Most Companies Don't Properly Delete Sensitive Data

In a previous post, I emphasized that simply deleting a file from a hard drive before disposing of it or selling it is not enough. If the file is not securely wiped from the hard drive with digital shredding software, the file may be retrieved if it falls into the hands of someone tech savvy enough. This may not seem like a big deal, but with people doing their banking and making purchases on their computers or storing tax records, it is extremely important that your data is securely removed before the computer or hard drive changes hands. Otherwise, the information you leave on the machine can be used to make you an identity theft victim.

This is even more important for companies that use computers to store credit card numbers, insurance information, or medical records. Companies that upgrade must be sure that old data is securely wiped before the machine is given away or sold. According to ScienceDaily, the number of second-hand hard drives that have been securely wiped has fallen to 33%. This puts the customers with information on those machines at risk of identity theft.

I'm not sure whether to be disappointed or extremely concerned. Granted, companies don't need to upgrade their computer hardware everyday, but the fact that we have second hand computers out there containing credit card or insurance information isn't exactly encouraging. After all, more and more people are acquiring the technical skills that would help them retrieve this information, especially kids growing up in this information age.

Keep your data safe and wipe those hard drives before getting rid of them. It's a small price to pay to prevent identity theft.

State Department Announces 400 at Risk of Identity Theft

The State Department announced that it has notified nearly 400 passport applicants of a security breach that may have put them at risk of identity theft. Most of the applicants at risk are in the Washington, D.C. area, and their passport applications may have been illegally accessed and used to open fraudulent credit card accounts. The applications contained identifying information, including Social Security numbers. More potential identity theft victims may be notified as the investigation continues.

Most of the people contacted have not become identity theft victims at this point, but they have all been offered free credit monitoring for a year. The breach was discovered when a man was arrested with 19 credit cards in different names and eight completed passport applications. While the State Department declines to comment on how he obtained these applications, it was confirmed that one State Department employee has been fired as a result of this breach.

The department has since stepped up its security for passport records management. While specifics about the method of this security breach have not been disclosed, it is no less disturbing. We don't know how many people were involved, but it's definitely possible that many of these people may already be victims of identity theft and not even know it.

Low-tech Methods Still Used for Identity Theft

With all of the news of data breaches and identity theft committed by hackers, many are concerned with electronic security, and they are right to do so. However, while we seek to protect ourselves online and companies seek to protect their employee and customer information, we must not forget that there are identity theft methods that require little or no access to a computer or the Internet.

According to a study from the University of Ithaca's Center for Identity Management and Information Protection (CIMIP) on closed ID theft cases, identity thieves still rely on low-tech old-school methods such as dumpster diving and mail theft. Thieves also gained information on potential victims through public records. The Internet or technological devices were only used in about half of the examined identity theft cases. In fact, the Internet was the sole method used in less than 10 percent of the cases. Granted these numbers are a few years old (2001 to 2004), and the use of technological methods has probably risen. Also, this data relies on the cases of identity theft that were reported and closed, and many cases go unreported either because they are undetected until the thief is long gone or because the victim knew the thief and decided not to report a friend or family member.

While this study obviously cannot tell the whole story, it can serve as a reminder that identity theft can be committed in many ways. While you want to protect your electronic data, you want to protect yourself on other fronts as well. These low-tech methods will continue to be used to commit identity theft because they do not require knowledge or access to hi-tech devices.

Identity Theft at the Gas Pump

Just as Americans start to see relief from skyrocketing gas prices and the prices drop, a new concerning the purchase of gasoline arises: identity theft. During the past few months, Texas cities like Dallas, Fort Worth, and Plano are seeing increasing reports of identity theft at automated gas pumps where the consumer can pay at the pump. It appears to be a new updated version of what is considered common technology for the identity thief.

Card skimmers often used in retail and restaurant settings to collect credit card information and at ATMs are finding their way to gas pumps. While for a long time skimmers can be detected by the vigilant consumer looking for suspicious devices, newer versions of this device have become more efficient. They are smaller and can be attached to card readers without being noticed and not interfering with the transaction. This is disconcerting whether you are paying for gas at the pump, withdrawing cash at your ATM, or paying for groceries at a self-checkout station. As devices become smaller, the easier it will be for scammers to use them for identity theft and other crimes.

So far, the reports seem to indicate this is becoming a problem in Texas with some earlier incidents reported on the West coast. However, don't expect it to remain isolated. With new technology making identity theft more efficient, the consumer needs to be extra careful. If you are at a pump something looks suspicious with its payment device, go inside and report it to the attendant and pay inside. It may be an incovenience, but a few minutes talking to an attendant at a gas station could save you and possibly others thousands of dollars by preventing identity theft.

New Phishing Scams Prey on Consumers' Economic Fears

A recent wave of phishing scams and other identity theft scams seek to take advantage of people's fears regarding the economy. With so many banks having trouble, the Identity Theft Assistance Center (ITAC) and the Federal Trade Commission are warning consumers in a press release about emails claiming to be from an institution that recently acquired the consumer's bank, mortgage, or savings and loan company.

Obviously, many of us are not strangers to the phishing scam since we've seen many of them before. However, these recent ones are taking advantage of many consumers' insecurities regarding the current economic situation. These scammers hope that some worried consumers will fall for their fraud and provide important information, like passwords, account numbers, and Social Security numbers. They will use this information to commit identity theft.

ITAC and the FTC are also anticipating an increase in credit-related scams. Be on the look out for phony refinancing offers, equity loan schemes, and other credit-related scams. Thoroughly investigate the validity of an offer before agreeing to anything and avoid giving your account numbers or Social Security number to anyone who contacts you by email or phone. Being so free with your information can make you the next victim of identity theft.

While many struggle during difficult economic times, scammers seem to thrive by taking advantage of the fears and concerns of others. Do not be fooled by these emails. It's just another phishing scam from another fraudster looking to commit identity theft. By being smart, you can avoid becoming a victim.

NFCC to Lauch Protect Your Identity Week

With everything that is being done to punish identity thieves, identity theft is still a major problem. While companies and governments can take precautions to protect consumers, we all need to be doing our part to protect our own identities. The best way to do so is education regarding how identity thieves work and how we can keep our information out the hands of those who will us it fraudulently. The National Foundation for Credit Counseling (NFCC) is looking to provide the resources and education to increase consumer awareness of identity theft.

The NFCC is launching the Protect Your Identity Week October 19-25, 2008. Member agencies across the U.S. will be offering credit report reviews, shredding events, and identity theft workshops as well as other education focusing on preventions of ID theft. All events will be free and open to the public.

The NFCC has also launched a new Web site to tell you about PYIW events near you and provide information about protection and recovery for identity theft victims. Education is the best way to let people know what they may be doing on a daily basis to make themselves more vulnerable to identity theft. Making it national week will definitely help, but this education and protection should be available. I've added the web site to my list of resources. Hopefully they will expand it with more information that consumers can use all year round.

