Tech & ID Theft Blog

I've got a secret

2008-05-23T05:18:00.000-05:00

NCC1701Z Stardate 05-23-07. These have been the voyages of The Star Ship ID Theft, on it's continuing mission to Deter, Detect, and Defend the public against ID theft. The nature of this Blog is changing. If has morphed into something greater than the whole of it's parts.

This is why, I will tell you, and only you (looking over my shoulder) how to get access to the information that has come from this site. There are 3 sources that you can access to see what I see every day. Yes, three John Merthas AKA Deep throats like from Watergate. You must contact them yourselves as I do not want to engage in any copyright issues.

1. I have added a Google newsfeed on the types of articles I am viewing on a daily basis on the left column. In addition there are other GREAT sources of info on ID Theft listed in the information in this post and the articles listed below. If you have any questions, on ID theft and what you can do to protect yourself OR your business please email me at:

2. A GREAT daily source for info is the mailing list at http://attrition.org/dataloss/

They have a lot of people all over the world that scower news stories (including me, and you if you join). Sign up for the list and make sure to download "The Chronology of Data Breeches". It lists KNOWN since 2005 and is extensive. I challenge people to look at it and try NOT to find their industry. Retail, Banking, Government, Healthcare are all there. Signup is FREE and will provide you with at least 3-5 NEW examples each day.

3. The FTC website at http://www.ftc.gov They have a section on ID theft and have several publications available for download to PDF files.

4. Oh, Yea (UM BOM BOM) Here is the BONUS ROUND. The infosec newsletter. http://www.infosecnews.org/

They focus on computer network security and show the many successful attempts to break into businesses computers that happen each day to obtain YOUR personal information.

I have more, but for today, that is all. Off to save the world again.

Rodney Wise
rwise29210 at gmail dot com

Stationary Post...ID Theft Is NOT Just About Financial Loss

2008-04-14T11:04:00.000-05:00

What would you do if someone was arrested using your identity?

Updated: 4:55 p.m. ET Jan 25, 2007 SYRACUSE, N.Y. -

The real John T. Healy wants everyone to know he's no cop killer. "I'm just a regular guy," said Healy, 47, of Yardley, Pa., who has endured a nightmare over the past two weeks after learning that the man who apparently stole his identity two years ago was charged with — and ultimately convicted of — killing an upstate New York police officer. It was bad enough the thief stole $3,500 from his bank accounts, purchased a used Cadillac Escalade under his name, bought car insurance and even bailed a criminal cohort out of jail, which led to an armed bounty hunter showing up at his doorstep.

Please read the whole article at : http://www.msnbc.msn.com/id/16813413/

Stationary Post...Ex-Social Security Worker Charged With ID Theft

2008-04-13T04:37:00.000-05:00

Ex-Social Security Worker Charged With ID Theft

Apr 12, 2007 1:07 pm US/Pacific
(CBS) LOS ANGELES

A former Social Security Administration worker from the Los Angeles area faces federal charges for allegedly providing information to people who used it to steal identities and rack up about $2.5 million in credit card charges, prosecutors said Thursday.Jennifer Batiste, 45, allegedly took $20 bribes each time she accessed a government database that lists Social Security numbers, mothers' maiden names and dates of birth...

Stationary Post...A Chronology of Data Breeches

2008-04-06T12:35:00.000-05:00

A Chronology of Data Breeches

I REALLY had trouble with this! A privacy rights group has chronicled REPORTED hackings, and data breeches from 2005 to the present.

To get this in readable format took 111 pages to print. Twenty pages were from January 1, 2007, seventy-nine were from Jan 1st 20006, eight were for the whole year of 2005 and three are information from the Privacy Rights Clearinghouse!

There is NO Industry, or even Government Agency that does not have it's equivalent listed. If it is not in their state then it will be in another state.

Please check out the report and let me know how many companies, industry sectors or agencies like the one you are in.

For now use the email address

Please list industry or type of government agency ie county school, university, banking, etc. and the number of times in this report you found a similar type or industry or agency, and the total number of record breeches you found for your industry or agency type.

I will post the aggregated results in a few months.

Stationary Post... Medical identity theft, on the rise, can threaten lives as well as

2008-04-05T18:47:00.000-05:00

More doctors, insurers asking, ‘Who are you?’

Medical identity theft, on the rise, can threaten lives as well as wallets

By Anne Thompson and Alex Johnson
NBC News
Updated: 1:05 a.m. ET April 4, 2007

Andrew Brooke’s family knew something was screwy when they got a collection notice for unpaid bills for treatment of his work-related back injury, which included large prescriptions of the controlled painkiller Oxycontin.
“I’m looking at this bill, and I’m looking at my 3-week-old baby that can’t even hold his head up, and it’s just a sense of outrage,” said Andrew’s father, John Brooke, of Bothell, Wash., a suburb of Seattle.
Likewise, Jo-Ann Davis knew there was a mistake when a cop greeted her at the pharmacy where she had gone to pick up a prescription in early 2005...

