Zappos on Sunday confirmed that hackers breached the company’s servers and accessed personal data belonging to many of its customers. The Amazon-owned shoe retailer known for top-notch service and surprising customers with express shipping at no extra cost confirmed that personal data from 24 million accounts was accessed during a recent security breach. The hackers gained access to range of sensitive data including user names, encrypted passwords, customer names, email addresses, phone numbers and the last four digits of credit card numbers. The company stated that full credit card numbers were not compromised. As a security measure, Zappos reset the passwords of all affected customers and sent out emails alerting them to the situation. The company’s full email to customers follows below.

First, the bad news:

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

THE BETTER NEWS:

The database that stores your critical credit card and other payment data was NOT affected or accessed.

SECURITY PRECAUTIONS:

For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.

We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.

PLEASE CREATE A NEW PASSWORD:

We have expired and reset your password so you can create a new password. Please create a new password by visiting Zappos.com and clicking on the “Create a New Password” link in the upper right corner of the web site and follow the steps from there.

We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at passwordchange@zappos.com.

The Carrier IQ scandal has shifted attention from malicious mobile threats to carrier-sourced spyware over the past month, but a new report suggests the threat of more serious mobile malware continues to intensify. More than $1 million was stolen from Android smartphones alone in 2011 according to Lookout Mobile Security, which pulled data from more than a million apps and 15 million handsets around the world to compile its 2012 Mobile Threat Predictions report. The likelihood of an Android user encountering malware grew from 1% to 4% in 2011, and Lookout expects the trend to continue in 2012. Read on for more.

“2011 was a watershed year in terms of the types threats we saw emerging,” Lookout co-founder and CTO Kevin Mahaffey said in a statement. “Threats had greater sophistication and were deployed using more innovative and efficient distribution methods. In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

The firm highlights mobile pickpocketing — malware that steals money by making unauthorized use of carrier billing features — mobile botnets and browser attacks as specific threats that will intensify in 2012. Android users in particular now have a 36% chance globally of clicking an unsafe link, and those odds increase to 40% in the U.S. according to Lookout. The firm’s full press release follows below.

Lookout Unveils 2012 Mobile Threat Predictions: Mobile Pickpocketing, Botnets and Automated Repacking Will Be On the Rise

More than $1 Million Stolen from Android Users in 2011; Likelihood of Annual Malware Infection Rises to 4%

San Francisco – December 14, 2011 – Lookout Mobile Security, the global leader in mobile security, today unveiled its 2012 Mobile Malware Predictions, based on data collected from its Mobile Threat Network, which includes more than one million apps and 15 million user devices worldwide. Mobile threats are on the rise – Lookout estimates that mobile threats successfully stole more than one million dollars from Android users in 2011. In 2012, Lookout predicts that the criminal business of malware will be more profitable than ever before as the possibility of monetizing mobile devices grows and the cost of infecting devices lessens.

In the report, Lookout reveals that the annual likelihood of an Android user encountering malware today has increased to 4% up from a 1% likelihood measured at the beginning of 2011. Web-based mobile threats are also an important component of Lookout’s research, and the company found Android users worldwide have a 36% chance of clicking on an unsafe link in 2011. In the United States, the likelihood of encountering an unsafe link is higher than the global average at 40%. Additionally in the report, Lookout anticipates the methods that would-be thieves will use to target mobile users directly and discusses tips for consumers to protect themselves.

“2011 was a watershed year in terms of the types threats we saw emerging. Threats had greater sophistication and were deployed using more innovative and efficient distribution methods,” said Kevin Mahaffey, co-founder and chief technology officer at Lookout. “In 2012, we expect to see the mobile malware business turn profitable. What took 15 years on the PC platform has only taken the mobile ecosystem two years.”

Mobile Malware Monetization Trends

Mobile Pickpocketing (SMS/call fraud). In 2012, Malware writers will continue to steal money directly from consumers by accessing their mobile devices’ ability to charge phone bills via SMS billing and phone calls. Earlier this year, Lookout identified GGTracker, the first mobile malware that steals money from users in the U.S and earlier this week Lookout identified another Android Trojan, RuFraud, targeting Eastern European users.

