Custom Search

January 06, 2019

Watch Out for Hidden Cameras - Hernando Business CEO Charged With Placing Hidden Camera in Women's Restroom

In this age of technological wonders, everyone should be wary of the potential misuse of technology, as female employees of a local Hernando, Mississippi business recently learned the hard way.

David Hunter Moore, 23, CEO of Moore Advanced, was arrested by Hernando police after female employees of Moore Advanced noticed a hidden camera in the bathroom used exclusively by female employees.  Moore has been charged with photographing and filming without permission.

Moore Advanced is a temp agency located on Highway 51 in Hernando, Mississippi.  David Hunter Moore is listed as the President and CEO of Moore Advanced.

The hidden camera was disguised as a phone charger and looked like this:


It is unclear how the long the hidden camera was in place in the women's bathroom.  One female employee indicated that she had seen the charger off and on for a period of months but did not think anything of it at first.  This past Wednesday, the employee pulled the charger out of the socket and discovered a blinking light.  She took a photo of the device and then researched the device online.  At that point, she learned that the device also contained a hidden camera.

She alerted the Hernando police, who obtained a search warrant and, upon searching the premises, located two additional recording devices, as well as a body worn camera, which was allegedly found in David Hunter Moore's desk.  Investigators will now review the captured footage and photographs for additional evidence and/or charges, particularly if the hidden camera was used to record any minors using the restroom.

In addition to contacting the Hernando police to assist with the criminal charges, any persons videotaped or photographed by the hidden camera should also contact an attorney to discuss a possible civil lawsuit against David Hunter Moore and/or Moore Advanced for invasion of privacy.  The Kittell Law Firm would certainly be interested in discussing a possible civil claim with any of the victims of this crime.

January 03, 2019

Deployed Servicemembers Should Receive Free Credit Reports While Deployed

Active duty servicemembers are often at greater risk of identity theft and fraud because they may be deployed overseas or away from home for weeks or months at a time. In 2018, Congress passed a law to give active duty servicemembers the right to free credit monitoring services from the Big Three credit bureaus (Equifax, Experian, and TransUnion).

Unfortunately, the new law only requires the credit bureaus to provide “electronic notifications” of material changes in a servicemember’s credit report, i.e., email, text, or other electronic alerts. The law does not provide servicemembers with full free access to their credit reports when they receive an alert that something has changed.

While notification is good, its just not enough. Its like telling someone your family member was sent to the hospital but only telling you why if you pay them. Our actively deployed men and women deserve better. As the law currently stands, they can only find out the details of the changes that they are notified about if they buy a credit report or use their one free annual credit report. The credit bureaus should not be allowed to make the deployment of our military as a way to make money, by sending notifications of changes but not providing free access to see what has changed.

Fortunately, Congress gave the Federal Trade Commission (FTC) the power to mandate free credit reports as part of new requirements for free credit monitoring. The FTC has issued a proposed rule on credit monitoring but did not include free reports.

But we can do something about this oversight. Please use this link to go to the FTC website and tell the FTC that active duty servicemembers should get free online access to their credit reports when they get an alert that something has changed in their credit reports. Deadline to submit comments is Monday, January 7.

While there may be some delay to the FTC acting on the proposed rule due to the FTC currently being closed thanks to the government shutdown, you can still leave comments about the proposed rule via the above link.

December 30, 2018

Data Breach at Blue Cross Blue Shield Puts 15,000 at Risk

A potential data breach at Blue Cross Blue Shield of Michigan may have exposed the personal information of approximately 15,000 of its "Medicare Advantage" customers.  The potential data breach occurred when a laptop of an employee of a vendor contracted by a Blue Cross Blue Shield subsidiary was stolen.

The laptop theft potentially exposed the names, addresses, dates of birth, genders, medications, medical diagnoses and provider information of the Medicare Advantage customers.  Fortunately, Social Security numbers and financial account information were not on the stolen laptop.

Blue Cross officials also claimed that there has been no indication to date that the stolen information has been accessed by any unauthorized person.  Hopefully, it stays that way.