Stationary Post... Identity Theft 10 things a corporation should do to protect itself and its employees

2008-03-31T04:45:00.000-05:00

Identity Theft 10 things a corporation should do to protect itself and its employees

28/03/2007
By Peter Wood, Chief of Operations,
First Base Technologies
The office cleaner wanders around the IT department emptying bins into a black plastic sack. He bends below each desk to look for stray sandwich wrappers and plastic cups. Whilst he’s under the desk, it is a matter of seconds for him to attach a hardware key logger between keyboard and system unit. These small key loggers are effectively invisible on the back of the computer, and record every keystroke the IT folk make for the next week. They will capture user names and passwords, as well as every e-mail and browser entry. Often this will include credit card information from Internet shopping, home address details, bank account details – in fact whatever the individual typed into the computer during that week...

Read this, but look at the next article on the blog...

Stationary Post...Immigration probe targets Ill. company

2008-03-30T14:39:00.000-05:00

By JOHN O'CONNOR - Associated Press Writer

U.S. Immigration and Customs Enforcement spokesperson Tim Counts speaks to reporters in Springfield, Ill., Tuesday, April 4, 2007, during a news conference concerning the ICE worksite enforcement operation in Beardstown, Ill., Tuesday where Federal immigration agents executed a criminal search warrant, multiple criminal arrest warrants and administrative arrests at a central Illinois business.
SPRINGFIELD, Ill. --Executives at a cleaning company were arrested Wednesday on federal charges that they hired illegal immigrants and helped them steal the identities of U.S. citizens.

Pasta, Meatballs and Credit Card Theft

2008-03-29T05:08:00.000-05:00

Pasta, Meatballs and Credit Card Theft
By SCOTT MAYEROWITZ ABC News Business Unit

March 28, 2007 — The next time you go out for some pizza, a nice steak dinner or even a trip to the salad bar, you might get something else with your meal: identity theft...

Medical theft - an underreported aspect of identity theft

2008-03-29T05:06:00.000-05:00

Medical theft - an underreported aspect of identity theft
By Mark Stalcup, staff writer
Imagine a trip to the hospital gone horribly wrong: a patient given the wrong blood type because information is stored incorrectly on his medical records.That scenario has happened, the result of identity theft that allowed thieves - often illegal aliens - to procure medical treatment by assuming someone else's name.

Stable Post... TJX 45.7 MILLION Credit Card Numbers & 445,000 Drivers Licenses Exposed

2008-03-29T05:04:00.000-05:00

Wednesday, March 28, 2007
TJX breach involved 45.7m cards, company reports
At least 45.7 million credit and debit card numbers were stolen by hackers who broke into the computer systems at the TJX Cos. in Framingham and the United Kingdom and siphoned off data over a period of several years, making it the biggest breach of personal data ever reported, according to security specialists.

Do I need to say more? OK, yes, it gets better...

TJX, the Framingham discounter that operates the T.J. Maxx and Marshalls clothing chains, also reported in a regulatory filing yesterday that another 455,000 customers who returned merchandise without receipts had their personal data stolen, including drivers’ license numbers. ‘‘It’s the biggest card heist ever,’’ said Avivah Litan, vice president of Gartner Inc. ‘‘This was obviously done over a long period of time, in many locations. It’s done considerable damage.

Bank groups in 3 states plan to sue TJX over data theft

2007-04-25T05:54:00.000-05:00

Bank groups in 3 states plan to sue TJX over data theft
The Associated Press
Article Launched: 04/25/2007 01:50:15 AM PDT

BOSTON (AP) - Bank associations in Massachusetts, Connecticut and Maine said Tuesday that they will sue TJX over a data theft that exposed at least 45 million credit and debit cards to potential fraud.

Banks have been saddled with costs to replace cards and cover fraudulent charges tied to the theft from TJX, the owner of nearly 2,500 discount stores including T.J. Maxx and Marshalls.

On Jan. 17, Framingham, Mass.-based TJX disclosed a breach of its computer systems by an unknown hacker or hackers who accessed card data from transactions as long ago as late 2002.
On March 28, TJX said at least 45.7 million of its shoppers' cards had been compromised.

Companies Say Security Breach Could Destroy Their Business

2007-04-25T05:42:00.000-05:00

Companies Say Security Breach Could Destroy Their Business

A McAfee Datagate study showed 33% surveyed think they are at risk and that 60% of IT managers said they had suffered a data breach in the past year.
By Sharon Gaudin, InformationWeek -->
April 24, 2007
URL:

Fed breach leaks Social Security numbers

2007-04-21T06:29:00.000-05:00

Fed breach leaks Social Security numbers

By MICHAEL J. SNIFFEN Associated Press Writer
Article Launched: 04/20/2007 02:08:20 PM MDT

WASHINGTON- The Social Security numbers of 63,000 people who received Agriculture Department grants have been posted on a government Web site since 1996, but they were taken down last week. Free credit monitoring is being offered to those affected...

