Wipe old cell phone data when recycling your phone

Recellular is a recycling service for cell phones. You even have the option of providing the gift of phone service to servicemen. They also provide free software that will wipe all of your personal data from a cell phone should you decide to regift it to another family member or get that brand new phone under the tree.
http://www.recellular.com/recycling/data_eraser/default.asp

2 methods cons get your credit card

FTC debuts new "Cyber Mall" to highlight identity theft risks & online security awareness

The FTC has recently opened a site to spread awareness of how easy it is to unknowingly fall victim to online scams & the identity thefts risks associated with social networking sites. Some of the games & scenarios include info on how (&why) to protect your personal information, how to spot scams, including spotting advertising techniques, nigerian (419) letters, free vacations, modeling offers & much more. This is a great site with information everyone young & old can learn from.

From the FTC's news release:
"At the Security Plaza, visitors can build a social networking page and see the unintended consequences of posting personal information. They also get tips on how to keep their computers safe while they're online. In the arcade, visitors can play Info Defender 3 and protect Earthlings from Cyclorian invaders who would steal their identities. The game teaches the importance of protecting personal information, including Social Security numbers."

http://www.ftc.gov/youarehere/

ID thief tries to have informant wacked for testifying

A guy steals personal identity information, proceeds to empty victims bank accounts, gets caught & places a hit out on a witness. When that doesn't proceed as planned, he places a second hit on the original hitman, all within jail.

The guy was caught red handed in the process of transferring $440,000 from one victims account to his paypal as cops busted through his door. He then attempted to elude police by jumping off his buildings roof onto another building 1 floor below. Needless to say, he was caught.
http://www.justice.gov/usao/cac/pressroom/pr2009/142.html

10 Bizarre cases of identity theft

These examples are a little extreme but they do represent some of the lengths that people are willing to pursue when it comes to identity theft.

Some examples are:
* a guy who became a doctor

* a 33 yr old mother who wanted to go back to high school & become a cheerleader

*"Neighbors from hell" who took around 30 different identities to maintain their lifestyle

* a guy arrested for stealing his own identity after faking his death

Proceed to Listverse for all 10 stories

http://listverse.com/2009/09/05/10-bizarre-cases-of-identity-theft/

T'is the season....

Being wired can unknowingly open oneself to identity & physical theft

With the proliferation of networking & social services (twitter, facebook, myspace, etc...) people can unknowingly provide a thief with all the info they need to steal a person blind. The internet never forgets. Something you mention casually may piece together a complete picture of your life over the course of a year.

For instance, the iPhone & new "droid" phones have built in GPS/Geotagging features . The holidays provide opportunity for people to take lots of photos of Christmas presents, family functions, home interiors & so on. Combine that with the instant upload features of Twitter or Flickr & you have just shown the world that you have a 50" TV hanging on your wall along with your address where it can now be picked up. Should you decide to ever leave the house for a vacation or,.....uh,...... ever, you have just shown that your house may be empty for them to come by & pay your valuables a visit.

With the holidays being in full swing there will be plenty of digital locations where a person may post something about their family online. It can be easy to provide family members names, locations, birthdays, pet names, favorite cars, etc.... giving a complete guide to all of the favorite security answers that may be asked should one forget their password to an online account. Remember, this could be something that you may not even do. Your nephew, niece, cousin, etc... who visits may even do this not realizing the implications of their actions. It is very simple to associate family members making it childsplay to get all the info a thief needs to access your online identy & claim your physical one as well.

http://www.augmentedplanet.com/2009/11/do-you-care-about-privacy/

http://www.mobile-spy.com/

http://iphone.iusethis.com/app/gpstracker

Identity thieves can buy bank account details lawfully from ebay, craigslist, etc...