November 25, 2018

Alleged Credit Card Fraud Culprit on the Run in Hernando

The Hernando Police Department is searching for a man who allegedly committed credit card fraud.
According to Hernando Police, the man has scammed people out of more than $13,000.
He may be driving a newer model gray Dodge Journey.
If you recognize him, call the Hernando Police Department at (662) 429-9096.
And, if you are one of his victims and need legal representation or assistance correcting the damage caused by the credit card fraud, please contact the Kittell Law Firm at (662) 298-3456.  The Kittell Law Firm is located in Hernando, Mississippi and is the only law firm in Mississippi who specializes in representing victims of identity theft and other financial fraud.

July 08, 2018

Potential data breach by employee at Arkansas Children’s Hospital

A former employee of the Arkansas Children’s Hospital in Little Rock, Arkansas is under investigation for the potential misuse of patients’ private information.  The former employee accessed an unidentified number of patients’ personal identifiers while employed with the hospital.  The employee was employed from November 7, 2016 to February 6, 2018, at which time the employee was terminated.  Now, everyone whose accounts were accessed by the former employee are now at greater risk of identity theft.

According to the hospital, all patient accounts and by the terminated employee have been audited.  The hospital is in the process of alerting patients affected by the data breach and is also offering free credit monitoring to all affected patients.

Patients of Arkansas Children’s Hospital should monitor their credit reports for any suspicious activity, including the opening of new accounts that they did not authorize.  They should also watch their credit card statements and bank accounts for fraudulent charges.  Finally, since their health insurance information was possibly compromised, potentially affected patients should check their Explanation of Benefits for any fraudulent charges to their insurance for treatment not received by the patients.

Affected patients can also call the Arkansas Children’s Hospital at 855-880-9242.

Hospitals are a prime source of potential data breaches due to the treasure trove of cosnumers’ personal identifiers and financial information they are required to obtain to provide treatment.  Couple the amount of valuable personal information with high employee turnover and often lackluster data protection controls and you have a potential bonanza for those wanting to steal personal information for later identity theft.

April 15, 2018

West Virginia sues Equifax over 2017 massive data breach

This past Thursday, West Virginia became the second state to sue Equifax due to last year’s massive data breach at the consumer reporting giant.

Patrick Morrisey, the West Virginia Attorney General, filed the lawsuit against Equifax, alleging that Equifax failed to safeguard consumer information of hundreds of thousands of state residents and for delaying alerting the public to a breach that exposed the personal data of about 148 million people.

Equifax is one of the three major credit bureaus in the United States and a frequent defendant in lawsuits filed by the Kittell Law Firm.  Last year, Equifax’s blunders allowed the largest data breach in the history of the world to occur, affecting roughly half the population of the United States, including approximately 730,000 West Virginians.

“Equifax’s failure to secure consumers’ personal information constitutes a shocking betrayal of public trust and an egregious violation of West Virginia consumer protection and data privacy laws,” Morrisey said in a statement.

Equifax is accused of failing to take action to secure its online dispute portal despite prior warnings of vulnerability within its framework and of failing to recognize that hackers had penetrated its system from May 2017 to July 2017.

West Virginia joins Massachusetts as the second state to sue Equifax over the 2017 data breach.  Maura Healey, the Massachusetts Attorney General, filed suit previously and recently beat back Equifax’s attempt to have the Massachusetts lawsuit dismissed.


September 26, 2017

Equifax CEO out! Barney Fyfe and Elmer Fudd appointed interim CEOs

Ok, so the second half of that title is a joke.  But I for one would not be surprised considering how Equifax has handled the rest of the fall out from their huger than huge data breach that exposed the lives of 143 million Americans to the financial and emotional ruin of identity theft.

Equifax CEO Richard Smith was not fired, however.  He decided to retire, much like the politician in the middle of a huge scandal that suddenly wants to spend more time with his or her family.

Paulino do Rego Barros, Jr., the president of Equifax's Asia Pacific region, has been named interim CEO until a new Sith Lord can be found to replace Smith.

