PDA

View Full Version : TwinSpires cyber-attack


Al Gobbi
09-04-2012, 02:50 PM
wonder if its time to consider a switch?

http://www.twinspires.com/content/node/1092002

GaryG
09-04-2012, 02:58 PM
I like PTC, although they do not have NY of Woodbine. Easy to navigate and great customer service. Rich Nilsen (formerly with BRIS) is now with them.

Canarsie
09-04-2012, 03:05 PM
wonder if its time to consider a switch?

http://www.twinspires.com/content/node/1092002

I would think quite the opposite would apply they should be applauded. There are so many companies that don't inform their customers till it gets leaked.

Would you rather have an account with Betfair?

Betfair admits data hack... after 18 months

http://www.pcpro.co.uk/news/security/370261/betfair-admits-data-hack-after-18-months

Sure the authorities told them to withhold information from their clients. I have a bridge to sell them if they believe it.



Criminals hack into Betfair's servers in Malta and the UK


http://www.timesofmalta.com/articles/view/20111004/local/criminals-hack-into-betfair-s-servers-in-malta-and-the-uk.387727

Milkshaker
09-06-2012, 01:10 PM
Received my letter in the mail today that my account was breached...Typical legal-speak ass-covering Churchill corporate nonsense...Nothing they are offering me is of interest (I find credit freezes to be a hassle, not a help).

Still, in an odd way, this is preferable to cashing a signer at the racetrack and having to hand over my SSN to some mutuels cretin...Ugh...Talk about high security risk.

lamboguy
09-06-2012, 01:48 PM
Received my letter in the mail today that my account was breached...Typical legal-speak ass-covering Churchill corporate nonsense...Nothing they are offering me is of interest (I find credit freezes to be a hassle, not a help).

Still, in an odd way, this is preferable to cashing a signer at the racetrack and having to hand over my SSN to some mutuels cretin...Ugh...Talk about high security risk.i hope you hit many more signer's in your life!

kingfin66
09-06-2012, 07:15 PM
I am very concerned that the attack happened on August 3rd, but I was notified via letter on September 6th. Also, there is no mention of my bank info, but I have to assume that was compromised as well. I blame the bad guys much more than Twinspires, but I strongly believe they should have notified me immediately rather thn more than a full month after the hacking occurred. Inexcusable. Gotta get going...have to try to safeguard my identity.

GameTheory
09-06-2012, 07:21 PM
My identity ain't worth shit. They're welcome to it.

riskman
09-06-2012, 07:27 PM
My identity ain't worth shit. They're welcome to it.


Good one GT, and they can have my bills too.

Beachbabe
09-06-2012, 07:34 PM
Got my letter today. :eek:

picojim
09-06-2012, 11:36 PM
Got my letter today. :eek:

got one as well :eek:

PaceAdvantage
09-06-2012, 11:41 PM
Didn't they say it was a minority of customers? Sounds like many people got them here...

PhantomOnTour
09-06-2012, 11:46 PM
Scary stuff...luckily i haven't gotten a letter yet.

TexasDolly
09-07-2012, 07:10 AM
Didn't they say it was a minority of customers? Sounds like many people got them here...

I have an idea the full story is not out yet .In addition, maybe they weren't able to determine what other accounts were involved. That to me is a distinct possibility.
TD

Grits
09-07-2012, 08:11 AM
The notice reads like a crock. The entire piece is vague. They aren't telling their customers a damn thing, they're only downplaying, and making arrangements with their choice of contractor in the event YOU have problems.

It should be all over Blood Horse and DRF's home pages.

bettheoverlay
09-07-2012, 08:16 AM
I received my letter yesterday. I've never been on twinspires betting site but have downloaded files from brisnet for years. So it must be widespread. They're telling me ssn and email were compromised, nothing about credit card information. Is there something I should do?

Grits
09-07-2012, 09:52 AM
I received my letter yesterday. I've never been on twinspires betting site but have downloaded files from brisnet for years. So it must be widespread. They're telling me ssn and email were compromised, nothing about credit card information. Is there something I should do?

If they told you your SSN was compromised you have more to worry about than any credit card could theft could create!

EDIT to add:

This should not be BURIED here in the ADW folder. It should be in the racing section where everyone that comes to PA can be sure to learn of the hacking.

Canarsie
09-07-2012, 09:54 AM
Didn't they say it was a minority of customers? Sounds like many people got them here...

There's a chance they had to send it out to everyone to legally cover their ass.

I wonder how many members of this board won't get one within the next seven days.

GMB@BP
09-07-2012, 10:39 AM
There's a chance they had to send it out to everyone to legally cover their ass.

I wonder how many members of this board won't get one within the next seven days.

Got one, and my account was closed by them 5 years ago because I live in Arizona...nice.

Its pretty easy to get SSN's now a days, I think regular monitoring of your information is pretty much a given in todays world, this just confirms it.

bettheoverlay
09-07-2012, 10:52 AM
If they told you your SSN was compromised you have more to worry about than any credit card could theft could create!



I didn't recall ever giving bris my full ssn, when I went to the site today in the application for new signups, they ask for the last 4 digits.

Beachbabe
09-07-2012, 11:02 AM
They say the hackers got "the cryptograpically hashed social security number"

whatever that is.

:confused:

Grits
09-07-2012, 11:15 AM
I didn't recall ever giving bris my full ssn, when I went to the site today in the application for new signups, they ask for the last 4 digits.

I've had the account since 2002. And the entire number was required at that time.

If someone can hack, they can possibly figure out encrypted information, though, of course, I'm certainly not sure of this. Just thinking outloud.

ZAPPOS is the biggest shoe retailer in the world, and as everyone knows, all of their business is online, they were hacked last year. Unlike TwinSpires, they did NOT downplay anything. Emails went out immediately to every customer in their database. They were all over the hacking with staff online to help customers, with changes in security protocols, etc. Their efforts were huge in handling the problem.

But TwinSpires, no, they term it a problem only for a SUBSET, what the hell is a subset, folks? What poor management! Put a blurb on their website, and send you a note, snailmail. :rolleyes:

senortout
09-07-2012, 11:16 AM
Just be sure and google Experian before you take that piece of advice and while you're at it the name signed at bottom of the letter. Man seems to be in the horse racing industry but the job (as googled) seems to have changed.

TexasDolly
09-07-2012, 11:18 AM
They say the hackers got "the cryptograpically hashed social security number"

whatever that is.

