Friday, December 25, 2009
Tuesday, December 15, 2009
From the FTC's news release:
"At the Security Plaza, visitors can build a social networking page and see the unintended consequences of posting personal information. They also get tips on how to keep their computers safe while they're online. In the arcade, visitors can play Info Defender 3 and protect Earthlings from Cyclorian invaders who would steal their identities. The game teaches the importance of protecting personal information, including Social Security numbers."
Monday, December 14, 2009
The guy was caught red handed in the process of transferring $440,000 from one victims account to his paypal as cops busted through his door. He then attempted to elude police by jumping off his buildings roof onto another building 1 floor below. Needless to say, he was caught.
Wednesday, December 9, 2009
Some examples are:
* a guy who became a doctor
* a 33 yr old mother who wanted to go back to high school & become a cheerleader
*"Neighbors from hell" who took around 30 different identities to maintain their lifestyle
* a guy arrested for stealing his own identity after faking his death
Proceed to Listverse for all 10 stories
Monday, November 30, 2009
For instance, the iPhone & new "droid" phones have built in GPS/Geotagging features . The holidays provide opportunity for people to take lots of photos of Christmas presents, family functions, home interiors & so on. Combine that with the instant upload features of Twitter or Flickr & you have just shown the world that you have a 50" TV hanging on your wall along with your address where it can now be picked up. Should you decide to ever leave the house for a vacation or,.....uh,...... ever, you have just shown that your house may be empty for them to come by & pay your valuables a visit.
With the holidays being in full swing there will be plenty of digital locations where a person may post something about their family online. It can be easy to provide family members names, locations, birthdays, pet names, favorite cars, etc.... giving a complete guide to all of the favorite security answers that may be asked should one forget their password to an online account. Remember, this could be something that you may not even do. Your nephew, niece, cousin, etc... who visits may even do this not realizing the implications of their actions. It is very simple to associate family members making it childsplay to get all the info a thief needs to access your online identy & claim your physical one as well.
Saturday, November 28, 2009
Sunday, November 22, 2009
Friday, November 20, 2009
Friday, November 13, 2009
1. protect against spyware/malware
2. fraud alerts
3. Google the kids
4. medical identity
5. social networking
Remember, most identity theft is actually done through physical means but that doesn't mean you should leave your electronic door wide open for them. Make sure to always have up to date virus protection & run periodic scans on your computer for bad software that might unknowingly be on your computer. All of the necessary software can be found on the net for free so there is no excuse.
This problem began when the Oregon womans purse became lost 5 years ago. She had taken the precautionary measure (at the time) of cancelling her credit cards & getting new identification cards but that did little good.
Tuesday, November 3, 2009
At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.http://www2.ftc.gov/opa/2009/10/redflags.shtm
Just another article about ID Theft being an inside job.
Thursday, October 8, 2009
Thieves can remove ink from your check and re-write it without compromising any safeguards, including your legitimate signature. Takes forgery to a new level.
Here is a great illustration if YouTube lets the video stay up.
Watch this if you write checks, or accept them for that matter.
Wednesday, October 7, 2009
They remind us that Identity Theft has surpassed the criminal drug trade according to the US Department of Justice.
The assessment will even tell you what they estimate your value to be on the black market.
And then they offer some illuminating videos to illustrate the point. I found it entertaining. You may find it more disturbing. We have discussed these issues in class.
I enjoyed taking the test and particularly the videos at the end which are also available in the top navigation via the link "Explore Digital Dangers."
Consider visiting the site and taking the quiz and watching the videos. I've provided links directly to three of the videos, Bank of Nikolai, S.O.L. and Cyber Hunting in my list of Identity Theft videos at the right.
I do want to comment on the low value they may estimate your Identity to be worth. I have seen other studies with low values for credit card, social security number and other information. Remember, in a supply and demand economy, a low demand (price) indicates a high supply (availability). This may be because there is so much stolen data available. PrivacyRights.org estimates at least 339,674,601 records have been compromised in the US since 2005 as of October 2, 2009. The US Census Bureau estimates today's US population to be 307,645,025. More data has been compromised than there are people living in the country.