Botnets. To date, Lookout notes botnet networks have yet to be used at scale. In 2012, Lookout anticipates malware writers could secretly integrate thousands of mobile devices into extensive botnet-like networks to distribute spam, steal private info, and install other malware. DroidDream and Geimini are examples of botnets.

Vulnerable Phones. Due to the difficulty of updating software and patching vulnerabilities on mobile phones, malware writers will continue to exploit iOS and Android OS at a pace greater than vulnerabilities can be resolved.

Mobile Malware Distribution Trends

Automated Repackaging. Malware writers will develop tools that enable the automatic repackaging of malicious applications. Lookout has seen instances where several infected apps were packaged by the same developer within a matter of seconds – quicker than someone could do manually – so the means for automated repackaging may already be in existence.

Browser Attacks. As with PC-based threats in the past, malware writers will attempt to profit via Web-based distribution like email, text messages and fraudulent websites. Even iOS devices have been targeted by websites designed to jailbreak them. In 2012, Lookout expects a continued increase in mobile phishing and messages linked to websites that automatically install malware.

Malvertising. Instances of malvertising (genuine-looking advertisements that link back to fraudulent sites) will continue to increase. Given this method has been successful with Trojans like GGTracker, we expect other malware writers to try similar distribution tactics.

For the in-depth predictions, data and accompanying graphics, please see Lookout’s Mobile Malware Predictions: http://blog.mylookout.com/blog/2011/12/12/2012-mobile-threat-predictions.

Lemko Corporation, a private software and systems developer, on Wednesday filed a complaint against Motorola Mobility alleging that it stole trade secrets and is financially benefiting from the misappropriation of Lemko’s source code. The company claims that Motorola hired an engineer who developed unique, protected code while employed by Lemko, and proceeded to implement the source code on Motorola’s servers without licensing the technology. The code in question relates to server side network-based positioning technology. Read on for more.

“Lemko is committed to protecting itself against the theft of its software,” Lemko’s Raymond Minkus said in a statement. ”Lemko will vigorously defend its intellectual property rights and will exercise its legal rights to prevent Motorola’s illegal sale which would result in the fraudulent conveyance of our source code to Google.”

The complaint goes on to allege that Motorola admitted to Lemko that the code in question was present on its servers, and later attempted to conceal the unauthorized use of this technology by moving related development work to China. “By destroying evidence of its misappropriation, Motorola has also engaged in willful, deliberate and malicious conduct and is, therefore, subject to increased damages under the Illinois Trade Secrets Act, 765 I.L.C.S. Section 165/4(b),” Lemko’s complaint states. “Motorola’s conduct was done voluntarily and intentionally and its misappropriation is not the result of a mistake or accident. Further, Motorola’s acts were malicious, in that they were accompanied by a conscious and wanton disregard of Lemko’s rights.”

Based in Schaumburg, Illinois, Lemko bills itself as “a premier IP software company that provides a complete mobile system on a server at the cell site (RAN) distributing the core intelligence to the edge and fulfilling the ITU’s vision for 4G next generation networks.” This new complaint is the latest move in an ongoing legal battle between Lemko and Motorola Inc. that has lasted more than three years. The company’s full press release follows below.

Lemko Alleges Motorola Mobility
Using Stolen Source Code In Cellular Phones;
Complaint Details “Intentional” Misappropriation,
International Transfer For Commercialization

CHICAGO, IL (November 17, 2011) –  Lemko Corporation, a small US
developer of cellular broadband networking software and systems, filed
suit today in Cook County Circuit Court alleging that Motorola
Mobility Holdings, Inc., is financially benefitting from the use of
misappropriated trade secrets in all cellular phones.

The complaint details the alleged pilfering of Lemko’s network-based,
position-determining entity (“PDE”) source code by Motorola Mobility
and its predecessor Motorola, Inc.  The complaint provides the
specific chronology, including Motorola’s hiring of a Lemko engineer
responsible for creating the unique code and the surreptitious actions
of exporting the secret source code to Motorola’s operations in China.

