, Best Buy is apologizing and claims it was all a mistake.

Skyrocketing prices

A reader submitted a photo of the Best Buy display to a reporter at news site Grit Post, who shared it on Twitter and on the site. The image went viral, because even the least price-conscious shopper knows that $43 for a case of Dasani is several times what one should expect to pay.

Best Buy apologized for selling this item, telling Grit Post in an emailed statement: “This was a big mistake on the part of a few employees at one store on Friday. As a company we are focused on helping, not hurting affected people. We’re sorry and it won’t happen again.”

The company’s spokesman explained the pricing, noting that it was “not as an excuse, but as an explanation.”

It’s actually an understandable error: The chain doesn’t normally sell water by the case, but it does sell some bottled water in coolers near its checkouts. That meant that the retailer had no price set up in the system for when it’s selling cases of water, and employees simply multiplied the normal single-bottle price by 24.

Others Accused Of Gouging

Intentional price-gouging, however, is a problem during any natural disaster, and has been reported around the region affected by Hurricane Harvey. Some Wingstop customers in Corpus Christi (warning: auto-play video at that link) were charged a mysterious “catering tray” fee for their meals, which one cashier called a “convenience fee.” Customers who complained to the chain received refunds.

KXAN kicked off an investigation when the Best Western where their crew stayed charged $289 before taxes for a room that normally cost $120. The Attorney General investigated, and was able to get refunds for dozens of families who stayed at the hotel during the storm.

That location has already lost its Best Western franchise as a result of the hurricane-related price hikes.

“We are deeply offended and saddened by the actions taken by this hotel,” the chain’s public relations manager told KXAN in a statement. “As a result, we are immediately severing any affiliation with the hotel. This hotel’s actions are contrary to the values of Best Western. We do not tolerate this type of egregious and unethical behavior.”

What to do when you’re price-gouged

Price-gouging happens because customers really do have no other choice — so if you find yourself in this situation, document the price, whether it’s a doubled hotel room rate, $20 for a gallon of gas, or $5 for a liter of water. Then take that documentation to your state’s attorney general as well as to the retailer’s corporate office if it’s a chain.

“If you see [price-gouging] happening, take a photograph,” Texas Deputy Attorney General Jim Davis told KXAN-TV out of Austin in an interview. “Use your cell phone. That’s one of the things of this storm that’s different, is the social media effect and the information we get.”

While the AG’s office is searching social media for complaints of price-gouging, don’t assume that posting to Facebook is sufficient. Make sure to submit your complaint to the Attorney General’s office.

Ken Paxton, Texas AG and hero to people who found RadioShack gift cards in their sock drawer long after the retailer’s bankruptcy, has reminded people in Texas that the state fines merchants $20,000 for price-gouging, and the fine multiplies to $250,000 when the person overcharged is over 65.


by Laura Northrup via Consumerist

NYC Delivery Guy Biked Through Lincoln Tunnel Because His Phone Told Him To

Repeat after me: Map apps can be useful, but you should not follow their advice blindly. For example, if you’re on your bike and it tells you to cycle through a tunnel meant only for cars. Don’t do that.

Port Authority police intercepted a delivery worker on the New Jersey side of the Lincoln Tunnel after he biked through it on his way to drop off food for a customer, NJ.com reports.

While it’s perfectly okay to cycle across many of the area’s bridges, bikes — and other “velocipedes” — are barred from entering the Lincoln Tunnel, according to Port Authority regulations [PDF].

The cyclist says he was simply following the directions on a mapping app. He showed the police his phone, “which supported his claim,” a Port Authority spokesman told NJ.com.

In the end, traffic wasn’t majorly disrupted, and police issued a traffic summons for trespass.

He’s not the only one who has blamed technology for leading them astray:

• A lost truck driver once landed a big rig on a public park’s footbridge and blamed his GPS.

• Then there was the driver who followed her map app and ended up crossing an airport taxiway.