Anyone has the ability to purchase used ATM's from another individual with no regulation whatsoever. Most of the time these ATM's still contain all of the users bank info for at least the past 6 months. The short story is that for as little as $500 a person can lawfully purchase thousands of credit/debit numbers, personal info, bank account numbers & pins for thousands of users.
http://realtysecurity.com/blog/2009/11/17/i-bought-an-atm-off-craigslist-for-750-w1000-ccs-on-it-yup/

Hancock Fabrics customers in several states experience ATM banking theft

Customers in several states who shopped at Hancock Fabrics have had their bank accounts emptied via ATM withdrawls. It is presumed that everything originated in Wisconsin however, people as far away as California & Missouri have had their checking accounts emptied sometimes, months after shopping.
http://www.kmov.com/home/b-Developing-b-More-people-coming-forward-in-money-scam-69902407.html

http://www.napavalleyregister.com/articles/2009/10/17/news/local/doc4ad8dd6fe28ef768993333.txt

Medicare mails postcards with SS#'s

An insurance mailer contracted by Medicare has mailed out postcards with recipients social security numbers in plain sight. They have offered credit monitoring for 1 year but after that, people are on their own.
http://news.aol.com/article/insurance-mailer-exposes-80000-medicare/775071

arstechnica tips on protecting ones identity

arstechnica has posted 5 reminder tips on how to protect yourself from identity theft:
1. protect against spyware/malware
2. fraud alerts
3. Google the kids
4. medical identity
5. social networking
http://arstechnica.com/security/news/2009/09/five-steps-to-protect-yourself-from-identity-theft.ars

Remember, most identity theft is actually done through physical means but that doesn't mean you should leave your electronic door wide open for them. Make sure to always have up to date virus protection & run periodic scans on your computer for bad software that might unknowingly be on your computer. All of the necessary software can be found on the net for free so there is no excuse.

Police arrest victim after DNA database linked ID thief to victim

An Oregon woman was recently held overnight after warrants had been issued for her arrest. It seems that various law enforcement agencies across the country had incorrect data entered into them due to a Florida woman using the Oregon womans identity to commit various crimes including prostitution & theft. In some cases, the victims DNA & photo had been linked with the thiefs causing greater confusion. Click the link below to read the whole story.
http://www.katu.com/news/local/69946642.html

This problem began when the Oregon womans purse became lost 5 years ago. She had taken the precautionary measure (at the time) of cancelling her credit cards & getting new identification cards but that did little good.

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule

The FACTA Red Flags compliance deadline has been delayed again, this time for 7 months until June 1, 2010.

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.

http://www2.ftc.gov/opa/2009/10/redflags.shtm

Bank Employee Charged with Identity Theft, Fraud

Employee with access to PII comits ID Theft. This is why the FTC wants all businesses to tighten up their policies and procedures. I find it interesting that this has been going "over an eight-year period."

Just another article about ID Theft being an inside job.

http://www.itbusinessedge.com/cm/community/news/sec/blog/bank-employee-charged-with-identity-theft-fraud/?cs=37196

Check Washing

We've discussed this in some of my classes.

Thieves can remove ink from your check and re-write it without compromising any safeguards, including your legitimate signature. Takes forgery to a new level.

Here is a great illustration if YouTube lets the video stay up.
http://www.youtube.com/watch?v=iwUTvIyRvdk

Watch this if you write checks, or accept them for that matter.

Norton Risk Assessment Tool and Videos

Norton has a very interesting and entertaining Online Risk Calculator and several videos posted here http://www.everyclickmatters.com/victim/assessment.html to help illustrate the issue of Identity Theft and the "cybercriminal black market."

They remind us that Identity Theft has surpassed the criminal drug trade according to the US Department of Justice.

The assessment will even tell you what they estimate your value to be on the black market.

And then they offer some illuminating videos to illustrate the point. I found it entertaining. You may find it more disturbing. We have discussed these issues in class.

I enjoyed taking the test and particularly the videos at the end which are also available in the top navigation via the link "Explore Digital Dangers."

Consider visiting the site and taking the quiz and watching the videos. I've provided links directly to three of the videos, Bank of Nikolai, S.O.L. and Cyber Hunting in my list of Identity Theft videos at the right.

I do want to comment on the low value they may estimate your Identity to be worth. I have seen other studies with low values for credit card, social security number and other information. Remember, in a supply and demand economy, a low demand (price) indicates a high supply (availability). This may be because there is so much stolen data available. PrivacyRights.org estimates at least 339,674,601 records have been compromised in the US since 2005 as of October 2, 2009. The US Census Bureau estimates today's US population to be 307,645,025. More data has been compromised than there are people living in the country.