Cable and Wireless asks Bulldog data theft victims to get in touch

2007-04-20T12:33:00.000-05:00

Cable and Wireless asks Bulldog data theft victims to get in touch
Information Commissioner: 'whodonewhatnow?'
By Chris Williams
Published Friday 20th April 2007 07:02 GMT

Cable and Wireless maintans there is no evidence that credit card details were taken in a breach which has led to complaints from customers who received unsolicited marketing calls.
A spokeswoman told The Reg the telco couldn't say what exactly had been stolen.

The Guardian reported that unspecified information about 100,000 subscribers to Bulldog, the ISP which Cable and Wireless sold to Pipex last year, had been stolen.

Readers Share Perspective On Identity Theft

2007-04-20T12:31:00.000-05:00

Readers Share Perspective On Identity Theft
By Melody Jameson

Nursing home employee sentenced for credit-card theft

2007-04-20T12:29:00.000-05:00

Nursing home employee sentenced for credit-card theft
3:53 p.m. April 18, 2007
VISTA – A night-shift worker at an Encinitas nursing home was sentenced Wednesday to a year in jail and five years probation for stealing credit cards from elderly patients.
Patricia Carol Taienao, 43, pleaded guilty two months ago to two counts each of residential burglary and theft from an elder.

“You took significant advantage of a position of trust, and you violated that trust,” Judge Aaron Katz told the defendant.

Bank raid gets around two-factor authentication

2007-04-20T12:27:00.000-05:00

Computer & Internet Security News
19 April 2007
Bank raid gets around two-factor authentication
By Matthew Broersma, Techworld

Attackers have successfully invaded the accounts of several customers of Dutch bank ABN Amro, despite the bank's use of two-factor authentication.

The bank has compensated four users for funds stolen from their accounts in the attack, the bank said. It said it is pursuing the thieves, and said the robbery was due in part to unsafe PC usage.

ABN Amro is one of the more progressive banks where it comes to adopting new security technologies, and has recently rolled out a biometric identification system for authenticating the voices of telephone banking customers.

Banks argue that two-factor authentication, which combines the use of a token with normal passwords, is necessary for more secure banking. But security experts have long pointed out that such systems are still vulnerable to attack.

Identity theft probe expands to Alameda

2007-04-20T12:25:00.000-05:00

Identity theft probe expands to Alameda
PIN pads in Albertsons stores were tampered with to allow card numbers to be stolen
By Alejandro Alfonso, STAFF WRITER
Article Last Updated: 04/20/2007 03:07:07 AM PDT

SAN LORENZO — The investigation into an identity theft ring that began after a PIN pad was tampered with at an Albertsons supermarket in San Lorenzo has broadened to include another Albertsons store in Alameda and the number of reported victims has topped 100 people who together lost about $70,000, according to the Alameda County Sheriff's Office.

Investigators now believe a sophisticated group of thieves replaced an Electric Funds Transfer unit, or PIN pad, at the Albertsons stores with a nearly identical pad that would steal customer's account information and PIN numbers, sheriff's Detective Greg Swetnam said.

The thieves then would use cloned credit cards to clean out the victims' bank accounts through ATM withdrawals, Swetnam said. The operation began on the East Coast; then moved on to Southern California, where several merchants were targeted; and now have reached the Bay Area, Swetnam said. The federal Secret Service has been tracking the group, and all the information gathered from local investigations eventually will be turned over to the Secret Service, who handle prosecution once suspects are caught, he said.

The Mushrooming Menace of Keyloggers

2007-04-20T12:23:00.000-05:00

The Mushrooming Menace of Keyloggers

By Andrew K. Burger
TechNewsWorld 04/18/07 4:00 AM PT
"Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. However, there is an ethical boundary between justified monitoring and monitoring for the purpose of stealing confidential user information -- a boundary marked by a very fine line," said Nikolay Grebennikov, deputy director of Kaspersky Lab's R&D department.

There may be few things as disturbing to Internet users as the thought of someone spying on them and capturing their every keystroke. Unfortunately, this has been happening more frequently as the use of keyloggers, phishing and spoofing grows.

Consumer Data Protection Faces Legal, Tech Hurdles

2007-04-20T12:22:00.000-05:00

Consumer Data Protection Faces Legal, Tech Hurdles
Lawmakers and technology providers concede that they must create stronger mechanisms to improve protection of electronic consumer records.Part 1 of a special five-part series. -->
Matt Hines, Infoworld
Thursday, April 19, 2007 6:00 PM PDT

Lawmakers and technology providers concede that they must create stronger mechanisms to improve protection of electronic consumer records, but claim that members of private industry must aid in the effort if those plans are to succeed.

At the ongoing Authentication and Online Trust Alliance (AOTA) Summit 2007, being held in Boston April 18-19, experts from both communities cited shortcomings in their abilities to prevent online attacks aimed at stealing consumer data.

