Thursday, June 29, 2006

Where's the Beef with USDA Identity Theft?

Where's-the-Beef-with-USDA-Identity-Theft-audio post - click to play

The U.S. Agriculture Department became the victim
of identity theft when a hacker gained unauthorized
access to a computer system containing 26,000
employees personal information was discovered
June 5th.

The confidential information accessed by the computer
hacker included:

  • Names
  • Social Security Numbers (ssn)
  • Photos

The information accessed by the hacker was specifically
used by the USDA for the production of media badges for
contractors and staff members within the Washington, DC

Although, only 26,000 employees have been confirmed
were impacted, upon further review the USDA suspects
the total may potentially effect all 110,000 people
within the department.

So, our tip for today is if you or someone you know
has ever worked for the USDA, contact them on their
special toll free hotline to inquire about the free
credit monitoring offer provided by the department.

That toll free number is 1-800-333-4636 and is staffed
from 8am - 9pm eastern daylight time.

Wednesday, June 28, 2006

FTC Itself Latest Identity Theft Victim

FTC-Itself-Latest-Identity-Theft-Victim-audio post - click to play

What happens when the chief government watch dog
agency against identity theft itself becomes
the latest
victim with the theft of 2 laptops?

This latest identity theft story points out the
crucial need for laptops containing consumer
information to be minimally encrypted if not
banned altogether from leaving secured premises.

But what is particularly shocking from the public
statements made by a FTC spokesperson is the
seemingly utter disregard for consumer information

..the FTC employees did not violate security
procedures by storing the password-protected
laptops in their cars.


Has anyone over at the FTC being paying attention to
the record number of consumer identity theft's this
year attributed to stolen laptops containing
unencrypted and highly sensitive data?

Or, perhaps the head of the FTC, who herself was
the victim of identity theft associated with the
DSW data loss two years ago might at least have
made sure her agency would have tighter security
procedures in place.

Evidently not, as the data the identity thieves
captured included:

  • Names
  • Addresses
  • Social Security Numbers (ssn)
  • Financial Account Numbers

All because an attorney, intrusted with the data, left
laptops in a locked car.

Look, this is very simple if you have a laptop, it's
meant to be portable. So, leaving a highly portable
laptop containing confidential consumer information
in a car just does not make sense - that is if it
were the attorney's social security number. Better
still, do not allow employees or contractors to
save unencrypted consumer data on a
portable drive.

It's not rocket science nor requires a large
committee of staffers to figure it out as seemingly
the FTC spokesperson intimated:

We will be reassessing what procedures
we have to make sure reasonable measures
are taken to protect data.

So, our tip for today is to run - don't walk
to your nearest telephone or computer and get
yourself and family members enrolled in any
quality credit monitoring service you feel
comfortable with. Just make sure you utilize
one which provides exception alerts to
suspicious activity, but also will screen
for the hidden public records fraud which
unfortunately credit bureaus do not watch
out for your in your interest.

Finally, help a friend by sharing what you
learned today from this podcast which is
provided under the concept of freedbacking.

We're free and can be anonymously subscribed
to by RSS or email.

Monday, June 26, 2006

Identity Theft Insurance Provider Itself A Victim

Identity-Theft-Insurance-Provider-Itself-A-Victim-audio post - click to play

In a cruel paradox, AIG, one of America's largest
insurance providers which also offers identity theft
insurance became the latest id theft victim with the
theft of 970,000 potential customer's data.

AIG, in March, suffered the loss when a thief stole
a computer file server and several laptops from
the insurance company's Midwest offices.

The highly confidential information contained on
the stolen computer equipment included:

  • Names
  • Social Security Numbers (ssn)

It seems the data stolen covered insurance quotes
from 690 individual brokers across America.

Additionally, five percent of the consumer's files
also included confidential medical information.

Although AIG is a provider of identity theft insurance,
this incident has caused the company to agree to
covering the costs of helping the impacted consumers
restore their credit ratings when they become
credit fraud victims.

So, our tip for today, is to contact AIG's customer
assistance hotline if you or anyone you know is
a victim of this latest identity theft.

AIG can be reached at 1-877-638-4244 or via their
company web site contact form.