Also, I like to point out that if a thief steals your car, he can sell it or part of it only one time before he is out of inventory, but if a thief steals your Social Security Number or Driver's License Number he can sell that information until he gets tired of repeating it because he can't run out of inventory, he can only decide when and if the information is too risky or unprofitable to resell again. So the low value of Identity Theft information supports the fact that there is a lot of information out there that thieves want and it is easy for them to obtain, not vice-versa.

ID Theft Resources and TX AG Abbott Enforcement Actions

As the current November 1, 2009 Federal deadline to comply with the Red Flags Rules approaches, I thought I would recap some of the currently available resources and some of the enforcement actions already taken by Texas Attorney General Greg Abbott related to Identity Theft and its impact on you and your business.

The FTC currently mandates all Businesses to adopt an IDTheft Program bu November 1, 2009 here http://www.ftc.gov/opa/2009/07/redflag.shtm.

They have published this website tp help you figure out what to do http://www.ftc.gov/redflagsrule

The Texas Workforce Commission interpreted the FTC mandate, years ago, in the first four pages of their Winter 2007 newsletter http://www.twc.state.tx.us/news/tbt/tbt0107.pdf

Our Texas Attorney General has filed enforcement actions against companies such as CVS Pharmacy, Lifetime Fitness, Radio Shack, GAB Robins, B&F Finance McAllen, L.L.C, Nino Tax of Brownsville, Cornerstone Fitness and others for violating the Texas "Identity Theft Enforcement and Protection Act" and fined them over $1.8 million collectively.

I recommend that any business, especially in Texas, pay close attention to these issues when crafting their policy to comply with these State and Federal laws.

To help reduce your risks and mitigate your damages should you have a customer, client, news reporter, disgruntled employee, law enforcement officer or even the AGs office discover that you have violated one or more of these laws either knowingly or unknowingly, you should take action immediately to ensure that you have taken reasonable steps and complied with these laws before it is too late.

Do not wait until you experience a break-in, theft or data breach at your company. By then it may already be too late. Attorney General Abbott has stated

"The Office of the Attorney
General will continue aggressively
enforcing identity theft laws and
protecting Texas consumers."

http://www.oag.state.tx.us/agency/weeklyag/2007/0607data.pdf

130 Million Records in Heartland Payment Systems Indictment

I posted about this in February. I may update that later. They say 130 Million Credit Cards were compromised. That is almost half the US population. The article also mentions two accomplices were Russian.

I will update this post later to comment on the numbers involved between this, TJ Maxx and the Checkfree.com breach on Dec 2, 2008.

A federal grand jury has indicted three people on charges of hacking into the files of the credit and debit card processing giant Heartland Payment Systems last year in what the Justice Department is calling the largest identity-theft case ever prosecuted.

http://www.washingtonpost.com/wp-dyn/content/article/2009/08/17/AR2009081701915.html

FTC Delays Red Flags Enforcement Until Nov 1, 2009

The FTC has once again delayed their enforcement of the Red Flags Rule in a further effort to make sure all business has adequate time to comply with the Rule as detailed in their latest press release quoted and linked to below.

I will post or update another entry about the website (http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml) they provide to assist business with compliance because they point out on that website that circumstances may change and require you as a business owner to implement a written Identity Theft plan.

FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule

To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009.

http://www.ftc.gov/opa/2009/07/redflag.shtm

Free Annual Credit Reports

As you may know, we are all entitled to a Free Annual Credit Report under FACTA or the FACT Act.

Be aware that if you visit another site to obtain your "free credit file disclosure" that it may impact your credit rating. I am posting this information to my blog to clarify this issue.

AnnualCreditReport.com provides consumers with the secure means to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies in accordance with the Fair and Accurate Credit Transactions Act (FACT Act).

AnnualCreditReport.com is the only service authorized by Equifax, Experian and TransUnion for this purpose. The three nationwide consumer credit reporting companies have always encouraged consumers to regularly review their credit reports.

AnnualCreditReport.com is the official site to help consumers to obtain their free credit report.

