Friday, December 26, 2008

Your personal information may be sold at auction legally

It is not uncommon for companies that do business with your personal data to go belly-up. To save money, some of those businesses rent offsite storage places for long term records managment rather than using a reputible vender like Iron Mountain. Of course, when the renter falls behind, the storage manager will usually sell the contents to the highest bidder (& usually for a terrific price for the buyer) at auction.

A few quotes from the article that might make your hairs stand up:

Nothing in Maine law prevents storage facilities from selling sensitive financial, personal or medical records to the highest bidder, when their original owners do not pay their storage bills. And that is becoming a real concern, with the failure of several dozen mortgage companies in Maine since the recession began one year ago.

In the Scarborough case, the Maine Bureau of Consumer Credit Protection obtained a court order to confiscate the records of the shuttered mortgage company, which was legally obligated to maintain the documents. The records had been generated by Ocean House Mortgage and Cape Mortgage Co. in Cape Elizabeth, which went out of business last summer.

"Current law places no burden whatsoever on the facility operator to inventory what is in the unit, identify records that might be confidential and notify regulators," said Will Lund, superintendent of Maine's Consumer Credit Protection Bureau.

Here is the link or you can copy & paste
http://pressherald.mainetoday.com/story_pf.php?id=229557&ac=PHnws
into your address field to view the full article.

Monday, December 15, 2008

Hutto, Round Rock, Cedar Park, Tyler Texas ID Theft Ring

This is an absolute classic example of one of the Identity Theft scenarios we discussed in class, why this economy may see more examples just like this and why your company should take clear steps to protect itself:
  1. A [former] employee steals PII from a company
  2. PII used to compromise [former] clients of the company
  3. PII used to create new documents and facilitate "Aggravated Identity Theft"
  4. The ID Thieves were organized to commit this criminal activity
As more people lose jobs and are laid off in our current economy, more people may see the attractiveness of this type of crime as a way to look out for themselves.

http://www.usdoj.gov/usao/txw/press_releases/2008/davis_group_austin_sent.pdf

Tuesday, December 9, 2008

ID Theft escalation in 2009 and Online Payments

This article goes into more detail on the Checkfree.com data breach written about earlier. It was not complicated for criminals to compromise the Checkfree domain. It was very straightforward. The implications for online banking, bill pay and other things that we discuss in my training class, are virtually unlimited.

http://voices.washingtonpost.com/securityfix/2008/12/digging_deeper_into_the_checkf.html

Sunday, December 7, 2008

From the United States Department of Justice

Intelligence Bulletin:
Methamphetamine-Related Identity Theft

This report documents the relationship between the trafficking and distribution of methamphetamine and the crime of identity theft.
http://www.usdoj.gov/ndic/pubs22/22972/index.htm

This website closed in 2012 but archives are maintained and this article may still be available as a .pdf file.
The Amphetamine Connection

How Meth is Driving the Identity Theft Pandemic

http://www.consumeraffairs.com/news04/2007/02/meth_id_theft.html
"There's a close link between methamphetamine use and identity theft," says Prosecutor Vanessa Riebli, head of the Johnson County, Kansas, District Attorney's
Economic Crime Unit. "ID's are traded or sold for drugs across the country, and drug users are supporting their habit with identity theft."

The above article may now be gone from online so I'm adding this one:

The meth connection to identity theft

Drug addiction plays a part in many crime rings, cops say

http://www.msnbc.msn.com/id/4460349/

The drugs and the crime fit neatly together; addicts strung out on meth can stay awake and focused for days at a time, making them expert hackers and mailbox thieves. And ID theft is easy money, the perfect income for drug addicts who have no other way to fund their habit.

40+ Million TJ Maxx customers, Ukrain, China and ID Theft

As I've said in class, ID Theft is linked to International Organized crime and particularly to Eastern Europe, Russia, and the Ukraine. Here is a source for those claims...