:confused:

I got this link from another site. It describes the "hash" process. It essentially says it is very easy for someone to "dehash" the soc.sec. #. In other words it was by no means a safe encryption process.
TD

http://techatftc.wordpress.com/tag/cryptography/

pandy
09-07-2012, 12:47 PM
I got my letter today and I signed up for the free one year Experian Security Package that they offered.

JimG
09-07-2012, 01:29 PM
I'm so lucky I got two letters today. My guess is one was for my brisnet account and one was for my old youbet account. My lucky day! Twin Spires has provided little information and I have not seen much about it anywhere except here and at HTR.

Perhaps Equidaily or Daily Racing Form could add it to their news (I am sure at least one owner or trainer may have had their identity compromised as well). I would like to see HANA involved in pursuit of this as well. Twin Spires needs to come forth with more information and a statement as to why it took so long to notify their customers.

Jim

GameTheory
09-07-2012, 01:33 PM
I got this link from another site. It describes the "hash" process. It essentially says it is very easy for someone to "dehash" the soc.sec. #. In other words it was by no means a safe encryption process.
TD

http://techatftc.wordpress.com/tag/cryptography/That article is totally misleading. If it was properly hashed and encrypted, it should be impossible to recover because the hacker would also need the hashkey (the password, essentially) and to know the hashing function. The function would be easy enough to guess (or to try all the usual ones), but the key would be impossible to determine. What the article describes is something being hashed, but not really encrypted at all as they are doing it with no hashkey. I'm not talking about the account password, but a long and random bunch of bits, and so to uncover your SSN the way the article describes they'd have to guess far more than just your SSN, and what they'd have to guess would be random so they'd have no way of recognizing when they got it right as they imply.

So what they means is if the hackers got *only* the encrypted data and not the key to unlock it (which should not exist on that system, but people are dumb so it may) then the data will remain safe -- it will just be gibberish.

JustRalph
09-07-2012, 02:41 PM
Joined "win ticket" that became twin spires in 2001

No letter yet?

I also use brisnet

Why are they not sending emails?

I already have fraud protection in place on the same account I use with twin spires. This sucks.......

TexasDolly
09-07-2012, 02:46 PM
That article is totally misleading. If it was properly hashed and encrypted, it should be impossible to recover because the hacker would also need the hashkey (the password, essentially) and to know the hashing function. The function would be easy enough to guess (or to try all the usual ones), but the key would be impossible to determine. What the article describes is something being hashed, but not really encrypted at all as they are doing it with no hashkey. I'm not talking about the account password, but a long and random bunch of bits, and so to uncover your SSN the way the article describes they'd have to guess far more than just your SSN, and what they'd have to guess would be random so they'd have no way of recognizing when they got it right as they imply.

So what they means is if the hackers got *only* the encrypted data and not the key to unlock it (which should not exist on that system, but people are dumb so it may) then the data will remain safe -- it will just be gibberish.

Hi GT, Thanks for the insight. I guess you are saying that TS probably used a hashkey as opposed to the article which implied,I guess, that none was used ,hence, "dehashing" was possible.
It would make sense certainly to use one I would think.

In my ignorance I assumed that a "hash" was a standard
function and hence an index of all combinations could easily be generated (there are less than 400 million combinations for 9 digit ssn# .
I should have realized that some sort of "hashkey" was way more apt to have been used(and likely required) than not. I hope that this was the case.
Your thoughts, were as usual, very much appreciated.

TD

GameTheory
09-07-2012, 02:51 PM
Hi GT, Thanks for the insight. I guess you are saying that TS probably used a hashkey as opposed to the article which implied,I guess, that none was used ,hence, "dehashing" was possible.
It would make sense certainly to use one I would think.

In my ignorance I assumed that a "hash" was a standard
function and hence an index of all combinations could easily be generated (there are less than 400 million combinations for 9 digit ssn# .
I should have realized that some sort of "hashkey" was way more apt to have been used(and likely required) than not. I hope that this was the case.
Your thoughts, were as usual, very much appreciated.

TDWell, we know that at least the first level or two of their security wasn't good enough -- we can only hope that the remaining parts are up to snuff. There are very sophisticated ways of cracking these things -- it certainly isn't impossible depending on exactly what was stolen and how it is encrypted, etc. No way to know, but in any case it wouldn't be nearly as simple as the method in that article.

Are they telling everybody to make new passwords or what? If they had stolen the account database they ought to be. Doesn't seem like they are, so they must have gotten to some backend stuff. Who knows?

deathandgravity
09-07-2012, 03:00 PM
The letter (lucky me... I got 2!) did state that the SN was cryptographically hashed. So without the key or hash method... decryption would be very hard.

Not impossible - most encryption methods have been hacked, but you are looking a years of brute-force effort. (unless you are the NSA)

As GT said... if they left the key on the system... well that's a different story. 25 years of IT & IT Security... seen some very stupid stuff

http://www.insidepro.com/hashes.php

Cheers

Grits
09-07-2012, 03:16 PM
Well, we know that at least the first level or two of their security wasn't good enough -- we can only hope that the remaining parts are up to snuff. There are very sophisticated ways of cracking these things -- it certainly isn't impossible depending on exactly what was stolen and how it is encrypted, etc. No way to know, but in any case it wouldn't be nearly as simple as the method in that article.

Are they telling everybody to make new passwords or what? If they had stolen the account database they ought to be. Doesn't seem like they are, so they must have gotten to some backend stuff. Who knows?

This is what I received via email a few minutes ago. They made no mention, as you can see, of usernames or passwords.

Yes, some of your personal information was accessed, including your name, address, phone, cryptographically hashed SSN, date of birth and email address. However, according to our independent security experts, there is no evidence any usernames, passwords, credit card or bank account information was accessed.

Because we respect your privacy, we have arranged with Experian to provide you with free identity protection services that include credit monitoring of all three credit bureaus for a year. If you have not already received a letter, you should soon get a letter from Experian with all the information needed to go about setting up this protection.

Your account with Equifax should cover the same type of protection, but as a courtesy we are providing this through Experian in case you wanted to go that route.

We are sorry any inconvenience this may have caused you.

Grits
09-07-2012, 03:21 PM
I guess my thought is leaning towards, who the hell cares if my username and password was stolen on a betting account. Its not like this is where my investments, or the bulk of my net worth is located. Seriously, folks!

Really, who cares. TwinSpires just wants you to keep sending in those bets to your wagering account, while their security experts figure all this @#$% out. Good luck, guys.

GameTheory
09-07-2012, 03:25 PM
I guess my thought is leaning towards, who the hell cares if my username and password was stolen on a betting account. Its not like this is where my investments, or the bulk of my net worth is located. Seriously, folks!