Friday, June 23, 2006

When Credit Bureaus Lose Your Data

When-Credit-Bureaus-Lose-Your-Data audio post - click to play

Equifax, Trans Union, & Experian are the
three major credit bureaus that each
maintain detailed financial historical
information on over 100 million
households across America.

These massive credit data repositories
literally hold the keys to your past
and future financial prosperity.

Usually we learn of identity theft
cases involving companies, universities,
government and medical offices losing
consumer's sensitive data.

But, what has recently happened involves
the typically security centric credit

Equifax, joining Trans Union, has itself
now become the victim of identity theft.

An employee's laptop, containing the
social security numbers (ssn) and
names of over half (2,500) of the total
staffers at the Atlanta based firm was
stolen May 29th in London.

Once again, we find an employee violated
company policy and placed sensitive
consumer information on a unsecure
and mobil laptop.

Although the laptop has not been recovered,
fortunately this latest security breach
only impacts the employees of Equifax
who were exposed to identity theft by
one of their own.

The general population of Americans were
not effected by this case of stolen
credit data.

However, Equifax is offering all of it's
employees free credit monitoring and the
fraud alert placement. To the company's
credit they also did not waste time in
notifying all of their employees who's
credit data was exposed.

Given that even credit bureaus are not
immune to identity theft, it is prudent
for you to strongly consider enrolling
in an automatic credit monitoring service.

Why wait until when (not if) your data
is lost or stolen. Remember in the past
year and half, over 80,000,000 Americans
have had their confidential credit
related data either stolen or exposed
by companies involving 130 separate

Tuesday, June 20, 2006

ING Loses Jackson Health & DC Employee's Data

ING-Loses-Jackson-Health-and-DC-Employee's-Data-audio post - click to play

ING, a large financial services firm, is the
of our weekly "who lost the laptop"
award. This dubious
honor was bestowed
because the company lost not 1 one but

3 computers containing sensitive personal
highly sought by identity thieves.

All told, 21,500 people have been effected.

In an all too familiar story closely resembling similar
"lost" laptops, ING waited for months before disclosing
confidential consumer information had been compromised.
As part of the pattern of recent security breaches, the
data of at least one of the stolen computers was not
encrypted (meaning scrambled so that it's not easily
viewable by an identity thief).

As the same sad pattern continues with other more recent
security breaches, a laptop was stolen from the home of
a ING employee in D.C.. In a second incident involving
the data of Jackson Health Systems, ING simply misplaced two
computers containing confidential consumer information
gathered during a voluntary life insurance enrollment
drive in December.

The sensitive consumer information included:

  • Names
  • Date of Birth
  • Social Security Numbers (ssn)

Once again, identity thieves win because of careless
handling of consumer information by a company entrusted
to protect their clients most important asset (personal info).

There's a simple fix to this repeated pattern we unfortunately
learn of seemingly every week now. First, companies or
other entities should not allow employee's to take off
work premises any consumer information - especially
data containing social security numbers or date of births.

It's all to easy to replace those identifiers with a simple
numeric alternative.

Secondly, under no circumstances should companies be allowed
to transport unencrypted consumer data.

We recently learned of a very large credit card issuer which
requires their marketing contractors to even encrypt names
and email addresses when transmitting them to fulfillment
off site vendors.

Imagine if all of these business practices to insure safer
handling of consumer data would be mandated punishable by
law in each instance (meaning effected consumer) of
$10,000 per month the data is missing or stolen.

We would be surprised to see this continuing sad saga
each week of at least 2 - 3 new instances of identity
theft or "lost" consumer data continue to occur.

Tune in next time as we'll expose a shocking but true
story of how one of the very largest credit bureaus
itself became the latest victim to identity theft.

Friday, June 16, 2006

7,800 University of Kentuckian's Personal Identity Exposed in 2 Separate Incidents

7,800-University-of-Kentuckian's-Personal-Identity-Exposed-in-2 -Separate-Incidents-audio post - click to play

While the president of the university recieves a six figure
($115,000) bonus making him the highest paid public
university head in the state, 7,800 current and former
students most sensitive personal data was exposed to
identity theft.

