I'm sure many who have read this blog have read other blogs about identity theft as well. This is by no means the first identity theft blog (and definitely not the only one). However, I've seen a trend in some of them that I've been avoiding, and that is the embracing of identity theft protection services or identity theft insurance. One particularly popular identity theft protection service in particular keeps cropping up in many blogs (you know which one it is, and I'm not going to mention them or link to them). I don't criticize those who embrace or use these services, and I will mention one if a company offers services with them after a data breach.
Basically, I won't promote a particular identity theft protection service that I wouldn't use myself, and when it comes to protecting my identity, I'm in the "trust nobody" camp. I prefer doing the work myself. I can't speak for others, but as a past identity theft victim, the last thing I wanted was to trust someone else with my identity after that experience, even if they were trying to help.
CNN Money posted a helpful article discussing some of the prices and benefits of credit monitoring services and insurance, but also pointing out that a lot of what these services do, you can do yourself. Personally, the only identity theft protection "service" I would encourage is a credit freeze from the three major credit bureaus. That way you control who accessing your credit report. In some states, it's available for free, and for the rest of us, it can be purchased for a small fee.
Friday, August 29, 2008
Thursday, August 28, 2008
Honesty Online Can Increase Identity Theft Risk
I'm sure you've heard it before, even from me, "Be careful what you divulge online." Whether you're conversing on a niche forum, frequenting your favorite chat room, writing personal blog posts, or maintaining your MySpace page, you need to be careful how honest you are with your personal information. Even sharing your birth date, which seems fairly innocent, can come back to haunt you if the information falls into the wrong hands. Remember that fraudsters don't need much information to make you an identity theft victim. Why make ID theft any easier than it already is?
Yes, you've heard all of this before I'm sure. However, what about your online banking security? Obviously, you don't want to have a password that is easy to guess, but you also have your bank's security questions to answer in case you forget your password. Do you answer those questions honestly? It might help if the bank's security questions couldn't be answered by information that is public record or easily guessed, but they do want you to be able to answer them if you forget your password. However, this PC World blog points out just how easy it can be to access someone else's online banking information. Your father's middle name and the city where you were born can be found fairly easily by anyone willing to do a bit of footwork. So you may not want to answer those questions honestly. It may come back to bite you in the form of identity theft. You may not want to give your pet's name when asked for it. You may not want to supply a "name" at all, or if you do, include some numbers or other characters in the mix. If your cat's name is Fred, don't simply type in "Fred." Try something like "2f7r1e!d&" or something more complex than simply a name. Yeah, it's obnoxious but you get the point.
There are times when you have to be honest online (like with online purchases, that is if you actually want to receive what you are ordering), but other times your honesty can hurt you. You can avoid being an identity theft victim by knowing what to hide and what to tell.
Yes, you've heard all of this before I'm sure. However, what about your online banking security? Obviously, you don't want to have a password that is easy to guess, but you also have your bank's security questions to answer in case you forget your password. Do you answer those questions honestly? It might help if the bank's security questions couldn't be answered by information that is public record or easily guessed, but they do want you to be able to answer them if you forget your password. However, this PC World blog points out just how easy it can be to access someone else's online banking information. Your father's middle name and the city where you were born can be found fairly easily by anyone willing to do a bit of footwork. So you may not want to answer those questions honestly. It may come back to bite you in the form of identity theft. You may not want to give your pet's name when asked for it. You may not want to supply a "name" at all, or if you do, include some numbers or other characters in the mix. If your cat's name is Fred, don't simply type in "Fred." Try something like "2f7r1e!d&" or something more complex than simply a name. Yeah, it's obnoxious but you get the point.
There are times when you have to be honest online (like with online purchases, that is if you actually want to receive what you are ordering), but other times your honesty can hurt you. You can avoid being an identity theft victim by knowing what to hide and what to tell.
Labels:
ID theft,
identity theft,
password,
security
Wednesday, August 27, 2008
Banking Information of More Than One Million People Sold on eBay
Here's an interesting twist on recent data breach news. Forbes reports that a computer containing the banking security information of more than one million people has been sold on the popular auction site eBay. The Royal Bank of Scotland announced that a computer, which belonged to an archiving company called Graphic Data and contained information from credit card applications of some of the bank's customers as well as data from other banks, was inappropriately sold to a third party. The data on the computer included passwords, account numbers, cell phone numbers, and signatures.
A former employee of Graphic Data apparently sold the computer server on eBay without wiping the hard drive first. The breach became known when the buyer, Andrew Chapman, found the data on the hard drive and contacted authorities. The incident is currently under investigation.