Although laws and technology products have undergone significant makeovers in recent years to boost security for end-users, the situation remains a serious problem for everyone from consumers to the government, according to presenters at the conference.

Identity theft goes upmarket

2007-04-20T12:20:00.000-05:00

Identity theft goes upmarket
19th April 2007
By BBR Staff Writer
UK credit reference agency Experian recently revealed that the rise it has seen in identity fraud has coincided with an increase in organized cyber crime. The agency's data has also revealed that a surprisingly large number of consumers were unaware of identity fraud committed against them until they were informed by a financial services firm, which throws up the issue of data theft reporting.

Auditors cite security problems with IRS wireless networks

2007-04-18T04:48:00.000-05:00

Auditors cite security problems with IRS wireless networks

By Daniel Pulliamdpulliam (at) govexec.com

April 17, 2007

The Internal Revenue Service has jeopardized sensitive taxpayerinformation by failing to lock down its wireless networks, according toan audit report released Tuesday.

Researchers: Botnets Getting Beefier

2007-04-18T04:30:00.000-05:00

Researchers: Botnets Getting Beefier

By Lisa VaasApril 16, 2007

Think botnets are bad now? We ain't seen nothin' yet.A select group of some 40 security researchers gathered on April 10 inthe first Usenix event devoted to these networks of infected machines.The invitation-only event, called HotBots, was held in Cambridge, Mass.At the event, researchers warned that botnetswhich can contain tens oreven hundreds of thousands of zombie PCs that have been taken over foruse in spamming and thievery of financial and identity-related dataareon the brink of a technological leap to more resilient architectures andmore sophisticated encryption that will make it that much harder totrack, monitor and disable them.

Consumers baulk at returning to hacked stores

2007-04-18T04:28:00.000-05:00

Consumers baulk at returning to hacked stores

By John Leyden17th April 2007

Consumers are wary about returning to shop at retailers that have beenthe subject of security breaches, according to a new study.The survey of 1,200 UK consumers revealed that the majority would taketheir business elsewhere in the event of loss of customer data as aresult of a security breach or hack attack

Data Breach Aided University Phishing Scam

2007-04-18T04:25:00.000-05:00

Data Breach Aided University Phishing Scam

By Brian KrebsApril 16, 2007

A highly targeted phishing attack last year that scammed dozens ofIndiana University students out of their personal and financial dataappears to have been aided in part by a previously undisclosed hackerbreak-in at one of the school's main research servers, according todocuments unearthed by a doctoral student there.In June 2006, an unknown number of IU students and faculty received ane-mail warning that online bill-paying services attached to their IUEmployees Federal Credit Union accounts would be suspended unless they"renewed" their contract with the institution. According to the school'sstudent news outlet, the Indiana Daily Student, that attack netted up to80 victims.

Texas AG: CVS Dumped Customers' Records

2007-04-18T04:15:00.000-05:00

Associated Press
Texas AG: CVS Dumped Customers' Records
By JUAN A. LOZANO 04.17.07, 1:51 PM ET

Texas Attorney General Greg Abbott sued CVS Corp. on Tuesday, alleging pharmacy employees dumped credit card numbers, medical information and other sensitive material from more than 1,000 customers into a garbage container.

Stalkers Go High Tech to Intimidate Victims

2007-04-16T12:06:00.000-05:00

Stalkers Go High Tech to Intimidate Victims
By Chris L. Jenkins
Updated: 2:13 a.m. ET April 14, 2007

The case had the makings of an eerie cyber-mystery: A young Alexandria woman told local police she suspected that her ex-boyfriend was tapping into her e-mail inbox from thousands of miles away, reading messages before she could and harassing the senders.

She was right to be suspicious. Her ex had hacked into her e-mail account, either guessing her password or using spyware -- software that can secretly read e-mails and survey cyber-traffic, law enforcement officials said. For months, apparently, he had followed her every online move, part of a pattern of abuse city police are still investigating.

It's 'too late' to assure security of patient data

2007-04-16T09:36:00.000-05:00

It's 'too late' to assure security of patient data
Saturday, April 14, 2007
By Steve Twedt, Pittsburgh Post-Gazette

A Web site containing Social Security numbers and other personal information for nearly 80 UPMC patients was still accessible on the Internet yesterday -- and computer security experts say the patients can never be entirely assured the content will be gone.

Army warns of data theft Laptop with information of 16,000 civilian employees stolen in Virginia

2007-04-14T18:36:00.001-05:00

Army warns of data theft

Laptop with information of 16,000 civilian employees stolen in Virginia
By KEVIN HOWE
Herald Staff Writer

The theft of an Army laptop computer from a civilian employee's car has prompted warnings to civilians who work for the Army Training and Doctrine Command that their personal data might have been exposed.

