Cybersecurity: Litigation, Crime & Enforcement – Significant Case Developments

Significant Case Developments

Michaels Wins Dismissal of Data Breach Class Action, Insurer Denies Coverage of Defense

Moyer v. Michaels Stores, Inc., No. 14-CV-00561 (ND Ill., dismissed Jul. 17, 2014).

Safety National Casualty Corp. v. Michaels Stores, Inc., No. 3:14-cv-02223 (ND Tex., filed June 18, 2014).

Last month, wereportedthat Michaels Storessought dismissalof several, now consolidated, putative class actions regarding a January data breach that may have exposed customers credit and debit card information. The putative class brought claims for (i) breach of implied contract and (ii) violations of the Illinois Consumer Fraud Act and other state consumer protection laws. Michaels argued that the plaintiffs lacked standing because they had not suffered actual or imminent injuries and that the plaintiffs claims failed because they had not sufficiently alleged an injury. On July 17, 2014, the Northern District of IllinoisgrantedMichaels motion. The court held that the plaintiffs increased risk of identity theft as a result of the data breach was sufficiently imminent to confer standing. However, the court found that the plaintiffs had failed to state a claim because they did not plead actual monetary damages. Purchases of credit monitoring services and general allegations regarding unauthorized bank withdrawals were insufficient to constitute actual damage.

Meanwhile, on June 18, Safety National Casualty Corp. filed anaction for declaratory reliefagainst Michaels, seeking a judgment that a general commercial liability insurance policy does not oblige Safety National to provide a defense and coverage to Michaels in the Illinois class actions. Safety National alleges that the policy provides a duty to defend and coverage for claims alleging bodily injury, property damage, and personal or advertising injury. According to Safety National, the putative class actions alleged none of those injuries and, therefore, the policy provides no coverage. Following the dismissal of the class actions, on July 22, Safety Nationalstipulatedto a dismissal without prejudice.

Also in July, an Illinois state courtdismissedanother putative class action data breach case but, contrary to theMichaelscourt, ruled that increased risk of future harm was not enough to confer standing, where there was no actual or impending certainty of identity theft arising from the data breach [Case No. 13-L-538].

Alabama Hospital Seeks Dismissal of Data Breach Class Action

Smith v. Triad of Alabama LLC, No. 14-cv-00324 (MD Ala.).

As detailedlast month, Triad of Alabama (doing business as Flowers Hospital) was hit with aputative class actionafter notifying patients that a former hospital employee had stolen lab test records containing names, addresses, dates of birth, Social Security numbers and health plan policy numbers, and information about lab tests, but not test results. The complaint included claims for willful and negligent violations of the Fair Credit Reporting Act, negligence, negligenceper se, invasion of privacy, and breach of contract. On July 7, Flowers Hospitalmoved to dismissthe claims. The hospital argued that the plaintiffs lack standing because the filing of fraudulent tax returnswithout allegations that plaintiffs were deprived of their tax refundsand an increased risk of identity theft were not actual injuries and that these alleged injuries were not fairly traceable to the data breach. The hospital also maintained that the plaintiffs failed to state their negligenceper se, breach of contract, and invasion of privacy claims. The hospital argued (i) both the negligence and contract claims are impermissible attempts to create a private cause of action under HIPAA, (ii) plaintiffs cannot prove causation for their negligence claim, (iii) the hospitals privacy notice did not constitute a contract because there was no consideration, and (iv) the plaintiffs failed to allege any basis for vicarious liability in their invasion of privacy claim. As of July 30, the motion has been fully briefed.

Cybercrime in the News

Hackers Find Way to Outwit Tough Security at Banking Sites, NY Times (July 22, 2014).

Justice Departments New Crime Chief Targets Cyber Cases, Wall Street Journal (Jul. 14, 2014).

Hackers Inc.: Cyber-Attackers Have Multiplied and Become Far More Professional, Economist (Jul. 12, 2014).

Mob-Busting Tools Emerge as a Weapon Against Cybercrime, Wall Street Journal (Jul. 8. 2014).

Cybercrime Scheme Uncovered in Brazil, NY Times (Jul. 2, 2014).