• Back in 2013, a woman in Europe drove 900 miles instead of 90 due to a GPS error.

• And a year before that, a GPS failure led to an arrest after a woman drove onto a golf course.

• Of course, we can never forget when Australian police warned people against using Apple maps, lest they end up lost in the wilderness.


by Mary Beth Quirk via Consumerist

465K People Need A Pacemaker Security Update To Protect Their Hearts From Hacking

If you need more evidence that we are living in an increasingly internet-connected world, look no further than a recent software update aimed at making sure 465,000 people with pacemakers don’t have hearts that are vulnerable to hackers.

The U.S. Food and Drug Administration announced this week that medical device company Abbott has issued a corrective action for implantable cardiac pacemakers made under the St. Jude’s Medical brand. According to the company there is a “risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.”

To address this heart-hacking vulnerability, Abbott is issuing a firmware update to the pacemakers.

While this update is being treated as a recall, the devices will continue to function as intended “and replacement of implanted pacemaker devices is not recommended.”

To that end, there are no known reports of patient harm related to the cybersecurity vulnerabilities in the 465,000 radio-frequency-enabled implanted Abbott devices impacted in the U.S.; the company says this firmware update is part of a plan announced in January, and will “provide an additional layer of security against unauthorized access to these devices.”

Which devices are involved?

Included in the update:
• Accent
• Anthem
• Accent MRI
• Accent ST
• Assurity
• Allure

Not included: Any implantable cardiac defibrillators (ICDs) or cardiac resynchronization ICDs (CRT-Ds)

Going forward, any pacemaker manufactured as of Aug. 28, 2017 will have the update pre-loaded in the device.

How to get the update

If you have an impacted pacemaker, you should talk with your physician about when you should receive the update — which requires an in-person patient visit — as well as address any questions or concerns you might have.

The process will take about three minutes to complete, during which time the device will operate in backup mode “and essential, life-sustaining features will remain available.”

If you have any questions or want additional information, check out http://ift.tt/2wT7Bti, or contact Abbott’s hotline at 1-800-722-3774.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates,” the FDA notes.


by Mary Beth Quirk via Consumerist

Hacker Broke Into Hotel Rooms Electronically, Stole Customers’ Stuff

Key cards may be a convenient way for hotels to issue room keys, but a bug in one popular model made it convenient to electronically pick the locks. An override code to open doors was programmed into the locks, making them easy to open after a quick shopping trip to RadioShack. One man took advantage of this bug and used it to gain access to rooms across the country, stealing stuff from hotels and guests alike.

In an excellent feature story in Wired, you can learn the slightly horrifying story of how tens of millions of electronic locks in hotels have an easily exploitable flaw, but the manufacturer has no way to push an update out to all of them. Years after the flaw was discovered, many of them still haven’t been fixed.

“Like a ghost”

A man in Arizona had learned about the exploit from a TV news item just as he was about to be sent back to prison on charges that he thought had been dismissed. His crimes until then were minor forgeries and driving under the influence, and he decided that if he was going to prison for six years, he should do something that (to him) really merited that kind of sentence.

The first time he gained access to a room using his door-opening gadget, he just stole a pile of towels and pillows, not ready to risk stealing televisions yet. Eventually, he moved on to stealing multiple room TVs as well as guests’ stuff. Police and hotels were mystified.

He began entering empty hotel rooms during the day, at first un-bolting and removing hotel-owned TVs, but eventually making off with customers’ electronics, jewelry, and entire suitcases. Who looks twice at a person wheeling a suitcase down a hotel hallway?

“Everything’s gone. No prints. No forced entry,” a detective in Tempe, AZ, one of the cities that the hotel hacker first hit, told Wired. “It was like a ghost had slipped in and slipped out.”