It seems 6,500 students personal data was contained on
a portable computer drive which was taken from a faculty
member's classroom. While the official number of students
may ultimately be lower, the university has elected to attempt
to notify all of the potential effected students as the computer
drive which was "taken" contained information dating back
to 1988

Plus, last month the personal information of 1,300 current and
former employees was available on a UK Web site for three
weeks before it was discovered and removed.

The type of in depth personal information sought after by
identity thieves which was exposed included:

  • Social Security Numbers (ssn)
  • Phone Numbers
  • E-mail addresses
All of this while the president of the university was getting a
pay raise percentage higher than the rest of the staff.

So, our tip for today is to minimally seek out a credit report
review and preferably the placement of a fraud alert with
any one of the three major credit bureaus if you are a
current -or- former student of the University of Kentucky.

Finally, make sure to tell a friend about this important alert
if they are an alumni of the University of Kentucky who may
be negatively impacted by this identity theft.

Wednesday, June 14, 2006

150,000 Social Security Records Missing from Denver Elections Commission

150,000-Social-Security-Records-Missing-from-Denver-Elections Commission-audio post - click to play

Voter registration files containing sensitive consumer information,
dating back to as far as 1989, disappeared when an office move by
the Denver Elections Commission resulted in a 500 pound filing
cabinet being lost in February. City officials first learned of the
disappearance of the records 4 months later not from staff
members, but a web blog who exposed the scandal.

The missing records included this type of sensitive personal
information prized by identity thieves:

  • Names
  • Dates of Birth (dob)
  • Addresses
  • Social Security Number (ssn) partials

So, our tip for today, is to place a fraud alert on your credit
report if you or someone you know is a registered voter in the
city of Denver - especially during the period of 1989 - 1998.

Equifax: 1-800-525-6285;; P.O. Box
740241, Atlanta, GA 30374- 0241

Experian: 1-888-EXPERIAN (397-3742);;
P.O. Box 9532, Allen, TX 75013

TransUnion: 1-800-680-7289;; Fraud
Victim Assistance Division, P.O. Box 6790, Fullerton,
CA 92834-6790

Monday, June 12, 2006

Identity Theft Goes Nuclear causing Fallout for Months

Identity-Theft-Goes-Nuclear-causing-Fallout-for-Months audio post - click to play

Not until 9 months after the theft, 1,500 people working
for the nuclear weapons unit of the Department of Energy
were notified their most sensitive personal information
had been stolen by identity thieves.

Evidently, the identity thieves used, in this instance,
high tech computer hacking methods to penetrate a center
in Albuquerque, New Mexico to expose amongst other data:

  • Names
  • Social Security Numbers (ssn)
  • Birth Dates (dob)

The only way you would have ever learned of this
, is also how those effected by the theft were notified -
through the Congressional investigative hearings late last week
coming on the heels of the V.A. departments massive security
breach involving 26,500,000 veteran's social security numbers

The head of the security unit at the Albuqerque facility,
withheld information of the identity theft break in
his boss for at least 8 months. This security unit, itself
set up in the year 2000 after fears of espionage by Chinese
agents, reported to the Energy Department administrator whom
was kept uniformed of this very serious security breach
involving the 1,500 staff member's identity data.

Once again, we find a similar reason why these type of
identity theft cases unnecessarily put millions of Americans
at risk of financial ruin. For the simple reason of job
security, the people who are entrusted to protect our most
sensitive personal information are either too embarrassed or
too incompetent to admit identity thieves have beaten all of
their security procedures and policies.

Compounding the identity theft problem by seriously delaying
public disclosure merely presents an even more
opportunity for fraud to occur against
the countless victims
of identity theft.

Identity thieves understand this and have played on these fears
for years, we're just now as a country being forced to admit the
problem since 2005 (Choicepoint) and yet are struggling with an
effective national solution other than weakening the tougher
individual state laws requiring prompt consumer disclosure
and credit freeze rights.

So, our tip for today, is to take a measure of added preventative
insurance for your own personal well being and financial security.
Start by getting a "free" copy of your credit report to inspect it
for any signs of identity theft such as new accounts you did not
open. While conducting a review of your status against identity
theft, also get your public information profile checked out

Identity thieves have been known to file false information to
law enforcement
and medical insurance providers which will
minimally get your fired from your job and or or be suddenly
dropped off from healthcare medical coverage.