University of Indianapolis Experiences Data Breach Affecting 11,000

The University of Indianapolis information technology staff along with outside security experts are investigating a data breach that reportedly occurred on September 18. A hacker gained access to the university's computer system and the personal information (including Social Security numbers) of 11,000 students, staff, and faculty. According to the university, the compromised records were at least two years old, and they are unsure whether or not anything was done with the information but that it was compromised.

The university president, who is among those whose information was compromised in the data breach, said that those affected would be notified by mail as well as email. The school is also offering victims one year of free credit monitoring. Investigators are sure the compromise originated from outside the University of Indianapolis and believe it may have originated outside the United States since a foreign language was discovered embedded in programming code.

While the University of Indianapolis is not the first educational institution to experience a data breach this year, this one definitely puts thousands of people at risk of identity theft. This data breach involves information that dates back to when the university used Social Security numbers to keep track of students, faculty, and staff, a practice the school no longer uses. But the damage has already been done. Perhaps many institutions' transition from the use of Social Security numbers should have began much earlier. While we cannot change the past, we can learn from these mistakes and move on. The use of one's Social Security number should be limited.

Update for Identity Theft Enforcement and Restitution Act

As a brief update, according to this article from The Washington Post, President Bush did, in fact, sign the Identity Theft Enforcement and Restitution Act. This will make it easier for prosecutors to go after cyber criminals. It will also allow identity theft victims to not only be compensated for their direct losses from identity theft, but also their indirect losses (like time spent restoring credit or possible job denials as a result of ID theft) once their identity thieves are brought to justice.

Keep in mind the victim is only compensated for the indirect losses caused by identity theft if those responsible are brought to justice. Most identity thieves are never caught, so this will not help many identity theft victims.

Identity Theft in a Sluggish Economy

So what is the reason for the spike in identity theft and data breaches in 2008? We can offer any number of reasons. After all, ID theft has been on the rise for years, but it seems like every time we turn around we're hearing about a major data breach or identity theft case (like the TJX case back in August). Part of the reason is the obvious fact that ID theft is getting easier to commit as technology advances, and we need to make sure our security measures are equal to the task of protecting private data. Certain agencies posting private consumer data on the Internet doesn't help either.

But what is motivating people to do this? A press release by MyPrivateCredit has offered at least one possible indirect cause. The sluggish U.S. economy of 2008 may be at least part of the cause of the rise in identity theft and data theft. When economic conditions decline with people either out of work or the paycheck not going as far, many will seek additional sources of income. And not all of these income sources will be legal. Identity theft might seem like an easy answer for those who are capable of pulling it off. After all, ID theft is profitable. Even if someone isn't actually using the data they steal, they can sell it to those who will.

While this press release definitely offers some interesting points, it by no means tells the whole story. Yes, the sluggish economy may inspire some to turn to fraudulent income streams, but that doesn't explain why identity theft has been steadily on the rise even when the economy was not in such a sad state. As identity theft becomes easier, we need to become more cautious about protecting our private data, and companies need to increase their security as well, including the human element.

Read over the link I provided above. After all, it does raise some interesting points, and by all means, protect your identifying data, especially if the temptation some to commit identity theft is looming larger than usual.

Business Identity Theft

Most of the posts on this blog deal with data breaches that may lead to ID theft and scams leading to personal/individual identity theft. However, this is by no means the limit in regards to identity theft. A business can have its “identity” stolen just like an individual can. In fact, for the identity thief, targeting a company rather than an individual can be much more profitable. After all, a business will have a higher credit limit since a company will need to make more large purchases than one consumer would. Needless to say, identity thieves sophisticated enough to pull it off will be targeting this bigger payoff.

Scammers are more likely to target small businesses that will not have the budget or resources to protect its accounts and sensitive customer information that a larger company will. But since even a small company will have a high enough credit limit to be worth a thief's time, fraudulent charges will be more likely to blend in with other company purchases, especially if the scammer is purchasing software or other products that would not look unusual to an accounting department. A scammer can also steal a business's identity by posing as that company and ripping off customers.

Like individual ID theft, business identity theft can be devastating to a company as well, but for different reasons. Obviously, identity theft will affect the business financially, but it can also do major damage to the company's reputation, especially when the fraud is being committed in the company's name. Recovering from identity theft is a difficult process, whether you are an individual consumer or a company.

Identity Theft and Treatment of Applications

We've all had to fill out an application at some time or another. In fact, with applications required for loans, leases, college, and many jobs, many have probably lost track of how many applications they have completed. Do you know how the company taking your application stores it until it is reviewed? What do they do with them after they review them? How do they store or dispose of them? Think about the information most applications require: full name, Social Security number, date of birth, possibly employment or educational history. If this document falls into the wrong hands, you have provided someone with more than enough information to commit identity theft.

Since identity theft is a growing problem, many applicants are more hesitant to disclose sensitive information. And who can blame them? This New York Times article discusses a few Manhattan firms' handling of the customer applications for the purchase of condos. These companies goes to great lengths to keep the applicants' sensitive information out of the wrong hands and require secure storage before the applications are reviewed and careful destruction of the documents afterward. Are the companies you do business with handling your information in a secure manner? If not, they are making you an easy target for identity theft.

Next time you complete an application, find out before hand what they will do with the information and what will be done with the document afterward. If you have concerns about identity theft, do not hesitate to express them, and don't be afraid to ask questions. It's better to take your business elsewhere if you have doubts than to pay the price as an identity theft victim later.

Identity Theft and Hurricane Relief

While no one will find scammers a particularly endearing bunch, certain types of fraud repulse me more than others. These include those who target children and senior citizens. I'm adding to the list identity thieves who target disaster victims. I mentioned in an earlier post that hurricane season is a time when those who need to evacuate because of a tropical storm or hurricane are at risk of identity theft since their identifying documents could be stolen while they evacuate or when they are at a shelter.

A press release from the Federal Trade Commission warns that in the aftermath of Hurricane Ike, people need to be cautious of different types of fraud that spring up disguised as disaster relief. Among these, as you may have guessed, is identity theft. People recovering from losses caused by a natural disaster like a hurricane will need to provide their personal information in order to receive disaster relief. This gives identity thieves opportunities to acquire information to commit identity theft by claiming to be a government official or a volunteer representing a charity. Make sure you confirm who is asking for your information before giving it.

The press release also warns of other types of fraud to watch for following a major hurricane. One of them, charity fraud, takes advantage of those looking to donate money to help hurricane victims. The Federal Trade Commission offers advice regarding donating to charities without being scammed. The others, home repair scams, target those who are looking to rebuild after seeing their homes lost or damaged after the hurricane. Check identification and references carefully before hiring a contractor and read the FTC's website carefully to avoid being scammed. While these are not identity theft, they are still fraud, and you will need to be on your guard against multiple types of fraud.