Also, I like to point out that if a thief steals your car, he can sell it or part of it only one time before he is out of inventory, but if a thief steals your Social Security Number or Driver's License Number he can sell that information until he gets tired of repeating it because he can't run out of inventory, he can only decide when and if the information is too risky or unprofitable to resell again. So the low value of Identity Theft information supports the fact that there is a lot of information out there that thieves want and it is easy for them to obtain, not vice-versa.
Monday, September 28, 2009
The FTC currently mandates all Businesses to adopt an IDTheft Program bu November 1, 2009 here http://www.ftc.gov/opa/2009/07/redflag.shtm.
They have published this website tp help you figure out what to do http://www.ftc.gov/redflagsrule
The Texas Workforce Commission interpreted the FTC mandate, years ago, in the first four pages of their Winter 2007 newsletter http://www.twc.state.tx.us/news/tbt/tbt0107.pdf
Our Texas Attorney General has filed enforcement actions against companies such as CVS Pharmacy, Lifetime Fitness, Radio Shack, GAB Robins, B&F Finance McAllen, L.L.C, Nino Tax of Brownsville, Cornerstone Fitness and others for violating the Texas "Identity Theft Enforcement and Protection Act" and fined them over $1.8 million collectively.
I recommend that any business, especially in Texas, pay close attention to these issues when crafting their policy to comply with these State and Federal laws.
To help reduce your risks and mitigate your damages should you have a customer, client, news reporter, disgruntled employee, law enforcement officer or even the AGs office discover that you have violated one or more of these laws either knowingly or unknowingly, you should take action immediately to ensure that you have taken reasonable steps and complied with these laws before it is too late.
Do not wait until you experience a break-in, theft or data breach at your company. By then it may already be too late. Attorney General Abbott has stated
"The Office of the Attorneyhttp://www.oag.state.tx.us/
General will continue aggressively
enforcing identity theft laws and
protecting Texas consumers."
Tuesday, August 18, 2009
I will update this post later to comment on the numbers involved between this, TJ Maxx and the Checkfree.com breach on Dec 2, 2008.
A federal grand jury has indicted three people on charges of hacking into the files of the credit and debit card processing giant Heartland Payment Systems last year in what the Justice Department is calling the largest identity-theft case ever prosecuted.http://www.washingtonpost.com/wp-dyn/content/article/2009/08/17/AR2009081701915.html
Tuesday, August 4, 2009
I will post or update another entry about the website (http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml) they provide to assist business with compliance because they point out on that website that circumstances may change and require you as a business owner to implement a written Identity Theft plan.
FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule
To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009.
Wednesday, July 22, 2009
Be aware that if you visit another site to obtain your "free credit file disclosure" that it may impact your credit rating. I am posting this information to my blog to clarify this issue.
AnnualCreditReport.com provides consumers with the secure means to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies in accordance with the Fair and Accurate Credit Transactions Act (FACT Act).
AnnualCreditReport.com is the only service authorized by Equifax, Experian and TransUnion for this purpose. The three nationwide consumer credit reporting companies have always encouraged consumers to regularly review their credit reports.
AnnualCreditReport.com is the official site to help consumers to obtain their free credit report.
The Red Flags Rule: What Utility Companies Need to Know About Complying with New Requirements for Fighting Identity Theft
Companies that provide utility services are covered by the Rule if they are “creditors” with “covered accounts.” A creditor is a business or organization that regularly defers payments for goods or services.
Fighting Fraud with the Red Flags Rule: A How-To Guide for Business
...As a practical matter, most businesses and organizations that provide products and services to their customers and then bill them later are covered by the Rule.
If you look into the FAQ section of this site it will remind you that even if you are not covered under the Red Flags Rule now, that you need to periodically do a Risk Assessment to consider whether your status has changed
Of course, from time to time you need to consider whether your identity theft risk has changed, warranting a different approach with respect to the Rule.