All right, I'm not a regular eBay user or an IT expert, but I know that just deleting files is not enough to make sure your data is completely gone from the computer. The hard drive needs to be formatted and the operating system reinstalled before you sell or give away a computer. Now if a general user like me knows this, the person who sold the computer must have know this (at least, we hope these companies are employing competent people). Whether this was deliberate or not remains to be seen, but I will definitely keep an eye on this.
A former employee of Graphic Data apparently sold the computer server on eBay without wiping the hard drive first. The breach became known when the buyer, Andrew Chapman, found the data on the hard drive and contacted authorities. The incident is currently under investigation.
All right, I'm not a regular eBay user or an IT expert, but I know that just deleting files is not enough to make sure your data is completely gone from the computer. The hard drive needs to be formatted and the operating system reinstalled before you sell or give away a computer. Now if a general user like me knows this, the person who sold the computer must have know this (at least, we hope these companies are employing competent people). Whether this was deliberate or not remains to be seen, but I will definitely keep an eye on this.
Labels:
computer,
data breach,
eBay
Tuesday, August 26, 2008
New Identity Theft Scam Targets EPPICard Users
A number of states have reported that EPPICard users are being targeted by identity theft scammers. Fourteen states use the EPPICard to distribute state payments, like child support. The Internet Complain Center reports that EPPICard users around the country have reported receiving voice, email, and text messages falsely informing them of problems with their account. The users are then encouraged to update their accounts to fix the problem. The are directed to a Web site asking for personal information such as account numbers and PIN numbers. They are also receiving emails offering payment for taking an online survey. After they complete the survey, they are asked to give their account information so they can receive payment.
No bank or credit card companies will solicit account or other personal information through text messages or email, and the Web is loaded with "make money taking surveys" scams. This just another trick by those looking for identity theft victims.
Be vigilant, and don't fall for new variations of an old scam. This is yet another phishing scam, this time using text messaging as well as email. The best thing to do with these messages is delete them. That will keep you from becoming the next identity theft victim of this particular scam.
No bank or credit card companies will solicit account or other personal information through text messages or email, and the Web is loaded with "make money taking surveys" scams. This just another trick by those looking for identity theft victims.
Be vigilant, and don't fall for new variations of an old scam. This is yet another phishing scam, this time using text messaging as well as email. The best thing to do with these messages is delete them. That will keep you from becoming the next identity theft victim of this particular scam.
Labels:
EPPICard,
identity theft,
phishing scam,
scam
Friday, August 22, 2008
U.K. Government Loses Personal Data of 4 Million in One Year
While most of my identity theft "news" posts tend to be geared toward U.S. readers, the general information and advice can be used or adapted by anyone in the world concerned about identity theft. However, that doesn't mean that I think only we here in the U.S. are dropping the ball and everyone else is safe, so I'll try to incorporate more international posts to try to give an accurate picture. This particular post is for our friends in the U.K.
This Computerworld article discusses several incidents where the U.K. government "lost" the personal information of millions of citizens. This involved everything from medical insurance claims to personal ID information. Now, not all of these incidents included data being compromised (in some cases it was just carelessly handled), and not all of these breaches will result in identity theft. But the numbers are still disturbing. The frequency and overwhelming numbers involved make it clear that perhaps we (globally) need to start looking into better efforts to securing data. This will involve cooperation from both governments and private citizens.
Now, before we criticize the U.K. government, keep in mind that the U.S. government is just as guilty of exposing citizens to potential identity theft.
This Computerworld article discusses several incidents where the U.K. government "lost" the personal information of millions of citizens. This involved everything from medical insurance claims to personal ID information. Now, not all of these incidents included data being compromised (in some cases it was just carelessly handled), and not all of these breaches will result in identity theft. But the numbers are still disturbing. The frequency and overwhelming numbers involved make it clear that perhaps we (globally) need to start looking into better efforts to securing data. This will involve cooperation from both governments and private citizens.
Now, before we criticize the U.K. government, keep in mind that the U.S. government is just as guilty of exposing citizens to potential identity theft.
Labels:
data breach,
identity theft,
U.K. government,
U.S. government
Thursday, August 21, 2008
Seniors Now Identity Theft Targets
Just like children can be identity theft victims since they have no credit history and will not think to check their credit reports, senior citizens can also be targets, especially those who have a long history of good credit. They also have access to other services that may be of interest to an identity thief, like food stamp cards or health care (Medicare).