Beware of Voter Registration Fraud and Identity Theft

With the presidential election approaching, many will be registering to vote. Identity thieves take advantage of this time to gain personal information from new voters who may not be knowledgeable of the registration process. If you are registering to vote, be aware of these methods thieves may use to make you an identity theft victim.

Email
The phishing scam has proved to be an effective identity theft tool in other situations, so why would identity thieves pass up a chance to scam a new voter? These emails may ask you to click on a link to register to vote or to resolve an issue with your voter registration.

In Person
Registration drives will have volunteers go door to door or set up tables in public areas to recruit new voters. Obviously this offers opportunities for any identity thief to set up a table with forms to collect some useful private information. Make sure the volunteer can provide proof as to which organization he or she is with. Also, look over the form carefully. Some states may require your Social Security number on the form, but none will ask for a credit card number. Avoid being an identity theft victim by refusing to complete suspicious looking forms.

By Telephone
Pretexting does not need to be done via email as a phishing scam. As we all know, many scammers will contact potential identity theft victims by phone. Be suspicious of anyone calling to claim there is a problem with your voter registration and asking you to confirm some identifying informtation. Voter registration problems are not resolved in this manner.

It's sad that we can't trust people these days. While most people we encounter are who they say they are, we need to excercise a little extra caution to protect ourselves from identity theft. Be extra cautious when you register to vote that you are not giving private information to someone who will use it fraudulently. Check out the Federal Trade Commission and other resources for further information on protecting yourself from identity theft.

Time Warner Customers Targets of Recent Phishing Scam

Millions of people in the United States depend on Time Warner for cable television, Internet, or both. While Time Warner customers may not be surprised by the occasional email from their cable company and Internet service provider, an email claiming to be from Time Warner is targeting the company's customers is asking people to provide their personal information or risk losing their cable service.

Now, most people by now will recognize this as a phishing scam, but it might hit home for some customers, especially those who may depend on Time Warner's Internet services for business purposes. I know I'd be set back a great deal if I lost my Internet access for an extended period of time. But remember that Time Warner, like most legitimate companies, will not ask for this type of information in an email. This is an identity theft tool used to gain private information that you would otherwise be reluctant to share. If you suspect their is a problem with your cable account, call the company directly with the phone number provided on your monthly bill. Do not fall for this phishing scam. It could cost you a lot of time and money fixing the problem later.

However, even if you don't fill in the information, it is recommended in the article reporting this story not to click on the link. Even that could give an attacker access to your computer that would help him/her commit identity theft. The site might download a cookie onto your computer, which will help the attacker keep track of your surfing habits including online purchases. The best thing you can do with this or any other phishing scam email is delete it.

House Passes Identity Theft and Restitution Act! But Will the President Sign It?

The Senate and House of Representatives have passed the Identity Theft and Restitution Act. This bill offers more flexibility to identity theft victims, such as allowing them to seek restitution for indirect losses like time and money spent rebuilding credit. Currently, the identity theft victim is only compensated for direct losses (charges on a credit card or money taken from a bank account).

The other provisions are more computer related and refer specifically to cyber crimes, particularly those that result in identity theft. For example, it enables prosecution of those who steal personal information from a computer when the victim's computer is in the same state as the identity thief's computer (now there can only be prosecution when the thief uses interstate communication). There are other provisions involving the use of keyloggers and damage to a victim's computer.

The Senate and House have already passed it, and it awaits President Bush's signature. While this bill has some good provisions to help identity theft victims recover and law enforcement punish thieves, this will not necessarily slow down the rate of ID theft much. After all, many identity theft crimes are not reported, and most identity thieves are never caught. Punishment will not deter a crime if the thief knows he is not likely to get caught.

Forever 21 Reports Thousands of Cards Compromised in Data Breach

It appears another company has been affected in the TJX security breach that was reported back in August. Nearly 99,000 payment cards used at Forever 21 stores may have been compromised during data thefts beginning back in 2004. The company released a statement saying that they discovered the thefts after being notified by the U.S. Department of Justice on August 5. They did not, however, say why they waited over a month to announce this.

Forever 21 was notified that they were among the companies victimized in the TJX data breach that lead to the arrest of 11 suspects. They received a disk containing the potentially compromised data. Later forensic evidence revealed that more than 98,000 credit and debit card numbers had been illegally accessed.

Forever 21 pointed out that nearly half of the illegally accessed card numbers are either inactive or expired. While this may be true, this doesn't explain why Forever 21 waited so long to disclose this information when other companies involved in the breach announced it back in August.

Identity Theft and the Deceased

As with many other crimes, with identity theft nothing is sacred. You do not have to be alive to have your identity stolen. Just like burglars who search the obituaries so they can rob homes of grieving families during funerals, there are identity thieves who use information on death certificates to steal the identity of the deceased. Sound impossible? It takes a while for businesses to remove someone who has died from their lists (my mother was receiving sales calls for my father several months after he passed away), so if someone steals and completes a preapproved credit card form or applies for credit online in the name of the deceased, the company may not have it in their records that the person has died and will not find it suspicious.

How can this be stopped when death certificates are public record? Anyone can request one, and now some counties make them available to be viewed online. However, identity theft has become such a big problem in Arizona that one county has decided to remove them from their website.

While this may slowdown the problem, it will not stop it. But this is by no means new. People have been crime victims beyond the grave for centuries, and what can be easier than taking advantage of someone who has died? They aren't going to be checking credit reports or reviewing credit card statements. That makes identity theft so much easier. The surviving family members may eventually discover the problem when they start receiving bills and notices from debt collection agencies.

Memorial University Investigates Security Breach

As I've mentioned before, college students have plenty reasons to be concerned about identity theft. Applications for admissions, scholarships, honors programs, and financial aid require a wealth of personal identifying information that needs to be protected. And the students trust that their information will not be mishandled or compromised. However, that is not necessarily the case. Some students (and possibly former students) at Memorial University found their information was not as secure as they thought.

Memorial University is now having nearly 50,000 computer files checked after a student discovered a security breach that exposed financial information that dated back over 4 years. The problem was discovered when someone working in a password-protected portion of the student aid application site found that changing characters in the URL gave access to someone else's data. While the student raised alarm regarding the issue right away, the university fears that the vulnerability was noticed earlier and exploited. The security breach has been fixed, but they believe that the personal information of at least 90 people was accessed by an unauthorized party. An investigation is underway.

This was obviously carelessness in the design of the website. While the problem has been remedied, it may be too late for some since their information has already been compromised. Those who believe their information may have been taken should take the necessary precautions for those who think they may be victims of identity theft, such as carefully reviewing bank and credit card statement for fraudulent charges.

Bank Data Breach Could Affect More Than 12 Million Customers

Last week, the Bank of New York Mellon reported that a data breach discovered earlier this year may affect more customers than they originally anticipated. The bank reported back in May that back-up storage tapes from Bank of New York Mellon shareowners service had been "lost," exposing millions to potential identity theft, and notifications were sent to the 4.5 million people whose information was believed to be on the back-up tapes. After further investigation, the bank announced that the number of individuals affected may be as high as 12.5 million.