Government Enforcement

Florida Information Protection Act Expands Breach Notification Requirements

Effective July 1, theFlorida Information Protection Act(FIPA) replaced Floridas existing breach notification statute. While the previous law imposed requirements only on companies that conducted business in Florida, the new law applies to any company experiencing a data breach that affects a Florida citizen and applies even when a third-party agent has experienced a breach. FIPA also imposes stricter requirements on businesses that experience data breaches. Upon discovering a breach that creates a greater risk of identity theft or financial harm, a company must notify affected individuals within 30 days (compared to 45 days previously). Companies may seek a 15-day extension on this requirement for good cause. A company must also notify the Florida Legal Affairs Department, whether or not the breach creates an increased risk of identity theft or financial harm. Breaches affecting a larger number of people trigger additional requirements. While the statute explicitly excludes a private cause of action, it imposes penalties starting at $1,000 per day and up to a maximum of $500,000.

Mass. Attorney General Reaches Settlement in Cross-Border HIPAA and Breach Notice Enforcement Suit

Massachusetts v. Women amp; Infants Hospital of Rhode Island, No. 13-2332G (Mass. Sup. Ct.).

A Rhode Island hospitalagreed to judgmenton July 22 to pay $150,000, undertake an audit, and institute new security procedures to settle a breach notification suit filed by the Massachusetts Attorney General. In April 2012, Women amp; Infants Hospital discovered that it was missing unencrypted back-up tapes containing the personal information of about 14,000 patients, more than 12,000 of which were Massachusetts residents. The personal information included names, birth dates, Social Security numbers, and certain medical data. The hospital did not report the breach to patients or authorities until November 2012. The Massachusetts Attorney General filed an enforcement action on July 2, alleging that the hospitals failure to secure the data and delayed notification violated HIPAA as well as chapter 93a of Massachusetts General Laws. Although the breach also affected more than 1,200 Rhode Island residents, the Rhode Island Attorney Generals Officestated to a news outletthat it was satisfied with the hospitals breach notification. NeitherMassachusettsnorRhode Islandlaw imposes a specific time period for notification. Rather, both require businesses to issue breach notices as soon as possible and without unreasonable delay.

Vermont Attorney General Settles Suit over Failure to Issue Breach Notice

In re Shelburne Country Store Website, No. 425-7-14-WNCV (Vt. Sup. Ct.).

In January 2014, the Shelburne Country Store learned that its website code had been modified and credit card information of 721 customers had been compromised. While the store immediately repaired the breach, it did not notify the affected customers or the Attorney General. After the Vermont Attorney General independently learned of the breach and contacted the store in March 2014, the business notified the customers, offered a year of credit monitoring, and moved to a hosted platform with the capability to monitor intrusions. However,Vermont lawrequires businesses to notify the Attorney General within 14 days of learning of a breach and to notify affected customers within 45 days. On July 9, the Attorney General reached asettlementwith the store. In addition to paying a $3,000 fine, the store must implement and maintain a comprehensive Information Security Program and conduct a full audit of its policies and procedures to ensure that it is complying with Vermont law. The security program must comply with either the Payment Card Industry Data Security Standards or the data security standards in the Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth. The settlement also provides the Attorney General permission to access the stores records and institutes stiffer penalties for future violations. In September 2013, the Vermont AG reached amore stringent settlementwith a health food store that failed to notify customers or correct its system vulnerability after a 2012 data breach.

International

French Data Protection Authority to Audit Compliance with Website Cookie Rules

On July 11, the French data protection authority, CNIL,announcedthat, following a mid-September cookie sweep, it will begin conducting audits in October to assess compliance with European Union and French rules requiring websites to obtain consent before installing or reading cookies. These rules include the2009 EU e-Privacy Directive,Frances Law on Data Processing, Data Files and Individual Liberties, and severalguidelineson cookies issued by the CNIL. Any company (European or otherwise) that collects personal information about European citizens through cookies or other tracking mechanisms may be targeted by the audit.