That's why this news report warns seniors to be vigilant to protect themselves from identity theft, especially medical identity theft, which can prove fatal for seniors depending on the circumstances. Another report covers crimes against the elderly, including theft of food stamp account numbers and PIN numbers.
Senior citizens are urged to take the same precautions that others should take to prevent identity theft or at least minimize the damage if they are already victims. Request copies of your credit report from all three credit bureaus and review them carefully. Carefully go over bank and credit card statements and report fraudulent charges, and if someone calls claiming they need your personal information (Social Security number, date of birth, etc.), do not give it to them. Make sure they are who they say they are before talking to them.
That's why this news report warns seniors to be vigilant to protect themselves from identity theft, especially medical identity theft, which can prove fatal for seniors depending on the circumstances. Another report covers crimes against the elderly, including theft of food stamp account numbers and PIN numbers.
Senior citizens are urged to take the same precautions that others should take to prevent identity theft or at least minimize the damage if they are already victims. Request copies of your credit report from all three credit bureaus and review them carefully. Carefully go over bank and credit card statements and report fraudulent charges, and if someone calls claiming they need your personal information (Social Security number, date of birth, etc.), do not give it to them. Make sure they are who they say they are before talking to them.
Labels:
identity theft,
medical identity theft,
senior
Wednesday, August 20, 2008
Dominion Enterprises Discloses Data Breach
Once again, it looks like the hackers are making news. According to recent a recent report, Dominion Enterprises announced that a computer server of InterActive Financial Marketing Group, a division of Dominion Enterprises, was hacked into and accessed by an unknown party. The breach took place between November 2007 and February 2008, and the result was the potential exposure of personal information (names, addresses, birth dates, Social Security numbers, etc.) of more than 90,000 applicants.
Dominion Enterprises is currently mailing letters to those whose information was illegally accessed. The company is also providing one year of credit monitoring service as well as other resources to help consumers protect themselves against identity theft.
While the company has taken immediate steps to enhance the security of their computer systems, the damage may already be done. Obviously, they have no way of knowing at this point of the breach has resulted in identity theft.
Dominion Enterprises is currently mailing letters to those whose information was illegally accessed. The company is also providing one year of credit monitoring service as well as other resources to help consumers protect themselves against identity theft.
While the company has taken immediate steps to enhance the security of their computer systems, the damage may already be done. Obviously, they have no way of knowing at this point of the breach has resulted in identity theft.
Labels:
data breach,
Dominion Enterprises,
identity theft
Friday, August 15, 2008
Identity Theft No Longer Just a White Collar Crime
When most people think of identity theft, they think of someone tech savvy, like the hackers named in the recent international case who accessed credit card information electronically. Cases like this leave people thinking of identity theft as a white collar crime. Many of my earlier posts have illustrated that that's not necessarily the case since methods such as mail theft and dumpster diving don't require technical know-how at all, and these are highly effective methods of obtaining personal information required to commit identity theft.
However, a recent Los Angeles Times article pointed out that street gangs normally associated with violent crimes are finding identity theft to be quite profitable. After all, technology has made it much easier to obtain credit. Anyone can apply for a credit card online with the proper information without having to provide valid identification.
Anyone who can access and make use of the personal identifying information of others is capable of being an identity thief. This applies to people on all levels, not just the hackers trading credit card information. Perhaps we should reexamine our perception of identity theft as just a white collar crime.
However, a recent Los Angeles Times article pointed out that street gangs normally associated with violent crimes are finding identity theft to be quite profitable. After all, technology has made it much easier to obtain credit. Anyone can apply for a credit card online with the proper information without having to provide valid identification.
Anyone who can access and make use of the personal identifying information of others is capable of being an identity thief. This applies to people on all levels, not just the hackers trading credit card information. Perhaps we should reexamine our perception of identity theft as just a white collar crime.
Labels:
credit,
gangs,
hacker,
identity theft,
white collar
Thursday, August 14, 2008
Former Countrywide Employee Arrested For Stealing and Reselling Customer Data
We do business with companies expecting that they've hired honest employees to handle our data, so one form of identity theft that is difficult to defend against is the "insider" or employee who steals and either uses or resells customer data. Even when companies go to great lengths to hire people they think are honest, it's hard to catch when the person is a first time thief or has covered his tracks well enough that he hasn't been caught in the past.
The recent breach at Countrywide Financial Corp. involved an insider stealing and reselling data of about 2 million loan applicants. The breach occurred over a two-year period when Rene Rebollo, Jr., who worked for Full Spectrum Lending, a division of Countrywide, and an accomplice sold personal and account information of Countrywide customers. The information was allegedly sold to other mortgage companies to make pitches.