The bank has taken steps to enhance security and has instituted stringent new standards for the transport of personal data, but this is probably no comfort for those whose data has been compromised. The Bank of New York Mellon is offering affected customers two years of free credit monitoring through Experian as well as identity theft insurance and reimbursement for the placement and removal of a credit freeze on credit reports.

Affected customers can find more information at a website that the Bank of New York Mellon has dedicated for the purpose of informing customers of the data breach and what they are doing about it. Those concerned about the breach and possible identity theft should visit the website and contact the bank if you have more questions.

Keep Your Identity Safe During Hurricane Season

In the Southeastern part of the United States, what's commonly known as "Hurricane Season" has already begun. This is a time when many people in states prone to hurricanes will be keeping a close eye on the weather and possibly making preparations in case they have to evacuate. However, other problems lurk in the wake of natural disasters. A hurricane disaster area can also be an area ripe for identity theft if you don't take the proper precautions.

If you must evacuate, do not leave sensitive identifying documents (like birth certificates, Social Security cards, bank account, numbers, insurance papers) in easily accessible places in your home. They may be destroyed if your home is damaged in the storm or stolen by looters looking for information useful for committing identity theft. Make sure they are locked in a safe place where you can find them when you return.

Keep photocopies of these documents with you at all times and heavily guarded during evacuation and don't let them out of your site. You are especially vulnerable to identity theft when you are away from home. The Identity Theft Resource Center gives specific guidelines regarding protecting yourself from identity theft during hurricanes and other disasters, especially when evacuation is required.

Computer Theft at Oakland Schools' Offices Place Employees at Risk of Identity Theft

There's nothing quite like coming into the office to find your computer has been stolen. How do I know? It happened to me a few years ago at a former job. Fortunately for the company, my computer was the only one stolen, and it contained no sensitive information like employee records or customer credit card numbers, putting no one at risk of identity theft. Unfortunately, that doesn't appear to be the case with the recent computer theft at the Oakland School District's main office.

Ten desktop computers were stolen from the second-floor Human Resources Department of the Oakland School district. They appear to be the only items stolen from the office. However, that may be more than enough to do some damage to any employees whose records were on those machines. While officials won't comment as to what information specifically was on those machines, they did confirm that there was personal information that was provided to the district when the employees were hired, which makes these employees potential identity theft victims. The employees whose information may have been compromised will be notified of the incident and their risk of identity theft.

If the thieves who took my old office computer were looking to commit identity theft, they would have been disappointed. However, with this Oakland computer theft, identity theft is very much a possibility. Whether the thieves were after the data specifically, the potential is still there, whether they take advantage of the data themselves or sell it to someone else.

Ohio Joins Other States in Embracing the Credit Freeze

Many states are embracing the credit freeze as a way for people to protect themselves from identity theft. This time Ohio is joining the states that allow residents to freeze their credit beginning Labor Day 2008. For $5 per credit bureau, Ohio residents can purchase a credit freeze to keep their credit reports from being viewed without them making the reports available by "thawing" them.

While no method of identity theft protection is completely fool proof, a credit freeze is definitely a helpful tool in protecting yourself from financial ID theft. What the credit freeze does is locks your credit report from anyone trying to extend credit to you. No potential creditor can view you credit report without you "thawing" it for them (something you would do if you apply for a loan or a credit card). So if an identity thief applies for credit in your name, he or she will be turned down since the company will not be able to view your credit report.

What can a credit freeze not prevent? As I said, there is no perfect identity theft prevention service. It doesn't protect your existing accounts. Current bank and credit card accounts will still need to be reviewed carefully and regularly. Also, some service accounts can be opened without a credit check, like phone and other utilities. Finally, it won't prevent unauthorized use of medical insurance (medical identity theft) or someone giving your name during an arrest (criminal identity theft).

Yes, it's limited, but unlike many so-called identity theft protection services, a credit freeze can actually protect you rather than just monitor your credit and alert you to unauthorized activity. I don't usually don't encourage people to purchase services, but for Ohio residents, this could be the best $15 you spend in a while.

Cost of Identity Theft Protection?

I'm sure many who have read this blog have read other blogs about identity theft as well. This is by no means the first identity theft blog (and definitely not the only one). However, I've seen a trend in some of them that I've been avoiding, and that is the embracing of identity theft protection services or identity theft insurance. One particularly popular identity theft protection service in particular keeps cropping up in many blogs (you know which one it is, and I'm not going to mention them or link to them). I don't criticize those who embrace or use these services, and I will mention one if a company offers services with them after a data breach.

Basically, I won't promote a particular identity theft protection service that I wouldn't use myself, and when it comes to protecting my identity, I'm in the "trust nobody" camp. I prefer doing the work myself. I can't speak for others, but as a past identity theft victim, the last thing I wanted was to trust someone else with my identity after that experience, even if they were trying to help.

CNN Money posted a helpful article discussing some of the prices and benefits of credit monitoring services and insurance, but also pointing out that a lot of what these services do, you can do yourself. Personally, the only identity theft protection "service" I would encourage is a credit freeze from the three major credit bureaus. That way you control who accessing your credit report. In some states, it's available for free, and for the rest of us, it can be purchased for a small fee.

Honesty Online Can Increase Identity Theft Risk

I'm sure you've heard it before, even from me, "Be careful what you divulge online." Whether you're conversing on a niche forum, frequenting your favorite chat room, writing personal blog posts, or maintaining your MySpace page, you need to be careful how honest you are with your personal information. Even sharing your birth date, which seems fairly innocent, can come back to haunt you if the information falls into the wrong hands. Remember that fraudsters don't need much information to make you an identity theft victim. Why make ID theft any easier than it already is?

Yes, you've heard all of this before I'm sure. However, what about your online banking security? Obviously, you don't want to have a password that is easy to guess, but you also have your bank's security questions to answer in case you forget your password. Do you answer those questions honestly? It might help if the bank's security questions couldn't be answered by information that is public record or easily guessed, but they do want you to be able to answer them if you forget your password. However, this PC World blog points out just how easy it can be to access someone else's online banking information. Your father's middle name and the city where you were born can be found fairly easily by anyone willing to do a bit of footwork. So you may not want to answer those questions honestly. It may come back to bite you in the form of identity theft. You may not want to give your pet's name when asked for it. You may not want to supply a "name" at all, or if you do, include some numbers or other characters in the mix. If your cat's name is Fred, don't simply type in "Fred." Try something like "2f7r1e!d&" or something more complex than simply a name. Yeah, it's obnoxious but you get the point.

There are times when you have to be honest online (like with online purchases, that is if you actually want to receive what you are ordering), but other times your honesty can hurt you. You can avoid being an identity theft victim by knowing what to hide and what to tell.