CNIL will examine the type and purpose of cookies and determine whether website operators understand the purpose of all cookies, whether they are third-party cookies or internal to the website. For cookies that require prior user consent, CNIL will also examine how websites obtain consent, the visibility, quality, and simplicity of the information provided to users about the cookies, the ability to retract consent to cookies, and the duration of cookies. CNIL will also examine the consequences of not consenting to a websites cookie.

According to CNILs announcement, noncompliance with the laws could result in a warning or fine.

Russia Enacts Data Localization Law

On July 21, President Vladimir Putinsigned into lawBill No. 553424-6, which bans the storage and processing of personal information about Russian citizens on servers located outside the country. The law is slated to take effect on September 1, 2016 and would allow Russia to block websites that do not comply.According to the BBC, while the Kremlin states that the purpose of the law is to protect its citizens, critics fear that the Russian government seeks easier access to the data.

New Filings

Green v. eBay, Inc.,No. 2:14-cv-01688 (ED La., filed Jul. 23, 2014).

In May 2014, eBay reported that in February hackers had gained access to 145 million customer records including names, email addresses, birth dates, encrypted passwords, physical addresses and phone numbers. Credit and debit card numbers and Paypal account information were apparently not compromised. Inthis putative class actionfiled on July 23, Collin Green alleges eBays failure to safeguard customer information and delay in notifying customers constituted negligence, breach of contract, breach of implied contract, breach of fiduciary duty, bailment, and violations of the Federal Stored Communications Act, Louisianas breach notification statute (which provides for statutory damages), the Gramm-Leach-Bliley Act, various state privacy statutes, and the Fair Credit Reporting Act.

Powered By Make Money

Money Matters: Start saving for retirement sooner rather than later

Q. I#x2019;m a recent college graduate, and I landed a job in my field, which is electrical engineering. My salary is pretty good and should increase as I gain experience and get promotions. I#x2019;ve always heard that the earlier you save for retirement, the better off you will be, but that seems so far down the road it#x2019;s hard to get excited about putting money in a retirement plan.

After paying my rent, utilities, medical, food, other necessities and some fun money, I have about $200 a week left over that I#x2019;ve been putting in a money market account paying less than 1 percent.

My company offers a 401(k) plan in which I#x2019;m eligible to participate. They will provide a match of 50 cents for every dollar I contribute up to a certain percentage of my income. Right now that works out to about $5,000 that I#x2019;d need to contribute to get the full match.

Should I contribute that amount, a higher amount or just save my money outside the plan for a future expense like a down payment for a condo? I#x2019;m not even sure how a 401(k) works. I#x2019;m leaning toward waiting and start saving later when I#x2019;m older and make more money.

A. Congratulations on gaining employment in your chosen field. I hope I can persuade you to start saving for retirement sooner rather than later. You don#x2019;t want to live in poverty after you retire or be required to work longer than you#x2019;d like to because you don#x2019;t have enough saved to retire comfortably. As you gain experience and receive promotions, your income may increase #x2013; but your expenses may as well. You may be supporting a family, making mortgage payments, saving for college, etc., and the increased income may not go as far as planned.

The earlier you start investing to reach any financial goal, the less money you will need to invest; this is referred to as #x201C;time value of money.#x201D;

Example: A person#x2019;s financial goal is to have over $1 million in an account by age 65, and the achieved rate of return is 10 percent. A 22-year-old who invests $5,000 each year for the next six years and then stops adding to the account ($30,000 total invested) will have over $1.3 million at age 65. If that same person waits until age 30, he or she would need to invest $4,840 each year for the next 35 years ($169,406 total) to achieve the same goal of $1.3 million.

Begin investing in your company#x2019;s 401(k) now with the $5,000 to get the match.

A 401(k) plan is a defined contribution retirement plan established and maintained by an employer allowing employees to contribute pretax dollars to their own account through payroll deduction. The 401(k) plan is a tax-deferred account. This means you don#x2019;t pay federal and state income taxes on the amount you contribute, any amount contributed by your company or the investment earnings accumulated in your plan until you start withdrawing money from the plan. Penalty-free withdrawals can usually be made after age 591/2.

