BajaNomad - Baja Bound Security Breach

Baja Bound Security Breach

Sweetwater - 2-25-2016 at 09:21 AM

I received a letter this past week regarding a serious data breach at BajaBound.
All personal information was disclosed, including name and drivers license numbers.
Apology extended with an offer to cover ID theft through Kroll. I have no idea who this is or how effective they might be.

I have new Spam in the email account that was breached but no new accounts opened according to Experian.

I don't find the apology to be much use if that data leads to ID theft, does anyone know Kroll?

BajaGeoff - 2-25-2016 at 12:58 PM

Hello Sweetwater,

A little clarification here...

The Baja Bound website was not compromised in any way.

However, one of our agents received an email from a client that contained a malicious attachment that was opened. Upon investigation, the attachment looked as though it was intended to collect email addresses.

Because this agent often receives personal client information by email (such as drivers license info) we took the steps necessary to contact our clients that had previously exchanged emails with the agent. So far there has been no indication that any of the information in the email account has been viewed or compromised, and the malicious email only involved a very small number of our clients.

The letter you received was simply a precautionary measure to inform you of the incident and provide complimentary identity protection services to you if you want them.

Let me know if you have any further questions...

DanO - 2-25-2016 at 01:28 PM

Kroll is a big player in data security. Link: http://www.kroll.com/en-us/cyber-security/data-breach-respon...

Sweetwater - 2-25-2016 at 02:30 PM

Quote: Originally posted by BajaGeoff

Hello Sweetwater,

A little clarification here...

The Baja Bound website was not compromised in any way.

However, one of our agents received an email from a client that contained a malicious attachment that was opened. Upon investigation, the attachment looked as though it was intended to collect email addresses.

Because this agent often receives personal client information by email (such as drivers license info) we took the steps necessary to contact our clients that had previously exchanged emails with the agent. So far there has been no indication that any of the information in the email account has been viewed or compromised, and the malicious email only involved a very small number of our clients.

The letter you received was simply a precautionary measure to inform you of the incident and provide complimentary identity protection services to you if you want them.

Let me know if you have any further questions...

I have read this letter once again, it states:

As part of our investigation, we also reviewed the documents stored in the email account and discovered an application that contained your personal information, including your name, address, date of birth, and drivers license number.

I haven't claimed a website breach and I am very concerned that personal information was stored in email documents. As I've reviewed my past correspondence, there were no emails sent by me with that information. I was schooled not to include that type of information since nobody knows which servers might end up with access to it. That is a very dangerous process/procedure and I feel it exposes users to this type of potential abuse.

DanO, thanks for the link to Kroll, I'll investigate them closer.

I'd encourage an open discussion about this incident and wonder how others are dealing with it or ignoring it, as the case may be.....

Bajahowodd - 2-25-2016 at 05:48 PM

Ahh. The internet. Perhaps there ought to be thread discussing whether the internet has improved or degraded our society.

Such as, would ISIS be able to recruit. Or would Donald Trump be a viable candidate for President?

Just positing.

DawnPatrol - 2-25-2016 at 05:57 PM

I am not in any way trying to tell Geoff how to run his website, especially one that collects personal data for insurance sales through its portal.

My only remark is that I am in the insurance industry and through my carrier we are NOT allowed to ask for any personal info through emails....

We always request the customer call us with CC info, DOB's, socials, etc..

Alan from San Diego

DanO - 2-25-2016 at 05:57 PM

Quote: Originally posted by Bajahowodd

Ahh. The internet. Perhaps there ought to be thread discussing whether the internet has improved or degraded our society.

That's easy. Both. The tougher question is how much of each.

BajaNomad - 2-26-2016 at 11:07 AM

http://www.adweek.com/news/technology/digital-savvy-millenni...

DENNIS - 2-26-2016 at 02:05 PM

Quote: Originally posted by Bajahowodd

Or would Donald Trump be a viable candidate for President?

Just positing.

=============================

What's "viable" mean here?

Bajahowodd - 2-27-2016 at 04:57 PM

Quote: Originally posted by DENNIS

Quote: Originally posted by Bajahowodd

Or would Donald Trump be a viable candidate for President?

Just positing.

=============================

What's "viable" mean here?

Ask the RNC that question. I personally think he's a narcissist, a liar, a fake, and more.

But, my friend, A long time ago, I posited that he may actually be a Manchurian Candidate, out to destroy any hope of the Repubs in the next election.

After all, he was a life long Dem.

micah202 - 2-27-2016 at 07:54 PM

Quote: Originally posted by Bajahowodd

........my friend, A long time ago, I posited that he may actually be a Manchurian Candidate, out to destroy any hope of the Repubs in the next election.

After all, he was a life long Dem.

....that 'bout makes the most sense of anything :wow:

BajaGeoff - 2-28-2016 at 03:30 PM

Hello Sweetwater,

I got some clarification on the sentence that read:

As part of our investigation, we also reviewed the documents stored in the email account and discovered an application that contained your personal information, including your name, address, date of birth, and drivers license number.

That portion of the letter was referring to the personal information transmitted by email in order to set up a policy, or an insurance policy being sent to a client by our agent. If you received an email from this agent with a policy attached, that is why you would have received the letter.

As such, all of our insurance policies are now issued with the drivers license number information encrypted, and we have since gone back and deleted every email that was sent by our office that had an insurance policy attached.

If you do have any further questions about this, you can call Kroll at the number provided in the letter, or give a call to the Baja Bound office and we would be happy to assist.

Sweetwater - 2-28-2016 at 03:57 PM

Quote: Originally posted by BajaGeoff

Hello Sweetwater,

I got some clarification on the sentence that read:

As part of our investigation, we also reviewed the documents stored in the email account and discovered an application that contained your personal information, including your name, address, date of birth, and drivers license number.

That portion of the letter was referring to the personal information transmitted by email in order to set up a policy, or an insurance policy being sent to a client by our agent. If you received an email from this agent with a policy attached, that is why you would have received the letter.

As such, all of our insurance policies are now issued with the drivers license number information encrypted, and we have since gone back and deleted every email that was sent by our office that had an insurance policy attached.

If you do have any further questions about this, you can call Kroll at the number provided in the letter, or give a call to the Baja Bound office and we would be happy to assist.

Yup, found the insurance policy documents as you describe and understand now. Thanks for the clarification. Seems that if they downloaded the pdf files, they have good info for identity theft. I'll follow up with Kroll but it seems that putting a fraud alert on my account should cover any ID theft attempts.