September 21, 2017

Lord Have Mercy! Equifax has been sending consumers to fake site for 2 weeks

As my momma used to say "when it rains, it pours".  If that's the case, Equifax is in the middle of a Hurricane Harvey-esque Cat 5 hurricane of pouring rain.

After "forgetting" to install a security patch to its website which led to the largest data breach in the history of ever, then "forgetting" to tell their 143 million victims that they are and will forever be at risk for identity theft for nearly two months, then "forgetting" to tell anyone about an earlier data breach that Equifax has now confirmed did indeed happen, but "remembering" to let their top execs know about both breaches so they could several million dollars worth of Equifax stock before Equifax stock priced dropped by over a third of its price and "remembering" to donate to their favorite Congressman Barry Loudermilk so he would propose a completely idiotic bill that would provide immense protection to Equifax and the other credit bureaus at the expense of his constituents and the rest of America, NOW it has come to light that, for approximately two weeks, Equifax has been sending victims to a fake website.

Yes, a fake website.  A spoof.  One that puts those victims at even greater risk of identity theft.

Instead of using its own website to help victims of its data breach, Equifax created a whole new site equifaxsecurity2017.com.  Guess that added the year so they can keep their breaches straight.  The problem with using a new website instead of their existing one is that phishers and scammers can much more easily create fake websites using variations of the legitimate website's address.  This would include reversing the order of the words or making sites with common typos of the real site name.  In this instance, a mere day after the launch of the legitimate site, scammers had created 194 phishing websites that used addresses similar to the legitimate site.

What's worse than Equifax's boneheaded move in creating a new site instead of using its own Equifax.com site?  Equifax directed victims of its data breach to the WRONG site.  On three separate occasions, Equifax tweeted the incorrect URL securityequifax2017.com for its victims to use. Two of the tweets occurred on September 9 and the last on September 18 (i.e. three days ago!).

The Fair Credit Reporting Act requires consumer reporting agencies such as Equifax to follow reasonable procedures to assure maximum possible accuracy of the credit reports they generate regarding consumers.  I have been suing Equifax for 18 years for violating that section by failing to have, much less follow, reasonable procedures to assure maximum possible accuracy.  Now the public is getting a taste of what I have been seeing for years ... ignorance on top of ineptitude.

Please remember this if and when your Congressman or Senator votes in favor of Barry Loudermilk's bill designed to harm consumers by protecting Equifax from its own gross negligence and boneheadedness.

Video of Briefing for Senate Staff and Press on CFPB Arbitration Rule and Congressional Review Act Attack on the rule

Here is a link to the streaming video of yesterday's Senate briefing about the Congressional Review Act attack on the CFPB's arbitration rule.

As usual, my colleague Paul Bland did a fantastic job protecting us consumers.  Thanks for all you do, Paul!

September 19, 2017

It Just Keeps Getting Deeper - Equifax Suffered Second Undisclosed Data Breach

Bloomberg.com is reporting that the gigantically huge data breach that Equifax disclosed less than two weeks ago is not the only hack the consumer reporting agency suffered this year.  There was allegedly a hack in March, two or more months before the big data breach that has put 143 million Americans at risk of having their identities stolen and their lives ruined.

According to Bloomberg, Equifax notified a small number of outsiders and banking customers in early March that it had suffered a breach.  At that time, Equifax brought in a security firm to determine the scope of the breach.  What Equifax did not do was tell the general public about the first data breach, either then or in July when it learned of the second, larger breach.

The second, big breach occurred (according to Equifax) when hackers gained access to Equifax's computer system through a known flaw in the company's web software that somehow was not patched until after the breach was discovered in late July.  Was the flaw in the system discovered by the security firm in March and Equifax negligently failed to implement the patch to fix the vulnerability?

While the Bloomberg article focuses on the first hack's implications for the three executives that dumped Equifax stock after the second breach was known by Equifax but before the public was informed and the subsequent stock price drop, one thing the article does not mention is how the timing of the first hack completely undermines Representative Loudermilk's claim that his Equifax protection bill was drafted before the Equifax data breach, not in response to it.  I posted about Loudermilk's position yesterday.