Really, who cares. TwinSpires just wants you to keep sending in those bets to your wagering account, while their security experts figure all this @#$% out. Good luck, guys.Well, let's say you are like most people and tend to use the same password for different accounts -- if they have your name and your email and ONE password that you used, well they might be able to break into some more of your accounts, and from there, some more, etc etc. That's just one example.

It does bug me that they say encrypted SSN only and not encrypted everything. So that does make the SSN part much easier to crack because they do know what they are looking for (sort of) rather than just a blob of random data. Let's hope they used a strong "salt" in the hash...

Grits
09-07-2012, 03:34 PM
Well, let's say you are like most people and tend to use the same password for different accounts -- if they have your name and your email and ONE password that you used, well they might be able to break into some more of your accounts, and from there, some more, etc etc. That's just one example.

It does bug me that they say encrypted SSN only and not encrypted everything. So that does make the SSN part much easier to crack because they do know what they are looking for (sort of) rather than just a blob of random data. Let's hope they used a strong "salt" in the hash...

GT, every single online account, be it here, anywhere .... every one I have has a different password. Its hard to keep up with them at times, but each is different and anything having to with a credit card, ie, Amazon, is a complex combination of letters and numbers.

Here's a bit on the Zappos hack. And I did change that password right away. As soon as they notified me.

http://money.cnn.com/2012/01/16/technology/zappos_hack/index.htm

Tom
09-07-2012, 03:50 PM
Didn't they say it was a minority of customers? Sounds like many people got them here...

Why would they tell the truth?

This was posted at HTR....we may be in trouble here.
http://techatftc.wordpress.com/tag/cryptography/

I am closing my account immediately.

I will sign up with NYRA tonight.
From now on, now ADWs that aren't run by a racetrack.

Tom
09-07-2012, 03:51 PM
They say the hackers got "the cryptograpically hashed social security number"

whatever that is.

:confused:

A welcome mat for anyone with a half a brain.

http://techatftc.wordpress.com/tag/cryptography/

Tom
09-07-2012, 03:54 PM
Johnny D from Xpressbet is on Byk's show every week.
I'll be calling this week.

Beachbabe
09-07-2012, 05:33 PM
This is what I received via email a few minutes ago. They made no mention, as you can see, of usernames or passwords.


Thats the same form letter I got, Grits. I'm hoping if they did get my username & password, they can pick more winners than I have this year.

BIG HIT
09-07-2012, 06:04 PM
Just got a letter from twinspires that my account has been hacked of all my info email social security # my name anddate of birth.
My account has been dorment for year.Anybody else get a letter? thought would have been destroyed by now

Grits
09-07-2012, 06:51 PM
Thats the same form letter I got, Grits. I'm hoping if they did get my username & password, they can pick more winners than I have this year.

You and me both, Beach! :lol:

Mike at A+
09-07-2012, 07:46 PM
I got the same letter today. Hopefully the hacker will make a deposit for me.

SpotPlays
09-07-2012, 08:19 PM
Didn't they say it was a minority of customers? Sounds like many people got them here...

This is total BS. Everyone I know who has a twinspires account has received the letter. I am really upset about receiving a letter saying my account with SSN was hacked back on August 3rd. This is serious stuff since we are talking about SSN and identity fraud. Ask anyone who has ever had their identity stolen.

Extremely disappointed

fast4522
09-07-2012, 08:29 PM
The letter is not out of Kentucky, looks like they may be selling names and address info or actually own one company that is selling identity theft protection. The profit margins are so thin that company's risk alienating the customers they have all over this country. With the current set of lawmakers we now have anythings possible with loopholes in what a company can do. Just look at what mortgage company's were able to perpetrate with help from key chairmen overseeing things in the Congress. The paper smells???

HTRFGuy
09-07-2012, 09:37 PM
Just got a letter from twinspires that my account has been hacked of all my info email social security # my name anddate of birth.
My account has been dorment for year.Anybody else get a letter? thought would have been destroyed by now

I got the same letter. I have concluded that it is s third-party pitch to sell identity protection insurance! I don't think that there was any hacking at all. Other than log onto the twinspires website several years ago, I never opened an account because I will not provide my SSN online to anyone! The letter says my hashed SSN was compromised which is not true given they do not have my SSN. This is a scam it seems to me. The letter has no letterhead nor a signature line with any organizational ID.

PaceAdvantage
09-07-2012, 10:26 PM
How can you log onto the twinspires site if you never opened an account?

Tom
09-07-2012, 10:31 PM
They do not deserve to continue to operate.
If the fed do not shut them down, it is up to the customers to abandon them.

GameTheory
09-07-2012, 11:45 PM
I haven't gotten a letter.

Tom
09-08-2012, 12:40 AM
A

duncan04
09-08-2012, 12:50 AM
I haven't gotten a letter.

Either have I. Makes you wonder if any other ADW has been hacked and those ADW's are taking the betfair apporach?

BIG HIT
09-08-2012, 09:16 AM
Got letter saying hacked 8-3-012 limited to my name and cryptographically ssn birth date and email address.My account been dorment for year's.How long do they keep such info.?

BIG HIT
09-08-2012, 09:32 AM
How do i know if been hacked.? Seem's like you could be hoax letter if so should do nothing or what computer for dummy dozen't cover this.LOL
How are you guy's going to handle this and i don't recall twinspires asking for ssn not sure though did they ask for ssn.?
Don't remenber as been to many years ago supposedly hack 8-3-012

Itamaraca
09-08-2012, 09:39 AM
How do i know if been hacked.? Seem's like you could be hoax letter if so should do nothing or what computer for dummy dozen't cover this.LOL
How are you guy's going to handle this and i don't recall twinspires asking for ssn not sure though did they ask for ssn.?
Don't remenber as been to many years ago supposedly hack 8-3-012

you don't seem too well informed. I'd suggest not commenting on the matter.

Itamaraca
09-08-2012, 09:59 AM
I think the way to go, for those concerned about identity theft, is to place a security freeze on your credit report with each of the credit reporting agencies. I've just started looking into this but you can apparently do it online and by phone (and mail) and there is no cost (or nominal cost, depending on your state).

Here's the link for freezing your report with Esperian:

https://www.experian.com/consumer/cac/RegistrationFreeze.do


Equifax:

https://help.equifax.com/app/answers/detail/a_id/159/noIntercept/1/kw/security%20freeze

Transunion:

http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page


I think this is the best way to go, as you really can't trust anyone with your information these days; it's just the nature of the beast.

And, if you need to have your report looked at at some point, for whatever reason, you can unfreeze it (for a nominal fee).