Utilitiy Companies

The FTC has issued an "Article for Business" for Utilities regarding the Red Flags Rule

The Red Flags Rule: What Utility Companies Need to Know About Complying with New Requirements for Fighting Identity Theft

Companies that provide utility services are covered by the Rule if they are “creditors” with “covered accounts.” A creditor is a business or organization that regularly defers payments for goods or services.

http://ftc.gov/bcp/edu/pubs/articles/art13.shtm

Fighting Fraud with the Red Flags Rule: A How-To Guide for Business

This site from the FTC can help a business get a handle on the Red Flags Rule.

Fighting Fraud with the Red Flags Rule: A How-To Guide for Business

...As a practical matter, most businesses and organizations that provide products and services to their customers and then bill them later are covered by the Rule.

http://ftc.gov/redflagsrule

If you look into the FAQ section of this site it will remind you that even if you are not covered under the Red Flags Rule now, that you need to periodically do a Risk Assessment to consider whether your status has changed

http://ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm#C

Of course, from time to time you need to consider whether your identity theft risk has changed, warranting a different approach with respect to the Rule.

Companies Offering Services In and Around the Home

If you are running a business serving residential customers, you should be aware of this Article from the FTC:

The Red Flags Rule: Compliance Tips for Companies Offering Services In and Around the Home

...businesses must review their billing and payment procedures to determine if they’re covered by the Red Flags Rule. Whether the law applies to you isn’t based on the kind of business you’re in, but rather on whether your activities fall within the law’s definition of two key terms: “creditor” and “covered account.”

http://www.ftc.gov/bcp/edu/pubs/articles/art15.shtm

Franchise

The FTC has published an "Article for Business" titled "Franchisors: Are You Complying with the Red Flags Rule’s New Requirements for Fighting Identity Theft?" stating in part that:

Every franchise system must review its billing and payment procedures to determine if it’s covered by the Red Flags Rule.

http://www.ftc.gov/bcp/edu/pubs/articles/art14.shtm

FTC and the Texas Workforce Commission

This is not an article I have used in class but I am now expanding the scope of my blog to help me distribute information to business owners and other decision makers. I put these 3 links here for easy access. If I have mentioned them in class, I may have mentioned them as part of the reason the class has been brought together.

The Federal Trade Commission has published a booklet titled "Protecting Personal Information, A Guide for Business" which is now an interactive website designed to help Business Owners. You can download the guide as a PDF or order copies from the website here:
http://www.ftc.gov/bcp/edu/microsites/infosecurity/index.html

In 2005 the Texas Workforce Commission addressed this issue in its Fall 2005 newsletter "Legal Briefs"section titled "Identity Theft in the Workplace: What You Must Know." This free newsletter is archived online here and the Legal Briefs article is on pages 1-6
http://www.twc.state.tx.us/news/tbt/tbt1205.pdf

The Texas Workforce Commission also revisited the topic in the Winter 2007 issue on pages 1-4 in another article titled "An Introduction to the Fair And Accurate Credit Reporting Act (FACTA): What Business Owners Must Know" and referred to the previous 2005 article
http://www.twc.state.tx.us/news/tbt/tbt0107.pdf

Identity Theft Reference, Surveys, Studies and Statistics

The Federal Trade Commission maintains a "Reference Desk" intended to serve as an

"Identity Theft Resource Library. You'll find important laws, reports and testimony from both the federal and state level with information relating to credit, privacy and information security, fraud alerts, and Social Security numbers."

This library contains links to many resources including National and State data as well as Testimony, actual Laws, Rules and other information available through their Deter, Detect, Defend Campaign:

http://www.ftc.gov/bcp/edu/microsites/idtheft/reference-desk/index.html


The Privacy Rights Clearinghouse at PrivacyRights.org has posted listings of Identity Theft Surveys, Studies and Statistics from

"Javelin Strategy & Research, Better Business Bureau, Identity Theft Resource Center, Federal Trade Commission, Gartner, and Privacy & American Business"

originally posted in September 2003 and last updated in June 2007:
http://www.privacyrights.org/ar/idtheftsurveys.htm

Doctors, Hospitals, Healthcare Providers and Identity Theft Red Flags

I noticed that I don't have a specific post about Hospitals and I noticed this article in the news about Wake Forest University Baptist Medical Center updates policy to address the FACTA Red Flags Rule:

"The hospital already had a medical identity theft prevention program in place, he said, but is updating it as part of the Federal Trade Commission's "Red Flag Rules" program."

http://www.bizjournals.com/triad/stories/2009/07/06/daily10.html


This May 2009 article from the FTC was intended to clarify the actions that Hospitals and other Healthcare providers must take and in it they state

The Red Flags Rule, a law the FTC will begin to enforce on August 1, 2009, requires certain businesses and organizations — including many doctors’ offices, hospitals, and other health care providers — to develop a written program to spot the warning signs — or “red flags” — of identity theft. Is your practice covered by the Red Flags Rule?