Loudermilk introduced his bill designed to protect Equifax and the other credit bureaus and hurt consumers (such as his constituents) in May, a few weeks before the second breach allegedly occurred.  However, now that we know that Equifax knew of the first breach in March, why would we think that Loudermilk was not attempting to shield Equifax, a donor to his campaign, from liability from the first breach by pushing a bill that does nothing but protect the credit bureau from having to pay for its malfeasance?  The timeline is looking very bad for both Equifax and Loudermilk.  If I were a citizen of the 11th Congressional District of Georgia, I would have some very serious doubts about where my congressman's loyalties lie.

September 18, 2017

Representative Loudermilk is STILL trying to protect Equifax instead of consumers

U.S. Representative Barry Loudermilk is still trying to give immunity to Equifax for its utter failure to protect the private information of over 143 million Americans and its subsequent bungling of the data breach it allowed to happen.

Prior to the breach (allegedly, since we really don't know when the breach actually happened since we only have Equifax's word that the breach occurred in late May through early June), Representative Loudermilk, who is a U.S. Representative from Georgia, the home state of Equifax, proposed legislation that, if passed, would gut the protections afforded consumers by the Fair Credit Reporting Act.  The proposed legislation, H.R. 2359, would change the Fair Credit Reporting Act in two ways, both of which are very damaging to consumers and, not by coincidence, very favorable to Equifax and the other credit bureaus.

First, it would eliminate punitive damages.  Yes, the one thing that big corporations like Equifax are scared of is a punitive damage award.  Their profits are soooo great that an award of just compensatory damages will never be enough for them to really notice in the long term.  Punitive damages, however, are used to punish a corporation for its wrongdoing.  Equifax, as seen by its shenanigans of first hiding the data breach and then trying to pull a fast one to get its victims to give up their right to sue, is up to its eyeballs in wrongdoing.  Equifax's conduct is the type of conduct that deserves a punitive damages award against it, since their conduct is willful, intentional and not just a mere accident or negligent mishap.  So H.R. 2359 would benefit Equifax in that way.

Further, and more importantly in the context of consumers getting justice for Equifax's negligently allowing the data breach to happen, H.R. 2359 caps what consumers can get via a class action at $500,000.  Not per consumer, per class action.  And, since all of the approximately 100 class actions filed against Equifax for the data breach will ultimately be merged into one big class, that means 143 million plus victims of the data breach (less those who wisely opt out and file individual lawsuits) will have to split a measly $500,000 if Representative Loudermilk's bill becomes law.  If my math is correct, that is roughly 3 cents per victim.  Yes, three cents.  Three shiny pennies.  How is that justice?!

And, instead of backing away from his bill like its a grenade about to explode, Representative Loudermilk released the following statement:

"The data breach at Equifax has placed an unimaginable number of Americans’ personal information at serious risk. Not only must Equifax be held accountable for the breach of their systems, they must also be held accountable for their failure to notify the public of the breach in a timely manner. Businesses such as Equifax that obtain and store massive amounts of information on individuals must be held to the highest data protection standards. I will be working with the Financial Services Committee on investigating this data breach and the inadequate response of Equifax executives. Furthermore, we have already begun working on legislation mandating businesses to notify consumers affected by data breaches in a timely manner.

"Unfortunately, the outrage that followed the announcement by Equifax caused a gross mischaracterization of a bill that I have been working on since early this year. It was falsely reported that this bill (H.R. 2359) was introduced to give immunity to Equifax from any liability over this data breach. This couldn't be further from the truth. The FCRA Liability Harmonization Act (H.R. 2359) was introduced back in May, and is aimed at curbing frivolous class action lawsuits against businesses under the Fair Credit Reporting Act (FCRA). The businesses affected by FCRA lawsuits include community banks, credit unions, auto dealerships, retailers, and many other small businesses that extend credit to consumers.