Mike at A+
09-08-2012, 10:02 AM
Wouldn't it be fairly expensive for someone to send out "hoax letters" when probably less than .000001% of the population actually HAS a Twin Spires account? Sounds like one of three possibilities to me:
1) The letter is real and authorized by Twin Spires
2) Someone (on the inside) sold the information to a third party
3) Someone actually hacked into their database

Shelby
09-08-2012, 10:18 AM
:eek: This is freaking me out!

I don't think I've gotten a letter yet, but I'm terrible about thinking everything is junk mail. I wish I had known this sooner and I'd have paid more attention.

JustRalph
09-08-2012, 10:41 AM
you don't seem too well informed. I'd suggest not commenting on the matter.

2nd the motion.

Grits
09-08-2012, 10:41 AM
You're saying you can't trust anyone, yet you're doing exactly that--another website.

I don't think I'll be doing either. Why would I want to give out my SSN and all other info online, once again--when I can walk into my banker's office, have this done, and know its going through proper channels.

RULE #1. Never give your SSN over the phone or online to anyone--speaking or automated. Not wise.

I think the way to go, for those concerned about identity theft, is to place a security freeze on your credit report with each of the credit reporting agencies. I've just started looking into this but you can apparently do it online and by phone (and mail) and there is no cost (or nominal cost, depending on your state).

Here's the link for freezing your report with Esperian:

https://www.experian.com/consumer/cac/RegistrationFreeze.do


Equifax:

https://help.equifax.com/app/answers/detail/a_id/159/noIntercept/1/kw/security%20freeze

Transunion:

http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page


I think this is the best way to go, as you really can't trust anyone with your information these days; it's just the nature of the beast.

And, if you need to have your report looked at at some point, for whatever reason, you can unfreeze it (for a nominal fee).

Itamaraca
09-08-2012, 10:49 AM
You're saying you can't trust anyone, yet you're doing exactly that--another website.

I don't think I'll be doing either. Why would I want to give out my SSN and all other info online, once again--when I can walk into my banker's office, have this done, and know its going through proper channels.

RULE #1. Never give your SSN over the phone or online to anyone--speaking or automated. Not wise.

Try to get a grip. These companies already have this information. And do you really think giving your information to your bank is SAFER? :lol:
You have any idea how many bank databases have been cracked? Only difference is that they don't make it public knowledge. They do, however, try to deflect blame by claiming that most intrusions are the result of people giving out their information through fraudulent emails that claim to have originated from their bank. Ever get one of those? They're laughable. No way anyone falls for them.

How about the government? Do you trust them with your information? Cause they've been cracked as well. :lol:

You're really terribly uninformed here.

magwell
09-08-2012, 10:58 AM
I got my letter today, so far since this happened I'm getting a lot of span that i never used to get, i was always under the radar, but now i'm getting like 30 a day more than normal......

BIG HIT
09-08-2012, 11:03 AM
Went to site no where could i find to put activation code.?Place more like store and said you can sign up for protectmyid free for 30 days. and then notify them or you will continue to be charged
Nothing about twinspires

Grits
09-08-2012, 11:28 AM
Talk about getting a grip, try talking to yourself first, instead of trying to be cute and condescending to others.

Sure, they have the information, yes, so try telling this stuff to 3rd graders. Do you actually believe you're the only person in this room familiar with Equifax, etc.

I do what I know works, what's worked for years. I don't do what TwinSpires suggests. Having personal and commercial accounts, owning a business for almost 30 years, I haven't been screwed by a bank yet. Not a single time. Nor have I, them. Yeah, I'll trust my bankers before I trust TwinSpires all day. They've done a half crocked job, a month after the fact, informing their customers? So, I'm really gonna go with their form letter and their advice.

I don't know how much commercial or personal banking you've done or if you even have a bank account, but I bet I'm as well informed as you are. Most likely, better. All day. Anyone can yack about the obvious. :rolleyes:

Try to get a grip. These companies already have this information. And do you really think giving your information to your bank is SAFER? :lol:
You have any idea how many bank databases have been cracked? Only difference is that they don't make it public knowledge. They do, however, try to deflect blame by claiming that most intrusions are the result of people giving out their information through fraudulent emails that claim to have originated from their bank. Ever get one of those? They're laughable. No way anyone falls for them.

How about the government? Do you trust them with your information? Cause they've been cracked as well. :lol:

You're really terribly uninformed here.

illinoisbred
09-08-2012, 11:29 AM
I got my letter today, so far since this happened I'm getting a lot of span that i never used to get, i was always under the radar, but now i'm getting like 30 a day more than normal......
I got my letter yesterday and same here,lately 30-50 spams daily above and beyond usual.

precocity
09-08-2012, 11:56 AM
I got my letter yesterday and same here,lately 30-50 spams daily above and beyond usual.
same here? :confused:

BIG HIT
09-08-2012, 12:34 PM
Was just saying got the same letter the restwas reference to HTRGUY post as thought he had some valid remark's.But will not post here any more about it

Jeff P
09-08-2012, 12:57 PM
I got the letter too. This initially had me scratching my head because I have never once used Twinspires.com to place a bet. It turns out that I had given my ssn# to Brisnet several years ago as a requirement for playing in a few online contests there (before Twinspires acquired Brisnet.)

From here, I think it best to simply assume someone unscrupulous has my name, address, email, phone, ssn#, date of birth, and Brisnet/Twinspires account logon info.

I find it highly unlikely that whoever hacked into the Twinspires database will decide to use my Brisnet/Twinspires account logon info to log into the Brisnet site and download several hundred dollars worth of data files and/or handicapping reports. :D

That's not what hacking the Twinspires database was about.

I find it far more likely that whoever hacked into the Twinspires database will sell my personal info to someone (or multiple someones) who are likely to do far worse.

I fully expect that at some point in the future someone is going to open up credit card accounts or obtain unsecured personal loans in my name. I further expect that someone to use accounts opened up in my name to get cash advances, purchase items that can be converted into cash, or possibly purchase expensive vacations as if they were me - in other words run up substantial balances in my name - and never once pay for cash or items received... leaving my credit report a shambles in the process.

That's what hacking the Twinspires database is all about.

Q. What should I do from here?

I did some poking around on the web and found what appears to be very good .pdf document on the US Gov FTC site.

What to do if your identity is stolen:
http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.pdf


Jeff Platt
President, HANA



.

picojim
09-08-2012, 01:13 PM
Went to site no where could i find to put activation code.?Place more like store and said you can sign up for protectmyid free for 30 days. and then notify them or you will continue to be charged
Nothing about twinspires
http://www.protectmyid.com/default.aspx?sc=670964

JustRalph
09-08-2012, 01:44 PM
I canceled my twinspires account after 12 yrs. will call my bank and ask them to close the account tied to it.

