by Dave Moore, CISSP
02/11/2024
Add Arvest Bank to the list of banks that have been hacked, just like MidFirst Bank was, as reported by me in this newspaper last October 1, 2023; now we know over 26,000 Arvest customers have have their private information stolen by Internet crooks.
The Arvest Bank hack occurred May 31, 2023. They didn’t discover it until October 13, 2023. In classic “Who, me?” fashion, Arvest didn’t start notifying its customers until last week, January 30, 2024. That means their customers’ sensitive personal and banking information had been in the hands of Internet crooks a full eight months before Arvest decided to let their customers know.
As such, this column, as well as the previous five columns in this series (which began 01/14/2024), now applies to Arvest Bank, as well as Integris and St. Anthony.
We have examined placing “fraud alerts” at various federal agencies, financial institutions, creditors, real estate concerns and public utilities. Those were the next steps to take after placing account “freezes” at all four major credit bureaus. Next, we looked at notifying collection agencies, data brokers and law enforcement.
These actions are all taken in response to how customers of Arvest Bank, Integris and SSM St. Anthony hospitals have been victimized by Internet criminals hacking the hospital’s poorly-secured computer networks, creating a full-on identity theft crisis that cannot be minimized or ignored. The personally identifiable information (PII) of millions of people has been stolen, the type of information criminals use to steal tons of money.
This week, in this final installment in the series, we examine notifying more government and consumer agencies. Remember, as much as possible, do all of these things in writing, Certified Mail. Phone calls and emails are good, but not enough. You may need written proof of what you have done later on.
Get a free copy of your ChexSystems Report from chexsystems.com. If you discover fraudulent activity, get the accounts closed and report the fraud to the Check Verification system, so businesses will be alerted to refuse the checks. Contact any businesses that have taken the bad checks quickly, before they start collection actions against you.
Look for bogus bankruptcies filed in your name. Write the U.S. Trustee for your area and describe the situation. Provide proof of your identity. Consider hiring an attorney familiar with identity theft and bankruptcy cases to help you with this.
File a Better Business Bureau Scamtracker report at www.bbb.org/scamtracker.
File a complaint at the Federal Bureau of Investigation’s Internet Crime Complaint Center at www.ic3.gov/.
If you believe a bank or other financial institution’s behavior or policies have helped facilitate a scam or identity theft, (i.e., you received a letter from your bank saying your information was “compromised”), file a complaint with that state’s banking regulatory agency. For example, in Oklahoma, that would be the Oklahoma Banking Department, at http://banking.ok.gov/complaints. Also consider filing a complaint with the state’s consumer protection agency. For example, in Oklahoma, file with the Attorney General’s Consumer Protection Unit at www.oag.ok.gov/consumer-protection.
Get a copy of your C.L.U.E. (Comprehensive Loss Underwriting Exchange) report from LexisNexis at consumer.risk.lexisnexis.com/request. Get a copy of your Early Warning Consumer Report at earlywarning.com/consumer-information. Examine both reports for any unusual or inaccurate activity.
Remind everyone you request information from they are bound by federal law, Section 609(e) of the Fair Credit Reporting Act, to provide business records related to identity theft to victims within 30 days of receiving a written request. I guarantee you, many of them will give you the run-around or flat-out refuse to help. Don’t be bamboozled or intimidated. Insist they comply with the law; otherwise, you will take legal action against them. Be prepared to file complaints with the Consumer Financial Protection Bureau at consumerfinance.gov, the Federal Trade Commission at ftc.gov, and all appropriate state agencies.
Be prepared to sue in local, state, and federal court, if necessary. If funds are tight, reach out to legalaidok.org/contact-us/ for help. Yours is a righteous cause; have the grit to stick with it. It’s amazing how quickly folks can become cooperative when attorneys get involved.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org