"Reports that this bill would grant any immunity to Equifax for liability in this data breach are completely false. The bill does not give any immunity from prosecution or civil lawsuits for wrongdoing to any business. Furthermore, data breaches are governed by state laws, not the FCRA, so this bill would not apply to Equifax in this case at all with respect to the 143 million people whose personally identifiable information was compromised.

"Finally, given the unfounded attacks on me and the rampant misinformation circulating about this legislation, the Financial Services Committee has not scheduled further action on any bill at this time."

So Representative Loudermilk is claiming that his bill would not grant immunity to Equifax?  While technically true, being capped at paying three cents a victim is about as close to immunity as one can get.  For Representative Loudermilk to make this grossly misleading statement is deplorable.  He obviously cares more about Equifax, his campaign donor, than he does about consumers, including his constituents.  I hope the people of the 11th Congressional District of Georgia are paying attention to whose side Mr. Loudermilk is one, because it sure isn't theirs.

September 17, 2017

Don't Answer Calls from Equifax

As if the damage done by Equifax's negligence in allowing the massive data breach and its subsequent shenanigans in delaying publication of the data breach and its efforts to further screw consumers by stealing their right is not enough, now scammers (other than Equifax) are trying to profit off the data breach at the expense of consumers.

I have been told that scammers are placing calls to consumers posing as employees of Equifax attempting to "help" after the data breach.  These "employees" then ask for the consumers' personal identifiers (Social Security number, date of birth, full name, etc.) in an alleged effort to verify the identity of the consumer.  However, they really use want your information to use against you, so DO NOT GIVE IT TO THEM!

First of all, Equifax will never call you about anything. This scam has been around for years but usually the scammers claim to work for the IRS.  Just like the IRS, Equifax will only deal with you in writing, so a call from someone claiming to be from Equifax is a big red flag that a scam is happening.

Secondly, after Equifax's blatant interest in only helping and protecting itself in the wake of the data breach its negligence allowed to happen, why would anyone think Equifax would go out of its way to call a consumer to help.  Equifax never helps. It only hurts consumers and does its best to profit from selling all of our information.  Just like Experian and Trans Union, Equifax only cares about profits and avoiding liability for its wrongdoing and malfeasance.

So if Equifax or the IRS is calling, hang up.  It's a scam.

September 08, 2017

Too Little, Too Late - Equifax Adds Opt Out to Arbitration Provision regarding Data Breach

After a flurry of bad press and social media outrage (including from yours truly), Equifax has now added an opt out provision to the arbitration provision it snuck into the fine print for anyone accepting Equifax's "offer" of "free" credit monitoring and identity theft protection.

Couple of problems.  No one reads the fine print so they don't know about the arbitration clause, much less the opt out provision.  Why can't they just make it an opt in, if arbitration is such a great thing?  Of course, its not and they won't.

Second, the opt out provision is only available for a measly thirty days from when the data breach victim signs up for the "free" credit monitoring.  Equifax kept the data breach secret for longer than that!  Thirty days is way too short.

And, a common ploy on these opt out provisions for arbitration clauses is that, amazingly, the company whose arbitration clause it is almost always denies that the consumer ever opted out and then still try to force the consumer into proving that he or she opted out, instead of the burden being on the company to prove that the consumer agreed to arbitration. Equifax will likely try the same ploy since, as you can see, the play fast and loose with the rules.  Just do a pacer search for lawsuits where they have allegedly violated the Fair Credit Reporting Act.

The data breach is a very bad thing.  But Equifax's reaction to the data breach (i.e. keeping it secret for almost two months and then trying to screw the data breach victims out of their rights) is the worst of all.  Equifax and its executives should pay and pay dearly for this.


Equifax based in Georgia; Georgian Congressman seeks to gut FCRA. Coincidence? I think not!

Equifax is based in Atlanta, Georgia.  Three guesses which state's congressman proposed HR 2359, i.e. the Kill the FCRA bill.  Yep, that's right, Congressman Loudermilk of Georgia.  I wonder who put him up to it?