This is a huge pain in the ass. The possibilities of this data being valuable vary greatly from user to user. It depends on how you conduct business on the net.

For some the threat level will be almost nil. For others who are active Internet shoppers, bill payers etc, it could be huge.

I recommend every person who has a Tspires account and uses the same

Username
Password
Credit card

Anywhere else, change passwords credit cards and usernames (if u can) some places won't let you change usernames.

I have some experience dealing with this stuff. It's happen to me before. They don't need to get every piece of information about you from twinspires, putting together a puzzle of information over time is how the big boys do it. And they are in no hurry. This could hurt you five years from now.

Btw, don't believe everything they tell you. There are several layers of people trying to cover their asses, from the IT guys up. I can only assume it's worse than what they relate.

Fitting end to my participation in the game. From now on if I bet a race, it will be in person at a window.

GameTheory
09-08-2012, 02:11 PM
Got my letter today.

Itamaraca
09-08-2012, 02:20 PM
Got my letter today.

Everybody is getting the letter, apparently. Interestingly, I read a couple of articles on the breach and in both cases they write:

According to Churchill Downs security experts, there is no evidence any usernames, passwords, credit card or bank account information was accessed. Hackers were only able to access names, date of birth, email addresses and completely encrypted social security numbers.

Completely being the key. The letter has 'cryptographically hashed social security number, date of birth and email address'.

wisconsin
09-08-2012, 02:34 PM
I don't have the letter in front of me, but doesn't it say that they have procured a credit protection service for everyone for one year?

LAP_520
09-08-2012, 02:35 PM
Went to site no where could i find to put activation code.?Place more like store and said you can sign up for protectmyid free for 30 days. and then notify them or you will continue to be charged
Nothing about twinspires

www.protectmyid.com/redeem (http://www.protectmyid.com/redeem) is the site they ask you to go to.

OR call by phone ( suggest you key *70 first ) then, dialtone comes back on, then dial the "experts" (phone operators ) at the privacy hotline, toll free number they show under the website address in the letter.

For warn you..... they will ask for your name, SSN, birthdate, address, email address...security question, . all the stuff that is dangerious to give out. Mention to them the twinspires letter, and they will then ask you for the website address the letter supplies and then the activation code........protection for a year free. Forget about trying to get any more info....they will re read you the letter....

Process takes a few minutes over the phone that is why I said to key * 70 in before you dial. Eliminates annoying beeps when someone is trying to reach you, while on the phone.


All that to set you up to monitor your credit report daily free for a year, sending you emails every time someone looks or trys to change info on the credit report. Yearly fee is around $160. there after.

The website is a divison of Experian. Does not this sound more like a "sales pitch".

PaceAdvantage
09-08-2012, 02:38 PM
I don't have the letter in front of me, but doesn't it say that they have procured a credit protection service for everyone for one year?While it's better than nothing, it's not going to do much to stop someone from doing what Jeff wrote about.

It might alert you to the fact someone is stealing your identity earlier than had you not had this protection, but it's not going to stop it from happening, if what I'm reading is correct.

PaceAdvantage
09-08-2012, 02:42 PM
Does not this sound more like a "sales pitch".It's not a sales pitch if you never pay them anything.

PaceAdvantage
09-08-2012, 02:42 PM
Threads merged (this one with one that existed in off-topic)

JustRalph
09-08-2012, 03:35 PM
Having full name and birthdate is huge

Don't underestimate what can be put together

LAP_520
09-08-2012, 04:24 PM
It's not a sales pitch if you never pay them anything.

Very true.....

However, they will ASK after one year to "renew" at the going rate ( or might get a little discount ...... so the operator said. )

ceejay
09-08-2012, 05:12 PM
They've done a half crocked job, a month after the fact, informing their customers?
This is the inexcusable part of the mess.

Grits
09-08-2012, 05:26 PM
Having full name and birthdate is huge

Don't underestimate what can be put together

This alone, can take one down. I have been told this for many years. Believe it. Don't ever doubt it. Never give out your birthdate online. Lie. And this is the only time one should urge anyone to lie. I'm sorry if I sound harsh or paranoid, but this much, like Ralph, I do know.

Grits
09-08-2012, 05:31 PM
This is the inexcusable part of the mess.

Zappos was all over their hacking in less than 48 hours. This is why Twin Spires wagering platform should be closed. This is why this topic should be in the racing folder and why it should be on the front of DRF and the Blood Horse's websites to allow others to quickly see this for the debacle that it is. They care absolutely nothing about bettors. They think ALL are stupid. .... And in this, they are sadly mistaken.

PaceAdvantage
09-08-2012, 05:32 PM
But your name and birthday ARE online...whether you've ever given it out or not...

For instance, this website that TwinSpires has given everyone free access to for a year? They have ALL your information, since they are a credit rating agency. They have access to all your info, and they verify your identity by matching what you register with to whatever is in their data.

So just because you never give your info out doesn't mean your info isn't already out there, in hundreds of places online...

There isn't much you can do except remain vigilant to any indicators that your identity may already be compromised.

Grits
09-08-2012, 05:47 PM
I guess we're all screwed then, and we can just smile and accept it, PA. Knock on wood--I've had no problems as a result of Zappos, but as I said, they moved quickly. But then, too, I'm pretty sure, and I hope, my banker and my CFA would notify me of anything unusual with any of my accounts.

I've never banked online for this very reason, I don't pay bills online, none of it. I don't want any part of it. The day I can't walk into a bank and make a deposit, or the day I can't write checks out and mail them for monthly expenses--its time for me to hang it up.

Grits
09-08-2012, 05:56 PM
While it's better than nothing, it's not going to do much to stop someone from doing what Jeff wrote about.

It might alert you to the fact someone is stealing your identity earlier than had you not had this protection, but it's not going to stop it from happening, if what I'm reading is correct.

I think Jeff is exactly right, and you are as well. Experian also wants to keep you indebted beyond the given free year for $16.95 per month for who knows how long. Again, this is half *** on Twin Spires part.

Beachbabe
09-08-2012, 06:18 PM
Well, I've got Lifelock and I signed up for the free Experian security that Twinspires is giving to us. It's like locking your car & enabling your car's security system.....it may not keep a thief out if he really wants your car, but in most cases it will move him to another vehicle that is less secure.

There's nothing else I can do. I'm not gonna slit my wrists or get a nervous breakdown worrying about it.