If you are running a business serving residential customers, you should be aware of this Article from the FTC:
The Red Flags Rule: Compliance Tips for Companies Offering Services In and Around the Home
...businesses must review their billing and payment procedures to determine if they’re covered by the Red Flags Rule. Whether the law applies to you isn’t based on the kind of business you’re in, but rather on whether your activities fall within the law’s definition of two key terms: “creditor” and “covered account.”http://www.ftc.gov/bcp/edu/pubs/articles/art15.shtm
Every franchise system must review its billing and payment procedures to determine if it’s covered by the Red Flags Rule.http://www.ftc.gov/bcp/edu/pubs/articles/art14.shtm
Monday, July 6, 2009
The Federal Trade Commission has published a booklet titled "Protecting Personal Information, A Guide for Business" which is now an interactive website designed to help Business Owners. You can download the guide as a PDF or order copies from the website here:
In 2005 the Texas Workforce Commission addressed this issue in its Fall 2005 newsletter "Legal Briefs"section titled "Identity Theft in the Workplace: What You Must Know." This free newsletter is archived online here and the Legal Briefs article is on pages 1-6
The Texas Workforce Commission also revisited the topic in the Winter 2007 issue on pages 1-4 in another article titled "An Introduction to the Fair And Accurate Credit Reporting Act (FACTA): What Business Owners Must Know" and referred to the previous 2005 article
"Identity Theft Resource Library. You'll find important laws, reports and testimony from both the federal and state level with information relating to credit, privacy and information security, fraud alerts, and Social Security numbers."
This library contains links to many resources including National and State data as well as Testimony, actual Laws, Rules and other information available through their Deter, Detect, Defend Campaign:
The Privacy Rights Clearinghouse at PrivacyRights.org has posted listings of Identity Theft Surveys, Studies and Statistics from
"Javelin Strategy & Research, Better Business Bureau, Identity Theft Resource Center, Federal Trade Commission, Gartner, and Privacy & American Business"originally posted in September 2003 and last updated in June 2007:
"The hospital already had a medical identity theft prevention program in place, he said, but is updating it as part of the Federal Trade Commission's "Red Flag Rules" program."http://www.bizjournals.com/triad/stories/2009/07/06/daily10.html
This May 2009 article from the FTC was intended to clarify the actions that Hospitals and other Healthcare providers must take and in it they state
The Red Flags Rule, a law the FTC will begin to enforce on August 1, 2009, requires certain businesses and organizations — including many doctors’ offices, hospitals, and other health care providers — to develop a written program to spot the warning signs — or “red flags” — of identity theft. Is your practice covered by the Red Flags Rule?
The “Red Flags” Rule: What Health Care Providers Need to Know About Complying with New Requirements for Fighting Identity Thefthttp://www.ftc.gov/bcp/edu/pubs/articles/art11.shtm
1. Colorado Mile High Council Data Breach
The Girl Scouts Mile Hi Council has notified its members and their parents that they might be at risk for identity theft because of tapes stolen from a car June 27.
2. Girl Scout Leader Sentenced to 10 years + for Identity Theft
October 31, 2007, Barnes entered pleas of guilty to nineteen (19) counts of filing false and fictitious claims for refund to the IRS, fifteen (15) counts of unlawfully using the identification of another person to commit an unlawful activity (Identity Theft), and one (1) count of theft of government property. In her October plea hearing, Barnes admitted to having used her position of trust as a Girl Scout leader in Pea Ridge, Florida, to obtain personal history information from the members of the Girl Scout Troop.
Wednesday, June 24, 2009
Apparently even the IRS is not following it's own advice. Or the law for that matter.
The article links to the 29 page report from the Treasury Inspector General for Tax Administration which states that investigators
"had trouble finding anyone responsible for overseeing most of the facilities that the IRS contracted with to burn or shred sensitive taxpayer documents."That report is available here:
Tuesday, June 23, 2009
CONSUMER ALERT: Smishing Scam Targets Houston-area Credit Union Accountshttp://www.oag.state.tx.us/oagNews/release.php?id=3014
The video clip is cited as "Austin - Office of the Attorney General Hosts Mortgage Fraud Summit" and in it he says that in at least one study, Mortgage Fraud has become the fastest growing White-Collar Crime in America, surpassing Identity Theft.
I would like to remind you that some companies offering Identity Theft Restoration, would consider Mortgage Fraud as a form of Identity Theft.