Sunday, June 11, 2006

YMCA Lost Laptop Exposes 65,000 to Identity Theft

YMCA-Lost-Laptop-Exposes-65,000-to-Identity-Theft-audio post - click to play

In the latest in a string of recent announcements
involving name brand organizations suffering data
breaches, the YMCA of Greater Providence,
Rhode Island was forced to disclose the loss
of the
personal data of 65,000 of it's

Similar to recent exposures by Ernst & Young, a
laptop containing highly sensitive and confidential
personal information was stolen May 24th from
locked administrative offices of the YMCA.

Personal information contained on the latop

  • Debit card account
  • Credit card account
  • Social Security Number (ssn)

An identity thief, using this type of personally
identifying information, can not only commit
fraudulent purchases but also open up new lines
of credit or cell phone services in the victim's
name. Based on statistics compiled by the
F.T.C., a new identity theft takes place
every 79
seconds in America costing
consumers thousands of dollars and hundreds
of frustrating hours to fix their financial well being.

Here's why.

Those account numbers can be used for "card not present"
fraud — where a stolen number is used to make a payment
over the phone or Internet. Little secondary verifying
information, if any,is required to conduct these illegal
purchases using stolen information.

Or, if the identity thief merely specializes as a
"collector", then he can easily peddle the stolen
identities and or card account numbers
to international
fraud rings operating via
internet chat forums for a hefty profit as follows below:

Regular credit card number: $1

Credit card with 3-digit security code: $3-$5

Credit card with code and PIN: $10-$100

Social security number (US): $5-$10

Mother's maiden name: $5-$10

At a bare minimum, those YMCA member's
personal information can be worth $65,000.

To even the most novice identity thief, usually
the data "collectors", a $65,000 payday sure beats
working for an honest living and is well worth the
risk - especially considering the low probability
of getting caught or ever serving serious jail

So, our tip for today is to contact the YMCA if
you or someone you know is a member of the
Providence, Rhode Island chapter which serves
portions of Massachusetts. Plus, for those who
have seen the several times per week evidence
from our website why your personal information
is not secure, take action to insure your own
personal financial safety.

Enroll in credit monitoring and check out on a
quarterly basis your public information profile
for the other more hidden incidents an identity
thief has abused your personal information such
as fraudulent DMV or criminal arrest filings in
your name.

Saturday, June 10, 2006

330,000 AICPA Members SSN Missing Since February

330,000-AICPA-Members-SSN-Missing-Since-February-audio post - click to play

The list of Americans whose most sensitive personal
information has either been lost, stolen, or exposed
to identity theft continues to grow. In the latest
example of poor information security, the
Institute of Certified Public
Accountants (AICPA)
reported nearly all
of it's 330,000 member's
data has been "lost" since February.

Let's quickly do the math. February, March, April,
May, & now June. Hmmm. That's 5 months. Ok, being
generous and counting the partial month of February,
that still totals over 4 months that those 330,000
individuals' data has been exposed to potential
identity theft.

120+ days for the following information to be unprotected:

  • Names
  • Addresses
  • Social Security Numbers (ssn)

With that level of personally identifying
in the hands of even the most
novice identity thief,
it's more than ample
enough time to completely wreck
a lifetime
of good credit
while leaving you with the
the months of frustration in fighting off debt
collectors and countless phone calls with uncaring

All of this simply because a careless AICPA employee
sent out a damaged computer hard drive to
an external
data recovery service, in violation
of company policy.

The computer disk was reported "missing" when it was
scheduled to be returned by Fedex but never arrived
back at the AICPA offices in the New York area.

In what has now become an all too familiar pattern
of "too late" damage control the company responsible
for the data breach, the AICPA has now begun
deleting all Social Security numbers from
its member

You would have hoped that certified public accountants
were more careful in their confidential data handling
practices in the first place. After all, CPA's are
the professionals who audit businesses for
the safety
and soundness of their financial

So, our tip for today illustrates the need for you
to take back control over your own data. Refuse to
provide your social security number to any entity
unless it's absolutely necessary. Most times when
challenged, requestors can and do resort to using
an alternate number for managing your account.

Finally, if you are or you know of someone who is
a member of the AICPA, have them contact the member
support department for the "free" credit monitoring
offer to those whose personal information has been
needlessly exposed to identity theft fraud.