As with your company, many employers will match all or a percentage of your contributions. If your employer matches a portion of your contributions, make sure you contribute at least this amount to the plan. In your case, if you contribute $5,000, your employer is going to add $2,500 to your account. If you don#x2019;t contribute your own money, the employer has nothing to match and you#x2019;ve missed out on free money!

The money you contribute will always be yours. Any company matching contributions may be subject to vesting requirements. Vesting means that if you leave the company before a certain period of employment, you may receive anywhere from 0 to 100 percent of the employer#x2019;s contributions. Legally, after five years of participation in the plan you are always 100 percent vested in all employer contributions to a 401(k).

When you leave your current employer for any reason, you can take all your contributions and any vested company contributions with you. To avoid any taxes or penalties, these funds should be transferred directly into an IRA or, if the new plan permits, another company#x2019;s qualified plan.

Next week I#x2019;ll suggest what you should do with your other extra $100 per week you have after meeting expenses and making your 401(k) contribution.

Holly Nicholson is a certified financial planner in Raleigh. She cannot answer every question. Reach her at askholly.com or PO Box 97128, Raleigh, NC 27624

Powered By Make Money

CFPB Expands Its Enforcement Efforts Against Payday Lending

In November, 2013, the Consumer Financial Protection Bureau
announced its first enforcement action against a payday lender.
Cash America International was fined $5 million and was ordered to
refund $14 million to its borrowers due to violations of the
Military Lending Act. Recently, the CFPB took action against one of
the nation#39;s largest payday lenders, ACE Cash Express,
for inducing payday borrowers into a cycle of debt,
according to CFPB Director Richard Cordray.

ACE agreed to pay a civil penalty of $5 million, and to pay up
to $5 million in refunds to its customers. Although ACE maintains
that the practices that the CFPB found illegal ceased in 2012, and
involved a very small number of its borrowers, ACE used false
threats, intimidation, and harassing calls to bully payday
borrowers according to Director Cordray.

The CFPB found that ACE engaged in several unlawful collection
practices, including: 1) threatening to sue or criminally prosecute
if borrowers did not make payments, even though ACE did not
actually sue consumers or bring criminal charges against them for
non-payment; 2) threatening to charge extra fees and to report
borrowers to credit reporting agencies, even though the debt
collectors had no authority to charge collection fees or to report
non-payment to credit bureaus; and 3) making an excessive number of
harassing collection calls, not only to borrowers, but also to
their employers and relatives. The CFPB found that ACE used these
tactics to pressure borrowers to take on more debt, which resulted
in new fees to ACE. According to Director Cordray, ACE was
relentlessly overzealous in its pursuit of overdue consumers….
Debt collection tactics such as harassment and bullying take a
profound toll on people both financially and emotionally.
The Consumer Bureau bears an important responsibility to stand up
for those who are being wronged in this process.

ACE maintains that over the last two years, ACE has
cooperated fully with the CFPB and has taken voluntary action
to improve its regulatory compliance.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Powered By Make Money

Were 1.2 Billion Passwords Really Stolen? And Does It Matter?

This is usually the point at which security experts weigh in about the vulnerabilities that allowed this kind of breach to happen, and for websites to write articles about what passwords you should change and why using a password manager is more important than ever.

This time, however, security researchers are responding to the revelation with a heavy dose of skepticism — and lots of unanswered questions.

Questions about Hold Securitys motives

Why? Well, thats largely because of the way Hold Security disclosed this information thus far.

Almost as soon as the New York Times article went live, journalists at Forbes and The Wall Street Journal, pointed out that Hold Security is will let users (presumably, web services) find out if their data was part of the breach for just $120 a year.

Using a security threat to sell products and services is something that security companies do all the time. Its how the security game works. The problem for some members of the security community, however, is twofold.

First, Hold Security isnt actively known in the community (at least, by the name Hold Security). Many researchers, even in the Milwaukee area, have never heard of the company or its founder, Alex Holden.

According to a commenter on famed security guru Bruce Schneiers blog, the company didnt even have an active website until the day the story hit. That doesnt necessarily mean anything, but it is worth noting that the web presence for a security company that managed to uncover theft on this level was virtually invisible until just two days ago.