The laptop, containing the names, Social Security numbers and payroll information of nearly 16,000 Army TRADOC employees, was taken March 14 while the car was parked at the employee's home in Petersburg, Va., near Fort Lee, Army authorities said.

Call Kurtis: Phishing Job Seekers

2007-04-13T04:44:00.000-05:00

Apr 12, 2007 11:56 pm US/Pacific
(CBS13)

You think you're pretty smart you've heard about all the phishing scams and other online attempts to trick you into giving out your information. There's a new generation of job schemes and they're more clever than ever. How do you stay smart?Toby Getsch is a self proclaimed technology geek who's on the hunt for his dream job."I am really passionate about using technology in whatever job that I do," said Getsch.Toby posted his resume online and got an e-mail back from a media company."I think they might have even been looking for a person to manage a team of writers," said Getsch.In order to apply for the job, Toby was asked to register on the company's website. But he didn't. Good thing because Toby was nearly hooked by a slick 'phishing' scheme

Pam Dixon with the world privacy forum warns the offers are now fooling even the most savvy consumers."The scams are becoming more sophisticated and much more difficult to recognize, they have websites that are really good looking. It used to be that you could look at the spelling of a job scam and go, 'hmmm. I don't think that's quite right," said Dixon. But not anymore! In fact, thousands of job seekers have contacted the Better Business Bureau over the past few months about suspicious postings. Some simply ask for your name, home, and e-mail addresses. But that could be enough."Once identity thieves have any piece of your personal information, they can look to see if they can find other pieces elsewhere. They could put it all together and impersonate you," said Susan Grant, National Consumers League. Some of these sites ask you to set up an account with a password, but that should be a red flag."All they have to do is figure out where you do your banking and they can get into your account because chances are if you're like most people, you're using the same password for everything," said Dixon...

New Online Calculator Helps Assess the Financial Cost of Data Theft

2007-04-13T04:25:00.000-05:00

National News
April 12, 2007

"Until now, organizations have struggled to assess the scope of their financial risk should they be hit with a data loss incident," according to Adam Sills, lead underwriter for Darwin's technology and information liability initiatives. "Meanwhile, the explosion of corporate data collection and storage is putting nearly every organization at risk.

"Major data losses in health care, financial services, and retail industries are reported almost weekly," said Sills, "and the financial consequences can be severe. Affected companies can be hit with very substantial costs both from regulatory compliance and from liability issues. We believe it's imperative that organizations have a clear understanding of the bottom-line impact of data theft and that's why we created the Tech//404 Data Loss Cost Calculator. The quantification of business risk, even a best estimate, is often the quickest path to building awareness for CEOs and CFOs alike."

Tech//404® Data Loss Cost Calculator

2007-04-13T04:13:00.000-05:00

Data loss resulting from network security breaches and identity theft has become a regular occurrence. While the number of affected records can vary widely in any given data loss scenario, a recent study by the Ponemon Institute found that the average number was roughly 99,000. For recent examples and media reports, visit the data loss archive.

Darwin created the Tech//404® data loss cost calculator as a tool to demonstrate the scope of negative financial impact an organization may face as a result of a data breach or identity theft data loss scenario. The calculator will automatically generate an average cost, and a plus/minus 20% range, for expenses associated with internal investigation, notification/crisis management and regulatory/compliance if the incident were to give rise to a class action claim...

Stolen BofA laptop held employee data

2007-04-12T20:08:00.000-05:00

RICK ROTHACKER

A stolen Bank of America Corp. laptop has resulted in lost personal information of current, former and retired employees, according to a letter sent this week to those affected.
The letter said a "limited" number of people were affected, but the Charlotte bank on Thursday would not provide a number. Employees at various levels of the company were affected, spokesman Scott Silvestri said.

The lost data included names, addresses, dates of birth and Social Security numbers, but there is no sign the information has been misused, according to an April 10 letter obtained by the Observer. The bank is offering a free credit monitoring service for two years to those affected.

The bank employs more than 203,000 worldwide, including about 15,000 in the Charlotte area. A former employee who received the letter Thursday said he appreciated the warning.
"It's not the kind of letter you want to get," said the former employee, who did not want his name used because of the sensitivity of the matter. "But it's nice they let me know."

The lost laptop comes amid rising concern about the theft of personal information and its potential misuse. Scammers can use stolen data to open new accounts or tap existing ones...

Trashed Voter Registration Cards

2007-04-12T20:03:00.000-05:00

(WSB Radio) --

The Georgia Secretary of State's office has launched an investigation into the disposal of tens of thousands of Fulton County voter registration cards, More than 75,000 cards that contained a voter's full name, address and Social Security number were found in a trash bin and a random sampling showed many were for active voters.

The cards were contained in more than 30 boxes of voter registration application cards, precinct cards and other documents Monday in a construction trash bin at Atlanta Technical College in southwest Atlanta.

``This represents a significant and serious breach of the personal information of Fulton County voters and an outrageous violation of the trust and integrity of Fulton County's elections,'' Secretary of State Karen Handel.