The “Red Flags” Rule: What Health Care Providers Need to Know About Complying with New Requirements for Fighting Identity Theft

http://www.ftc.gov/bcp/edu/pubs/articles/art11.shtm

Girl Scouts and ID Theft

This came up in a conversation recently and I realized it was not on my blog so here are 2 links about how Girl Scouts were touched by the Identity Theft epidemic in 2007:


1. Colorado Mile High Council Data Breach
The Girl Scouts Mile Hi Council has notified its members and their parents that they might be at risk for identity theft because of tapes stolen from a car June 27.
http://www.rockymountainnews.com/drmn/local/article/0,1299,DRMN_15_5621147,00.html


2. Girl Scout Leader Sentenced to 10 years + for Identity Theft
October 31, 2007, Barnes entered pleas of guilty to nineteen (19) counts of filing false and fictitious claims for refund to the IRS, fifteen (15) counts of unlawfully using the identification of another person to commit an unlawful activity (Identity Theft), and one (1) count of theft of government property. In her October plea hearing, Barnes admitted to having used her position of trust as a Girl Scout leader in Pea Ridge, Florida, to obtain personal history information from the members of the Girl Scout Troop.
http://www.forensicexams.org/index.php?option=com_content&task=view&id=2219&Itemid=76

The IRS Isn't Careful?

I found this article online today:

http://voices.washingtonpost.com/securityfix/2009/05/report_irs_created_dumpster-di.html

Apparently even the IRS is not following it's own advice. Or the law for that matter.

The article links to the 29 page report from the Treasury Inspector General for Tax Administration which states that investigators

"had trouble finding anyone responsible for overseeing most of the facilities that the IRS contracted with to burn or shred sensitive taxpayer documents."

That report is available here:
http://www.treas.gov/tigta/auditreports/2009reports/200930059fr.pdf

Mortgage Fraud Surpassing Identity Theft?

Texas Attorney General Greg Abbott has a video up today on his website related to this article

CONSUMER ALERT: Smishing Scam Targets Houston-area Credit Union Accounts

http://www.oag.state.tx.us/oagNews/release.php?id=3014

The video clip is cited as "Austin - Office of the Attorney General Hosts Mortgage Fraud Summit" and in it he says that in at least one study, Mortgage Fraud has become the fastest growing White-Collar Crime in America, surpassing Identity Theft.

I would like to remind you that some companies offering Identity Theft Restoration, would consider Mortgage Fraud as a form of Identity Theft.

Shredding

I noticed while searching my blog that I don't have a discreet post about shredding documents, particularly as it relates to Texans and the "Identity Theft Enforcement and Protection Act" so here is a post for this purpose.

In addition to linking to the particular law above, here is an article I've used in class regarding CVS Pharmacy and Radio Shack:

CVS joins RadioShack on Abbott's document-tossing suit docket

http://www.legalnewsline.com/news/contentview.asp?c=193725

And here is a link to the source of this information on Texas Attorney General Greg Abbott's homepage:

Agreed judgment requires CVS Pharmacy to improve document disposal process
http://www.oag.state.tx.us/oagNews/release.php?id=2397

Medical Identity Theft Concerns Grow

This is a good article and ties into the Anndorie Sachs story from class, note the last sentence "Dixon said, "Without aggressive safeguards, we could be building an infrastructure for massive medical fraud" (Konrad, New York Times, 6/13)."

http://www.ihealthbeat.org/Articles/2009/6/15/Medical-Identity-Theft-Concerns-Grow-as-EHR-Adoption-Increases.aspx

FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’

FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs

http://www.ftc.gov/opa/2009/04/redflagsrule.shtm

The Fair and Accurate Credit Transactions Act of 2003 (FACTA).... Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals.