Not every security researcher is concerned. Respected security journalist and security Brian Krebs, who was the first to break the news about the Target credit card hack, has vouched for Holden and his work. In fact, Krebs says that Holdens research was central to several of his big scoops, including the Adobe password breach.

It is worth noting that Krebs is listed as a trusted advisor to Hold Security.

Questions over data validation

Although the backing from Krebs has significantly mitigated fears that Hold Security could just be a fly-by-night security firm that is actually just trying to cash-in on the next security panic — or worse, that it could be trying to steal user information — it hasnt soothed all experts doubts about the hack itself.

It also doesnt change the fact that Hold Securitys service to check to see if your data is part of the breach seems poorly thought out.

Independent security analyst Graham Cluley echoed the sentiments of many in the security, writing something just didnt feel right.

As Cluley explains, Hold Security wants users to sign-up for what it calls the Consumer Hold Identity Protection Service (CHIPS). This is kind of like a credit monitoring service, except instead of auditing your credit for identity theft, it audits your passwords and email for security theft.

Despite claiming that Hold Security will never ask users for their passwords, the form to submit information to be checked against the database does exactly that.

This is problematic, Cluley writes, for many reasons:

For one thing, what if the computer the user is typing on has keylogging malware in the background — isnt it going to be trivial for malicious hackers to scoop up the victims most sensitive passwords as they are entered on this web form?

Or what about the possibility of bad guys creating phoney versions of this webpage, specifically with the intention of nabbing users passwords?

But most fundamentally, you should never encourage users to enter passwords for website X into an entirely different website, even if the intention is not to transmit them unencrypted to a third-party site. Isnt this the firm that just warned the world about a huge number of stolen credentials? And here it is coaxing users to behave in a way which is clearly unsafe.

Stating that a service will never ask for a users password, only to immediately ask for a list of passwords (with the promise that the passwords will be hashed and encrypted upon submission), makes little sense. Even if nothing suspect is going on, the phrasing is completely tone deaf.

Even though the code Hold Security is using looks solid, that doesnt mean submitting passwords is ever a good idea.

You cant fault members of the InfoSec community for laughing at the idea that the best way to test data against the stolen cache is to collect encrypted passwords through a web form.

Even if the data is real, it might not matter

The real issue with this security story, however, is that there just isnt enough information about the importance of the data allegedly captured.

On the surface, 1.2 billion usernames and passwords seems mammoth, but is it?

As The Verge notes, there is a very good possibility that even if 1.2 billion usernames and passwords were stolen, that doesnt necessarily mean the data is that valuable.

The data wasnt allegedly amassed from one service, but from hundreds (or thousands). Moreover, Hold Security says that the cyber gang previously bought data from other other hacks. It never explicitly details if the 1.2 billion figure is from brand new attacks or if it includes previous breaches too.

If it is the latter, the data is instantly less interesting, because it has already been out in the wild. If data from previous attacks is part of the password cache, it also suggests that at least a portion of the passwords are stale and of no use.

The Verge points out that the focus on 1.2 billion password attempts to conflate quantity with quality. But that isnt a fair assessment.

The value of a bunch of passwords for defunct web forums or MySpace circa 2006 isnt necessarily the same as getting a few hundred million Facebook logins.

Ultimately, it may not matter

Even if we assume that all the data from this attack is new — and that some of it is valuable — it still might not really matter.

Bruce Schneier sums it up best writing that this entire incident is evidence of how secure the Internet actually is:

Were not seeing massive fraud or theft. Were not seeing massive account hijacking. A gang of Russian hackers has 1.2 billion passwords — theyve probably had most of them for a year or more — and everything is still working normally.

This sort of thing is pretty much universally true. You probably have a credit card in your wallet right now whose number has been stolen. There are zero-day vulnerabilities being discovered right now that can be used to hack your computer. Security is terrible everywhere, and it its all okay. This is a weird paradox that were used to by now.