Retail Hacking Ring Charged for Stealing and Distributing Credit and Debit Card Numbers from Major U.S. Retailers

More Than 40 Million Credit and Debit Card Numbers Stolen

Three of the defendants are U.S. citizens, one is from Estonia, three are from Ukraine, two are from the People’s Republic of China and one is from Belarus. One individual is only known by an alias online, and his place of origin is unknown.
http://www.usdoj.gov/opa/pr/2008/August/08-ag-689.html

Saturday, December 6, 2008

China's goverment is interested in your data

This is an older article that I have referred to in class.

Olympic visitors' data is at risk
WASHINGTON — National security agencies are warning businesses and federal officials that laptops and e-mail devices taken to the Beijing Olympics are likely to be penetrated by Chinese agents aiming to steal secrets or plant bugs to infiltrate U.S. computer networks.

http://www.usatoday.com/sports/olympics/2008-06-10-olympicspy_n.htm?loc=interstitialskip

Do you pay bills online?

Hackers Hijacked Large E-Bill Payment Site

Read this Washington Post article to see if you may be compromised:
http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html?hpid=sec-tech

From the article, these are the companies exposed to risk:
https://mycheckfree.com/br/wps?rq=login&slpg=Y&file=authentication/login_baseline_companies&esc=93096239&sp=10001

Tuesday, December 2, 2008

Kroll Fraud Solutions

Great business and personal tips from the Premiere Risk Management company in North America
"Kroll launched Fraud Solutions in 2002 as a direct response to clients' requests. Today, over 30 million consumers and a host of leading organizations trust Kroll for their identity fraud solutions - recognizing that Kroll's resources and experience set it apart from every other company in the world."

Understand All the Risks of ID Theft and Sensitive Personal Information Fraud

http://www.krollfraudsolutions.com/understanding-id-theft/understand-theft.aspx

Monday, December 1, 2008

Compliance with Red Flag Rules by Colleges and Universities

For those who are still wondering if a College or University needs to bother with any of this here is an article by a Law Firm in North Carolina making it rather plain.


Compliance with Red Flag Rules by Colleges and Universities
10.27.2008

http://www.poynerspruill.com/publications/Pages/CompliancewithRedFlagRulesbyCollegesandUniversities.aspx


"Colleges and universities are subject to administrative enforcement by the FTC"

ID Theft can cut off your Electricity

ID Theft issue shuts off power to a woman's home.

http://www.kxxv.com/Global/story.asp?S=9383191&nav=menu509_3


It's another identity theft case in Central Texas that's left Trissina Neal without electricity, wondering what she can do next.

How Careful are Schools with your data and what do they have?

A client of mine brought this up to me in a training I did for his company earlier this year and here is an example in the news:

Background check systems used in growing number of Central Texas school districts.

http://www.statesman.com/news/content/news/stories/local/12/01/1201idcheck.html

"...software and equipment from Houston-based Raptor Systems to scan information encoded in the magnetic strip on driver's licenses and other identification cards. The software sends each visitor's full name, birth date, license number and photo over the Internet; checks the information against Raptor's national database of registered sex offenders; and prints out a visitor's badge with his or her name and picture. School personnel can also type in a visitor's name and birth date...."

8000 Military Compromised by ID Theft Ring

For those of you concerned about protecting our servicemembers, this story from Dallas/Ft Worth.

Although technically, this is Bank Fraud, the fact that servicemembers were targeted caught my attention and they could have set this up differently had they wanted. Someone else may have already tried a broader scope of crime:

http://cbs11tv.com/local/Identity.Theft.Ring.2.863826.html

"In all, the identities of over 8,000 servicemen were compromised."

In an effort to put Military items together here is a link about USAF SSGT David Hernandez who suffered 4 of the 5 primary types of ID Theft:

Welcome

Welcome to my blog. The primary purpose of this Blog is to provide links to source material that I may have quoted in a presentation or training or researched in answer to a question I have been asked.

I hope this site helps you share this information with others and/or conduct your own research. Please contact me with any questions. Thank you for visiting.