Banking Information of More Than One Million People Sold on eBay

Here's an interesting twist on recent data breach news. Forbes reports that a computer containing the banking security information of more than one million people has been sold on the popular auction site eBay. The Royal Bank of Scotland announced that a computer, which belonged to an archiving company called Graphic Data and contained information from credit card applications of some of the bank's customers as well as data from other banks, was inappropriately sold to a third party. The data on the computer included passwords, account numbers, cell phone numbers, and signatures.

A former employee of Graphic Data apparently sold the computer server on eBay without wiping the hard drive first. The breach became known when the buyer, Andrew Chapman, found the data on the hard drive and contacted authorities. The incident is currently under investigation.

All right, I'm not a regular eBay user or an IT expert, but I know that just deleting files is not enough to make sure your data is completely gone from the computer. The hard drive needs to be formatted and the operating system reinstalled before you sell or give away a computer. Now if a general user like me knows this, the person who sold the computer must have know this (at least, we hope these companies are employing competent people). Whether this was deliberate or not remains to be seen, but I will definitely keep an eye on this.

New Identity Theft Scam Targets EPPICard Users

A number of states have reported that EPPICard users are being targeted by identity theft scammers. Fourteen states use the EPPICard to distribute state payments, like child support. The Internet Complain Center reports that EPPICard users around the country have reported receiving voice, email, and text messages falsely informing them of problems with their account. The users are then encouraged to update their accounts to fix the problem. The are directed to a Web site asking for personal information such as account numbers and PIN numbers. They are also receiving emails offering payment for taking an online survey. After they complete the survey, they are asked to give their account information so they can receive payment.

No bank or credit card companies will solicit account or other personal information through text messages or email, and the Web is loaded with "make money taking surveys" scams. This just another trick by those looking for identity theft victims.

Be vigilant, and don't fall for new variations of an old scam. This is yet another phishing scam, this time using text messaging as well as email. The best thing to do with these messages is delete them. That will keep you from becoming the next identity theft victim of this particular scam.

U.K. Government Loses Personal Data of 4 Million in One Year

While most of my identity theft "news" posts tend to be geared toward U.S. readers, the general information and advice can be used or adapted by anyone in the world concerned about identity theft. However, that doesn't mean that I think only we here in the U.S. are dropping the ball and everyone else is safe, so I'll try to incorporate more international posts to try to give an accurate picture. This particular post is for our friends in the U.K.

This Computerworld article discusses several incidents where the U.K. government "lost" the personal information of millions of citizens. This involved everything from medical insurance claims to personal ID information. Now, not all of these incidents included data being compromised (in some cases it was just carelessly handled), and not all of these breaches will result in identity theft. But the numbers are still disturbing. The frequency and overwhelming numbers involved make it clear that perhaps we (globally) need to start looking into better efforts to securing data. This will involve cooperation from both governments and private citizens.

Now, before we criticize the U.K. government, keep in mind that the U.S. government is just as guilty of exposing citizens to potential identity theft.

Seniors Now Identity Theft Targets

Just like children can be identity theft victims since they have no credit history and will not think to check their credit reports, senior citizens can also be targets, especially those who have a long history of good credit. They also have access to other services that may be of interest to an identity thief, like food stamp cards or health care (Medicare).

That's why this news report warns seniors to be vigilant to protect themselves from identity theft, especially medical identity theft, which can prove fatal for seniors depending on the circumstances. Another report covers crimes against the elderly, including theft of food stamp account numbers and PIN numbers.

Senior citizens are urged to take the same precautions that others should take to prevent identity theft or at least minimize the damage if they are already victims. Request copies of your credit report from all three credit bureaus and review them carefully. Carefully go over bank and credit card statements and report fraudulent charges, and if someone calls claiming they need your personal information (Social Security number, date of birth, etc.), do not give it to them. Make sure they are who they say they are before talking to them.

Dominion Enterprises Discloses Data Breach

Once again, it looks like the hackers are making news. According to recent a recent report, Dominion Enterprises announced that a computer server of InterActive Financial Marketing Group, a division of Dominion Enterprises, was hacked into and accessed by an unknown party. The breach took place between November 2007 and February 2008, and the result was the potential exposure of personal information (names, addresses, birth dates, Social Security numbers, etc.) of more than 90,000 applicants.

Dominion Enterprises is currently mailing letters to those whose information was illegally accessed. The company is also providing one year of credit monitoring service as well as other resources to help consumers protect themselves against identity theft.

While the company has taken immediate steps to enhance the security of their computer systems, the damage may already be done. Obviously, they have no way of knowing at this point of the breach has resulted in identity theft.

Identity Theft No Longer Just a White Collar Crime

When most people think of identity theft, they think of someone tech savvy, like the hackers named in the recent international case who accessed credit card information electronically. Cases like this leave people thinking of identity theft as a white collar crime. Many of my earlier posts have illustrated that that's not necessarily the case since methods such as mail theft and dumpster diving don't require technical know-how at all, and these are highly effective methods of obtaining personal information required to commit identity theft.

However, a recent Los Angeles Times article pointed out that street gangs normally associated with violent crimes are finding identity theft to be quite profitable. After all, technology has made it much easier to obtain credit. Anyone can apply for a credit card online with the proper information without having to provide valid identification.

Anyone who can access and make use of the personal identifying information of others is capable of being an identity thief. This applies to people on all levels, not just the hackers trading credit card information. Perhaps we should reexamine our perception of identity theft as just a white collar crime.

Former Countrywide Employee Arrested For Stealing and Reselling Customer Data

We do business with companies expecting that they've hired honest employees to handle our data, so one form of identity theft that is difficult to defend against is the "insider" or employee who steals and either uses or resells customer data. Even when companies go to great lengths to hire people they think are honest, it's hard to catch when the person is a first time thief or has covered his tracks well enough that he hasn't been caught in the past.

The recent breach at Countrywide Financial Corp. involved an insider stealing and reselling data of about 2 million loan applicants. The breach occurred over a two-year period when Rene Rebollo, Jr., who worked for Full Spectrum Lending, a division of Countrywide, and an accomplice sold personal and account information of Countrywide customers. The information was allegedly sold to other mortgage companies to make pitches.

It is unknown if any of the information has been used for identity theft at this point. Rebollo was arrested and charged with unauthorized access to a financial institution's computers.

Wells Fargo Reports Data Breach

Wells Fargo & Co. has reported that the personal information of about 5,000 people may have been seen when someone used a bank access code illegally. The bank is notifying the people whose names are on the list and offering them free one-year membership to Identity Guard, an identity theft protection service.

Wells Fargo was alerted to suspicious activity in early July and contacted law enforcement immediately. It appears the illegal activity occurred in May and June. This is not the first time Wells Fargo has this type of breach. The company had two data breach incidents in 2006.

