The State Department announced that it has notified nearly 400 passport applicants of a security breach that may have put them at risk of identity theft. Most of the applicants at risk are in the Washington, D.C. area, and their passport applications may have been illegally accessed and used to open fraudulent credit card accounts. The applications contained identifying information, including Social Security numbers. More potential identity theft victims may be notified as the investigation continues.
Most of the people contacted have not become identity theft victims at this point, but they have all been offered free credit monitoring for a year. The breach was discovered when a man was arrested with 19 credit cards in different names and eight completed passport applications. While the State Department declines to comment on how he obtained these applications, it was confirmed that one State Department employee has been fired as a result of this breach.
The department has since stepped up its security for passport records management. While specifics about the method of this security breach have not been disclosed, it is no less disturbing. We don't know how many people were involved, but it's definitely possible that many of these people may already be victims of identity theft and not even know it.
Friday, October 31, 2008
Wednesday, October 29, 2008
Low-tech Methods Still Used for Identity Theft
With all of the news of data breaches and identity theft committed by hackers, many are concerned with electronic security, and they are right to do so. However, while we seek to protect ourselves online and companies seek to protect their employee and customer information, we must not forget that there are identity theft methods that require little or no access to a computer or the Internet.
According to a study from the University of Ithaca's Center for Identity Management and Information Protection (CIMIP) on closed ID theft cases, identity thieves still rely on low-tech old-school methods such as dumpster diving and mail theft. Thieves also gained information on potential victims through public records. The Internet or technological devices were only used in about half of the examined identity theft cases. In fact, the Internet was the sole method used in less than 10 percent of the cases. Granted these numbers are a few years old (2001 to 2004), and the use of technological methods has probably risen. Also, this data relies on the cases of identity theft that were reported and closed, and many cases go unreported either because they are undetected until the thief is long gone or because the victim knew the thief and decided not to report a friend or family member.
While this study obviously cannot tell the whole story, it can serve as a reminder that identity theft can be committed in many ways. While you want to protect your electronic data, you want to protect yourself on other fronts as well. These low-tech methods will continue to be used to commit identity theft because they do not require knowledge or access to hi-tech devices.
According to a study from the University of Ithaca's Center for Identity Management and Information Protection (CIMIP) on closed ID theft cases, identity thieves still rely on low-tech old-school methods such as dumpster diving and mail theft. Thieves also gained information on potential victims through public records. The Internet or technological devices were only used in about half of the examined identity theft cases. In fact, the Internet was the sole method used in less than 10 percent of the cases. Granted these numbers are a few years old (2001 to 2004), and the use of technological methods has probably risen. Also, this data relies on the cases of identity theft that were reported and closed, and many cases go unreported either because they are undetected until the thief is long gone or because the victim knew the thief and decided not to report a friend or family member.
While this study obviously cannot tell the whole story, it can serve as a reminder that identity theft can be committed in many ways. While you want to protect your electronic data, you want to protect yourself on other fronts as well. These low-tech methods will continue to be used to commit identity theft because they do not require knowledge or access to hi-tech devices.
Labels:
dumpster diving,
ID theft,
identity theft,
low-tech methods,
mail theft
Thursday, October 16, 2008
Identity Theft at the Gas Pump
Just as Americans start to see relief from skyrocketing gas prices and the prices drop, a new concerning the purchase of gasoline arises: identity theft. During the past few months, Texas cities like Dallas, Fort Worth, and Plano are seeing increasing reports of identity theft at automated gas pumps where the consumer can pay at the pump. It appears to be a new updated version of what is considered common technology for the identity thief.
Card skimmers often used in retail and restaurant settings to collect credit card information and at ATMs are finding their way to gas pumps. While for a long time skimmers can be detected by the vigilant consumer looking for suspicious devices, newer versions of this device have become more efficient. They are smaller and can be attached to card readers without being noticed and not interfering with the transaction. This is disconcerting whether you are paying for gas at the pump, withdrawing cash at your ATM, or paying for groceries at a self-checkout station. As devices become smaller, the easier it will be for scammers to use them for identity theft and other crimes.
So far, the reports seem to indicate this is becoming a problem in Texas with some earlier incidents reported on the West coast. However, don't expect it to remain isolated. With new technology making identity theft more efficient, the consumer needs to be extra careful. If you are at a pump something looks suspicious with its payment device, go inside and report it to the attendant and pay inside. It may be an incovenience, but a few minutes talking to an attendant at a gas station could save you and possibly others thousands of dollars by preventing identity theft.
Card skimmers often used in retail and restaurant settings to collect credit card information and at ATMs are finding their way to gas pumps. While for a long time skimmers can be detected by the vigilant consumer looking for suspicious devices, newer versions of this device have become more efficient. They are smaller and can be attached to card readers without being noticed and not interfering with the transaction. This is disconcerting whether you are paying for gas at the pump, withdrawing cash at your ATM, or paying for groceries at a self-checkout station. As devices become smaller, the easier it will be for scammers to use them for identity theft and other crimes.
