Not that we needed any more reasons to monitor our credit cards and the like, but right here in our Hudson Valley a Rite Aid Pharmacy is the scene of identity theft to an unknown level.

Anyone who shopped at Rite Aid’s 238 Hooker Ave. store in the past year should keep an eye on their bank and credit card statements, according to the Rite Aid Corporation.

A Rite Aid associate at the Poughkeepsie location “may have obtained limited customer information” including customer names, addresses and payment card information in order to make “unauthorized payment card transactions,” according to a press release from the corporation.

The Rite Aid associate accused of the thefts is no longer employed at the store, according to Rite Aid. City of Poughkeepsie Police charged Kevin Thomas, 26, of the Town of Poughkeepsie, on Nov. 24 with second-degree identify theft, a class E felony.

The exact number of victims of the alleged thefts is unknown, police said. Rite Aid and the City of Poughkeepsie police are still investigating the incident and are asking customers to report any unaccounted for transactions.

More charges may be filed against Thomas if additional victims come forward, according to city police.

There is no indication that customer health information or Social Security numbers, or any customer information from other Rite Aid stores, was compromised.

Rite Aid is encouraging all customers at the 238 Hooker Ave. location to monitor and review payment card account statements.

Those who believe they have been affected should contact their bank or payment card company, according to the release. Customers with questions about the incident can call 1-800-877-2611 or email privacyoffice@riteaid.com.

For more information on best practices for identity theft protection, please visit www.legalshredinc.com

Picking up where we left off last week, tax time is a time to step up our vigilance regarding identity theft.

Once again, identity theft still tops the list of taxpayer concerns. According to the most recent Javelin Strategy & Research, identity thieves stole $16 billion from 12.7 million US consumers in 2014.

More tips for best practices in identity theft protection:

1. Be mindful of the information you are sharing on-line.  Data-mining is the practice where companies gather information people are sharing about themselves on line.  When making purchases or signing up for newsletters, only provide the information that the company needs: you don’t have to give out all of your information. When you do opt in to offer personal information, check the site’s privacy policy to find out how that information might be shared with other companies.
2. It’s an old chorus but that because it’s critical: use smart passwords.  Use a password keeper to help you keep track but do not cut corners on passwords!
3. Games and memes are fun—but also frequently ask for personal information like your mother’s maiden name or the street you grew up on. Definitely DO NOT post such information on your social media—that’s like opening your wallet and giving it away!
4. Be wary of phishing schemes. Phishing often comes in the form of an unsolicited email or a fake website that poses as a legitimate site such as the IRS or your bank in order  to get you to disclose your personal or financial information. Don’t follow any links from these e-mails to any websites where you might be asked for your personal information. Verify that you’re on a legitimate site before sharing your data; if you must access a particular site, log out from any links that you’re not sure about and navigate directly to the site instead. And remember: the IRS will not initiate contact with you by email (or phone) to discuss your account.

We’ll finish with one more round of tips next week.

We always invite you to view more on identity theft protection at www.legalshredinc.com

This week’s blog is adapted from the FTC’s OnGuard OnLine Blog.  In a recent post, Attorney Lisa Weintraub Schifferle from the FTC Division of Consumer and Business Education addressed the importance of making sure home networks are set up securely.  To keep it secure, Weintrabu Schifferle urges homeowners to secure the router.

Why pay attention to that little box with the flashing lights? Your router lets you connect with the internet and communicate with other devices in your home. So, it’s your first line of defense in guarding against attacks by identity thieves and hackers.

How can you make your router more secure? Start with these steps:

• Change the name of your router.The name of your router (also called the SSID or service set identifier) is usually a default ID assigned by the manufacturer. Change it to something only you know.
• Change your router’s pre-set passwords.Your router also usually comes with a default password. Hackers know these default passwords. So, change yours to something unique, long and complex – think at least 12 characters, with a mix of numbers, symbols and upper and lower case letters.
• Turn off any “remote management” features. Some routers offer remote management for tech support. Don’t leave these features enabled. Hackers can use them to get into your home network.

Maintenance is also important.  Once your router is set up, don’t just stick it in a corner gathering dust. Instead, keep it up to date. Over time, the software that comes with your router may need updates. Visit the manufacturer’s website periodically to see if there’s a new version available for download. Or register your router with the manufacturer and sign up to get updates. If you lease a router, check if your internet service provider issues updates automatically.

For more on best practices for identity theft protection and on-line safety, please visit www.legalshredinc.com

It’s that time of year for New Year’s resolutions and always a good time to take stock of how mindful you are of protecting one of your most valuable assets—your identity. Javelin Strategy & Research reported that about 12.6 million people were victims of identity theft in 2012, an increase of more than one million from the previous year. One likely reason: a spike in Web site data breaches. LinkedIn, Sony and Zappos are among the high-profile businesses attacked in recent years. Javelin found that nearly one in four people who were notified that their data had been compromised in a breach became victims of identity theft last year. The fix: Create a variety of passwords so that a thief won’t be able to use a password stolen from one site to enter another. Passwords for your e-mail and financial accounts, in particular, should be unique. Create longer passwords that contain a mix of upper- and lowercase letters, numbers, and symbols.