Whether or not this data breach has resulted in identity theft for any of the bank's customers remains to be seen. Wells Fargo has recommended that anyone affected should alert the credit bureaus and go over their accounts carefully to watch for suspicious activity. Those fearing identity theft because of this incident should monitor their credit reports or take advantage of the credit monitoring services offered by the bank.

Students and Identity Theft: Caution for Those Returning to School

There's nothing an identity thief likes more than a clean slate. A young person with little or no credit is an ideal identity theft victim. After all, credit card companies are eager to extend credit to young consumers. In a few weeks, many of you will be returning to school. As you prepare for the next school year, you will obviously want to prepare with the proper books and supplies for your classes, but you will also want to prepare in other ways. The sooner you know how to protect your identity the less likely you will be to fall into the identity theft trap.

This caution is especially relevant for college students who will not have parents over your shoulder making sure you are safe. The first week or two of class is pretty hectic, registering for classes, buying textbooks, getting to know new roommates, etc. Don't get so overwhelmed that you forget to protect your identity. People will be around distributing credit card and part-time job applications. This is a time when students are especially vulnerable to identity theft. Not everyone on campus will be who they say they are. Take special care if you complete an application.

This is just one example of the identity theft scams and traps out there. I highly recommend you check out the Identity Theft Resource Center. There are numerous articles about scams and identity theft methods and how to avoid them.

Identity Theft and Home Equity

The most common type of identity theft is financial identity theft because it is most profitable and there are many fairly easy ways to commit it. For the most part, what the financial identity thief is looking for is credit. According to the Identity Theft Assistance Center, people with good credit have become targets for identity theft because they often have untapped home equity.

A home equity line of credit is an excellent vehicle for an identity thief because it is a big pool of money. This pool can drain quickly if it consumers are not careful to frequently check their credit reports. A home equity line of credit is almost as easy to open as a credit card account. With the proper financial information on you, your thief can easily commit mortgage fraud.

It is recommended that if you have good credit, it is all the more reason to check your credit frequently. Your good credit will definitely make you a target for identity theft.

Wardriving and Identity Theft

Thanks to the recent high-profile identity theft case, attention has been called to the technique that was used, which is called wardriving. Wardriving involves driving around searching for insecure wireless networks. This can relate to home wireless connections or, like in the current identity theft case, business connections. Gaining access to a wireless network is easy if the security is low. If you've used a neighbor's wireless connection from a laptop without permission, then you've done it yourself.

With wireless networks for businesses becoming more common, wireless security should be something also be a concern. This isn't just about surfing the web on someone else's connection. The hackers involved in the current identity theft case were able to access the credit card information of millions of consumers, so obviously wardriving in the hands of a cyber criminal is much more serious than just taking advantage of free Internet service.

While you obviously have no control over the security of the businesses you frequent, you can control your own actions. If you are surfing the web from an open or low-security wireless network, don't use this particular surfing time to log on to your online bank account or make an online purchase.

Eleven Charged in International Identity Theft Case

Eleven suspects have been charged with stealing over 40 million credit and debit card numbers and then selling them. They allegedly hacked into the computer systems of many U.S. retailers to install software that gave them access to account information and passwords. Three of the suspects charged in this identity theft case are U.S. citizens, and the others are from China, Estonia, Belarus, and Ukraine.

The method the alleged thieves used involved driving through neighborhoods and hacking into wireless equipment to obtain credit card numbers, passwords, and other account information. Several major retailers were targeted, including TJ Maxx, Barnes & Noble, and OfficeMax. This case definitely exposes our vulnerability to identity theft with the compromise of personal information.

The Department of Justice is calling this the largest and most complex identity theft case that resulted in charges being brought. My guess is the total cost of damages to the targeted businesses and their customers is still unknown. If you think you might be an identity theft victim as a result of these crimes being charged, do not hesitate to contact your bank.

Government Is a Major Source of Data Breaches

If you don't trust the government to protect your personal and financial information, then you shouldn't be surprised or disappointed with this recent report. According to a Consumer Reports investigation, the government is one of the biggest sources of ID leaks. Consumer Reports analyzed data reported by the nonprofit Privacy Rights Clearinghouse. They found that more than 230 security lapses of federal, state, and local government resulted in the exposure or loss of more than 40 million consumer records (the data covers dates from 2005 to mid-2008).

Unfortunately, it seems that few of these data breaches get publicized because there is no financial incentive to do so. The number of data breaches that result in identity theft is unknown because consumers don't usually know that their information has been compromised or the thief may not use the stolen information right away.

The full report can be read in the September issue of Consumer Reports or can be bought from ConsumerReports.org. While we are all responsible, to a certain extent, for protecting our own personal financial information, we should be able to trust our government not to expose our information, making us possible identity theft victims.

Private Medical Data of Thousands of Blue Cross Patients Exposed

A mailing error for Blue Cross and Blue Shield of Georgia has put thousands statewide at risk of identity theft. Blue Cross reportedly sent over 200,000 benefits letters containing personal and health information to the wrong addresses last week. The letters in the erroneous letters were primarily Explanation of Benefits letters containing an ID number, the name of the provider, and amounts charged and/or owed. Blue Cross claims that only a small percentage of the letters included Social Security numbers.

The security breach was caused by a change in computer system that had not been properly tested. Blue Cross must send a written notice to those whose names were on the list, and they are in the process of removing Social Security numbers from future mailings.

As you can see, security breaches come in all shapes and sizes. This one was caused by the careless use of an untested computer system. Even though Social Security numbers were not on all the letters, ID numbers and health care information can expose people to potential medical identity theft, where someone can use their information to obtain medical care.

New Phishing Scam Targets Investors

Sometimes it seems we receive phishing emails that seem to be fairly random. I can't count how many emails I've received supposedly regarding my account at a bank I've never heard of or a business I've never bought from. They seem like a shot in the dark hoping to find a customer of this bank or business who might fall for this scam. However random phishing scams may seem, they are try and target a certain group, and this new one is targeting investors.

According to U.S. Insurance News, investors should be warned about emails being sent on behalf of Securities Investor Protection Corporation (SIPC). The emails claim to be from a senior investment advisor who is looking to return funds to the investor by having them file an investment claim with a fake form. The form asks for specific information that would allow the scammer to withdraw funds from the investor's account.

SIPC says that these emails are from scammers and anyone receiving these emails should forward them to SIPC for investigation. Never provide account information without 100% certainty that the request is legitimate.

School Replaces SSN Identification with Hand Scans to Prevent Identity Theft

Many have wondered if perhaps biometric identification is the answer to preventing identity theft. At least one university is putting that to the test. Middle Tennessee State University is assigning new identification numbers (instead of Social Security numbers) and requiring hand scans for identification.

The school is requiring both for access to some of the university's facilities including the new recreation facility. The university stopped stopped printing Social Security numbers on ID cards years ago although some professors still had them. The new ID numbers and hand scans are moving them further from the Social Security number identification system and will hopefully aid in the prevention of identity theft.

