Wednesday, October 14, 2009

New Oxymoron: Data Security

When it comes to data, there is no security. Government and private data bases in every state continue to lose valuable information. The numbers are staggering. For example, on October 2, 2009 the U.S. Military Veterans Agency compromised the Social Security numbers of 76 million veterans dating back to 1972.

The Privacy Rights Clearinghouse website found at www.privacyrights.org has been publishing a Chronology of Data Breaches since its inception in January 2005. The clearinghouse chronology publishes the date, name of entity, location, breach description, and the number of records (identities of people in the US).

To say that Identity Theft continues to spiral out of control may be an understatement when you actually examine the numbers. For example, on October 2, 2008 the grand total of this chronology was 245,028,235. The description to the left of the grand total states in bold lettering, “TOTAL number of records containing sensitive personal information involved in security breaches in the U.S. since January 2005.” One year later, on October 2, 2009 this grand total had grown to 339,674,601. We are talking about non-public, personally-identifying information on real US citizens. This increase, recorded in just one year, is over 94 million. This does not count the “unknowns.” For accuracy sake, the clearinghouse does not add breaches with unconfirmed numbers, although it may comment (i.e. 1000’s). During this span of one year there were 67 unknowns out of 250 security breaches. Since the numbered breaches only account for 73 percent of the problem, then that leaves 27 percent unaccounted for. Therefore, the problem being caused by security breaches is actually much worse.

It is also difficult to determine how many duplicate identities may have occurred at different locations. The U.S. population clock count on www.census.gov calculates 307,690,749 U.S. citizens as of October 14, 2009. The 2009 data breach grand total is over 20 million greater than the Census Bureau count. Keep in mind there were data breaches prior to January 2005 when Privacy Rights began its chronology. The numbers may be somewhat inaccurate, but there is one thing we can say with absolute certainty, “Houston, we have a problem!”

Big-time identity theft rings are not dumpster diving anymore for identities. They are getting their information in massive chunks from various sources worldwide. USATODAY made a very bold statement on October 11, 2006 – “Identity Theft is poised to increase by a factor of 20 over the next two years. The criminals are still trying to figure out what to do with all the data.”

Perhaps it is safer to assume that our identities have already been compromised.

Friday, August 21, 2009

Summer 09 Newsletter

Have you ever received someone else's mail in your mailbox? Could it be a signal for Identity Theft?

If you are receiving someone else's mail, look out! Stay vigilant because someone may be using your Personally Identifying Information like your social security number for fraudulent reasons. After speaking with my attorney about questionable mail I was receiving, I was advised to inspect my credit report immediately.

Please keep in mind that you are not supposed to open someone else’s mail, even if it comes to your address. It is against the law to open someone else’s mail. However, my position is simple; if you don’t want me opening your mail, then stop sending it to my address! Honestly, I don’t read the envelopes half the time – I just open them. Maybe you feel the same way.

Having said all that, please keep in mind that in this day and age, you better stay on top of your good name and credit record or you are certainly in for a rude awakening, maybe even handcuffs (see story of the Retired Bank VP). So if something suspicious comes to your address, then you may want to investigate it further because the latest member to the Identity Theft family is Synthetic Identity Theft. This occurs when someone creates a new identity by mixing information, perhaps using your social security number under another name. And you won’t find out about it until the collection notices start coming in the mail.

It is interesting to note that the acronym for Synthetic Identity Theft is SIT. This is what you may find yourself doing immediately when you find out that you’ve become a victim of fraud. And your government is part of the problem. According to Consumer Reports magazine, September 2008 issue, in an article title, ID LEAKS - A Surprising Source Is Your Government At Work, where virtually every major Department of the Government received failing grades (Ds & Fs) on CR's Security Breach Report Card, the article stated, "a valid Social Security number has market value because a growing number of cases fall into a category known as synthetic ID theft." This article addressed identity thieves and undocumented workers using SSNs with different names. The article also stated, "YOU HAVE NO RIGHT TO BE NOTIFIED if someone is using your SSN under another name. That would violate the privacy of the other account holder, the one who stole your identity. You would be clued in only after the fraudster failed to make payments and you began to get harassing calls from debt collectors." The unfortunate bottom line is that the government is doing an extremely poor job at protecting your information.