He grew bolder, eventually stealing a guest’s luggage while the man napped in his bed during the day. Meanwhile, the maker of the popular door lock model, Onity, began to take the threat seriously and realized that it needed to pay for some kind of fix, and began sending plugs for the data ports on each door. The hotel hacker figured out how to remove the lock’s cover and get rid of the plastic piece blocking his access.

The hotel hacker was eventually caught, pleading guilty to three of what he claims are at least a hundred hotel burglaries. He was sentenced to nine years in state prison in Arizona.

Watch your bags

Five years after his spree began, though, there are still exploitable Onity locks around. If you see an open port that looks like it could take a DC power plug on your hotel room door, maybe take anything irreplaceable in your room with you, or lock it in a safe.

Normally, when a security researcher shares this kind of exploit with the world, as the man who discovered this issue did at a hacker conference and even a mainstream media article, the company responsible rushes to fix the problem before anyone can begin a nationwide crime spree.

Onity, the lock-maker, put that expense on the hotels that use its lock instead. Replacing the relevant part in each of its locks cost around $25 per lock, with tens of millions of locks installed.

As a result, there are still plenty of exploitable locks around. Watch your back. Or, we should say, your bags.


by Laura Northrup via Consumerist

Education Dept. Hires Exec From Scandalized For-Profit School To Run Enforcement Division

Dedicated and effective government employees can come from many prior walks of life, it’s true; the path through any career can be winding and complex. But choosing someone with major ties to a for-profit college that engaged in questionable behaviors to head up a division tasked with investigating for-profit colleges that engage in questionable behaviors seems like a bad sign.

There’s a new hire coming to the Department of Education, Politico reports: Julian Schmoke, currently a high-ranking director at a community college in Georgia, will be taking over as head of the Department’s Student Aid Enforcement Office.

What’s the job?

The Student Aid Enforcement Office was formed in early 2016, “as part of the Obama Administration’s aggressive action to protect students and taxpayers.”

The Enforcement Office basically works with other divisions within the Department of Education to investigate instutitions’ shady actions around student lending. Basically, it’s the gorup that handles alleged fraud on the part of for-profit colleges and universities.

What’s the problem?

The first head of the Enforcement division came from the FTC, where he had previously worked on consumer protection issues; that follows. But the same cannot be said of the new nominee: Prior to his current role as a college administrator, Schmoke spent several years working for DeVry University.

Yes, the same for-profit DeVry University you’ve probably seen commercials for — and the same DeVry University that just finished paying out $49 million in refunds to more than 17,3000 students after it reached a $100 million settlement with the Federal Trade Commission over those ads in late 2016.

In short, the Department of Education has now hired a guy who spent much of a career at a for-profit school busted for fraud… to head the department that helps determine which for-profit schools need to be busted for fraud.

Part of a pattern

The new hire is just one of many recent signals from the Trump Administration that the Department of Education is making a 180 on issues related to for-profit education.

Secretary of Education Betsy DeVos herself has financial ties to a student loan refinancer.

In June, DeVos named the head of a private, for-profit student lending company to run the Department’s Office of Financial Aid. That same month she also promised to “reset” rules that regulated for-profit colleges and held them more accountable.

And in July, it came out that the Education Department had not approved a single loan forgiveness claim since the start of the new Administration on Jan. 20.

So while it is theoretically possible that Schmoke’s ties to DeVry don’t mean he will be anything other than a stalward defender of students’ rights… probably best not to hold your breath.


by Kate Cox via Consumerist

There’s A Good Chance A Cosmetic Surgeon Advertising On Instagram Is Not Board-Certified

Don’t select your plastic surgeon based solely on their Instagram posts. That feels like something we shouldn’t have to tell people, but the “bad idea”-ness of it all is being highlighted by a new report which found that fewer than 20% of cosmetic surgery posts on Instagram are from board-certified plastic surgeons.

