Identity Theft News

As identity theft news and commentaries become available, they are posted in this section for your quick access. Identity theft analysis and commentaries regarding current events are posted for identity protection and identity theft solutions. From time to time, interesting and important news become available that relate to identity theft, which I find worthy of posting in this section. If I miss any important piece of identity theft news, please contact me with a link and I’ll consider posting them here.

Latest search engine news

The Latest Identity Fraud Related News In Yahoo!

Major news and commentaries

Amex Card Activation Process is Flawed Sheila has a drug problem and has turned to crime to pay for her drug habit. Five months ago Sheila said she started working for an identity theft gang. Her job? Steal mail.

Identity theft news analysis - I read this article about mail being stolen from unprotected mailboxes to take newly issued credit cards and activate them for credit card fraud purposes. Most importantly, the article discusses how mail is stolen and why American Express cards are more attractive to identity thieves. I have written about mail security for identity theft prevention purposes in the past but this article discusses the specifics of stolen mail for credit card fraud purposes which identity and credit monitoring services will not immediately detect.



Past Identity Theft News

TJX card fraud mastermind jailed for 20 years What is fascinating about the story is that hacker is reported to have been working for the US Secret Service when they became aware of his fraudulent activities.

173 total breaches & 22 banking breaches so far in 2010 Will we break the 2009 record of 62 banking related breaches?

Amex Cardholders' Data Stolen By Employee Amex Cardholders' Data was stolen by an employee.

Identity theft news analysis - Internal threats arising from employees with access to customer information assets is huge because they already have access, the information can be sold in the black market at a very good price, and revenge or some justification for the illegal act is always a good reason too.

Three Indicted in Largest Corporate Identity Theft Case in History Hackers continue to target the big fish looking for personal information to commit identity fraud. They use simple and known hacking methods yet businesses continue to remain vulnerable.

Seattle man used Limewire for identity theft A Seattle man was sentenced to more than three years in prison Tuesday for using the Limewire file-sharing service to lift personal information from computers across the U.S.

Millions tossed out of Sweetbay data breach suit by Maine judge A federal judge in Maine ruled in tossing millions of shoppers out of a class-action suit seeking damages for a sweeping credit and debit card data breach at Sweetbay/Hannaford Bros. supermarkets a year ago.

Starbucks Sued After Laptop Data Breach A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.

Identity theft news analysis - This lawsuit is the first of more lawsuits to come. There is no excuse for having unencrypted laptops containing personal information any longer. This type of negligence has gone on for too long and will start costing negligent companies dearly in the months and years to come. Sooner or later, more States will have to become consumer friendly as the pressure is mounting on regulators and judges.

Security Breach at Monster.com Monster reported on January 23, 2009 that their database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Monster stated the information accessed does not include resumes. Monster stated they do not generally collect – and the accessed information does not include - sensitive data such as social security numbers or personal financial data.

Identity theft news analysis - The big risk here is the stolen passwords because not only they will allow access to your Monster.com account but could also be used to access other accounts where you use the same password. Change the Monster.com password immediately and also change that password if used for accessing other accounts.

Heartland Payment Systems Data Breached Heartland Payment Systems Inc. said Tuesday that cyber criminals compromised its computer network, gaining access to customer information associated with the 100 million card transactions it handles each month.

Data Breaches Up Almost 50 Percent in 2008 Businesses, governments and educational institutions reported nearly 50 percent more data breaches last year than in 2007, exposing the personal records of at least 35.7 million Americans.

Identity theft news analysis - Here are a few interesting points from this article:

1- These are only the reported ones. There are also many unreported cases,
2- Schools increasingly accounted for 20% of all reported breaches,
3- Company insiders are used to steal information,
4- The incidents appear to be linked to organized crimes,
5- Human error is the single largest cause,
6- Bad economy and recession have contributed to the increase in security incidents,
7- Lost laptops and removable storage media are targets of incidents as I have indicated before,
8- Computer hacking software is being used to commit this crime,
9- Consumer notification laws are inconsistent by State, and
10- Incidents are not translated into number of consumer records affected.

The Rise of Black Market Data Criminals who steal personal data often don't use it themselves. Instead, they put it up for sale on one of the many vibrant online markets.