That phone number is 888-777-7077.

Thursday, June 08, 2006

Id Theft Suspect Robs 4 Banks in Single Day Without Guns or Threats

Id-Theft-Suspect-Robs-4-Banks-in-Single-Day-Without-Guns-or-Threats audio post - click to play

Authorities are offering a $1,000 reward for
anonymous information on this identity thief.

A resourceful id thief in one single day managed to
withdraw the equivalent of most people's entire year's
income from banks in Arizona.

But how could this happen so easily and quickly?

The identity thief had all of his victim's
information - even including the
man's driver's license but with the thief's
photo on it instead.

This bold identity thief evidently walked into the
banks and simply changed the legitimate
holder's mailing address and
even the victim's
personal identification
number (pin)
used typically to access ATM

Even more surprising, was this identity thief does
not reside in Arizona, but rather lives in Florida.

Apparently he was in Arizona visiting -or- should we
say on a "shopping" trip.

The police believe this identity thief either had the
help of a bank insider or knew the victim first hand.

So, our tip for today is to assist law enforcement
with the apprehension of this identity theft
fraudster. Contact the anonymous tip line at
88-CRIME in the Tucson, Arizona area if you know
the whereabouts of this bold identity thief.

Your information could lead to a $1,000 reward.

Tuesday, June 06, 2006

Another Stolen Ernst Laptop Exposes 243,000 Clients

Another-Stolen-Ernst-Laptop-Exposes-243, audio post - click to play

In what has now sadly become a perverse re-occurring case of
the "stolen" laptop, 243,000, a subsidiary of,
clients personal information has been exposed to identity theft.

It seems the auditor, Ernest & Young, was again the victim of
what it claimed to be another "random" act of theft when a
laptop was stolen from the auditor's locked car in February.

The sensitive consumer information which was stolen included
unencrypted transactional data from 2004:

  • Names
  • Addresses
  • Credit card information

Ernst & Young waited for months, from the apparent theft in
February, to the just recent disclosure to resulting
in the public announcement.

Understand we are not picking on Ernst & Young as a company,
yet this latest incident adds to the total number of "stolen"
laptops from "random" theft to an unbelieveable five (5)
reported within the past year.

Why did E&Y wait for 3 months before disclosing news
of the theft
to their client?

Given the frequency and severity of the laptops being stolen
from a single auditing firm, it causes one to question who's
monitoring the auditors? Why are they allowed to continue putting
American's financial well being at an unacceptable risk? - a risk
the auditors themselves would never put themselves at personally
with their own firm's finances.

Is it any wonder, given E&Y's recent shoddy performance in securing
highly sensitive consumer information, that identity theft continues
to grow out of control with seemingly no end in sight?

Offering free credit monitoring and issuing public announcements
of "sorry" after the fact of repeated self induced security
simply does not solve the larger problem of insuring
identity theft prevention by tougher data transportation &
encryption practices by the auditors entrusted with that data.

The net result of this E&Y case, as in many others we have reviewed
the past few years, is big business could really care less about
securing your personal data when they understand there is
no punitive
measures in place to force better protection of
consumer data. You are on your o-w-n for protection.

Want to take back control - especially before identity theft
happens to you?

Our tip for today, is to protect you and your family's
future from identity thieves or simply
careless corporate employees
who allow your sensitive
personal, unencrypted information to be stolen.

Enroll in credit monitoring and just as important, but so often
overlooked, get your public data profile to catch the even
more hidden identity theft NOT tracked by credit
but can
very well land you in jail or
you suddenly to lose your job.

Saturday, June 03, 2006

Latest California Identity Theft Bill Moves Forward

Latest-California-Identity-Theft-Bill-Moves-Forward-audio post - click to play

California lead the nation in 2002 with the enactment of a
tough disclosure law requiring companies suffering data
breaches to notify consumers their personal information
is at risk to identity theft.

That law ultimately lead to the record number of disclosures,
130 and climbing, we've seen reported within the past two years.
High profile cases such as Choicepoint, MasterCard International,
and most recently the Veteran's Affairs department served to
underscore the need for tough disclosure laws across all 50
U.S. states.