It is unknown if any of the information has been used for identity theft at this point. Rebollo was arrested and charged with unauthorized access to a financial institution's computers.
The recent breach at Countrywide Financial Corp. involved an insider stealing and reselling data of about 2 million loan applicants. The breach occurred over a two-year period when Rene Rebollo, Jr., who worked for Full Spectrum Lending, a division of Countrywide, and an accomplice sold personal and account information of Countrywide customers. The information was allegedly sold to other mortgage companies to make pitches.
It is unknown if any of the information has been used for identity theft at this point. Rebollo was arrested and charged with unauthorized access to a financial institution's computers.
Labels:
Countrywide,
Countrywide Financial Corp.,
data,
identity theft,
insider
Wednesday, August 13, 2008
Wells Fargo Reports Data Breach
Wells Fargo & Co. has reported that the personal information of about 5,000 people may have been seen when someone used a bank access code illegally. The bank is notifying the people whose names are on the list and offering them free one-year membership to Identity Guard, an identity theft protection service.
Wells Fargo was alerted to suspicious activity in early July and contacted law enforcement immediately. It appears the illegal activity occurred in May and June. This is not the first time Wells Fargo has this type of breach. The company had two data breach incidents in 2006.
Whether or not this data breach has resulted in identity theft for any of the bank's customers remains to be seen. Wells Fargo has recommended that anyone affected should alert the credit bureaus and go over their accounts carefully to watch for suspicious activity. Those fearing identity theft because of this incident should monitor their credit reports or take advantage of the credit monitoring services offered by the bank.
Wells Fargo was alerted to suspicious activity in early July and contacted law enforcement immediately. It appears the illegal activity occurred in May and June. This is not the first time Wells Fargo has this type of breach. The company had two data breach incidents in 2006.
Whether or not this data breach has resulted in identity theft for any of the bank's customers remains to be seen. Wells Fargo has recommended that anyone affected should alert the credit bureaus and go over their accounts carefully to watch for suspicious activity. Those fearing identity theft because of this incident should monitor their credit reports or take advantage of the credit monitoring services offered by the bank.
Labels:
bank,
data breach,
identity theft,
Wells Fargo
Tuesday, August 12, 2008
Students and Identity Theft: Caution for Those Returning to School
There's nothing an identity thief likes more than a clean slate. A young person with little or no credit is an ideal identity theft victim. After all, credit card companies are eager to extend credit to young consumers. In a few weeks, many of you will be returning to school. As you prepare for the next school year, you will obviously want to prepare with the proper books and supplies for your classes, but you will also want to prepare in other ways. The sooner you know how to protect your identity the less likely you will be to fall into the identity theft trap.
This caution is especially relevant for college students who will not have parents over your shoulder making sure you are safe. The first week or two of class is pretty hectic, registering for classes, buying textbooks, getting to know new roommates, etc. Don't get so overwhelmed that you forget to protect your identity. People will be around distributing credit card and part-time job applications. This is a time when students are especially vulnerable to identity theft. Not everyone on campus will be who they say they are. Take special care if you complete an application.
This is just one example of the identity theft scams and traps out there. I highly recommend you check out the Identity Theft Resource Center. There are numerous articles about scams and identity theft methods and how to avoid them.
Labels:
college,
credit,
identity theft,
student
Monday, August 11, 2008
Identity Theft and Home Equity
The most common type of identity theft is financial identity theft because it is most profitable and there are many fairly easy ways to commit it. For the most part, what the financial identity thief is looking for is credit. According to the Identity Theft Assistance Center, people with good credit have become targets for identity theft because they often have untapped home equity.
A home equity line of credit is an excellent vehicle for an identity thief because it is a big pool of money. This pool can drain quickly if it consumers are not careful to frequently check their credit reports. A home equity line of credit is almost as easy to open as a credit card account. With the proper financial information on you, your thief can easily commit mortgage fraud.
It is recommended that if you have good credit, it is all the more reason to check your credit frequently. Your good credit will definitely make you a target for identity theft.
A home equity line of credit is an excellent vehicle for an identity thief because it is a big pool of money. This pool can drain quickly if it consumers are not careful to frequently check their credit reports. A home equity line of credit is almost as easy to open as a credit card account. With the proper financial information on you, your thief can easily commit mortgage fraud.
It is recommended that if you have good credit, it is all the more reason to check your credit frequently. Your good credit will definitely make you a target for identity theft.