My credit card information has been stolen four times in the last three years because of poor security practices on the part of Sony, Target, a web hosting company and my neighborhood ATM machine. I fully expect to have to get a new card at least four more times in the next three years.

Passwords for various forums and defunct Web 2.0-era startups attached to my email address proliferate the Internet. I get at least 5 attempts to break into my Dropbox account per week.

Still, I feel comfortable buying things online, using cloud services and shopping at a multi-national discount chain. Why? Because I have come to expect security incompetence from everyone and everything.

Rather than hoping my information wont be hacked, I go about my business with the expectation that it will. Thats not to say that someone breaking into one of my main email accounts or my bank wouldnt still be devastating. But I do what I can to mitigate that possibility by using secure, unique passwords on important sites, two-factor authentication and absolutely no duplicate passwords on logins that can be tied to another service such as email, Facebook or Twitter.

There are still lots of unanswered questions about this Russian cyber gang, and Im inclined to believe that the data is real but the threat is overstated. But the bigger question — is our information safe? — was answered a long time ago.

No, its not safe. But as Bruce Schneier says, thats OK.

Topics:
Apps and Software, hacked passwords, hold security, passwords, security, Tech, US, World
Powered By Make Money

Why Saving for Retirement Is More Important Than Saving for College

Its funny to think about how much our financial perspectives change as we go through life. When I was young, I thought anyone with extra money was rich. In high school, I envied my classmates whose uniforms always looked brand new and who could afford LL Bean backpacks and Adidas gym shoes. (When you go to a Catholic school and wear a uniform, the extent of your style expression lies solely on your bag and shoes. And, of course, how perfectly ironed your pleated wool skirt is.)

Now that all seems so silly. I graduated from high school and onto bigger worries, such as being able to obtain enough student loans to attend college. That evolved into worrying about how long it would take me to pay off my student loans. And now, I have a bigger worry on my mind: retirement.

Let me start by saying that I could care less about retiring early. Im one of those weird people that loves work — especially when my work is writing. I hope to be writing for many years to come, until my feeble hands can barely hold a pen or type on a keyboard. However, Im fully aware that retirement isnt always voluntary. Forced retirement due to ageism and extended medical leave happens.

In other words, retirement is something I know I need to reckon with, whether I like it or not.

Looking back, noticing the changes in my financial perspectives has led me to an understanding of how I want to manage my finances moving forward. And knowing what I know now, I believe it is far more important to save for retirement than it is to save for college. Heres why.

Student Loan Debt = Tax Benefits, Elder Care = No Benefits for Your Expense

Dont get me wrong — Im not a fan of student loan debt. In fact, Im making biweekly payments on my loans to pay them off faster. That said, I get one benefit every year from my student loans: a tax write-off on the interest paid. Its not as good as not having debt, but its better than nothing!

Elder care costs dont have such clear benefits. Tax cuts can be acquired by children claiming their parents as dependents, but its not always an easy process. And if youre paying for your own elder care, then you wont benefit from that. I dont know about you, but Id rather save money for an expense that isnt tax deductible than an expense that is.

Student Loans Have Relief and Forgiveness Options, Elder Care is Set in Stone

There are a multitude of forgiveness and relief options for federal student loans. In fact, you can even defer or forbear your payments during times of economic hardship. While this may not slow down interest accrual, at least there are options for relief in times of need.

But where are the relief options for elder care? Theres no way to suspend payments on a nursing home or assisted living if you run out of retirement funds. Even if youre lucky enough to never need those services, there are still expenses to be covered in retirement that dont have much flexibility, such as food, mortgage or rent, medical care, and so on. Given the amount of unknowns that can come up in retirement, Id prefer to be as prepared as possible.

Young Professionals Have More Time than Older Adults to Earn Money

As much as I dont want to saddle my future children with debt, they will have a lot more time to earn money (even if theyre paying for student loans) than I will to save for retirement. By the time I pay off my loans and save a good amount for their college fund, I might be 40 years old before I can even start saving for retirement. Add in the costs of having kids in the first place and potential home ownership and you can tack a few more years onto that retirement savings delay.

With the way compound interest works, that delay can cost tens of thousands of dollars.