Still, though, our U.S. Congress has not only not acted the
past year with new laws, but many would conclude their efforts
to undermine the California disclosure law smack of attempts
to shield their real constituents (big financial services &
large industrial firms) from truly being held accountable
for securing sensitive consumer information.

Yet, in the state of California there's a senator who
not only was the genesis of the 2002 disclosure law, but
is now back again with a new piece of legislation
gaining momentum.

That bill, which recently passed to the assembly for approval,
attempts to eliminate the risk of credit card fraud resulting
from the current practice by retailers of providing your credit
card number on printed receipts.

If passed by the California assembly in June, this bill when
enacted as law, would provide consumers another potent
in their fight against identity theft and credit fraud.

Retailers would be required to remove your credit card number
from their purchase receipts so that a dishonest employee or
dumpster diver could not get easily commit credit fraud against

So, our tip for today is to check back with us later this month
for an update on this important new bill. Also, if you happen to
live in another state which does NOT yet provide you this level
of protection (unfortunately outside of California most don't),
contact your state senators to petition for this right.

In the interim, though, since the legislative process moves far
slower than identity thieves, enroll yourself in a quality
credit monitoring service.

Thursday, June 01, 2006

1.3 Million Student Loan Borrowers Data Lost

1.3-Million-Student-Loan-Borrowers-Data-Lost-audio post - click to play

"Lost" is a popular reality TV show which now may very
well become re-branded to include identity theft as the
number of security breaches continues to expose careless
data handling by companies entrusted with sensitive
consumer information.

In this latest episode of "Lost: The Missing Consumer Data",
we expose the misdeeds of Hummingbird, a Texas based
software company contracted by the Texas Guaranteed
Student Loan company to prepare a document management

Apparently an employee of Hummingbird "lost"
containing unencrypted names and
social security numbers
(ssn) of 1,300,000
borrowers as of May 24th.

What's appalling about this latest "lost" data episode opening
up 1.3 million consumers to identity theft and credit fraud is
the data was originally encrypted prior to transferral
to the "lost" hardware plus the Texas Guaranteed Student
Loan Corporation itself may have become a victim of it's own

In 2001, the General counsel of Texas Guaranteed Student
Loan Company provided commentary to the F.T.C. to support
strengthening the landmark G.L.B. consumer privacy legislation.

The opening remarks, on the surface, appear to be
supportive of more stringent privacy safeguards.

TG supports the Commission's endeavor to establish rules
that seek to protect the privacy of, among others,
those students receiving financial aid assistance.
We also appreciate the opportunity to comment on
the proposed Privacy Rule.

TG supports the establishment of safeguards designed
to ensure the security and confidentiality of customer
records and information.

..but then commentary provided by the company's counsel
suggests a much "looser" standard be applicable
to auditing as well as liability associated with contractors.

TG agrees that the proposed rule should not require
that particular audit procedures or tests be used,
as this approach is consistent with the flexibility
given throughout the rule to each entity to determine,
within the mandates of the Act and rule, how it can
best protect "customer" information.

...the currently proposed language seems to impose an
obligation on the part of the financial institution
that may be impossible or impracticable to meet. If
there is no previous business relationship between
the parties, how will the financial institution be
sure that the service provider actually "is capable"
of maintaining appropriate safeguards? We suggest
that the language be rephrased to require the financial
institution to utilize only those service providers it
reasonably believes to be capable of maintaining
appropriate safeguards.

Given, this was in 2001, before the California
disclosure law enactment which required companies
nation wide to disclose security breaches and as result
we have subsequently seen over 130 separate
negatively impacting over 80
million Americans

Unfortunately, this type of loose approach to
consumer data security has been the mindset
of U.S. business executives for years and as we
have seen by the volume of "lost" consumer
information cases reported just within the past
1.5 years, indicates you are virtually undefended
and naked to attack by any identity theft or
a careless employee.

To seize back control, take action immediately.

So, our tip for today is to seek out your credit
"freeze" available options in the state you
reside in. Even if you are not fortunate enough
to live within one of the handful of states with
credit freeze laws, still deny identity thieves
the ability to harm you financially.

Order your credit report and inspect it for any
suspicious activity. Then finally, to augment
that snapshot in time credit report, make sure
to enroll in a comprehensive credit