Labels:
credit,
home equity,
identity theft,
mortgage fraud
Thursday, August 07, 2008
Wardriving and Identity Theft
Thanks to the recent high-profile identity theft case, attention has been called to the technique that was used, which is called wardriving. Wardriving involves driving around searching for insecure wireless networks. This can relate to home wireless connections or, like in the current identity theft case, business connections. Gaining access to a wireless network is easy if the security is low. If you've used a neighbor's wireless connection from a laptop without permission, then you've done it yourself.
With wireless networks for businesses becoming more common, wireless security should be something also be a concern. This isn't just about surfing the web on someone else's connection. The hackers involved in the current identity theft case were able to access the credit card information of millions of consumers, so obviously wardriving in the hands of a cyber criminal is much more serious than just taking advantage of free Internet service.
While you obviously have no control over the security of the businesses you frequent, you can control your own actions. If you are surfing the web from an open or low-security wireless network, don't use this particular surfing time to log on to your online bank account or make an online purchase.
With wireless networks for businesses becoming more common, wireless security should be something also be a concern. This isn't just about surfing the web on someone else's connection. The hackers involved in the current identity theft case were able to access the credit card information of millions of consumers, so obviously wardriving in the hands of a cyber criminal is much more serious than just taking advantage of free Internet service.
While you obviously have no control over the security of the businesses you frequent, you can control your own actions. If you are surfing the web from an open or low-security wireless network, don't use this particular surfing time to log on to your online bank account or make an online purchase.
Labels:
identity theft,
security,
wardriving,
wireless
Wednesday, August 06, 2008
Eleven Charged in International Identity Theft Case
Eleven suspects have been charged with stealing over 40 million credit and debit card numbers and then selling them. They allegedly hacked into the computer systems of many U.S. retailers to install software that gave them access to account information and passwords. Three of the suspects charged in this identity theft case are U.S. citizens, and the others are from China, Estonia, Belarus, and Ukraine.
The method the alleged thieves used involved driving through neighborhoods and hacking into wireless equipment to obtain credit card numbers, passwords, and other account information. Several major retailers were targeted, including TJ Maxx, Barnes & Noble, and OfficeMax. This case definitely exposes our vulnerability to identity theft with the compromise of personal information.
The Department of Justice is calling this the largest and most complex identity theft case that resulted in charges being brought. My guess is the total cost of damages to the targeted businesses and their customers is still unknown. If you think you might be an identity theft victim as a result of these crimes being charged, do not hesitate to contact your bank.
The method the alleged thieves used involved driving through neighborhoods and hacking into wireless equipment to obtain credit card numbers, passwords, and other account information. Several major retailers were targeted, including TJ Maxx, Barnes & Noble, and OfficeMax. This case definitely exposes our vulnerability to identity theft with the compromise of personal information.
The Department of Justice is calling this the largest and most complex identity theft case that resulted in charges being brought. My guess is the total cost of damages to the targeted businesses and their customers is still unknown. If you think you might be an identity theft victim as a result of these crimes being charged, do not hesitate to contact your bank.
Labels:
charge,
hacking,
identity theft
Tuesday, August 05, 2008
Government Is a Major Source of Data Breaches
If you don't trust the government to protect your personal and financial information, then you shouldn't be surprised or disappointed with this recent report. According to a Consumer Reports investigation, the government is one of the biggest sources of ID leaks. Consumer Reports analyzed data reported by the nonprofit Privacy Rights Clearinghouse. They found that more than 230 security lapses of federal, state, and local government resulted in the exposure or loss of more than 40 million consumer records (the data covers dates from 2005 to mid-2008).
Unfortunately, it seems that few of these data breaches get publicized because there is no financial incentive to do so. The number of data breaches that result in identity theft is unknown because consumers don't usually know that their information has been compromised or the thief may not use the stolen information right away.
The full report can be read in the September issue of Consumer Reports or can be bought from ConsumerReports.org. While we are all responsible, to a certain extent, for protecting our own personal financial information, we should be able to trust our government not to expose our information, making us possible identity theft victims.
Unfortunately, it seems that few of these data breaches get publicized because there is no financial incentive to do so. The number of data breaches that result in identity theft is unknown because consumers don't usually know that their information has been compromised or the thief may not use the stolen information right away.
The full report can be read in the September issue of Consumer Reports or can be bought from ConsumerReports.org. While we are all responsible, to a certain extent, for protecting our own personal financial information, we should be able to trust our government not to expose our information, making us possible identity theft victims.
Labels:
Consumer Reports,
data breach,
identity theft
Subscribe to:
Posts (Atom)