If you suspect some funny business going on with your credit, then you may want to order your free credit reports. Even if you don't, then the time was yesterday to get seriously proactive about protecting your identity. You can go on-line and order from all three credit reporting agencies (Equifax, Experian, & TransUnion) at annualcreditreport.com. It is easy but if you have any trouble ordering online with any one of the agencies, then you can call 877-322-8228 and accomplish this task over the telephone by requesting a mailed hardcopy instead.

In the process of trying to order your free credit reports online, you may encounter ways in which these agencies might try to obtain your credit card authorization to pay for trial services such as a credit score service or an identity theft service. Of course this will come with the promise that you can call and cancel later. Trial offers make about as much sense as trading in perfectly good cars only to be crushed under the Federal Government’s Cash-For-Clunkers Program. Don’t fall for it! The following is my credit report ordering experience (FYI).

On Wednesday, August 19, 2009, at fifty years of age, this was the first time I had ever attempted to pull my own credit reports. I never really felt that I needed to because my credit was always good. But with all of the collections notices I was receiving, my legal-service attorney advised me to get-on-it immediately because I might be a victim of identity theft fraud.

I was able to print out my TransUnion and my Equifax reports from the annualcreditreport.com website within about thirty minutes. As I began to read one 24-page report I saw enough inaccuracies to cause a slight panic attack. I’m not kidding. My fears were being confirmed in print. I didn't even know I had 24-pages worth of credit! I immediately wondered how much time this was going to take. I may have an uphill legal battle trying to repair my credit reports. It has been over three years since I made a large purchase like a car or house so I didn’t even know that I had problems with my credit. This feeling, I must admit, is overwhelming and I’m afraid this may end up being a tremendous legal project.

The Fair Credit Reporting Act established that consumers are entitled to a free credit report from each CRA every year. With outrageous data breaches continuing to be reported each week on www.privacyrights.org, I strongly urge everyone to go to this website and see the madness firsthand by left-clicking on “chronology.” If you then hit “end,” you will immediately find on the last line of the report that the total U.S. identities breached are already over 250 million. And that doesn’t count the “unknown numbers.” (WARNING: Don’t print this report unless you intend to print 200 pages.) That is how bad it is! You can scroll up from the bottom to the date of July 10, 2009 and read the “Northern California Bank Dumpsters” story. The reality of this report is unsettling. The identity thief even confessed to Federal Agents like he was bragging. He said, “It was easy.” That is why you should know what is going on with your credit. Credit is one of the key indicators of Identity Theft.

I expect I will have an uphill battle on my hands because I have heard that both Creditors and Credit Reporting Agencies can be very difficult. Creditors are supposed to send correct information about you to the CRAs. They are not supposed to send incorrect or fraudulent information. From my understanding, my first challenge will be to prove to several creditors that I am who I am. I will then be faced with the natural resistance of each Credit Reporting Agency to make changes to my credit records. In fact, the only way I can possibly be successful is to gather enough documentation on each inaccuracy to provide the ammunition necessary for my attorneys to write letters on my behalf. I expect that only then will my creditors coordinate with the CRAs and make the corrections to my credit records. I will do whatever I have to do to straighten out my credit mess but I am not happy about it. See why I felt overwhelmed when I first saw my credit reports.

As you might expect, I am going to need some professional help. I am going to need legal assistance because attorney letters will get more attention than anything I could possibly write. This will be a tremendous task and it may take months or even years according to statistics from the Federal Trade Commission. And I never thought this would happen to me. But don’t worry about me, I will be okay! Does anyone know a good psychologist who takes credit?!

Before I close this chapter, I would like to urge everyone to stay on top of your personal credit information. The facts are hard to deny and your information may already be in the hands of identity thieves. Look at what just happened in the Identity Theft arena. The following FOX NEWS story speaks for itself.

On Monday, August 17, 2009 FOX NEWS reported, "Three Indicted in Largest Corporate Identity Theft Case in History." Federal Authorities indicted three men in New Jersey in a massive identity theft case that the Justice Department is labeling as the largest in American history. Authorities say more than 130 million credit and debit card numbers were stolen in a corporate data breach involving three different corporations and two individuals.” But that’s not all folks! Later in the Fox News report it discusses that one of these hackers was indicted in August of 2008 for an estimated 40 million credit cards costing TJ Max Stores $200 million and his trial isn’t scheduled for those charges until 2010!!! (You can find the report on FOXNews.com.)