Identity theft news analysis - The buyers of stolen data have typically been organized groups who made the big deal outside of the Internet in the past. It's true that the trend is specialization whereby one steals, another sells and another produces counterfeit just like a corporation. However, with the slow and difficult process to crack down on online selling and buying of consumer info, as well as the downward economy, the huge supply of online sites selling stolen data may indicate smaller group of fraudsters are thinking about selling the info to the average Joe for additional stream of revenue. I think this criminal market is divided into 2 categories,; the large organized criminals and the smaller groups or individuals trying to make an extra buck. The big ones don’t deal online.

Hundreds of car buyers could be victims of identity theft Investigators with the Houston Police Department’s Financial Crimes Unit are seeking potential victims of identity theft following the arrest of two suspects charged with being in possession of the personal identifying information of hundreds of unsuspecting car buyers in the Houston area.

Identity theft news analysis - At many of the small businesses where identity theft is not a high profile risk, there are documents that contain personal information which could be misused. We should all wonder whether these documents are secure at the doctor's office, car dealership and other businesses alike.

State Warns Passport Applicants Of Danger of Credit Card Fraud The State Department has notified approximately 400 passport applicants in the D.C. area of a breach in its database security that allowed a ring of thieves to obtain confidential information so they could fraudulently use credit cards stolen from the mail, officials said.

Identity theft news analysis - Yet another case of a State Department employee colliding with a US Postal employee to use stolen information and commit credit card fraud.

N.C. consumer data breached Data about 248,000 North Carolinians was breached by Bank of New York Mellon, a stock transfer company also known as BNY Mellon, according to North Carolina’s attorney general.

Consumer group asks EU for security breach law The National Consumer Council (NCC) has called on the European Commission to force companies who lose customer data to admit the error publicly. It believes a data breach notification law would force companies to keep data more securely.

Identity theft news analysis - This one is very interesting because such law already exists in the US. The question is whether companies report such incidents, and whether this is done timely and thoroughly. Most companies worry about lawsuits following their announcement of a data breach and rightly so. But the most important reason for a data breach notification is damage control although the effort and cost for the damage control is mostly shifted to the consumers which is wrong because they have no idea about what to do. This is an opportunity for the companies to step in and add value for their customers.

Feds crack largest U.S. identity theft Federal authorities said yesterday that they had cracked the largest identity theft case in U.S. history, charging 11 people in the theft of more than 40 million credit and debit card account numbers from computer systems at major retailers such as T.J. Maxx and Barnes & Noble.

Identity theft news analysis - Credit card theft presents one of the best values for quick financial fraud as accounts are already setup and ready to be (ab)used. Companies which collect and maintain millions of their consumer credit cards while they leave their systems vulnerable to identity theft such as unsecured wireless networks, play with fire and will pay the consequences of their actions or inactions one way or another whether it's losing customers or paying high fines. The funny thing is companies end up fixing their security problems but most of the time they don't learn from others' mistakes and fix their problems until they're in the front pages of the major media. It's not very difficult to see that fixing security problems upfront is much more cost effective than fixing problems after a security incident; however, companies fail to take proactive actions over and over until they become famous for security negligence.

Seattle-based Health Care Provider Fined $100,000 for HIPAA Violations The home and community healthcare company has promised to improve its policy on transporting data, train employees, and make security reports to federal officials for three years. But the worse may be yet to come from patients worried about becoming victims of identity theft.

Employee SSNs posted on D.C. Metro website The incident comes just a week after a Metro manager was charged with operating an illegal operation from the Dupont Circle station.

The tax boss who quit over last year's lost benefits discs scandal left with a £137,591 pay off.

Identity theft news analysis - This was the biggest security breach in the UK, yet the individuals in charge of the consumer identity protection, were compensated for departure. Accountability at the highest levels must be established to take information protection seriously, especially, in industries where millions of consumer personal records are collected. Sarbanes-Oxley was established in the US to ensure consistent financial data integrity and management accountability. We need something similar to ensure management accountability for personal data protection.

Data Breaches Are Up 69% This Year, Nonprofit Says Hacking was the least-cited cause of data breaches in the first six months of this year. Instead, lost or stolen laptops and other digital storage media remain the most frequently cited cause of data breaches, accounting for more than 20 percent of all reported cases, the center found. The inadvertent posting of personal and financial data online prompted roughly 15 percent.