Lemko’s unique software-based PDE and accompanying source code can be
embedded in every base station and in every cellular phone. Lemko’s
PDE system when combined with A-GPS technology helps determine a
cell phone’s precise geo-location. The ability to calculate and send
location information is central to the success of timely response to
E911 emergency calls and many other appications that use geo-location.

The complaint is the first brought by Lemko against Motorola Mobility,
based in Libertyville, IL., which was created in January 2011 upon the
break up of Motorola, Inc. It has been widely reported that Motorola
Mobility is in the process of being sold to Google for $12.5 billion,
mainly for its cellular patents and intellectual property.

Raymond Minkus, spokesman for Lemko, said, “Lemko is committed to
protecting itself against the theft of its software.  Lemko will
vigorously defend its intellectual property rights and will exercise
its legal rights to prevent Motorola’s illegal sale which would result
in the fraudulent conveyance of our source code to Google.”

The suit alleges that Motorola has admitted that Lemko’s secret source
code was present on the company’s servers.  The complaint further
alleges that Motorola sought to conceal its use of Lemko’s secret
source code by exporting it to its China labs and by having Motorola’s
Chinese engineering team integrate the code into its cellular phones.
The complaint asserts Motorola built the Lemko source code into at
least one Motorola handset and tested it on the Sprint network.

Moreover, Motorola is accused of subsequently deleting and destroying
evidence of the code’s usage.

“By destroying evidence of its misappropriation, Motorola has also
engaged in willful, deliberate and malicious conduct and is,
therefore, subject to increased damages under the Illinois Trade
Secrets Act, 765 I.L.C.S. Section 165/4(b),” the complaint states.
“Motorola’s conduct was done voluntarily and intentionally and its
misappropriation is not the result of a mistake or accident.  Further,
Motorola’s acts were malicious, in that they were accompanied by a
conscious and wanton disregard of Lemko’s rights.”

Lemko Corporation (http://www.lemko.com) is dedicated to creating and
providing comprehensive broadband cellular solutions to rural
communities, areas ravaged by disaster and for other special
situations where small subscriber bases and / or problematic events
require lower cost yet easy to implement solutions.

Lemko’s proprietary IP software provides core 4G network technology
that equips carriers, emergency response teams and other mission
critical users of Lemko’s patented “game changing” technology, with
the ability to quickly, easily and economically deploy next generation
mobile broadband systems.

A recent online security breach involving the left of 360,000 credit card numbers will cost Citigroup $2.7 million, the company confirmed to U.S. government officials on Monday. Hackers infiltrated Citigroup servers last month and stole account numbers and personal information associated with over 360,000 Citi-branded credit cards. According to Citigroup, personal information and card numbers from approximately 3,400 cardholders was subsequently used to make about $2.7 million in unauthorized purchases. Citigroup stated that affected customers would be reimbursed for the fraudulent charges. No arrests have been made in association with the breach.

Read

Call it a meeting of minds or call it an unholy matrimony — in either event, the recent rash of high-profile breaches is about to get an adrenaline shot. Hacktivist group Anonymous and a crew of emerging merry hackers known as are joining forces to target the dissemination of government secrets and the defacement of other websites such as those belonging to banks. “As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean,” LulzSec said in a statement on Monday. “Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.” Operation Anti-Security — or AntiSec, as the group has dubbed the mission on Twitter — encourages fellow hackers to “open fire on any government or agency that crosses their path.” Hit the break for Lulz Security’s full statement.