As my Dad used to say, “How do you like them apples?”

Wednesday, May 13, 2009

Video Posting

This new video posting, Ret. Bank VP Victim, is about a Retired Bank Vice President who lost her wallet and became a victim of Identity Theft with a string of felonies. Not only did she end up in handcuffs but had to defend herself at a cost of $50,000. You may have to watch a quick commercial first but it is unbelievable that this could happen to this lady. http://today.msnbc.msn.com/id/26184891/vp/30344575#30344575

Thursday, April 30, 2009

May Newsletter

Non-Public Information and Data Breaches:
The two shouldn't mix!

You don’t have to worry about someone stealing your identity! Your information is already out there on the Internet. They already HAVE your information. The fact is that you simply cannot prevent someone from stealing your personal information because they've already stolen it! The REAL PROBLEM with identity theft is when someone USES your information. This month we are uncovering the damage being done by data breaches.

First, let’s understand exactly where your personal information might be. If you are an adult citizen, then your NPI (Non-Public Information) is more than likely recorded in thousands of databases. This includes your name, Social Security number, driver’s license number, address, phone number, account numbers, etc. Your information is kept in Federal, State, and Local governments, numerous businesses, medical facilities, and institutional databases. Every time you enrolled in a school, filled out an application, got a driver’s license, or went to the dentist; your non-public information was recorded in a database. But again, that isn’t the problem. The problem begins when your information falls into the wrong hands. Unfortunately, that is what happens when data is breached – it eventually falls into the wrong hands.

A Data Breach occurs when data security is compromised or lost. Let’s take a look at the data breaches listed on the Privacy Rights Clearinghouse website. Go to www.privacyrights.org/ar/ChronDataBreaches.htm and scroll down about two pages. I want you to see the hundreds of data base aggregators that have lost information already. To see the most recent data breaches, press “End” and scroll up from the bottom. Warning: Don’t print this document unless you intend to print over a hundred pages. It is a long list.

As you scroll, you will see every type of business entity (government, private, and non-profit) that has lost sensitive information to hackers, stolen laptops, disgruntled employees, and more. Notice that the Privacy Rights Clearinghouse only began in January 2005 and already over 260 million PEOPLE have been affected. We don’t know how many data losses occurred before 2005. But now that we are tracking data breaches, we are starting to see the amount of damage being done.

The amount of the damage is difficult to track with total accuracy. We can only assume that it is actually much worse. Many breaches go undetected or unreported and when “Unknown” numbers can’t be factored in, there is even more uncertainty as to the massive extent of the problem.

Let's look at what happens when businesses improperly handle data. This will help us to understand why data breaches are so frequent and how data may end up in the wrong hands.

In an attempt to protect databases from theft or fire, many small businesses periodically copy and transport their databases to off-site storage facilities. This safegaurding practice may sound good in theory but it can lead to a dangerous lack of security. Off-site storage facilities are often considered an employee’s home and in reality that may not be a secure location. The following example shows exactly what can happen during this dangerous process.

A Gynecology Clinic in Greensboro, North Carolina lost personal information on 47,000 female patients when data storage tapes were allegedly stolen. The Privacy Rights Clearinghouse reported on July 16, 2008, “A backup tape of patient information was stolen from an employee who was taking the tape to an off-site storage facility for safekeeping. The stolen information included patients’ names, addresses, Social Security numbers, employers, insurance companies, policy numbers, and family members.”

WOW! What else does a good identity thief need? What would a data base of that size and accuracy actually be worth to identity thieves? If you were one of those 47,000 women, how comfortable would you be in knowing that your clinic was mishandling your entire family’s private information along with your medical insurance? The next time you go to your doctor, you might want to ask about their procedures to protect your personal non-public information.

The bottom line is that IDENTITY THEFT IS HUGE. Nobody knows exactly where information is going. Certainly some information is getting lost. But how far does Private Information go in the mail or on the Internet? You can bet that the answer is in the Dollar Signs! The truth is that massive chunks of Non-Public Information are worth Instant Cash to the right Identity Theft Ring!