So far, the reports seem to indicate this is becoming a problem in Texas with some earlier incidents reported on the West coast. However, don't expect it to remain isolated. With new technology making identity theft more efficient, the consumer needs to be extra careful. If you are at a pump something looks suspicious with its payment device, go inside and report it to the attendant and pay inside. It may be an incovenience, but a few minutes talking to an attendant at a gas station could save you and possibly others thousands of dollars by preventing identity theft.
Labels:
gas pump,
identity theft,
skimmer,
Texas
Friday, October 10, 2008
New Phishing Scams Prey on Consumers' Economic Fears
A recent wave of phishing scams and other identity theft scams seek to take advantage of people's fears regarding the economy. With so many banks having trouble, the Identity Theft Assistance Center (ITAC) and the Federal Trade Commission are warning consumers in a press release about emails claiming to be from an institution that recently acquired the consumer's bank, mortgage, or savings and loan company.
Obviously, many of us are not strangers to the phishing scam since we've seen many of them before. However, these recent ones are taking advantage of many consumers' insecurities regarding the current economic situation. These scammers hope that some worried consumers will fall for their fraud and provide important information, like passwords, account numbers, and Social Security numbers. They will use this information to commit identity theft.
ITAC and the FTC are also anticipating an increase in credit-related scams. Be on the look out for phony refinancing offers, equity loan schemes, and other credit-related scams. Thoroughly investigate the validity of an offer before agreeing to anything and avoid giving your account numbers or Social Security number to anyone who contacts you by email or phone. Being so free with your information can make you the next victim of identity theft.
While many struggle during difficult economic times, scammers seem to thrive by taking advantage of the fears and concerns of others. Do not be fooled by these emails. It's just another phishing scam from another fraudster looking to commit identity theft. By being smart, you can avoid becoming a victim.
Obviously, many of us are not strangers to the phishing scam since we've seen many of them before. However, these recent ones are taking advantage of many consumers' insecurities regarding the current economic situation. These scammers hope that some worried consumers will fall for their fraud and provide important information, like passwords, account numbers, and Social Security numbers. They will use this information to commit identity theft.
ITAC and the FTC are also anticipating an increase in credit-related scams. Be on the look out for phony refinancing offers, equity loan schemes, and other credit-related scams. Thoroughly investigate the validity of an offer before agreeing to anything and avoid giving your account numbers or Social Security number to anyone who contacts you by email or phone. Being so free with your information can make you the next victim of identity theft.
While many struggle during difficult economic times, scammers seem to thrive by taking advantage of the fears and concerns of others. Do not be fooled by these emails. It's just another phishing scam from another fraudster looking to commit identity theft. By being smart, you can avoid becoming a victim.
Labels:
bank,
identity theft,
phishing scam,
scam
Thursday, October 09, 2008
NFCC to Lauch Protect Your Identity Week
With everything that is being done to punish identity thieves, identity theft is still a major problem. While companies and governments can take precautions to protect consumers, we all need to be doing our part to protect our own identities. The best way to do so is education regarding how identity thieves work and how we can keep our information out the hands of those who will us it fraudulently. The National Foundation for Credit Counseling (NFCC) is looking to provide the resources and education to increase consumer awareness of identity theft.
The NFCC is launching the Protect Your Identity Week October 19-25, 2008. Member agencies across the U.S. will be offering credit report reviews, shredding events, and identity theft workshops as well as other education focusing on preventions of ID theft. All events will be free and open to the public.
The NFCC has also launched a new Web site to tell you about PYIW events near you and provide information about protection and recovery for identity theft victims. Education is the best way to let people know what they may be doing on a daily basis to make themselves more vulnerable to identity theft. Making it national week will definitely help, but this education and protection should be available. I've added the web site to my list of resources. Hopefully they will expand it with more information that consumers can use all year round.
The NFCC is launching the Protect Your Identity Week October 19-25, 2008. Member agencies across the U.S. will be offering credit report reviews, shredding events, and identity theft workshops as well as other education focusing on preventions of ID theft. All events will be free and open to the public.
The NFCC has also launched a new Web site to tell you about PYIW events near you and provide information about protection and recovery for identity theft victims. Education is the best way to let people know what they may be doing on a daily basis to make themselves more vulnerable to identity theft. Making it national week will definitely help, but this education and protection should be available. I've added the web site to my list of resources. Hopefully they will expand it with more information that consumers can use all year round.
Labels:
ID theft,
identity theft,
NFCC,
Protect Your Identity Week
Saturday, October 04, 2008
University of Indianapolis Experiences Data Breach Affecting 11,000
The University of Indianapolis information technology staff along with outside security experts are investigating a data breach that reportedly occurred on September 18. A hacker gained access to the university's computer system and the personal information (including Social Security numbers) of 11,000 students, staff, and faculty. According to the university, the compromised records were at least two years old, and they are unsure whether or not anything was done with the information but that it was compromised.