1.  Salutations Lulz Lizards,
2.
3.  As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.
4.
5.  Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.
6.
7.  Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.
8.
9.  Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood.
10.
11. It’s now or never. Come aboard, we’re expecting you…
12.
13. History begins today.
14.
15. Lulz Security,
16. http://LulzSecurity.com/
17.
18. Support: http://www.mithral.com/~beberg/manifesto.html
19. Support: http://www.youtube.com/user/thejuicemedia
20. Support: http://wikileaks.ch/
21. Support: http://anonyops.com/

On its PlayStation Network blog today, Sony gave an official statement on when the PlayStation Network will be back online. The short answer is “at least a few more days.” Sony has also promised that both Qriocity and PSN should be available by May 31, however, so it could take a bit longer, too. Both networks went down after Sony suffered a massive security breach during which hackers stole 12.3 million credit card numbers and compromised personal data from 101 million accounts. “I know you all want to know exactly when the services will be restored,” Sr. Director, Corporate Communications & Social Media Patrick Seybold wrote on Sony’s PSN blog. ”At this time, I can’t give you an exact date, as it will likely be at least a few more days. We’re terribly sorry for the inconvenience and appreciate your patience as we work through this process.”

[Via Reuters]

Read

In its response to a congressional inquiry over recent cyberattacks aimed at several of Sony’s online networks, the company on Wednesday claimed it possessed evidence of hacker activist group Anonymous’ involvement. Sony did state, however, that it could not be certain if Anonymous knowingly carried out Denial of Service attacks in order to facilitate the theft of customer data, or if the group was merely an unwitting pawn in a scheme carried out by more malicious attackers. Anonymous on Wednesday issued a press release denying any involvement with the theft of customer data, which included over 12.3 million credit card numbers. Anonymous does acknowledge that the breach took place while it was carrying out an attack on Sony’s servers, but says it did not not participate in any data theft. The group also claims it did not leave any files on Sony’s servers — Sony stated earlier that it discovered a file called “Anonymous” on its servers following the breaches that contained a portion of Anonymous’ slogan. Hit the break for the full press release.

For Immediate Distribution
Press Release
May 4, 2011
Anonymous Enterprises LLC (Bermuda)

Last month, an unknown party managed to break into Sony’s servers and acquired millions of customer records including credit card numbers. Insomuch as that this incident occurred in the midst of Anonymous’ OpSony, by which participants engaged in several of our standard information war procedures against the corporation and its executives, Sony and other parties have come to blame Anonymous for the heist. Today, in a letter directed to members of Congress involved in an inquiry into the situation, Sony claimed to have discovered a file on its servers, presumably left by the thieves in question, entitled “Anonymous” and containing a fragment of our slogan, “We are Legion.” In response, we would like to raise the following points: 1. Anonymous has never been known to have engaged in credit card theft. 2. Many of our corporate and governmental adversaries, on the other hand, have been known to have lied to the public about Anonymous and about their own activities. HBGary, for instance, was caught lying a number of times to the press, to the public, and to Anonymous itself (in this phone call, for instance, ( http://tinyurl.com/68pbdj8) CEO Aaron Barr makes a number of untrue statements regarding the intent of his “research,” claiming for instance that he never tried to sell the information to the FBI when e-mails acquired soon showed that he had been set to do just that; executive Karen Burke was also caught lying to Bloomberg about having not seen an incriminating e-mail that she had in fact replied to just a few days before). The U.S. Chamber of Commerce lied about not having seen the criminal proposal created by them for Team Themis; Palantir lied about not having any idea what their employees were up to; Berico publicly denounced a plan that they had actively engaged in creating; etc. There is no corporation in existence will choose the truth when lies are more convenient. 3. To the contrary, Anonymous is an ironically transparent movement that allows reporters in to our operating channels to observe us at work and which has been extraordinarily candid with the press when commenting on our own activities, which is why reporters prefer to talk to us for truthful accounts of the situation rather than go to our degenerate enemies to be lied to. 4. Whoever broke into Sony’s servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history. No one who is actually associated with our movement would do something that would prompt a massive law enforcement response. On the other hand, a group of standard online thieves would have every reason to frame Anonymous in order to put law enforcement off the track. The framing of others for crimes has been a common practice throughout history. 5. It should be remembered that several federal contractors such as HBGary and Palantir have been caught planning a variety of unethical and potentially criminal conspiracies by which to discredit the enemies of their clients. This is not a theory – this is a fact that has been reported at great length by dozens of journalists with major publications. Insomuch as that our enemies have either engaged in or planned to engage in false flag efforts, it should not be surprising that many of the journalists who have covered us, who know who we are and what motivates us – and who have alternatively seen the monstrous behavior of those large and “respectable” firms that are all too happy to throw aside common decency at the behest of such clients as Bank of America and the U.S. Chamber of Commerce – also have their suspicions that some capable party performed this operation as a means by which to do great damage to Anonymous in the public eye. Those who consider such a prospect to be somehow unlikely are advised to read about what was proposed by Team Themis in their efforts to destroy Wikileaks, and should otherwise take a few minutes to learn about COINTELPRO and other admitted practices by the U.S. intelligence community. The fact is that Anonymous has brought a great deal of discomfort to powerful entities such as Booz Allen Hamilton, Palantir, and much of the federal government; the Justice Department in particular is likely unhappy that our efforts revealed that it was they themselves who recommended the now-discredited “law firm” Hunton & Williams to Bank of America in order that the latter might better be able to fight back against Wikileaks. All of this is now public record, and anyone who finds it laughable that those or other entities may have again engaged in tactics that they are known to have engaged in in the past is not qualified to comment on the situation. Anonymous will continue its work in support of transparency and individual liberty; our adversaries will continue their work in support of secrecy and control. The FBI will continue to investigate us for crimes of civil disobediance while continuing to ignore the crimes planned by major corporations with which they are in league.