In addition to linking to the particular law above, here is an article I've used in class regarding CVS Pharmacy and Radio Shack:
CVS joins RadioShack on Abbott's document-tossing suit dockethttp://www.legalnewsline.com/news/contentview.asp?c=193725
And here is a link to the source of this information on Texas Attorney General Greg Abbott's homepage:
Agreed judgment requires CVS Pharmacy to improve document disposal process
Thursday, June 18, 2009
Thursday, June 11, 2009
FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programshttp://www.ftc.gov/opa/2009/04/redflagsrule.shtm
The Fair and Accurate Credit Transactions Act of 2003 (FACTA).... Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals.
I want to remind you that ID Theft is a serious issue. Liabilities for carelessness still exist even though the FTC is delaying enforcement of this rule. As noted in the release, entities that are covered by other agencies may not benefit from this FTC extension at all. The liabilities for you and your business still exist even though the enforcement of this particular rule has been delayed.
With all the press-releases on this topic, when the FTC does decide to enforce the rule do you think that either "I didn't know about this" or "I didn't have time" is something you want to say in your own defense?
This has been a topic that should have been on the minds of business owners and government agencies since January 1, 2008 when the Rules became effective. The November 2007 announcement is coming up on its 2 year anniversary.
Wednesday, April 1, 2009
I've updated my links at right. I encourage you to visit his website and subscribe. Much of the information I post here in the future may well come from or simply be a link to a posting on his blog.
If it weren't for John's efforts to educate everyone about ID Theft, I would never have met you or become involved with your company as a Certified Identity Theft Risk Management Specialist.
I've just finally ordered his newest book "If You are Me, then Who am I?" today and I'll go ahead and recommend that you do the same. Information is on his website here http://johngardneronline.com/?page_id=3
Here is part of his Bio posted on his site here http://johngardneronline.com/?page_id=2
John P. Gardner, Jr. is an attorney and one of the nation’s leading experts on Identity Theft. While others were scrambling to tell people to lock their mailboxes and shred their credit card statements, Mr. Gardner was warning consumers of the potential health risks, Social Security and tax issues, financial disasters, and the reality that they could face false imprisonment as a result of someone stealing their identity. He has consulted with various State Governmental entities including members of the Kentucky Senate, the Michigan House of Representatives, and the South Carolina Senate Finance and House Judiciary Committee Staff on Identity Theft, Privacy and Data Protection legislation. He has helped to implement Identity Theft Protection programs which today protect hundreds of thousands of Americans identities and even more recently, he has been consulting with Major Corporations, Hospitals, Government Agencies and Small Businesses on how to better protect the Identities and Non-public Information of their employees and customers. Mr. Gardner has traveled extensively across North America speaking to groups and providing training to many organizations on Identity Theft, Privacy, and Data Protection.
Monday, February 23, 2009
That point is made in this article by this statement, "In at least hundreds of cases last year, workers accused of immigration violations found themselves facing the more serious identity theft charge as well, without any indication they knew their counterfeit Social Security and other identification numbers belonged to actual people and were not made up."
It also touches on the supply and demand issues and doesn't mention that getting an identity is a problem when they state "..traveled to Chicago and bought numbers from someone who trades in counterfeit IDs." I don't see that they indicated this was a difficult or mystifying process. It is presented as pretty straightforward from the way I read this.
The article is on Yahoo News here:
Tuesday, February 10, 2009
Not even Hollywood could dream this one up........
In addition to the theft, 1.5 million people may have had their personal data stolen along w/ 1.1 million social security numbers being breached.
copy & paste this if the link above does not work.
Sunday, February 8, 2009
Organizations that experienced a data breach in 2008 paid an average of $6.6 million last year to rebuild their brand image and retain customers, according to a new study.Ponemon Institute, a Tucson-based research firm, looked at 43 organizations that reported a data breach last year and found that roughly $202 was spent on each consumer record compromised.
The Heartland Payment Systems [HPY] data breach is the first major information security incident of 2009.
Exactly one week after the Heartland Payment Systems (HPY) breach was first announced to the public, the first lawsuit has been filed against the payments processor.
Tuesday, February 3, 2009
Sunday, February 1, 2009
Intel , Microsoft, Google, along with several other companies are behind this official holiday. Here are a few links that can help in securing your data.
- Nothing beats Pre-Paid Legals' Identity Theft Protection
- Lifehacker always has good tips.