Identity theft news analysis - I completely agree with the need for a Federal security breach notification law to strengthen the current State requirements and standardize the process. Notice that insider involvement and unencrypted personal information are major threats to the consumer identity protection. Besides the reasons given in this article for the increase of the incidents, I also think that corporate cost cutting and less focus on information security are also major contributors to the rise in security breach incidents.

US bank loses unencrypted data on 4.5m people Couriers lost magnetic tapes containing the personal details of 4.5 million people who had dealt with the Bank of New York Mellon, it has emerged. The incident happened three months ago, but has only surfaced after legal papers were filed in the state of Connecticut.

Identity theft news analysis - Why did not the bank notify consumers timely and why was not the data encrypted? This is pure negligence.

Wealthy Londoners are most at risk as cases of identity theft soar Victims are typically aged between 26 and 45 and are home-owners. Those employed at director level or running their own business and those earning in excess of £50,000 a year are almost three times as likely as other people to have their identities stolen, the report says.

Identity theft news analysis - This news partially confirms what I have been saying for a while that high target identities are much more likely to become a victim of identity theft than others.

Connecticut state residents' customer data lost in transit (www.connpost.com) - Connecticut Attorney General Richard Blumenthal warned Wednesday that hundreds of thousands of state residents' Social Security numbers and bank account information may have been compromised when unencrypted computer back-up tapes disappeared on their way to a storage facility in February.

NY Governor signs Idenitty Theft Legislation The bill would restrict the ability of employers to use an employee's personal information, including prohibiting employers from posting or displaying more than the last four digits of an employee's social security number, or placing social security numbers in files with open access.

College student accused of stealing people’s credit Authorities charged that they stole the identity of neighbors in their building and at least twice broke into other units. Detectives showed off a table full of fake ID cards and driver’s licenses they had seized, along with computers, printers, a machine that makes ID cards, $17,000 in cash and several neighbor’s keys.

Identity theft news analysis - This is a good example and reminder to never let good looks, innocence and friendly neighbors fool you into blind trust and compromise the protection of your identity.

Tower Club leaks alumni members' social security numbers Tower Club is taking steps to protect 103 of its alumni in the classes of 2006 and 2007 after a spreadsheet listing their names and social security numbers was e-mailed to current club members early Wednesday morning.

Identity theft news analysis - According to Tower, the accidental spreadsheet attachment was due to "a technical glitch", but, can it also have been due to a "human glitch". Tower officers sent another e-mail to the club asking members to delete the message from their mailboxes "out of respect for ’07." I think officials should have instead stated that in a proven case whereby anyone forwards the attached document to anyone else, lawsuits would be filed against that person in addition to disciplinary actions available to the Tower Club officials.

News Corp manager knew of hacking claim The lawsuit alleges NDS hired hackers to steal information from satellite TV company DISH Network Corp and post it online, costing the company up to $US900 million. NDS has denied the allegations.

Chrysler Financial admits possible breach Chrysler's lending arm has admitted a courier service may have lost a data tape with sensitive personal information of thousands of Canadian auto customers.

Computer containing data on 16,000 Buffalo State students is stolen (www.buffalonews.com) - "The risk I would say is not that high, but that doesn’t matter," Innus said. "There are steps we need to take because of what happened."

Identity theft news analysis - I agree with the above statement. If the information is disclosed due to the lack of encryption or some other reasons, then preventive and corrective steps should be taken to reduce future incidents and avoid identity fraud and privacy disclosure regardless of the initial reasons for which the laptop was stolen. Sometimes, the initial objective of a crime changes due to additional information and discoveries. For example, the initial objective of a car theft might be to benefit from the sale of the car parts but may subsequently lead to identity theft due to a wallet found in the stolen car.

Stolen NIH Laptop Held Social Security Numbers Social Security numbers for more than 1,200 participants in a National Institutes of Health study were stored on a stolen laptop containing their medical records, putting those patients at risk of identity theft, agency officials said yesterday.

WellPoint says Personal Data of 128,000 customers Exposed WellPoint Inc., the largest health insurer by membership in the U.S, reported yesterday that personal data of about 128,000 of its customers was exposed online over the past year.