We do not forget, even if others fail to remember.
We not forgive, even if others forgive our enemies for those things for which we are attacked.
We are legion, and will remain so no matter how many of our participants are raided by armed agents of a broken system.
We are Anonymous.

Charges have been filed by federal prosecutors in Seattle against a Microsoft employee accused of wire fraud. Robert D. Curry was arrested Tuesday morning and charged with stealing $515,000 from Microsoft using a series of wire transfers sent from Microsoft to Curry’s bank account. According to Curry, the transfers were payments for services rendered but prosecutors contend that Curry provided no such services. According to the charges, Curry created a shell company and used one of Microsoft’s vendors, which was unaware of Curry’s actions, to funnel money into his account between April and November last year. The FBI claims Curry collected a series of fraudulent payments from Microsoft, having misled the company by claiming the payments were being made to Microsoft vendor Pentad Solutions. Prosecutors say Curry used the stolen funds to pay for high-end audio equipment, credit card bills and a ski vacation.

Read

HP on Wednesday filed a lawsuit against Adrian Jones, the company’s former head of enterprise sales for the Asia region, to stop him from sharing hundreds of documents he allegedly stole before leaving the company and joining his current employer, Oracle. HP said it had planned to fire Jones earlier this year after having launched an investigation into his expense reports and his alleged relationship with another HP employee who worked beneath him. Jones left the company, however, and HP alleges that he took hundreds of confidential documents, emails and various customer records with him on a USB drive. In the lawsuit, HP calls for the return of all data and seeks damages resulting from the theft of trade secrets. The allegations of fraudulent expenses and inappropriate behavior with a subordinate are strikingly similar to those made against against former CEO Mark Hurd before he was forced to resign last year. Like Jones, Hurd now holds an executive role at Oracle.

Read

Following Google’s recent admission that it accidentally stole passwords, emails and other personal information with its Street View cars, the Federal Trade Commission has decided not to issue any fines. Earlier this week, Google confirmed accusations that its Street View cars — the vehicles Google uses to take Street View images for its popular Google Maps service — inadvertently stole sensitive personal data from various homes with open Wi-Fi networks. Wednesday, the FTC confirmed that a resulting investigation did not find cause to fine Google for its unlawful actions. FTC director for consumer protection David C. Vladeck said the following in a letter to Google:

Google has made assurances to the FTC that the company has not used and will not use any of the payload data collected in any Google product or service, now or in the future. This assurance is critical to mitigate the potential harm to consumers from the collection of payload data. Because of these commitments, we are ending our inquiry into this matter at this time.