The report, published today in the Aesthetic Surgery Journal by researchers from the Northwestern University Feinberg School of Medicine, looked at the most popular posts related to an array of common plastic surgery-related hashtags and found a variety of people — some doctors, some not — pushing cosmetic surgery services without certification from medical boards in either the U.S. or Canada.

Becoming a board-certified plastic surgeon requires years of post-medical school training specifically in this field, in addition to several more years of surgical training and experience.

In some cases, these surgeries are indeed being marketed by physicians, but ones who aren’t specifically trained in this field, like gynecologists, dermatologists, emergency medicine physicians, and doctors specializing in family medicine — though all reportedly marketed themselves as “cosmetic surgeons,” a designation that many physicians can use but which is not an indication of any specific training or experience in the field.

“A cosmetic surgeon is not necessarily the same thing as a board certified plastic surgeon, and patients need to be made aware of this,” explains Robert Dorfman, lead author of the study.

Perhaps more alarming were the plastic surgery-related ads placed by non-physicians: dentists, hair salons, and spas with no affiliated doctor.

“This is a very scary finding,” says Dorfman. “Providers — ranging from physicians who are not licensed in plastic surgery to dentists, hair salon employees and barbers — are doing procedures for which they do not have formal or extensive training. That’s extremely dangerous for the patient.”

The majority of the most popular cosmetic surgery marketing posts were from doctors based in other countries, with Turkey, Russia, Brazil, and Colombia leading the way.

Of all the top posts related to plastic surgery hashtags on Instagram, the report says that fewer than 18% were published by actual board-certified plastic surgeons.

What’s more, the study found that the posts published by the board-certified surgeons were significantly more likely to contain educational information for prospective patients, as opposed to purely promotional content.

“It is critical that board-certified plastic surgeons use social media like Instagram as a platform to educate patients about the risks of surgery and dangers of having plastic surgery performed by those with improper training,” concludes the study.


by Chris Morran via Consumerist

Whole Foods Meat Guys Sculpt Amazon Logos Out Of Ground Beef

What’s that old saying, again? “When you love someone, say it with meat”? That’s how employees at one Los Angeles Whole Foods welcomed their new e-commerce overlords, sculpting Amazon and Prime logos out of ground beef in the display case.

A few observant shoppers browsing the meat department at an L.A.-area Whole Foods spotted beef sculptures devoted to Amazon branding this week, apparently in celebration of Amazon and Whole Foods officially becoming one on Monday:

But these were not displays commissioned by Jeff Bezos, as meat guys working at the store in question confirmed to Recode that they decided to get creative on their own: “One of the managers” apparently thought it would be fun to make the Amazon logo out of meat, so a worker used a paper cutout of the Amazon logo as a guide to shape the beef.

We’ve reached out to Amazon for comment on this culinary ode to the company, and will update this post if we hear back.


by Mary Beth Quirk via Consumerist

Did Uber Violate Bribery Laws Involving Foreign Officials?

Uber’s brand new CEO already has a lot to deal with: The U.S. Justice Department is in the first stages of investigating whether managers at the company ran afoul of a federal law that prohibits companies and their employees from bribing foreign officials in the course of doing business.

Probing matters

The Foreign Corrupt Practices Act makes it unlawful for “certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business.”

The DOJ is now looking into whether Uber managers violated that law, reports The Wall Street Journal.

Uber confirmed to the WSJ that the company is working with the DOJ on the preliminary investigation, while the agency said that as a matter of policy, it doesn’t confirm or deny the existence of an investigation.

Depending on what the DOJ finds, if anything, officials will then decide whether or not to pursue a full investigation.

New CEO on the block

The news of this investigation comes just as Uber’s board confirmed earlier reports that ex-Expedia head honcho Dara Khosrowshahi has accepted the job of CEO.

In a letter Tuesday night to employees announcing their unanimous vote for Khosrowshahi, Uber’s board of directors notes that the new CEO will answer questions at a companywide meeting on Wednesday.