The matter has been discussed in a number of resources on identity theft. Biometric identification is one method being seriously considered. Whether or not it will prevent identity theft on the level experts are hoping for remains to be seen. However, the method MTSU with both the identification numbers and the hand scan together is fairly limited in its use, so this appears to be a positive step for protecting both faculty and students.

Most Bank Websites Do Not Protect You from Identity Theft

Don't you love the convenience of banking on the Web? I know I do. And when I signed up, my bank's manager was raving about how secure it was. However, a recent study at the University of Michigan made me more than a little concerned.

According to the study, more than three quarters of all bank Websites have design flaws that can expose users to identity theft. Some of the flaws include login boxes or security and contact information placed on insecure pages, allowing insecure IDs and passwords, and emailing sensitive information insecurely as well as others.

Some of the issues have been addressed since their discovery, but there is still a lot of work to be done. The problems become an issue only if you are logging in from an insecure network. So one major way to protect yourself from identity theft is to log in only from your home computer with a secure cable or DSL connection, not at a coffee shop with an open wireless connection.

JG8D69D

Medicare Cards Put Seniors at Risk of Identity Theft

While a great deal is being done by both academic institutions and private businesses to remove Social Security numbers from ID cards, apparently not everyone is moving quickly on this issue. And while the government passes laws to prevent identity theft and punish identity thieves, they also contribute to it by leaving Social Security numbers on ID cards.

Many seniors have expressed concern over the years about identity theft since their Social Security numbers being displayed on their Medicare cards. And they have every right to be concerned. Apparently, Congress has caught on to this concern as well because they are introducing legislation to have Social Security numbers removed from Medicare cards.

In the mean time, the best remedy is not to carry your Medicare card with you. Yes, they encourage you to carry it at all times, but they say the same for Social Security cards. But you shouldn't be carrying that around either. Unless you are seeing a new doctor or traveling outside the country, you shouldn't need your Medicare card. Make a copy of it and black out all but the last four digits of your Social Security number. That should serve as enough for identification purposes.

Data Breaches Up 69% From 2007

Consumers should always be vigilant when it comes to keeping private information private, but as we all know, we can't completely prevent identity theft ourselves because we can't control how the companies and people we work with handle our information. Data breaches are primary examples of situations beyond the consumer's control. And according to the Identity Theft Resource Center, it's a growing problem. The ITRC Data Breach Report for 2008 reached 342 (between January 1 and June 27), which is 69% higher than the same period in 2007. The number may actually be higher since some companies don't report breaches and some single breaches affect more than one company.

The list is further broken down into subcategories such as government/military agencies, educational institutions, general businesses, health care companies, and banking/credit/financial services. The Identity Theft Resource Center has made its data breach reports available in pdf format for consumers to read.

Obviously, when companies report these breaches, they don't know whether or not the information has been used for identity theft or not. If a company you do business with announces a data breach, it would be a good to monitor your credit reports for several months just in case your information has been used fraudulently.

Online Games on Social Networking Sites Can Lead to Identity Theft

I've made multiple posts regarding social networking sites like MySpace and Facebook, and why you should keep your private data private. You should be especially cautious with online gaming accessed through these sites. If you are asked for any private information like your Social Security number or date of birth in order to play a game or gain points, this is a clue that there may be more here than meets the eye. There is no reason why you should have to provide this information to play a game.

The teenager in this news report learned this the hard way. He was downloading and playing games online from his Facebook page. One game offered extra points if he filled out an application that asked for, among other things, his Social Security number. The trouble began after he provided this information and his mother received a call regarding his "credit card application."

This is not an isolated incident. Parents need to educate their children about identity theft. Young people who know what information not to divulge online and why will be less likely to fall for a scam such as this one.

Graduates Easy Identity Theft Targets

Whether it's high school or college, graduation is always an exciting time for anyone, but according to a recent report, it's not a time to be too carefree. After all, graduates fall into the age group (between 18 and 29 years old) at high risk of identity theft. In fact, one third of identity theft victims fall into this age group.

One reason is that this age group tend to be less vigilant about protecting credit data and private information. They are more likely to divulge information online, and they think that since they don't have established credit records that no one would want to steal their identities. But as we know, it's easy to obtain a credit card, even if you have no credit.

As a recent graduate, you need to be more vigilant. The article mentioned above includes some very good tips for graduates regarding protecting your identity including shredding junk mail and credit card offers, keeping your Social Security card safe, and not carrying cards you don't use often.

Identity Theft Involving ATMs Increases

We should always be cautious at ATMs. My post on shoulder surfing gave just one reason. However, a recent news report should remind us to be extra vigilant not only about who might be watching but about which ATMs you use. Identity theft involving ATMs is increasing, and the ones you find in convenience stores are the biggest problem because they are easiest to tamper with.

According to the report, the use of skimming at ATMs in stores and other public places is on the rise. While they may seem convenient, especially when you need some quick cash at a store or restaurant that only accepts cash, they may have a skimmers attached to them. Is the convenience worth having your bank account information compromised? The best way to avoid this problem is to only use bank-owned ATMs. While they may not be perfect, they are more secure when it comes to protecting your private information.

You should always be cautious when using ATMs, but you save yourself a lot of trouble upfront if you use your bank's ATM or one owned and operated by another reputable bank.

Major Rise in Tax-Related Identity Theft

According to a news report regarding the Internal Revenue Service, tax-related identity theft has grown several times over a four year period. National Taxpayer Advocate Nina Olson reports that her office handled 644 percent more identity theft cases for 2007 than they did for 2004. Identity thieves have used stolen Social Security numbers to obtain fraudulent employment or refunds.

However, the IRS's efforts to combat the problem seem to be doing more harm to the victim than good. One of these efforts includes delayed or frozen refunds for legitimate taxpayers or collection actions against them.

Clearly, the IRS stands to lose a lot from identity theft, and more preventive measures need to be taken. However, punishing the victim for the crime is not the answer.

Identity theft and vacations

With summer in full swing, now is the time families will take vacations since the kids are out of school. However, being away from home can leave you can be just as vulnerable (actually, more so) to identity theft. There are extra precautions you should take during your vacation time to protect your identity (and the identities of your family members) from identity thieves.

This article on MarketWatch gives a few helpful tips regarding protecting oneself from identity theft while you are away from home (especially when traveling outside your home country). These should be used whether you are traveling inside or outside your home country (especially the point regarding leaving a wallet or other key identifying documents in the hotel room. Cleaning staff and other hotel staff have access to rooms, and not all of these people are going to be trustworthy.

I'd like to add a few more that my husband and I have used while traveling. One thing we keep in mind is that the villains will not just be abroad. We can be victims of identity theft in our hometown while we are away from home, so we take some preventative measures. First, if you have a subscription to a local newspaper, either temporarily cancel it or have a trusted neighbor pick up your copy of the newspaper (preferably in the morning). Nothing clues in a potential thief (identity thief or otherwise) that you are away from home than a pile of newspapers collecting on your porch.