[Via CNN]

Read [PDF file]

We’ve seen pretty wild iPhone thefts in the past, some involving serious injury, but you just know it’s bad when Interpol gets involved. Thousands of iPhone 3GS’ were stolen from a Belgian warehouse through a hole in the roof directly above the smartphones, and they’re now surfacing in Russia. The iPhone 3GS is definitely going to be a hot commodity there because of the vast grey/black market and because the 3GS hasn’t been officially released in Russia. If you’re planning on grabbing one of the hot phones, you should think twice. Interpol already has a list of the IMEI numbers on the stolen phones so it’s a matter of time before people start getting caught. We’re just wondering how many of those iPhones might be recovered.

Read

Funny, usually it’s the carriers doing the robbing. According to a recent report in the Wall Street Journal, eight men were indicted yesterday for allegedly using customer data to swindle AT&T and T-Mobile USA out of roughly $22 million worth of cell phones. Two former cell phone shop owners from Brooklyn, NY and six others have been formally charged with conspiracy, mail fraud, wire fraud and aggravated identity theft surrounding the scam. The men reportedly used dealer access to the carriers’ systems in order to obtain customer data, and then used the identities of said customers to obtain handsets without paying for them. If convicted, the perpetrators face up to 20 years in prison on the conspiracy charge alone. Key takeaway: if the recession has hit your cell phone shop hard, it’s probably a good idea to seek out a new line of work rather than exploiting your customers and scamming your suppliers. Just saying.

Read

As sad as it is, it should be no surprise to anyone that theft is a pretty regular occurrence in the electronics industry. Though most mobile retailers take plenty of measures to prevent losses, it’s not possible to keep it from happening 100% of the time. When you’re dealing with third-party retailers and authorized dealers it really becomes difficult to keep all inventory safe as the carrier. So, Rogers is allegedly going to begin taking advantage of an EIR, or Equipment Identity Register, which logs reports of stolen mobile devices and keeps them from being used. According to an internal Rogers document courtesy of one of our ninjas, if a phone is stolen and the IMEI is identified, Rogers will input it into the international registry which prevents it from being used on over 40 GSM networks worldwide. Unless you’re in some obscure country that uses a tiny GSM network, consider yourself out of luck if you have a stolen Rogers device in your hands. For Rogers, the days of the five-finger-discount are over. Hit the link for a copy of the internal document detailing the deterrence plan.

EQUIPMENT IDENTITY REGISTER (EIR )PROGRAM

Over the last several months, there have been thefts at Rogers and Fido stores across the country. These incidents have taken place at our corporate stores, our Dealer stores/ 3rd party stores as well as at various shipping and logistics points.

As part of our ongoing loss prevention program, Rogers Wireless and Fido have joined an international equipment registry to block the usage of stolen handset inventory.

On March 6th, 2009, Rogers Communications Inc will introduce the Equipment Identity Register (EIR) as a continuation of our commitment to safety in the workplace and loss prevention.

When a device is stolen from an authorized retailer, its unique non-transferable IMEI will be blocked in the new Rogers database and inputted into the international registry, effectively preventing the usage of the handset on nearly 40 GSM networks worldwide. This will help deter theft and fraud of Rogers/Fido devices from authorized retailers and support our continued efforts to ensure working environments are safe for employees.

A new step in the “Incident Report” process will allow stores and shipping companies to report stolen inventory along with their police reports to the EIR team as part of standard procedure.

As many of these stolen handsets do end up in the hands of unsuspecting customers who may have purchased them from unauthorized venues such as eBay, Craigslist, HowardForums, etc. it is especially important that you become familiar with the processes, positioning, and FAQ’s related to the EIR project. For your convenience, FAQ’s have been included in this communication.

EIR FAQ’s

What is the EIR?
The EIR (Equipment Identity Register) is a network-level response to store, logistic, and 3rd Party handset theft. The EIR is operated by a dedicated team within Rogers Communications in Toronto.