“The Board and the Executive Leadership Team are confident that Dara is the best person to lead Uber into the future building world-class products, transforming cities, and adding value to the lives of drivers and riders around the world while continuously improving our culture and making Uber the best place to work,”


by Mary Beth Quirk via Consumerist

Tuesday, 29 August 2017

The Latest Powerball Winner Is Not Trying To Be Your Facebook Friend Or Give You Money

TaxSlayer Settles FTC Charges That Lax Security Led To Identity Theft

Sure, it might be convenient to do your own income tax preparation online, but it could be risky: Scammers all over the globe have exploited these risks, slurping billions of dollars’ worth of ill-gotten tax refunds into their bank accounts. In order to prevent even more of this, federal regulators have settled charges TaxSlayer violated federal rules on financial privacy and security.

Tax returns include sensitive financial information, after all, including Social Security numbers, employment information, and the amount each person is really due in taxes. Access to a tax return gives the person filing them the ability to change addresses and bank accounts and receive someone else’s tax refund.

While the Internal Revenue Service has taken steps to protect taxpayers against having their refunds shipped to scammers or even shipped out of the country, the Federal Trade Commission says that TaxSlayer’s lax security and privacy practices hurt their customers [FTC].

The FTC notes that the company failed at some pretty basic security safeguards [PDF], including protecting users against having their credentials from other sites re-purposed on the TaxSlayer site, or notifying customers when the mailing address, password, security question, or banking information associated with their accounts had changed.

It also didn’t require customers to choose complex passwords, an important safeguard against hackers gaining access to accounts.

Even though it holds financial information, the company didn’t develop a written comprehensive security program until Nov. 2015. The company also didn’t issue a written privacy policy to customers, which it was required to do.

The company is now required to get third-party assessments of its security practices every two years for the next ten years, and will face harsher penalties if it is caught violating the Safeguards Rule or the Financial Privacy Rule in the next 20 years.


by Laura Northrup via Consumerist

Hundreds Of Android Apps Pulled From Google Play Store After Researchers Discover Botnet

Google pulled nearly 300 malicious apps from the Google Play Store this week, after a team of researchers from several internet companies discovered that they were all hijacking phones’ power into a massive international botnet spanning more than 100 countries.

The problem

The issue is a botnet called WireX.

Several different internet companies — Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru, and others — worked together to identify WireX after it first appeared on Aug. 17.
Researchers from all these organizations were able to identify that WireX was being powered by roughly hundreds of different, seemingly innocuous Android apps: video players, storage management tools, or ringtones, for example.

After the researchers worked out the scope and details of the attack, they notified Google of their findings, and more than 300 apps were pulled from the Google Play Store. Several of the organizations jointly published a blog post explaining the technical details of their findings.

A whatnet?

A computer is powerful; loads of computers working together are enormously powerful. That’s the general principle behind a botnet: Hackers put some kind of malicious code on as many systems as possible, then use them all to do something.

Increasingly, that “something” is to launch a Distributed Denial of Service attack, or DDOS, against some entity. In a DDoS attack, hijacked devices basically pound some server with such a ludicrous number or access requests that it can’t keep up, and either crashes or, at the very least, is unable to serve legitimate traffic.

For example, a DDoS attack against a hosting provider in 2016 left millions of users unable to access major platforms like Reddit, Spotify, and Twitter for several hours.

Anything that can connect to the internet can be taken over and turned into part of a botnet. That 2016 attack was perpetuated in part by hackable webcams made by a Chinese firm. Millions of other devices worldwide also get pulled into botnets regularly, in part because a huge percentage of the “things” in the internet of things are ridiculously hackable and poorly secured.

Phones aren’t usually included

Desktop and laptop computers have been vulnerable to being swept up in botnets since roughly the dawn of the internet, and it’s common to see processing power borrowed from any available IoT device. But despite mobile phones overwhelming pervasiveness in the modern world, they are not commonly a part of botnet-driven DDoS attacks.