- The IAPP is a worldwide organization dedicated to spreading information about ID privacy .
- Here is site for MAC users with some good tips
Free software links to help you keep your computer (& identity) safe:
Commodo Internet Security suite is a well rounded, low system resource package
PC-Tools Antivirus is a decent realtime Antivirus scanner. The same company also created Threatfire to compliment any other (even paid ones like Norton's & McAfee) antivirus scanner. *Caveat* : Threatfire should not be used by itself but to enhance a "library based" scanner that receives nightly updates.
There is no excuse to NOT encrypt your Windows hard drive with the free, "Open Source" Truecrypt.
Man to police: I have tons of stolen/forged id's & documents. What should I do ? Police: We don't want it. Throw it in the dumpster.
Being an honest man, he took the items to the police station. When he asked the officer what he should do with the items, he was shocked when he was told they didn't want it & that he should find the nearest dumpster & toss the items. He decided to go to the nearest TV station instead.
Sunday, January 18, 2009
"his wife became the innocent victim of identity theft and police invaded their home on an illegal no knock warrant and killed the family dogs."http://www.allheadlinenews.com/articles/7011867263
Associated Press video on You Tube, notice the Police Inspector General's comments on how criminals involve innocent civilians
"The Red Flag Rules require each college or university meeting the criteria above to develop and implement a written Identity Theft Prevention Program..."
"The FTC has taken the position that health care providers (including physicians) are “creditors,” and subject to the Red Flag Rules, if they bill consumers after their services are completed, and that health care providers (including physicians) that accept insurance are considered “creditors” if the consumer is ultimately responsible for the medical fees."http://www.wisconsinmedicalsociety.org/publications_and_media/medigram/archive/october_9_2008/ypyf
Thursday, January 15, 2009
I'm glad to see these points discussed which we may have discussed in class:
- Identity Theft issues can take Years to resolve
- A freeze can be inconvenient
- A freeze is best suited for someone who doesn't need to obtain credit quickly or frequently or perhaps doesn't anticipate needing any more credit for the rest of their life
A Security Freeze can do a great deal to protect your Child from Financial Identity Theft with little impact on them as they won't need credit until they are at least 18 years old.
Texas Attorney General Greg Abbott advice about Security Freezes
This article from the Identity Theft Resource Center makes two excellent points that should not be overlooked if your child has an Identity Theft issue:
- Point out that the child is a minor and that by law is not permitted to enter into a contract.
- Do you need an attorney? That depends on the offender or person who is using the information. If the offender is a parent or relative or if this is a case that could be tied into a custody or divorce issue, it may be necessary to involve a family law attorney. This is especially true in joint custody cases. If you have joint custody of the child, timing is critical. If you fear that the offending parent might run off with the child, seek the advice of your attorney as to timing, legal actions that might assist you in protecting the safety of the child or the need to involve child protective services.
Wednesday, January 14, 2009
In the most recent class action, it alleges that Lifelock doesn’t protect it’s customers from all forms of identity theft. It also alleges that putting repetitive alerts on a credit report might hurt a person’s ability to get credit. Last but not least it alleges that Todd Davis — the CEO of Lifelock who plasters his own social security number all over the place as a marketing tool — has himself been an identity theft victim several times."
UPDATE 12.14.13 (the article is older I just added to my blog on 12.14.13)
This is too relevant not to share:
"LifeLock's Fraud-Alert Service Banned Forever in Settlement With Experian"
LifeLock, the ethics-bending, Tempe-based firm covered in two 2007 New Times feature articles, has been permanently banned from performing what used to be its most basic service.
The link to "permanently banned" takes you to this article by Patrick O'Grady
But here is an excerpt just in case "LifeLock Inc. and Experian Information Solutions Inc. have settled their lawsuit, and the agreement permanently blocks the original process LifeLock used to protect its clients."
Kroll is a division of Marsh & McLennan Companies, Inc. a NYSE company (MMC) with over 25 years experience. There is not an older, more experienced, more legally compliant company in the United States providing these services, publicly traded or not.
Please tell Donna and Tammy that I sent you.
Kroll Background Screening
Donna St. Jacques
Data Breach Notification
Kroll Fraud Solutions