Identity theft news analysis - According to WellPoint, the problem was originated in two Internet servers maintained by third-party vendors. Transferring services to third party service providers is a real challenge that requires strengthened and continuous monitoring to ensure compliance with agreed upon controls.

National Institutes of Health or NIH researcher loses laptop with data on 2,500 patients “The laptop contained no additional medical information on participants beyond the MRI reports and no additional information such as Social Security numbers, addresses, phone numbers or any financial information,” Nabel’s statement said.

Identity theft news analysis - Well, the Institute strengthened its controls to require encryption on all of its laptops ONLY after this incident. This is another example of companies not learning from other incidents, or news and commentaries posted on this web site. Also, NIH information technology officials believe it’s unlikely that the patients will be victims of identity theft or financial loss. I wonder how they came up with this assessment! Are they making this baseless comment to avoid paying for any identity monitoring services? Not only there was a privacy violation of personal health information, but various identity components can also be collected from multiple sources and put together to commit fraud, especially medical fraud.

Chains Report Stolen Card Data Last year Hannaford Bros. upgraded the encryption system for its credit-card and computer networks to one that is more difficult for outsiders to crack. The system is recommended by major credit-card associations, and the upgrade was completed about a week before the incident is believed to have taken place, Ms. Eleazer said.

This identity theft news actually led to identity fraud. Rarely does a data security breach lead to identity fraud, as the initial motive is about stealing the device and not the data. In this case however, based on the 1800 identified fraud cases and lack of stolen device, it is apparent that the initial motive might have been to gain access to card information for the purposes of committing fraud.

O’Toole Renews Call For Immediate Investigation Of Horizon Blue Cross/Blue Shield Data Breach Horizon responded to the theft by saying that security procedures meant to prevent the theft of company laptops and confidential data apparently were not followed in this instance.

I have a problem with the above response given by the company; was the main objective the prevention of the laptop theft or should it have been the protection of the personal information stored on the laptop? In our efforts to protect confidential information, we have to assume the theft or loss of a laptop is inevitable. Once that assumption is established, what can the company do to protect the information that is stored on the lost or stolen laptop? If the laptop were encrypted, they would not be talking about preventing the laptop loss. Companies can not always monitor and ensure that employees follow the rules one hundred percent, and must assume and prepare for the inevitable.

GAO Finds Data Protection Lagging In 2006, identity theft of all varieties accounted for $49.3 billion in losses to people and organizations nationwide, according to the GAO report.

Health data storage sites might not be secure Personal health records are a growing market, and non-health-care companies, such as Microsoft, are starting to offer services based on the idea that consumers should be in charge of their own health information. Meanwhile, both the state and the federal government are working toward networked health information.

Google to Store Patients' Health Records SAN FRANCISCO (AP) - Google Inc. will begin storing the medical records of a few thousand people as it tests a long-awaited health service that's likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader.

Identity theft news analysis - Good idea and may result in reduced number of security breach incidents by consolidating health records into a single database, however, affected identities per incident is sure to multiply.

Woman sues Best Buy for lost laptop A US woman has sued Best Buy to the tune of $54 million for losing her laptop

California Senate strengthens breach notification requirements, toughens ID theft prosecution rules The State Senate in California has passed measures by wide margins that require a) more extensive notification to consumers of data breaches, b) establish a central reporting center for breaches, and c) permit local prosecution of identity theft.

GE Money Lost on 650,000 Credit Card Holders The information was on a backup computer tape that was discovered missing last October. Once again, this identity theft news validates the dangers of placing confidential information on unprotected computers.

Twice bitten: acts of stupidity can lead to identity theft Soghoian's Law of Identity Theft Stupidity: Anyone who publishes their own private financial details in a public discussion of identity theft will eventually find that information used for fraud.

Information security breaches quadrupled in 2007 The TJX breach was by far the worst breach of 2007. Other major breaches of last year include the loss by the UK government of two unencrypted CDs containing the records of 25m child benefit claimants.

Almost half of all records lost worldwide occurred in the United States of America. Lost laptops, unencrypted discs and insecure systems and communication channels mostly contributed to the information protection problems.