Representative Loudermilk is now being called on to withdraw his Equifax protecting bill by the National Association of Consumer Advocates (of which I am a proud member) and The Georgia Watch.  Their press release reads:

"NACA, Georgia Watch Call on Rep. Loudermilk of Georgia to Withdraw His Bill That Favors Equifax, Credit Bureaus Over Harmed Consumers

In light of the astonishing announcement of credit reporting agency Equifax’s security breach which impacts the personal information of more than 140 million consumers, National Association of Consumer Advocates and Georgia Watch call on Rep. Barry Loudermilk (R-Ga.) to withdraw his legislation, H.R. 2359, that would drastically reduce remedies for consumers who are victims of credit reporting abuses.

On the same day that Equifax announced the massive data breach, a subcommittee of the U.S. House Financial Services Committee held a hearing to consider legislation, including Loudermilk’s bill that would amend the federal Fair Credit Reporting Act to essentially shield credit reporting agencies from full accountability for willful and reckless conduct that upends individuals’ employment and financial lives.

Specifically, the “FCRA Liability Harmonization Act” would eliminate punitive damages, a tool used to punish the worst actors, and would impose an arbitrary $500,000 limit on statutory and actual damages in class actions. These illogical blocks on consumer remedies would obstruct individuals’ legal rights.

“Instead of running to Congress to seek a “get out of jail free” card to avoid accountability for its reckless handling of consumers’ personal and financial information, Equifax and its counterparts in the credit reporting industry should focus on protecting information from identity thieves,” said Christine Hines, legislative director at National Association of Consumer Advocates (NACA).

At Thursday’s hearing, witnesses for the credit reporting industry claimed that their violations of federal protections were merely technical and do not harm anyone despite evidence that consumers have been blocked from accessing credit, housing, and jobs due to industry’s irresponsible handling of consumer information. Industry representatives also used the hearing to bash a rule issued by the Consumer Financial Protection Bureau that would restore consumers’ ability to band together in class actions when harmed by unlawful financial industry practices.

Currently Equifax is rightly being criticized for its handling of the massive data breach. One of many of its missteps – it has inserted forced arbitration clauses in the terms and conditions of various credit monitoring services that it is encouraging affected consumers to enroll in.

“Equifax’s use of forced arbitration clauses and class action bans means that consumers cannot band together in court to seek remedies against it,” said Liz Coyle, executive director of Georgia Watch.  “This is unacceptable and will have disastrous effects on the marketplace.”

NACA and Georgia Watch insist that Rep. Loudermilk withdraw his bill and support consumers’ right to hold bad actors like Equifax fully accountable through the justice system."

Congressional Committee to hold Hearing Regarding Equifax Data Breach

Yesterday, the House Financial Services Committee held a hearing on a bill that would gut the protections of the Fair Credit Reporting Act, which is the only law protecting Americans from the ridiculously inept consumer reporting agencies such as Equifax.

Today, the public learned of a massive data breach of Equifax's treasure trove of secret information regarding consumers, including the full names, Social Security numbers, dates of birth and addresses of approximately 143 Americans.

Now, the House Financial Services Committee released the following press release:

"WASHINGTON – House Financial Services Committee Chairman Jeb Hensarling (R-TX) said his committee will hold a hearing on the Equifax data breach that has potentially compromised the personal information of roughly 143 million Americans.

“This is obviously a very serious and very troubling situation and our committee has already begun preparations for a hearing.  Large-scale security breaches are becoming all too common.  Every breach leaves consumers exposed and vulnerable to identity theft, fraud and a host of other crimes, and they deserve answers,” said Chairman Hensarling.

A date for the hearing will be announced at a later time."

Chairman Hensarling, if you want to protect Americans from data breaches and the damage caused by identity theft, your first step should be to kill HR 2359.  Only the Fair Credit Reporting Act stands in the way of Equifax and the other credit bureaus harming Americans by willfully and knowingly reporting erroneous information on Americans' credit reports.  That is the "answer" you seek.  Have you hearing, but start with killing HR 2359 and let the Fair Credit Reporting Act continue to protect Americans.