But if I funnel all extra money into paying off my student loans and saving for retirement, then Im more likely to be financially solvent in retirement; which leads me to my next point…

I Dont Want to Be A Burden on My Future Children

More than anything, I dont want to be a burden on my future children. If they can graduate with some expenses but also the knowledge that their money earned is entirely their own, then they can get a major head start on their financial futures. But if they have any fear that I might need help from them, what will that do to their ability to prepare for their own futures?

I dont want my future children to neglect their dreams because theyre worried about taking care of me. I want them to have the flexibility to go after whatever they want in this life and have as much control over their finances as possible. By ensuring that I wont need their help because I was responsible about my own future, I can give them true freedom to build their own lives.

Elder Care Costs Can Be Unlimited; Student Loan Debt Can Be Controlled

Although college tuition is escalating at epic proportions, there are ways to control the costs. I can help my future children expand their education and pursue hobbies that could lead to scholarships. And if scholarships dont cover the whole cost, there are more options, like staying close to home (to forego dorms and pay in-state tuition), choosing a public university over a private university, and taking extra classes each semester to graduate early.

Elder care costs arent so easy to plan for. Who knows what kind of things can happen in retirement? Illnesses come along and medical costs often know no bounds. If nursing homes or assisted living become necessary, thats an added cost that can last for an indeterminate amount of years. Then theres the simple factor of inflation, which can make a large retirement savings last half as long as expected. Compared to the unknown costs of elder care, college tuition suddenly seems a lot more controllable.

Why A Debt Payoff Expert Prefers to Save for Retirement

Given the high cost of student loan debt, it might seem crazy that I would prioritize saving for retirement over college funds. (Even more so considering that I work for a company that helps people pay off their debt.) But I believe in a holistic approach to debt freedom.

Theres an entire generation of adults stuck in between student loans, parental care, and college funds for their children — with little hope of meeting their own retirement needs. Add to that the fact that many millennials arent even being offered retirement benefits from their companies anymore and were looking at a scary cycle of debt for generations to come.

I say we should stop the cycle of going from new debt to new debt, evolving from one financial worry to the next. Lets create a way to help future generations build better futures for themselves. And with the way things are going, theyre a lot more likely to see positive progressions on student debt than they will for retirement costs and elder care.

Powered By Make Money

5 Tax Strategies to Pay for College Without Going Broke

Saving for college is not for the faint of heart. The cost of an education has been spiraling upward and although there are some fine 529 plans to help, the numbers can be mind-boggling.

For men and women who own their own businesses, there are a few tips that can help them create a tax scholarship for their children, according to William Cummings, president and owner of Cummings Financial Organization, a money management firm based in Tampa, Fla.

Hopefully people start planning early, said Cummings, who used his ideas to help put his three children through college. Owning his own business gave him the chance, he said, to take advantage of IRS rules to help pay the tuition bills.

Cummings, who calculates that the cost of a year of public school tuition could rise past $33,000 by the 2020 academic year, offers tips that anyone can use to reduce the cost of college. They include living at home, establishing in-state residency and placing 529 plan savings in the name of a grandparent, thereby increasing the chances a student will be eligible for student aid programs.

(Its worth noting that while 529 plans held by grandparents are not reportable on the federal student aid application, using the account to pay for college will affect the students aid eligibility the following year.)

There are also various tax credits, including the Lifetime Learning Credit, which allows parents to deduct $2,000 of educational expenses per year for dependent children.

Any strategy to help ease the tuition burden must be weighed against the tax consequences to the prospective student and the parents, Cummings says.

Parents, Cummings said, shouldnt be too quick to borrow against or slow their retirement plan contributions. It might be better, he said, to use student loans or aid, because you cant get a scholarship for retirement.

For small-business owners, here are Cummings 5 Tax Tips to Pay for College Without Going Broke:

Powered By Make Money

Saving for College is Getting Cheaper

Updated: 07/14/2014 9:15 AM
Created: 07/14/2014 9:09 AM WDIO.com

Northlanders are good at saving up for college, but officials with the Minnesota College Savings Plan are cutting fees with hopes to spur more people to take advantage of the program.