Handel has called in the Georgia Bureau of Investigation and the county solicitor general's office to investigate and said she will audit the county elections office, because ``this breach also creates serious concerns about the overall operations'' of the office...

IRS Warns Against Identity Theft

2007-04-12T20:01:00.000-05:00

Alert Issued About Scams
POSTED: 9:26 am EDT April 12, 2007

WASHINGTON -- If you haven't filed your tax return yet, the Internal Revenue Service wants to make sure you don't risk identity theft as you try to meet the deadline.

IRS Commissioner Mark Everson was scheduled to appear before a Senate panel Thursday to warn taxpayers not to let their guard down as they rush to file the appropriate forms. In addition to Everson, the panel was set to hear from a convicted identity thief now serving time in prison.

The IRS has issued an alert to warn about scams involving fraudulent e-mails that appear to be from the IRS. The messages direct the consumer to a Web link that asks for such personal information as Social Security, bank account and credit-card numbers..

Lost Disc Puts 2.9 Million Georgia Residents At Risk For ID Theft

2007-04-12T19:59:00.000-05:00

The disc, which had been in the possession of contractor ACS, held names, addresses, birth dates, and Medicaid numbers, in addition to Social Security numbers.
By Paul McDougall InformationWeek
Apr 10, 2007 11:00 AM

A computer disc containing Social Security numbers and other sensitive personal data on 2.9 million residents of Georgia has been lost, according to the state's Department of Community Health.

The CD, which had been in the possession of contractor Affiliated Computer Services, held names, addresses, birth dates, and Medicaid numbers, in addition to the Social Security numbers, for Georgia residents enrolled in the state's Medicaid and PeachCare for Kids programs, the DCH said in a statement released Monday...

Identity theft at Tampa port

2007-04-12T19:57:00.000-05:00

Tampa, Fla -

A Lakeland man is charged with stealing identities from the Tampa Port Authority database.
29-year-old Daniel Glenn is a computer technician for Siemens Building Technologies, and was working for the port as a subcontractor.

The arrest is the result of an ongoing investigation of the Tampa Bay Regional Domestic Security Task Force Investigators said, on multiple occasions, internet credit applications were submitted to various credit card companies using personal identification information derived from the Tampa Port Authority database...

Clerk Faces Fraud and Theft Charges for Using Customer's Credit Card

2007-04-12T19:51:00.000-05:00

April 12th, 2007 @ 10:40am
Mary Richards, KSL Newsradio

A Target employee is accused of using a customer's credit card to buy herself a big gift card.
American Fork police say a Target clerk used a customer's credit card to buy a $700 Target gift card for herself. The clerk reportedly never gave the credit card back to the customer and the customer didn't notice. Then police say she swiped it again for that $700 charge.

Target officials say surveillance video shows the clerk make purchases on the gift card and forge the victim's signature...

ID theft fuelled by organised crime

2007-04-12T19:50:00.000-05:00

Organised criminal gangs operating global identity fraud rings are behind a dramatic rise in identity fraud, according to new data from credit information provider, Experian.
It reports that organised crime contributed to a 69% increase in the number of people contacting the firm's 'Victims of Fraud' service in H2 2006, compared to the same period a year earlier.

Although part of the increase can be attributed to greater awareness of identity fraud, much of the rise is down to sophisticated attacks by organised gangs. They specifically target the most affluent people and those who are most likely to be vulnerable...

Personal expression vs. corporate policy

2007-04-12T19:27:00.000-05:00

Network World's Security Strategies Newsletter,
04/12/07
By M. E. Kabay

What would you do if you saw sensitive or offensive material about your organization on the Web? Perhaps you would contact your corporate counsel and discuss methods for applying pressure to have the material removed; if necessary, your organization might even initiate legal proceedings for a tort under the laws of libel, protection of trade secrets, violation of copyright or misuse of trademarks.

But what would you do if the defamatory material were written by one of your employees? ...

Just how much will that data breach cost your company?

2007-04-12T19:21:00.000-05:00

April 11, 2007 (Computerworld) -- Want to know just how much a data breach is likely to end up costing your company? Darwin Professional Underwriters Inc. may be able to help.

The Farmington, Conn.-based technology liability insurance company has released a free online calculator that it said allows businesses to estimate -- with a fair degree of accuracy -- their financial risk from data theft.

Darwin's Data Loss Cost Calculator uses proprietary algorithms developed with security breach data from media reports and other industry resources, according to the company. Among them was Ponemon Institute LLC's 2006 security breach and cost-analysis survey of 31 companies that had suffered data breaches.

Basically, the calculator allows companies to get hard cost estimates in three major categories: internal investigation expenses, customer notification/crisis management costs, and regulatory and other compliance expenses. Companies input data in the respective fields in the calculator to get instant estimates for costs associated with breach-related activities such as customer notification, credit monitoring, crisis management consulting, state or federal fines, and attorney fees...