It is, unfortunately, fairly common for nasty things to be hiding in Android software; for example, more than 500 apps were recently found to be holding a significant vulnerability that let third parties access your data.

Android is more vulnerable to attack than iOS largely because of its decentralized nature. No matter what carrier you use an iPhone on, Apple solely controls the operating system and updates to it. But Android phones are made by dozens of manufacturers and run on dozens of different wireless carriers — and the device-makers and wireless carriers, not Google, are primarily responsible for keeping those hundreds of millions of phones up to date.


by Kate Cox via Consumerist

Insurance Won’t Cover Damage To 80% Of Homes Flooded By Hurricane Harvey

When the flood waters left behind by Hurricane Harvey eventually recede, they will leave behind billions of dollars in property damage. However, a large majority of homeowners will likely have to spend their own money to make their homes livable again.

The Consumer Federation of America estimates that — because of the limited availability of flood insurance and damage limitations placed on most homeowners’ policies — eight out of ten homeowners with flood damage from Harvey don’t have insurance that will cover their claims.

Robert Hunter, CFA’s Director of Insurance and former Texas Insurance Commissioner and Federal Insurance Administrator, tells the Associated Press that the lack of insurance could result in Texas homeowners paying as much as $28 billion out-of-pocket for Harvey-inflicted repairs.

Limitations On Coverage

The CFA notes that insurance companies have gradually increased the deductibles associated with hurricane coverage while generally limiting the types of damage they will pay to repair in the wake of a natural disaster.

Most homeowner insurance policies only cover wind damage, not flood damage. In fact, to repair water damage, most homeowners insurance policies require that the damage be the result of water entering the home through a window that is blown out from wind.

Flood Insurance

For actual flood insurance, individuals must purchase coverage through the National Flood Insurance Program. This insurance is generally only available to — and is frequently required of — homeowners with federally backed mortgages livings in areas vulnerable to flooding.

The AP notes that while there are around 1.2 million properties in Houston deemed to be at moderate to high risk for flooding, these buildings are not situated in designated flood zones where the flood insurance is required.

According to a Washington Post analysis of Federal Emergency Management Agency data, only 17% of homeowners in the counties most affected by Harvey have flood insurance.

Still, CFA estimates that insurance companies will pay about $7 billion for more than 150,000 anticipated flood and wind damage claims submitted after the storm.

However, the agency cautions that claims, insurance payments, and out-of-pocket costs could increase depending on how much rainfall occurs in certain areas of Houston.

If You Don’t Have Insurance

While the wind damage to properties in Texas was significant during Harvey, the 12-50 inches of rain that have fallen in the area so far may prove even more damaging.

Hunter tells the AP that homeowners without flood insurance could try to apply for federal disaster relief benefits.

However, these benefits aren’t the same as insurance coverage. Instead, they are similar to low-interest loans, that must be repaid.

For those who don’t have federal flood insurance, advocates urge them to contact their homeowners’ insurance company anyway.

“Don’t assume you won’t [receive money from an insurer] if you don’t see problems with the naked eye,” Kristin Sullivan, a financial planner, tells MarketWatch.

Filing A Claim

Consumers suffering home damage as a result of Hurricane Harvey are urged to contact their insurance companies as soon as possible.

CFA notes that while the federal government underwrites flood insurance coverage, actual insurance companies service claims.

As a result, homeowners should follow the same procedures as they would with a traditional claim.

CFA offers several tips for individuals filing, including to keep clear records of the damage and their interactions with the insurance company.

“Because so many consumers experienced severe claims problems in the wake of Hurricanes Katrina and Superstorm Sandy, we urge homeowners dealing with losses caused by Hurricane Harvey to be vigilant with their insurance companies, including the insurers settling National Flood Insurance claims, to ensure that they receive a full and fair settlement,” Hunter said in a statement.


by Ashlee Kieler via Consumerist