I want to remind you that ID Theft is a serious issue. Liabilities for carelessness still exist even though the FTC is delaying enforcement of this rule. As noted in the release, entities that are covered by other agencies may not benefit from this FTC extension at all. The liabilities for you and your business still exist even though the enforcement of this particular rule has been delayed.

With all the press-releases on this topic, when the FTC does decide to enforce the rule do you think that either "I didn't know about this" or "I didn't have time" is something you want to say in your own defense?

This has been a topic that should have been on the minds of business owners and government agencies since January 1, 2008 when the Rules became effective. The November 2007 announcement is coming up on its 2 year anniversary.

John Gardner Online

John Gardner, the man I credit as the Premiere authority on Identity Theft issues, has a blog here:
http://johngardneronline.com/

I've updated my links at right. I encourage you to visit his website and subscribe. Much of the information I post here in the future may well come from or simply be a link to a posting on his blog.

If it weren't for John's efforts to educate everyone about ID Theft, I would never have met you or become involved with your company as a Certified Identity Theft Risk Management Specialist.

I've just finally ordered his newest book "If You are Me, then Who am I?" today and I'll go ahead and recommend that you do the same. Information is on his website here http://johngardneronline.com/?page_id=3

Here is part of his Bio posted on his site here http://johngardneronline.com/?page_id=2

John P. Gardner, Jr. is an attorney and one of the nation’s leading experts on Identity Theft. While others were scrambling to tell people to lock their mailboxes and shred their credit card statements, Mr. Gardner was warning consumers of the potential health risks, Social Security and tax issues, financial disasters, and the reality that they could face false imprisonment as a result of someone stealing their identity. He has consulted with various State Governmental entities including members of the Kentucky Senate, the Michigan House of Representatives, and the South Carolina Senate Finance and House Judiciary Committee Staff on Identity Theft, Privacy and Data Protection legislation. He has helped to implement Identity Theft Protection programs which today protect hundreds of thousands of Americans identities and even more recently, he has been consulting with Major Corporations, Hospitals, Government Agencies and Small Businesses on how to better protect the Identities and Non-public Information of their employees and customers. Mr. Gardner has traveled extensively across North America speaking to groups and providing training to many organizations on Identity Theft, Privacy, and Data Protection.

Immigration issues and Identity Theft

As I may have said in our class, illegal immigrant workers do not all know that Identity Theft is a crime, or at least they fully understand it.

That point is made in this article by this statement, "In at least hundreds of cases last year, workers accused of immigration violations found themselves facing the more serious identity theft charge as well, without any indication they knew their counterfeit Social Security and other identification numbers belonged to actual people and were not made up."

It also touches on the supply and demand issues and doesn't mention that getting an identity is a problem when they state "..traveled to Chicago and bought numbers from someone who trades in counterfeit IDs." I don't see that they indicated this was a difficult or mystifying process. It is presented as pretty straightforward from the way I read this.


The article is on Yahoo News here:
http://news.yahoo.com/s/ap/20090222/ap_on_go_su_co/scotus_identity_theft

Payroll cards subject of largest ATM heist,..EVER

NetworkWorld has an article detailing the database breach of RBSWorldPay (one of the largest payroll debit card issuers) & the extremely well co-ordinated effort of a "small army" of people spanning multiple countries that, within 30min, stole approximately 9 million dollars.

Not even Hollywood could dream this one up........

In addition to the theft, 1.5 million people may have had their personal data stolen along w/ 1.1 million social security numbers being breached.

copy & paste this if the link above does not work.
http://www.networkworld.com/community/node/38366

Data Breaches Are More Costly Than Ever

The Washington Post cites a study by the Ponemon Institute about the cost of Identity Theft to businesses. As you may know, this is some of the information Texas Attorney General Greg Abbott wants you to know and which I covered in your training class. Notice that "the company's stock lost 42 percent of its value" after the announcement and that mitigating damages like this are the key reason your employer had me come in to teach your class:

http://www.washingtonpost.com/wp-dyn/content/article/2009/02/02/AR2009020203064.html?hpid=sec-tech

Organizations that experienced a data breach in 2008 paid an average of $6.6 million last year to rebuild their brand image and retain customers, according to a new study.