The university president, who is among those whose information was compromised in the data breach, said that those affected would be notified by mail as well as email. The school is also offering victims one year of free credit monitoring. Investigators are sure the compromise originated from outside the University of Indianapolis and believe it may have originated outside the United States since a foreign language was discovered embedded in programming code.
While the University of Indianapolis is not the first educational institution to experience a data breach this year, this one definitely puts thousands of people at risk of identity theft. This data breach involves information that dates back to when the university used Social Security numbers to keep track of students, faculty, and staff, a practice the school no longer uses. But the damage has already been done. Perhaps many institutions' transition from the use of Social Security numbers should have began much earlier. While we cannot change the past, we can learn from these mistakes and move on. The use of one's Social Security number should be limited.
The university president, who is among those whose information was compromised in the data breach, said that those affected would be notified by mail as well as email. The school is also offering victims one year of free credit monitoring. Investigators are sure the compromise originated from outside the University of Indianapolis and believe it may have originated outside the United States since a foreign language was discovered embedded in programming code.
While the University of Indianapolis is not the first educational institution to experience a data breach this year, this one definitely puts thousands of people at risk of identity theft. This data breach involves information that dates back to when the university used Social Security numbers to keep track of students, faculty, and staff, a practice the school no longer uses. But the damage has already been done. Perhaps many institutions' transition from the use of Social Security numbers should have began much earlier. While we cannot change the past, we can learn from these mistakes and move on. The use of one's Social Security number should be limited.
Thursday, October 02, 2008
Update for Identity Theft Enforcement and Restitution Act
As a brief update, according to this article from The Washington Post, President Bush did, in fact, sign the Identity Theft Enforcement and Restitution Act. This will make it easier for prosecutors to go after cyber criminals. It will also allow identity theft victims to not only be compensated for their direct losses from identity theft, but also their indirect losses (like time spent restoring credit or possible job denials as a result of ID theft) once their identity thieves are brought to justice.
Keep in mind the victim is only compensated for the indirect losses caused by identity theft if those responsible are brought to justice. Most identity thieves are never caught, so this will not help many identity theft victims.
Keep in mind the victim is only compensated for the indirect losses caused by identity theft if those responsible are brought to justice. Most identity thieves are never caught, so this will not help many identity theft victims.
Labels:
ID theft,
identity theft,
identity theft victim
Wednesday, October 01, 2008
Identity Theft in a Sluggish Economy
So what is the reason for the spike in identity theft and data breaches in 2008? We can offer any number of reasons. After all, ID theft has been on the rise for years, but it seems like every time we turn around we're hearing about a major data breach or identity theft case (like the TJX case back in August). Part of the reason is the obvious fact that ID theft is getting easier to commit as technology advances, and we need to make sure our security measures are equal to the task of protecting private data. Certain agencies posting private consumer data on the Internet doesn't help either.
But what is motivating people to do this? A press release by MyPrivateCredit has offered at least one possible indirect cause. The sluggish U.S. economy of 2008 may be at least part of the cause of the rise in identity theft and data theft. When economic conditions decline with people either out of work or the paycheck not going as far, many will seek additional sources of income. And not all of these income sources will be legal. Identity theft might seem like an easy answer for those who are capable of pulling it off. After all, ID theft is profitable. Even if someone isn't actually using the data they steal, they can sell it to those who will.
While this press release definitely offers some interesting points, it by no means tells the whole story. Yes, the sluggish economy may inspire some to turn to fraudulent income streams, but that doesn't explain why identity theft has been steadily on the rise even when the economy was not in such a sad state. As identity theft becomes easier, we need to become more cautious about protecting our private data, and companies need to increase their security as well, including the human element.
Read over the link I provided above. After all, it does raise some interesting points, and by all means, protect your identifying data, especially if the temptation some to commit identity theft is looming larger than usual.
But what is motivating people to do this? A press release by MyPrivateCredit has offered at least one possible indirect cause. The sluggish U.S. economy of 2008 may be at least part of the cause of the rise in identity theft and data theft. When economic conditions decline with people either out of work or the paycheck not going as far, many will seek additional sources of income. And not all of these income sources will be legal. Identity theft might seem like an easy answer for those who are capable of pulling it off. After all, ID theft is profitable. Even if someone isn't actually using the data they steal, they can sell it to those who will.
While this press release definitely offers some interesting points, it by no means tells the whole story. Yes, the sluggish economy may inspire some to turn to fraudulent income streams, but that doesn't explain why identity theft has been steadily on the rise even when the economy was not in such a sad state. As identity theft becomes easier, we need to become more cautious about protecting our private data, and companies need to increase their security as well, including the human element.
Read over the link I provided above. After all, it does raise some interesting points, and by all means, protect your identifying data, especially if the temptation some to commit identity theft is looming larger than usual.
Labels:
data breach,
economy,
ID theft,
identity theft,
security
Subscribe to:
Posts (Atom)