Remember folks, your ssn has been out there for years. Anytime you applied for a credit card; took a mortgage on a house; or filed a tax return, somebody got to see your number.

TexasDolly
09-08-2012, 07:58 PM
Well, I've got Lifelock and I signed up for the free Experian security that Twinspires is giving to us. It's like locking your car & enabling your car's security system.....it may not keep a thief out if he really wants your car, but in most cases it will move him to another vehicle that is less secure.

There's nothing else I can do. I'm not gonna slit my wrists or get a nervous breakdown worrying about it.

Remember folks, your ssn has been out there for years. Anytime you applied for a credit card; took a mortgage on a house; or filed a tax return, somebody got to see your number.
That's true Beach,but everyone who saw it didn't have an ulterior motive I don't imagine. Here we can be fairly sure there was malicious intent.
TD

forced89
09-08-2012, 11:47 PM
I got my letter today and I signed up for the free one year Experian Security Package that they offered.

I did the same. It beats doing nothing!

duncan04
09-09-2012, 12:31 AM
Geez am I the only Twinspires user not to get a letter? :confused:

GameTheory
09-09-2012, 01:37 AM
Geez am I the only Twinspires user not to get a letter? :confused:The envelope is not marked -- sorta looks like junkmail...

Tom
09-09-2012, 10:35 AM
I almost threw mine out.
Why no letterhead?

rrpic6
09-09-2012, 11:42 AM
I received two letters, one with no name, just my address, the other addressed to Ron R. My legal name is Ronald, which I always use to open any accounts. Could this be a hoax? I've enjoyed reading this thread since I have little knowledge of hacking, and many on here are real computer geeks.

RR

PaceAdvantage
09-09-2012, 11:56 AM
I received two letters, one with no name, just my address, the other addressed to Ron R. My legal name is Ronald, which I always use to open any accounts. Could this be a hoax? I've enjoyed reading this thread since I have little knowledge of hacking, and many on here are real computer geeks.

RRIf it were a hoax, don't you think twinspires would have said something by now? I'm pretty sure they have seen this thread.

If not, I can GUARANTEE you someone who has received the letter has called them up and inquired about the situation...if it were a hoax, it would be plastered all over their website that it was a hoax...

They are owned by Churchill Downs, a publicly traded company. There is no way they wouldn't be addressing this by now if it were a hoax.

GameTheory
09-09-2012, 12:27 PM
If it were a hoax, don't you think twinspires would have said something by now? I'm pretty sure they have seen this thread.

If not, I can GUARANTEE you someone who has received the letter has called them up and inquired about the situation...if it were a hoax, it would be plastered all over their website that it was a hoax...

They are owned by Churchill Downs, a publicly traded company. There is no way they wouldn't be addressing this by now if it were a hoax.
It could only be a hoax if someone had stolen the account database to send the letters -- therefore even if it is a hoax it is not a hoax...

rrpic6
09-09-2012, 12:36 PM
If it were a hoax, don't you think twinspires would have said something by now? I'm pretty sure they have seen this thread.

If not, I can GUARANTEE you someone who has received the letter has called them up and inquired about the situation...if it were a hoax, it would be plastered all over their website that it was a hoax...

They are owned by Churchill Downs, a publicly traded company. There is no way they wouldn't be addressing this by now if it were a hoax.

Any thoughts on how the letters to myself were addressed? The return address is Minnesota, not Kentucky. What do think the percentage of people that had Winticket/Brisbet/Youbet/Twinspires accounts have received letters?
Actually someone I work with received a letter that has never wagered online. He did contact Twinspires, they said someone opened an account in his name and bet in the Spring of 2004 (must have been one of the AmeriTab companies). He never received the usual packet of info in the mail for new accounts. There has been no activity since. An interesting mystery, but this guy is freaking out. So someone already stole his SS number, and now he is in the same boat as the rest of us.

The reason I asked if this was a hoax, is that I have a feeling that Twinspires has become a real enigma to the industry. All is not what it appears to be, IMO.

RR

GameTheory
09-09-2012, 12:39 PM
is that I have a feeling that Twinspires has become a real enigma to the industry. Meaning?

rrpic6
09-09-2012, 12:48 PM
Meaning?

More into entertainment, gimmicks, etc. Seems like the buyout of BRIS has depleted the industry of the more knowledgeable people of Horseracing. So many changes there. Who is accountable? Who knows or trusts all of the new faces? Conspiracy theories intrigue me. This could be another.

RR

PaceAdvantage
09-09-2012, 12:50 PM
Any thoughts on how the letters to myself were addressed? The return address is Minnesota, not Kentucky. What do think the percentage of people that had Winticket/Brisbet/Youbet/Twinspires accounts have received letters?
Actually someone I work with received a letter that has never wagered online. He did contact Twinspires, they said someone opened an account in his name and bet in the Spring of 2004 (must have been one of the AmeriTab companies). He never received the usual packet of info in the mail for new accounts. There has been no activity since. An interesting mystery, but this guy is freaking out. So someone already stole his SS number, and now he is in the same boat as the rest of us.

The reason I asked if this was a hoax, is that I have a feeling that Twinspires has become a real enigma to the industry. All is not what it appears to be, IMO.

RRThey likely outsourced all of this to Experian in exchange for the business they are giving them (obviously, TwinSpires/Churchill Downs is paying for all these subscriptions for the year).

If you google that address "PO Box 483..." you'll see this kind of letter appearing for other security breaches at other companies.

Although if you go to the Experian website, they don't list MN as a place of operations...in the US, only CA....

PaceAdvantage
09-09-2012, 12:54 PM
And with all the former AmericaTAB companies now under the CD umbrella, along with BrisNET, UnitedTote, YouBet, etc., there are innumerable ways your data could have worked its way into the now hacked database without you ever signing up for TwinSpires itself.

rrpic6
09-09-2012, 01:00 PM
They likely outsourced all of this to Experian in exchange for the business they are giving them (obviously, TwinSpires/Churchill Downs is paying for all these subscriptions for the year).

If you google that address "PO Box 483..." you'll see this kind of letter appearing for other security breaches at other companies.

Although if you go to the Experian website, they don't list MN as a place of operations...in the US, only CA....

Hmmm...interesting. I already have an account with Experian, and they use my legal name, Ronald, not Ron. What about the letter sent with no name?

RR

duncan04
09-09-2012, 07:02 PM
The envelope is not marked -- sorta looks like junkmail...

nope still havent gotten one. :confused:

JustRalph
09-09-2012, 11:39 PM
But the fact that they have it is "passive and obscure". Which means it's not part of a public database that's searchable.