Ponemon Institute, a Tucson-based research firm, looked at 43 organizations that reported a data breach last year and found that roughly $202 was spent on each consumer record compromised.

Heartland Payment Systems Data Breach

Bankinfosecurity.com has several articles related to the first major data breach of 2009 and the class action lawsuit that followed 7 days later:

http://www.bankinfosecurity.com/heartland_breach.php
The Heartland Payment Systems [HPY] data breach is the first major information security incident of 2009.

http://www.bankinfosecurity.com/articles.php?art_id=1181
Exactly one week after the Heartland Payment Systems (HPY) breach was first announced to the public, the first lawsuit has been filed against the payments processor.

Win a free shredder over at Lifehacker.com

Lifehacker will be sponsoring a contest in the near future to win a new "Jam-Proof" paper shredder. A paper shredder is always a good thing to have on hand (especially this time of year). Don't forget that once your garbage hits the curb it becomes "public property" & is an open invitation for anyone to have access to your (non-shredded) documents.
http://lifehacker.com/5140982/tax-season-and-what-it-means-for-identity-thieves

Happy (belated) data privacy day !

Even though we forgot write a post about it (whoops). I sure hope that you were able to celebrate data privacy day back on Jan. 28th. The main idea is to devote 1 day a year to actually thinking about & discussing data privacy concerns. Since alot of this data is comprised from databases it fits snuggly side-by-side into the Id Theft concerns we like to discuss.

Intel , Microsoft, Google, along with several other companies are behind this official holiday. Here are a few links that can help in securing your data.

1. Nothing beats Pre-Paid Legals' Identity Theft Protection
2. Lifehacker always has good tips.
3. The IAPP is a worldwide organization dedicated to spreading information about ID privacy .
4. Here is site for MAC users with some good tips

Free software links to help you keep your computer (& identity) safe:

Commodo Internet Security suite is a well rounded, low system resource package

PC-Tools Antivirus is a decent realtime Antivirus scanner. The same company also created Threatfire to compliment any other (even paid ones like Norton's & McAfee) antivirus scanner. *Caveat* : Threatfire should not be used by itself but to enhance a "library based" scanner that receives nightly updates.

There is no excuse to NOT encrypt your Windows hard drive with the free, "Open Source" Truecrypt.

Don't forget to sign your mail too! There is free software available to integrate with your MS Outlook.

Of course, nothing beats physical security & awareness wherever you are.

What the web knows about you (& tells the world)

In this article by Robert Mitchell (computerworld.com) He writes about performing in depth web searches to see what results were returned. He was surprised to find everything from his SS# to digital signatures posted online. What surprised him most was that most of the guilty parties were the government & other businesses related to financial institutions.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125058

Man to police: I have tons of stolen/forged id's & documents. What should I do ? Police: We don't want it. Throw it in the dumpster.

This guy buys a storage shed at auction. When opened, he discovers the original owners forged ID's, passports, birth certificates & more for a living. In addition to this, they would also break into peoples houses & businesses to obtain some of these items.

Being an honest man, he took the items to the police station. When he asked the officer what he should do with the items, he was shocked when he was told they didn't want it & that he should find the nearest dumpster & toss the items. He decided to go to the nearest TV station instead.
http://www.9news.com/news/article.aspx?storyid=108889&catid=339

ID Theft led to killing the Mayor's family dogs

'Mayor Cheye Calvo and his wife, Trinity Tomsic, held a televised press conference..."

"his wife became the innocent victim of identity theft and police invaded their home on an illegal no knock warrant and killed the family dogs."

http://www.allheadlinenews.com/articles/7011867263

Associated Press video on You Tube, notice the Police Inspector General's comments on how criminals involve innocent civilians
http://www.youtube.com/watch?v=B9Com08ILgQ&feature=related

Red Flag Rules, Colleges and Universities

The Poyner Spruill Law Firm in North Carolina states:

"The Red Flag Rules require each college or university meeting the criteria above to develop and implement a written Identity Theft Prevention Program..."

http://www.poynerspruill.com/publications/Pages/CompliancewithRedFlagRulesbyCollegesandUniversities.aspx

Physicians must comply with Red Flags Rule

The Wisconsin Medical Society provides a nice summary of the issue as I may have presented it to you:

"The FTC has taken the position that health care providers (including physicians) are “creditors,” and subject to the Red Flag Rules, if they bill consumers after their services are completed, and that health care providers (including physicians) that accept insurance are considered “creditors” if the consumer is ultimately responsible for the medical fees."

http://www.wisconsinmedicalsociety.org/publications_and_media/medigram/archive/october_9_2008/ypyf

Security Freeze and Fraud Alert

This is a great article from USA Today discussing a Security/Credit Freeze and a Fraud Alert although it was written in 2005 it is still very illuminating:
http://www.usatoday.com/money/perfi/general/2005-06-19-credit-cover-usat_x.htm

I'm glad to see these points discussed which we may have discussed in class:

1. Identity Theft issues can take Years to resolve
   
2. A freeze can be inconvenient
3. A freeze is best suited for someone who doesn't need to obtain credit quickly or frequently or perhaps doesn't anticipate needing any more credit for the rest of their life

These issues are also highlighted by Texas Attorney General Greg Abbott on his Identity Theft website here:
http://www.oag.state.tx.us/newspubs/weeklyag/2007/0907freeze.pdf

Security Freeze and Child Financial Identity Theft

A measure to consider for your minor children is to order copies of their credit reports from the 3 Bureaus to see if there is anything there, and there should not be, and consider placing a Security Freeze on their behalf.

A Security Freeze can do a great deal to protect your Child from Financial Identity Theft with little impact on them as they won't need credit until they are at least 18 years old.

Texas Attorney General Greg Abbott advice about Security Freezes
http://www.oag.state.tx.us/newspubs/weeklyag/2007/0907freeze.pdf

This article from the Identity Theft Resource Center makes two excellent points that should not be overlooked if your child has an Identity Theft issue:
http://www.idtheftcenter.org/artman2/publish/v_fact_sheets/Fact_Sheet_120.shtml

1. Point out that the child is a minor and that by law is not permitted to enter into a contract.
2. Do you need an attorney? That depends on the offender or person who is using the information. If the offender is a parent or relative or if this is a case that could be tied into a custody or divorce issue, it may be necessary to involve a family law attorney. This is especially true in joint custody cases. If you have joint custody of the child, timing is critical. If you fear that the offending parent might run off with the child, seek the advice of your attorney as to timing, legal actions that might assist you in protecting the safety of the child or the need to involve child protective services.

LIfelock Issues

Here is citation for much of what I've heard about Lifelock, it is a good summary of what I've heard and read in my own research:

http://www.bloggernews.net/115050
In the most recent class action, it alleges that Lifelock doesn’t protect it’s customers from all forms of identity theft. It also alleges that putting repetitive alerts on a credit report might hurt a person’s ability to get credit. Last but not least it alleges that Todd Davis — the CEO of Lifelock who plasters his own social security number all over the place as a marketing tool — has himself been an identity theft victim several times."

UPDATE 12.14.13 (the article is older I just added to my blog on 12.14.13)
This is too relevant not to share:

"LifeLock's Fraud-Alert Service Banned Forever in Settlement With Experian"
LifeLock, the ethics-bending, Tempe-based firm covered in two 2007 New Times feature articles, has been permanently banned from performing what used to be its most basic service.

http://blogs.phoenixnewtimes.com/valleyfever/2009/10/lifelocks_fraud-alert_service.php

The link to "permanently banned" takes you to this article by Patrick O'Grady
http://www.bizjournals.com/phoenix/stories/2009/10/19/daily66.html

But here is an excerpt just in case "LifeLock Inc. and Experian Information Solutions Inc. have settled their lawsuit, and the agreement permanently blocks the original process LifeLock used to protect its clients."

Kroll Resources

I'm pleased to announce that Kroll may be contacted directly for clients needing Background Check Services and Data Breach Notifications as noted below.

Kroll is a division of Marsh & McLennan Companies, Inc. a NYSE company (MMC) with over 25 years experience. There is not an older, more experienced, more legally compliant company in the United States providing these services, publicly traded or not.

Please tell Donna and Tammy that I sent you.

Background Checks
Kroll Background Screening
Donna St. Jacques
800.990.4473 x1249

Data Breach Notification
Kroll Fraud Solutions
Tammy Kowalski
615.320.9800 x20848