IS YOUR DATA BEING USED TO COMMIT A CRIME? Watch for an answer on the next blog entry when we will address the “Seven Different Types of Identity Theft” at http://www.identitytheftwatch.blogspot.com/.

There is good news for consumers and businesses. Solutions tend to emerge from within the American System to resolve serious societal problems. You can beat the Identity Thieves at their own game if you take action before they do. Ask me about our solutions. If you have any questions or would like more information, please email me at delwithppl@yahoo.com.

I hope this has been helpful. Have a super month of May.

Tuesday, April 14, 2009

April Newsletter

Identity Theft in the News

It seems that Identity Theft is in the news every day. What in the world is going on? Last year when TJ Max stores reported 45.7 million credit and debit accounts lost to hackers, no one was surprised! This is just another story out of the many stories we hear about Identity Theft .

Identity theft is a huge and global problem. In response to data breaches, businesses and institutions are notifying clients, customers, patients, and students about data losses. Financial institutions are issuing new accounts numbers to thousands of consumers affected by security breaches. You can view the data breach chronology by clicking here and then scrolling down 2 pages. What you will find on this website are company names and data-breach stories such as “database was hacked into, laptop with personnel files was stolen, data storage tapes were lost,” and the list goes on. And when identity thieves are grabbing up identities by the thousands, what are we to do?

Before being victimized, consumers should be proactive. Consumers should find out how they can protect themselves. The FTC website has a great video at www.ftc.gov/idtheft. It is a very good starting point to learn what devastation waits for those who are caught off-guard.

Fortunately, there is good news for consumers. Solutions tend to emerge from within the American system to respond and solve serious societal problems. Ask me about consumer solutions later.

I hope you have found this newsletter to be super informative. Have a great month.

Monday, April 13, 2009

FTC Information

The Federal Trade Commission is trying to help

When it comes to “Fighting Back Against Identity Theft,” the Federal Trade Commission is doing a great job providing information to the public. It is a tough job to convince the American public to conform to anything new. However, the damage being done annually is in the billions of dollars.

In the FTC's 46-page publication titled, "Take Charge," the FTC outlines what you can do as a consumer to protect yourself. Obtaining this booklet and getting yourself informed should be STEP ONE. Let's look at the introduction to "Taking Charge."

The FTC starts the book with a three paragraph Introduction to help consumers understand the severity of Identity Theft. It is interesting to note in paragraph 2 shown below, in italics, that the problem of Identity Theft is not just a Financial Problem. If you become a victim, your life can virtually be turned up-side-down!

"Identity theft is a serious crime. People whose identities have been stolen can spend months or years - and thousands of dollars - cleaning up the mess the thieves have made of a good name and credit record. In the meantime, victims of identity theft may lose job opportunities, be refused loans for education, housing, or cars, and even get arrested for crimes they didn't commit. Humiliation, anger, and frustration are among the feelings victims experience as they navigate the process of rescuing their identity."

Considering that over 250 Million American identities have already been breached, it is safe to say that it is just a matter of time before your identity will be tampered with.

Many people joke by saying, "They can have my identity!" But when the same people become victims, they change their tune quickly. The following sentence from the booklet on page 19 illustrates the legal responsibility consumers have to stay up to date with their credit.

"If an identity thief changed the address on your account and you didn't receive the bill, your dispute letter still must reach the creditor within 60 days of when the creditor would have mailed the bill."

Don't wait until you become a victim. Take steps now to protect yourself. You must at least monitor your own credit. You are responsible to protect your own identity. Be proactive, otherwise you may be left "holding the bag."

Friday, April 10, 2009

IDT in Talk Radio

Hi Del,
I was listening to a talk radio show the other morning and they were talking about illegal aliens stealing Americans' identities.

A woman called and said that her husband's identity was stolen by two different illegal aliens. The first illegal used her husband's ID to get apartments, cell phones, and utilities. He opened and used a jewelry store credit card and never paid for anything. All those bills went to collections under her husband's name. The other illegal took his ID to Oregon and got a job using her husband's social security number. The IRS came after her husband because he never paid his taxes for over $24,000 in income. He never worked in Oregon, it was the illegal alien. This happened in 1999 and it is STILL not resolved yet.

This is becoming a common story these days. It happens all the time. I thought you would be interested in this story. This was a woman in our local area. - Carly