Resolve to review your credit reports quarterly this year and each bank and credit card statement you receive for unauthorized transactions. Bills from medical providers for services you never received could mean someone is posing as you to get treatment. Make a habit of shredding documents that contain sensitive information.

Resolve to be more protective of your phone number and birthday—avoid the temptation of sharing too much information on social media. It’s not just your “friends” who are monitoring your posts!

Resolve to keep your security software up to date and get notices from your bank and credit card companies for suspicious transactions.

For more on identity theft best practices, please visit www.hvshred.com

Halloween has come and gone another year but before we move on to Thanksgiving, here’s one more spooky topic to consider. A recent post by Carol Kando-Pineda , Counsel at the FTC’s Division of Consumer & Business Education, we are reminded that we must consider the “life after death” of our virtual accounts.

Kando-Pineda recognizes most of us don’t really want to talk about: the truth is, we’re all going to die someday. Maybe you’ve already started thinking ahead: planning for your funeral, the care of loved ones and disposal of your property. But what about your online life? All the digital files, photos, posts and other accounts you leave behind might cause a lot of inconvenience – even fraud or identity theft – for your loved ones to clean up. Here are a few tips to figure out a plan for your online life after death.

• Count your accounts. Make an inventory of your digital life, including accounts for email, social media, blogging, gaming, and cloud storage. Keep track of each site’s name, URL, your user name, password, your wishes for each, and other information that might be necessary for access. Some of your accounts may involve money – either real-world or online currencies – and may require additional attention. Keep your inventory secure and out of plain sight. Don’t attach your inventory to your will which becomes a public document after your death.
• Get in the know – now. Many accounts will let you make arrangements now or name someone to manage the account after your death. Research your options.
• Who can help? You might want to name a digital executor to handle all these tasks after your death, preferably someone who has experience with online accounts and will understand how to carry out your instructions – or make decisions about issues that you might not have foreseen. You can select a friend or family member to be your digital executor or you can hire a third-party service to help you.

For more on identity theft best practices as well as tips for on-line safety, please visit www.hvshred.com

This week’s blog is adapted from a recent article by Lisa Gerstner from Kiplinger’s Personal Finance. She addresses what to do of your personal computer, smartphone, or other device is lost or stolen. We all know these devices are embedded with a treasure trove of personal information.

A thief who steals your device may be able to access your e-mail, view sensitive documents as well as gain access to your personal finances.

Always lock your devices with a fingerprint sensor, a password or a PIN—one with six or more characters, if possible. Password-protect banking, wallet and other sensitive apps, too. When you get notifications to download updates for your operating system, antivirus software and other programs, do it right away because they may patch security flaws. But never click on a link or attachment in a text message or e-mail from an unfamiliar source (or from what appears to be a familiar source, if anything about the message looks fishy) because it could infect your device with malware.

No matter how tempted you are, be sure that you are only using trusted Wi-Fi networks, preferably ones that are password-protected. Although encrypted Web sites (those that begin with “https”) add protection by making your activities unreadable by hackers, it’s better to be safe than sorry.

When using Wi-Fi, avoid online banking and other sensitive transactions. If you travel a lot, consider using a personal Virtual Private Network (VPN), which provides a secure network.

Before you download a mobile app, read reviews, check its privacy policy and permissions, and visit its Web site to see whether it looks legitimate. If an app requires, say, access to your phone’s camera or GPS for no apparent reason, take a pass on it. Be especially cautious with apps from the Google Play store because anyone can place an app on that market. Apple screens apps more rigorously.

With remote tracking and wiping capability, you can find a stolen or lost device’s location and erase its contents. Users of Apple’s computers, tablets and phones can set up the option through iCloud and with the Find My iPhone app. Android owners can use Google’s Android Device Manager app.

For more on best practices in the realm of identity theft protection, please visit www.hvshred.com

In our never-ending effort to keep our community informed of the best practices is identity theft protection, this week we adapt a recent post from the “Stop.  Think. Connect.” blog posted by the Department Of Homeland Security.  The post explains how important it is that we recognize that we now live in a “smart world,” where the Internet touches all aspects of our daily lives. We have wearables that track our eating, sleeping, and exercise habits. We utilize devices that provide us with a quicker route on a summer road trip. We own mechanisms that allow us to preheat our oven or adjust our thermostat on our way home from work before we even walk through the door. These types of devices are all part of our new, more connected world – commonly referred to as the Internet of Things.

The Internet of Things includes objects or devices that send or receive data automatically via the Internet. As more devices and objects become connected to the Internet – from phones and tablets to homes, vehicles, and medical devices – it is important to realize that the security of these devices is not always guaranteed.

Why does it matter?

• 1.8 billion: the number of smartphone users*
• 50 billion: the number of connected devices expected by 2020 (that’s 1 person to every 7 devices)*
• $5 trillion: the amount the IoT market is expected to grow over the next 6 years*

Though this technology brings many conveniences to our lives, it also requires that we share more information than ever. Here are three simple steps to take to secure the devices that hold your valuable personal information.

• Keep a clean machine. Just like your smartphone or laptop, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the mobile applications you use to control the device.
• Think twice about your device. Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.
• Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices.

For more information and tips on identity theft protection, please visit www.hvshred.com

*National Cyber Security Alliance Internet of Things Infographic