The calculator does not include costs associated with any class-action or other lawsuits that might follow a data breach, he said. Neither does it look at the effect on stock prices or reputation, because such numbers can vary by incident and are much harder to generalize....

State reports data lost for Medicaid and PeachCare recipients

2007-04-10T10:19:00.001-05:00

SHANNON McCAFFREY
Associated Press
ATLANTA - A CD containing personal data on Medicaid and PeachCare recipients was lost, Georgia health officials said Tuesday.

The CD contained addresses, birth dates, names and Social Security numbers of participants in the health programs. The breach was reported to the state by Affiliated Computer Services, a private vendor. It was not immediately clear how many people were affected...

The ROI of Noncompliance in the Mid-Market

2007-04-10T07:38:00.000-05:00

By Allan Holmes

April 06, 2007 — CIO — Sox and HIPAA continue to be a mountain too high to climb.
The bigger the company, the larger (one would assume) its security budget, the more staff it can dedicate to security, the likelier it is to have a CSO or chief compliance officer and the greater its ability to afford more technology and implement better compliance processes and governance. So bigger companies should be more compliant than smaller ones, right?

Sometimes yes, sometimes no. For example, 13 percent of large companies admitted to not being compliant with the Gramm-Leach-Bliley Act (GLBA) compared with only 11 percent of midsize companies (those with revenue between $100 million and $1 billion), according to the “The Global State of Information Security 2006” survey conducted by CIO and PricewaterhouseCoopers (see the article here). However the compliance rates flipped when it comes to Sarbanes-Oxley. A little more than one-third of large U.S. companies say they are not compliant with Sox; 43 percent of mid-market companies are not compliant.

The same swing can be seen with other laws. Twenty-five percent of large companies are not compliant with California’s security breach notification law but only 14 percent of midsize companies are not compliant. Midsize companies are less compliant when it comes to the Health Insurance Portability and Accountability Act, or HIPAA (27 percent of midsize companies are noncompliant versus 21 percent of large companies)...

U.S. organizations still ignoring security and privacy laws...
Percentage of U.S. organizations admitting they need to be in compliance with a specific law, but are not

Regulation 2005 2006
California database breach notification act 15 15

Sarbanes-Oxley 38 28

HIPAA (healthcare respondents only) 38 40

GLBA (financial services respondents only) 17 14

Other state/local privacy regulations 10 32

The Global State of Information Security 2006

2007-04-10T07:36:00.001-05:00

– Allan Holmes, CIO
September 15, 2006

When it comes to information security, the reflection you see in your morning mirror is probably not that of a sharp, confident, professional IT executive. Rather, that man in the mirror is more likely to look like a gangly, awkward, not-yet-to-be-fully-trusted teenager.
That’s what "The Global State of Information Security 2006" survey tells us. In its fourth edition, this largest-of-its-kind survey reveals that global information executives, still relatively new to security’s disciplines, are learning and improving but are still prone to risky behaviors—behaviors that could have devastating consequences.

Your Guide To Good-Enough Compliance

2007-04-10T07:33:00.000-05:00

http://www.cio.com/article/print/102751

– CIO
April 06, 2007

In November 2005, Jason Spaltro, executive director of information security at Sony Pictures Entertainment, sat down in a conference room with an auditor who had just completed a review of his security practices.

The auditor told Spaltro that Sony had several security weaknesses, including insufficiently strong access controls, which is a key Sarbanes-Oxley requirement.

Furthermore, the auditor told Spaltro, the passwords Sony employees were using did not meet best practice standards that called for combinations of random letters, numbers and symbols. Sony employees were using proper nouns. (Sox does not dictate how secure passwords need to be, but it does insist that public companies protect and monitor access to networks, which many auditors and consultants interpret as requiring complex password-naming conventions.)

Living Dangerously

When business metrics are applied to compliance, many companies decide to deploy as little technology or process as possible—or to ignore the governing laws and regulations completely.
According to “The Global State of Information Security 2006” survey conducted by CIO and PricewaterhouseCoopers, about a quarter of U.S. executives who say their companies must comply with Sox regulations admit to being noncompliant with the 2002 law. (See The Global State of Information Security 2006.) Two-thirds of U.S. companies are not compliant with the two-year-old Payment Card Industry (PCI) Data Security Standard, with guidelines (and penalties) developed by the major credit card companies to protect their customers’ credit card numbers. And 42 percent of U.S. healthcare companies admit to not complying with the almost 10-year-old Health Insurance Portability and Accountability Act (HIPAA), which requires health institutions to secure private health information.

“The dirty little secret here is that everybody tries to figure out how much risk they can assume without being embarrassed or caught,” says David Taylor, a former Gartner security analyst and now vice president for data security strategies for Protegrity, a security and privacy consultancy. “The people I regularly talk to are trying to figure out if [their security] fails, what’s the smallest amount they need to do to stay out of trouble and how they can blame someone else.”