How is the customer impacted by the EIR?
If a customer is in possession of a handset that was reported stolen, regardless of whether or not they are aware, that handset will not work on the Rogers or Fido network, or on the network of over 40 participating carriers world-wide. It is virtually impossible for the EIR to be circumvented.

How does the customer know their handset has been blocked by the EIR?
The customer’s handset will be unable to connect to the network. Depending on the type of handset, it may display “SOS” or “Emergency Calls Only” onscreen.

How does an in-store representative know that a customer’s handset has been blocked by the EIR?
If a customer enters the store with their own hardware and wishes to activate a line, the representative must use a demo SIM in the customer’s hardware prior to starting the activation process. If the handset is unable to connect to the network or displays an “SOS” or “Emergency Calls Only” error message, the handset may have been placed on the EIR.

What happens if a handset fails this test, and is suspected of having been placed on the EIR?
Diplomatic efforts should be made to inquire where the customer purchased their handset, especially if the device appears brand new. Regardless of whether or not the customer is aware, if they purchased it from an unauthorized source such as eBay, Craigslist, HowardForums, etc. and it fails the above test, the device has most likely been reported stolen.

Is there a way to remove a handset from the EIR?
The only circumstance in which a handset’s IMEI would be removed from the EIR is if the customer has legitimate proof of purchase from an authorized seller of Rogers/Fido products listing the handset’s IMEI and date of purchase.

How would the handset be removed from the EIR?
Please refer to the Library, Retail Web, or Sales Central for detailed instruction on removal procedures during business hours by the EIR team.
How does a store handle EIR-related escalations?
EIR related escalations can be fielded by the EIR team between the hours of operation: Monday – Friday 9am – 10pm EST, Weekend and Holidays 10am – 8pm EST
at Rogers: [redacted], Fido : [redacted] FAX: [redacted]
Email: [redacted]
Escalations should only be initiated if the customer has a valid proof of purchase and all processes have been followed.

What does the customer do now that they have an inoperable handset?
All efforts should be made to reduce the impact on unsuspecting customers. Customers are free to keep the handset, though it would be inoperable in Canada. They can donate their handsets to Phones for Food, or recycle them. Existing customers should be directed to the Hardware Upgrade Process. Customers who have entered the store to activate their own hardware, but do not have a wireless account with Rogers or Fido, should be treated as new customers and offered applicable in-market promotions.

What happens if I do not have a demo SIM / I have already activated the customer’s account and find out the handset is inoperable?
Customers who have not left the store and no longer wish to remain customers when informed of the EIR can have their accounts cancelled through DIG as “Activation in Error”. If a customer still wishes to pursue activation, a second line on the BAN should be created, and the customer should purchase new hardware. The rep may then call into ACC/DIG and perform a “Buyer’s Remorse – EIR” cancellation on the original activation, leaving only the new CTN and new hardware active.

What do I tell a customer if their handset was stolen, and they want it on the EIR list?
Customers who have their phones stolen should contact Rogers to have their SIM card blocked immediately. At this point, the EIR is not able to track and block the IMEI of customers’ handsets but it is an important first step in solving the many issues of theft. Customer inclusion is something we are looking at for a phase two development. We have no further details to announce at this time.

Fresh on the heels of last week’s announcement that they lost confidential data for 17 million customers, T-Mobile on Saturday confirmed that an error in their system exposed the confidential data for 30 million customers. The data breach which included bank account information was easy to access and manipulate online. T-Mobile quietly introduced a new security system on Friday that immediately closed the security hole and assured customers that no theft of the exposed data had occurred. After last week’s revelation and now this security breach, sounds like T-Mobile should spend more time shoring up their customer database and less time pushing phones out the door .

Read

“According to our information, even though these details have been put up for sale on the black market, there has not been a buyer.”

Yikes! T-Mobile added that current customers should not be concerned as security procedures have been increased since the theft occurred. We sure hope so. The theft is now part of a judicial inquiry with the German Police and T-Mobile working together “for weeks” to protect the customers affected by the theft. Two years later and now you’re trying to contain the damage? Sounds like that is a little too little and little too late for 17 million of T-Mobile’s customers.

Read