Officials say about 600 St. Louis County residents have nearly $16 million saved for college, or about $26 thousand each. In Carlton County that number is closer to $20 thousand for 78 accounts.

Money put aside in the Minnesota College Savings Plan can be used anywhere from universities to community and tech colleges. The program director says their annual fee is dropping from about .5 percent to .25 percent. That change will take effect in mid-July.

He hopes that will spur parents to invest in the plan that grows with their children.

We manage it so that when they#39;re younger there is more exposure to the stock market, and then, when they get older that exposure is reduced and more of the money is put into fixed investments and bonds and things with less risk, Program Director Robert Stern said.

If that doesn#39;t appeal to you there are other plan options too. He says any money gained is tax free if used for qualified education expenses.

Powered By Make Money

Financial Advice: Avoid expensive errors when paying for college

Its just about back-to-school time again. If you have young children, you might be hustling them to the store for backpacks and binders. But if you fast-forward a few years, you can envision driving your kids a little farther — to their college dorms. And when that day comes, youll want to be financially prepared. So youll want to avoid making costly mistakes when preparing for, and paying, those big bills. Here are some of the most common of these errors:

o Not saving enough. Only half of all families with children younger than 18 save any money for college, according to a recent study by Sallie Mae, the countrys largest originator of federally insured student loans. You might find it easier to save for college if you automatically move a set amount each month from your checking or savings account to a college savings vehicle.

o Not considering vehicles with growth potential. The same Sallie Mae study found more parents use a general savings account than any other method of saving for college. But since most savings accounts these days pay only a minimal rate of return, you will have trouble getting the growth potential you need to achieve your college savings goals. Consider working toward your college savings goals by investing in a vehicle specifically designed for college, such as a 529 plan or a Coverdell plan. There are differences between these plans, such as contribution limits and tax treatments, but both allow you to invest for growth potential. As with any investment account, there are risks involved, including market risk.

o Stopping your savings once your children are in college. Unless your children plan to take an awful lot of credits, theyre not going to finish college in just one year. Consequently, youll want to keep investing in your plan or other college savings vehicle while your children are in school.

o Taking out 401(k) loans. Your employer may allow you to take out a loan against your 401(k) to help pay for college. But this may not be a good idea for two reasons: First, when you remove money from your 401(k) — even if you plan on eventually paying it back — you will slow the potential accumulation in your account, thereby depriving yourself of resources you will eventually need for retirement. Second, should you leave the company, you might have to repay the loan within a limited number of days.

o Not using available tax credits. Depending on your income, you might qualify for the American Opportunity tax credit, which is worth up to $2,500, provided you spend at least $4,000 on college expenses. Check with your tax professional to see if you qualify for this credit and how to most effectively incorporate it. And be careful you dont waste the credit, because you may not be able to use it and your plan distributions at the same time.

Paying for college can be challenging — but if you can avoid making the above mistakes, youve got a better chance of getting your kids through school without derailing the progress youd like to make toward your other financial goals.

Wil Adams, AAMS, is a financial advisor with Edward Jones. He can be reached at 549-9155.

Powered By Make Money

‘Breach fatigue’ could leave you vulnerable to hack

Most people know they are at risk but dont do anything to protect themselves, according to a study this year commissioned by credit-monitoring giant Experian.(Photo: Getty Images)

Powered By Make Money

Community-wide Payday Lending Workshop hosted by City Council

Amarillo, TX – Amarillo city commissioners have set up a time and date to talk with members of the community about issues with payday lending.

This community-wide meeting is to help community members learn more about payday lending and title loans.

This workshop is to help council members work with the community members in an effort to consider a model ordinance that will support fair, reasonable interest and fee charges for payday, auto title loans and other small dollar loans.

Officials from Texas Appleseed will be at the workshop to provide insight on their organizations efforts. And also, a Dallas city council member will share what they have faced in their city with payday lending.

The workshop will be Monday at 5:30 pm at the Amarillo Civic Center in the Heritage Ballroom.

Members of the community are invited to ask questions and share information.

Powered By Make Money