Security by obscurity. Btw, grits is right. You can campaign against this kind of thing with disinformation............ I have done it,



But your name and birthday ARE online...whether you've ever given it out or not...

For instance, this website that TwinSpires has given everyone free access to for a year? They have ALL your information, since they are a credit rating agency. They have access to all your info, and they verify your identity by matching what you register with to whatever is in their data.

So just because you never give your info out doesn't mean your info isn't already out there, in hundreds of places online...

There isn't much you can do except remain vigilant to any indicators that your identity may already be compromised.

PaceAdvantage
09-09-2012, 11:54 PM
But the fact that they have it is "passive and obscure". Which means it's not part of a public database that's searchable.The TwinSpires database wasn't public or searchable either. Or maybe I'm just not getting what you're saying.

lamboguy
09-10-2012, 01:16 AM
i didn't get a letter from Twinspires. just wondering if i should change my passwords and bank accounts?

JustRalph
09-10-2012, 11:46 AM
The TwinSpires database wasn't public or searchable either. Or maybe I'm just not getting what you're saying.

The difference between pro and professional thieves

If i can find it using google, it's like leaving money on your window sill

How long does the window last?

People walking by who can't see the money, don't care about the window.

There are levels of criminal conduct. Hard core burglars don't care what kind of lock you have

InControlX
09-10-2012, 12:04 PM
I just found out that the "free" one year subscription provided by Twinspires is only for fraud notification, NOT permitting viewing your credit score. To get details you need to pay Experian. What a suprise!

headhawg
09-10-2012, 12:43 PM
So what have people decided to do? Sign up or no?

JimG
09-10-2012, 12:59 PM
So what have people decided to do? Sign up or no?

I signed up, looked over my report, breathed a sigh of relief to this point, and put a fraud alert on my report.

Jim

senortout
09-10-2012, 01:10 PM
since the original notice from CD estimates about 20% accounts were hacked, and so many on here got letters, could someone put up a poll and let us add our members actual hacking %'s?

thanx

Grits
09-10-2012, 01:34 PM
I just found out that the "free" one year subscription provided by Twinspires is only for fraud notification, NOT permitting viewing your credit score. To get details you need to pay Experian. What a suprise!

And, what a joke.

JustRalph
09-10-2012, 01:53 PM
i didn't get a letter from Twinspires. just wondering if i should change my passwords and bank accounts?

Why not? you should Do it every 3 months or so anyway

Itamaraca
09-10-2012, 08:04 PM
I just found out that the "free" one year subscription provided by Twinspires is only for fraud notification, NOT permitting viewing your credit score. To get details you need to pay Experian. What a suprise!

Actually, you're allowed 1 FREE credit report a year from each of the three companies; by law.

http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre34.shtm

PaceAdvantage
09-10-2012, 08:08 PM
I just found out that the "free" one year subscription provided by Twinspires is only for fraud notification, NOT permitting viewing your credit score. To get details you need to pay Experian. What a suprise!Why would you need to view your credit score? That really has no bearing on whether or not your identity has been stolen.

What you need access to is whether or not accounts are being opened up in your name that you didn't open up yourself...your credit score isn't going to tell you bupkis in that regard.

JustRalph
09-10-2012, 08:14 PM
Actually, you're allowed 1 FREE credit report a year from each of the three companies; by law.

http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre34.shtm

1free short form report. Not the long form. If memory serves me :ThmbUp:

InControlX
09-11-2012, 08:16 AM
Why would you need to view your credit score? That really has no bearing on whether or not your identity has been stolen.

What you need access to is whether or not accounts are being opened up in your name that you didn't open up yourself...your credit score isn't going to tell you bupkis in that regard.

What I want to see is not the point. The letter magnanomously states that the Experian service is provide free for one year, but only 10% of the standard services are actually included. Why not just state that in the letter?

ICX

ceejay
09-11-2012, 09:16 AM
Why not just state that in the letter?

ICX
There is plenty to blame TS for here. But, The letter is quite clear about what is being offered. Do you think they should have stated the services not being offered?

InControlX
09-11-2012, 10:24 AM
There is plenty to blame TS for here. But, The letter is quite clear about what is being offered. Do you think they should have stated the services not being offered?

Yeah, perhaps I'm a bit gun shy. The offer is probably clear to those familiar with these reports, but the whole notification method is odd to me. The line in the letter I'm refering to is:

"We have arranged with Experian to provide you with identity protection services that include credit monitoring of all three credit bureaus for a year at no cost to you."

When you check your status you see a green indicator only. If you want to see any reports you're directed to give a credit card for the charges. But yes, I guess they don't say that YOU can see any reports. :D

Also, the letter has no corporate or even typed company identification. I almost pitched it with the rest of the "Important Information" mailings I get for all kinds of junk.

betovernetcapper
09-11-2012, 11:10 AM
Also, the letter has no corporate or even typed company identification. I almost pitched it with the rest of the "Important Information" mailings I get for all kinds of junk.

The individual that 'signed' the letter is CTO for Churchill Downs. It's pretty clear CDI didn't want their name anywhere in that letter and has done everything they can to downplay the scale of the breach. According to a poll (http://www.homebased2.com/forums/showthread.php?t=12656) on another site, 70% of the responders received the "hack letter." While this poll covers a small sample there is no reason to think it's not representative of the entire population. 70% of Twinspires database of names would probably be more than 500,000 customers.

BIG49010
09-11-2012, 08:35 PM
For those of you that have a house, you can add identity theft coverage for about $45 dollars a year to your home owners insurance. I looked into it today, after I read the letter.

GMB@BP
09-12-2012, 02:53 PM
Here is something I found odd.

My Brisbet account was suspended as I am in Arizona and 5 years ago they made it a Felony to bet, so they sent me a letter saying they were closing the account, of course we all know they keep your info.

But

I moved a year or so ago and never updated them on a thing, yet I got a letter with the correct address.

How is that possible other then going to a real effort to look that up?

lamboguy
09-12-2012, 03:26 PM
The individual that 'signed' the letter is CTO for Churchill Downs. It's pretty clear CDI didn't want their name anywhere in that letter and has done everything they can to downplay the scale of the breach. According to a poll (http://www.homebased2.com/forums/showthread.php?t=12656) on another site, 70% of the responders received the "hack letter." While this poll covers a small sample there is no reason to think it's not representative of the entire population. 70% of Twinspires database of names would probably be more than 500,000 customers.in the corporate view of things, they have to iron out all these security problems before they try to get licenses for online poker rooms. i believe that is the goal of the company is to compete in that industry. it makes sense that they don't want their company associated with security problems in light of what they are trying to accomplish in the future.