If an important bill is scheduled to arrive during your absence, either call the post office and ask them to hold your mail or have a trusted friend or family member pick it up. (Make sure this is someone you trust. Friends and family members can be identity thieves too.) A mailbox full of mail will be an easy target for mail thieves.

Take extra precautions to protect yourself and your family from identity theft while traveling. It will make your vacation experience more pleasurable with fewer hassles to deal with when you return.

Credit Card Companies and Identity Theft

I know this is a touchy subject, and there are companies that may not appreciate this post. However, when I saw this press release, I felt it appropriate to post. One of my first posts on this blog referred to the elimination of junk mail, particularly pre-approved credit card offers, as a way to prevent identity theft. Apparently, the targets vary, and in the case of the press release, people who have spent extensive time in the hospital have become targets for identity theft. Of course, who better to target than someone whose primary concerns are their health, not their credit? Who knows how long it will be before the theft is discovered, if they even survive?

And who is being blamed? Major banks and credit card companies offering free credit to just about anyone without verifying the identity of the person applying. It's as simple as mailing in a form, filling in an online request, or making a phone call. Lending and issuing credit, after all, is quite profitable. And what about those of us affected by identity theft? Cost of doing business perhaps.

A lawsuit is going on to hold these banks issuing the credit responsible.

NextAdvisor Provides "MySpace Identity Theft Protection Guide"

I posted quite a while ago on the dangers of identity theft with social networking sites, particularly one for MySpace, which is the most popular of these sites. I gave a few tips regarding protection of privacy on these sites and how to avoid identity theft on these sites. The danger will always exist as long as some people use these sites dishonestly. Thankfully, there are companies that provide information promoting online safety, and some even make this information available for free.

NextAdvisor, for example, has released a MySpace Identity Theft Protection Guide, which they have made available on their blog for free. This along with their Facebook Identity Theft Protection Guide provide useful guidelines for using social networking sites safely. The tips in these guides should help MySpace and Facebook users keep their time online safe, private, and fun, although I don't completely agree with endorsing and encouraging identity theft protection services.

Some of the information may seem like common sense, but the guidelines would not be necessary if people have not been careless about protecting their identities on MySpace.

Another Identity Theft Scam: Smishing Scam

Since scammers tend to pattern new scams as variations of existing ones, these fraudulent activities tend receive similar names as well. By now most of us are familiar with phishing scams, and yesterday I introduced vishing scams to those who were not already familiar with them. Now, the next "offspring" of the phishing scam is called smishing (I wouldn't have believed it if I hadn't seen the term myself). This particular scam involve text messaging on cell phones. The fraudsters send text messages to cell phone users asking them to verify personal information or to sign up for a service with their cell phones (by the way, these so-called services contain viruses).

With increased technology comes not only increased convenience but also responsibility to educate ourselves in the realm of security. Identity theft is growing, and the methods used to commit identity theft increase as technology makes it easier. By all means, use the technology at your disposal, but do so with caution.

If you think you might be a victim of smishing (or vishing for that matter), do not hesitate to report it.

Vishing Scams on the Rise over the Past Few Years

Apparently, a new form of identity theft scam that has surfaced a few years ago is on the rise. I've posted in the past about phishing scams, and these slightly newer variations of these scams are quite similar. The scams are called vishing scams, or VoIP phishing scams. It involves scammers using VoIP telephone numbers to trick consumers. The most common scenario involves a recorded message from a so-called credit card company saying there is a problem with your account and asking you to call back. When you do call the number (which is a VoIP phone), you are asked to put your credit card information into the system, therefore providing information the scammer needs to steal your identity.

I've emphasized this before, and I'll say it again. Be suspicious of any company asking for credit card information through an email or voice mail message. Legitimate companies don't operate this way. You make identity theft so much easier when you willingly hand over information.

Could new cell phone legislation pose identity theft threat?

While some legislation works in favor of consumer privacy (or attempts to), other laws slowly peck away at the privacy that should be yours. Some of you may have heard that the Committee on Telecommunications, Utilities and Energy has approved legislation requiring those who sell prepaid cell phones to photograph or photocopy one or more forms of identification. This includes the store keeping record of the name and address of the purchaser for two years as well as the serial number and manufacturer of the phone and the cell phone number.

Could this pose a possible identity theft threat? Absolutely. You're leaving a copy of at least one identifying document, including your name and address with a retailer, which means employees of this retailer (some trustworthy, others possibly not so trustworthy) will have access to this information. Identity theft is definitely a possible problem here.

Granted, this is to help track down phones that are used for criminal purposes then (probably) discarded, but there has to be a way to do this without endangering the identities of honest people who also purchase these phones.

Two Million in Danger of Identity Theft after Records Are Stolen

This may seem ironic following the post regarding data breaches, but this honestly wasn't planned. This particular data theft, though, was of the low-tech variety. According to a recent news report, the billing records of more than two million people was stolen at the University of Utah Hospitals and Clinics. The theft occurred when backup information tapes were taken from a vehicle when a courier failed to take them to a storage center.

The records were said to include the Social Security numbers of more than one million people treated at the university over the past 16 years. It is reported that all those in danger of identity theft would be notified by letter, costing about $500,000 just for stamps and envelopes. The hospital has also pledged free credit monitoring. The courier, as you may have guessed, was fired.

Yes, carelessness with delicate information is costly to everyone involved. There is no guarantee that the thief was able to access the inf0rmation on the device, but that is little comfort to those who trusted the hospital with this information. While the hospital is paying quite a cost to warn its patients, any patients whose data may have been compromised may be paying as well (identity theft can take months or even years to recover one's financial status and credit). We can only hope that everyone was notified before any serious damage was done.

Could data breaches be prevented?

According to a report by Verizon Business, almost nine out of ten corporate data breaches could have been prevented if appropriate security measures been taken. The 2008 Data Breach Investigations Report covers a span of four years and over 500 forensic investigations, including three of the largest data breaches ever reported.

Some of the findings include the fact that only 18 percent of data breaches come from insider threats while most came from outside sources. Third parties discovered 75 percent of the data breaches, not the organizations that were victimized, and they can go undetected for a lengthy period. The study goes on to not only give statistics and insights behind these data breaches, but also goes on to offer companies recommendations for prevention of data theft.

While not all of the information turned up in the Verizon Business study will be surprising, prevention is key to companies looking to protect customers and associates from identity theft, and the information revealed in this study can provide guidelines for protection of private data in the future.

Relaunch of Identity Theft: Are You at Risk?

Greetings to all those concerned about privacy and identity theft. As you can guess from the title of this post, I am announcing the relaunch of Identity Theft: Are You at Risk? after a long hiatus dealing with personal and career issues. I am now back to post news and resources regarding identity theft and personal privacy.

For anyone who has a request regarding a topic or a question, I have set up new email address especially for this blog, which you can view on my profile. Please feel free to ask questions or drop me a line.

Thank you for reading