Hoofless_Wonder
09-12-2012, 11:58 PM
Here is something I found odd.

My Brisbet account was suspended as I am in Arizona and 5 years ago they made it a Felony to bet, so they sent me a letter saying they were closing the account, of course we all know they keep your info.

But

I moved a year or so ago and never updated them on a thing, yet I got a letter with the correct address.

How is that possible other then going to a real effort to look that up?

Due to Federal regulations (IRS), they need to keep your account info for a minimum of 7 years. Due to more Federal regulations, when a data breach occurs, they must notify all affected.

If you pay utilities, have a credit card, or any number of other financial transactions or services, finding a current mailing address for a particular name or social security number is not difficult. The penalties for failure to comply with the regulations make it an easy financial decision to pay for that info, if need be.

A typical person has their sensitive info stored in numerous places in cyberland, and many of us are only a hack or two or a stolen laptap with a non-encrypted disk drive away from being compromised.

Makes me wish I was way off the grid.

PaceAdvantage
09-13-2012, 12:05 AM
Due to Federal regulations (IRS), they need to keep your account info for a minimum of 7 years. Due to more Federal regulations, when a data breach occurs, they must notify all affected.

If you pay utilities, have a credit card, or any number of other financial transactions or services, finding a current mailing address for a particular name or social security number is not difficult. The penalties for failure to comply with the regulations make it an easy financial decision to pay for that info, if need be.

A typical person has their sensitive info stored in numerous places in cyberland, and many of us are only a hack or two or a stolen laptap with a non-encrypted disk drive away from being compromised.

Makes me wish I was way off the grid.Something tells me there is no way they researched CURRENT addresses of everyone affected by this data breach.

If anything, they sent these notices out to the address on file, and if returned "Non Deliverable", MAYBE (but even then I have a hard time believing this) they go on the hunt for a newer address. That all takes extra time, and he wouldn't have gotten the notice at the same time as everyone else.

My hunch is he's in the database more than once, with the old and new address. He just doesn't realize he gave his new info out to some Churchill Downs related company...

GameTheory
09-13-2012, 01:52 AM
Something tells me there is no way they researched CURRENT addresses of everyone affected by this data breach.

If anything, they sent these notices out to the address on file, and if returned "Non Deliverable", MAYBE (but even then I have a hard time believing this) they go on the hunt for a newer address. That all takes extra time, and he wouldn't have gotten the notice at the same time as everyone else.

My hunch is he's in the database more than once, with the old and new address. He just doesn't realize he gave his new info out to some Churchill Downs related company...
They probably just gave the list to Experian to handle, and they've got everybody's current address, as well as all their previous addresses...

acorn54
09-13-2012, 07:22 AM
well i am taking jeff's advice, he is probably right somewhere down the line, just being a matter of time, someone is going to use my info for medical services and get my medical records all screwed up, or someone with 10 dui's gets my drivers license, and so on and so forth.
i don't want the hassel of trying to figure out all the intricacies of id theft i need to know and constantly monitor so i signed up with kroll fraud solutions and their legal shield coverage.

Grits
09-13-2012, 11:29 AM
Banks, as everyone should know, have their own credit monitoring/identity theft protection of your accounts. You are emailed, immediately, if there is anything opened using your information. Depending upon your deposits and balance levels, this program is FREE. Either free or only a small monthly fee. Also, banks have liability stops in place, limits that are quite low on what the cardholder can be made responsible for.

I don't need Experian on top of what I already have. What I did--was go in and talk with my banker. We closed the account that, over the years, I used in order to have funds sent to TwinSpires by wire transfer.

As far as TwinSpires having credit card numbers. Visa, I thought, stopped, years ago, allowing the use of their cards for funding online gambling accounts. (Though I could be wrong.) For any credit card that still allows this--why on earth would anyone use such, as it would likely be noted by the bank as a "cash advance" transaction? Someone would have to be out of their mind to pay such an APR. No, I don't think so. No way. :faint:

As far as TwinSpires, their integrity was never stellar. Their interest in the bettor has always been questionable. As of now, they suck. Good luck with new sign ups if a casino does open. I'd love to see them fined, somehow, for the way they've handle this.

Hoofless_Wonder
09-13-2012, 11:59 PM
Something tells me there is no way they researched CURRENT addresses of everyone affected by this data breach.

If anything, they sent these notices out to the address on file, and if returned "Non Deliverable", MAYBE (but even then I have a hard time believing this) they go on the hunt for a newer address. That all takes extra time, and he wouldn't have gotten the notice at the same time as everyone else.

My hunch is he's in the database more than once, with the old and new address. He just doesn't realize he gave his new info out to some Churchill Downs related company...

Why would he give out his new address to a CDI company when he can't bet online, assuming he's still in Arizona? For dormant accounts, and this one being 5+ years in that state, TS would need to assume the person moved. "Skip trace" locating services and address confirmation was probably part of the Experion deal.

PhantomOnTour
09-14-2012, 12:15 AM
Well, i got my letter too. Truthfully, i was feeling a bit left out :)

Question (because i haven't placed a bet since the end of Sar, and i'm dying to!!))....are you folks just continuing along with TS after changing passwords and logins etc...?
Would it be safer to open a separate acct at another bank and use it solely for deposits and withdrawals from TS?
Have you changed ADWs?

LAP_520
09-14-2012, 08:42 AM
Good guestions Phantom....... as I understand the letter, the site was cyber attacked August 3rd... middle of the Saratoga racing season.

The letter is dated August 31st...very close to a month after the fact.

No I have not changed my passward ..yet.

I still use Twinspires,,a subsiduary (sp) of Churchill Downs who seem to be grabbing up everyway there is to bet off track in the past few years.......

I am in a holding pattern at the moment, every place you look or people you listen to ....they say do this and do that........... Gramdpa always said it is way too late to close the barn door AFTER the animals get out...spilled milk has happened, so now it is time to clean it up and watch that it does not affect other areas.

My most recent info was they are probably after credit card numbers which can be reproduced and used very easily.

Or maybe they were trying to get names and addresses and SSN to VOTE in the upcoming election...

who knows for sure ( ? )

Just be on guard... notify your banking institution, and check your credit reports which can be done free once a year.... site location given in this thread earlier.

Big Bill
09-15-2012, 07:55 AM
While searching the Internet on identify theft I came across this article that you may enjoy reading:

http://www.wired.com/politics/security/commentary/securitymatters/2008/06/securitymatters_0612?currentPage=all