When Companies Violate the Rules

2007-04-10T07:13:00.000-05:00

– Allan Holmes, CIO
April 06, 2007

In 2006, the Federal Trade Commission took the following companies to task for their lax information security:

Guidance SoftwareViolation:

Did not: to assess vulnerability to known Web-based attacks; to implement simple defenses; to monitor and limit access from the corporate network to the Internet; to detect unauthorized access to consumers’ credit card information.

Nations Title AgencyViolation:

Did not: assess risk of stored sensitive data; deploy reasonable security training policies and procedures; deploy simple security defenses to common website attacks; monitor for unauthorized access to sensitive data; properly oversee third parties processing sensitive data.

Xanga.com

Violation: Collected, used and disclosed personal information of children under the age of 13 without first obtaining parents’ consent.

Cardsystems

Violation: Did not: adequately assess network vulnerability; deploy security defenses; use strong passwords; use intrusion detection apps; conduct security investigations.

ChoicePoint

Violation: Did not have reasonable procedures to screen prospective subscribers; turned over consumers’ sensitive personal information to subscribers whose applications raised obvious red flags.

Other FTC actions from 2002 to 2005 included the following data security citations:

DSW

Year: 2005

Violation: Lax security allowed hackers to steal credit card and checking account information of more than 1.4 million customers.

BJ’s Wholesale Club

Year: 2005

Violation: Failed to encrypt personal data sent via Internet; stored personal data after no longer needing it; used common default passwords for access to files containing personal information; did not deploy technologies to secure wireless connections, detect intrusions or to conduct security audits.

Superior Mortgage

Year: 2005

Violation: Did not use reasonable security for customer data, falsely claimed that it encrypted data submitted online.

Vision I Properties

Year: 2005

Violation: Rented to third-party marketers personal information gathered from clients’ customers, contradicting merchant privacy policies.

PetcoYear: 2004

Violation: Failed to deploy simple defenses to protect sensitive consumer data and to encrypt data as it claimed on its website.

Gateway LearningYear: 2004

Violation: Rented consumers’ data in violation of privacy policy.

Tower Records

Year: 2004

Violation: Failed to use appropriate checks and controls when revising Web applications, adopt policies to test website security and provide training for employees.

Guess

Year: 2003

Violation: Did not encrypt stored personal data (as it claimed) or protect against website against commonly known attacks.

Microsoft

Year: 2002

Violation: Made the following false claims: that it uses reasonable security to protect consumers’ personal data collected through its Passport and Passport Wallet services, that it provided more security with Passport Wallet for Web purchases than without, that it did not collect personally identifiable data, and that it provided parental control over what information participating websites could collect from children.

Eli Lilly

Year: 2002

Violation: Disclosed e-mail addresses of subscribers to an e-mail medication reminder service in violation of claims the company protected private data.
© 2007 CXO Media Inc.

Risk for consumers greater in restaurants

2007-04-10T05:45:00.000-05:00

Thieves feasting on credit-card information
GILLIAN SHAW, CanWest News ServicePublished: Tuesday, April 10, 2007
Credit-card information is the treasure of choice for today's hackers and in the past year they have stepped up attacks that are draining hundreds of millions of dollars from corporations and individuals, according to BT Counterpane's 2006 Attack Trends Report and 2007-2008 Crystal Ball forecast.
And while consumers worry about using their credit cards online, the reality is they face a greater risk when they use their cards at a restaurant or other brick-and-mortar merchants, says another report by AmbironTrustWave, a Chicago-based security company that conducts security audits for merchants.
Restaurants were found to offer a particularly lucrative trolling ground for credit-card fraudsters. An AmbironTrustWave review of security breaches over the past 18 months found 62 per cent came from the food-service industry.

Leavenworth investigating possible credit card theft by pizza delivery man

2007-04-10T05:43:00.000-05:00

By ROBERT A. CRONKLETON
The Kansas City Star
Leavenworth police on Monday urged people who recently had a delivery by Pizza Hut and paid for it with credit cards to check their statements.
Police are investigating fraudulent charges on credit cards they believed they have tracked to a 37-year-old male delivery driver, said Maj. Patrick Kitchens, a spokesman for Leavenworth police.
The man has not been arrested, nor has he been charged, Kitchens said...

How the IRS aids identity theft

2007-04-10T05:37:00.001-05:00

By Other Views: Washington Post
Published April 10, 2007
IRS stands for Internal Revenue Service, but after a frightening report from the IRS inspector general on the inability of the tax-collection agency to protect taxpayer data, IRS might stand for Information Relinquishing Service. According to the report last week, almost 500 laptop computers were lost or stolen from the homes, cars or offices of agency workers between January 2003 and June 2006. That's something sure to bring a smile to the faces of criminals who dabble in identity theft.
This wouldn't be the first time they're smiling courtesy of the federal government. A year ago, the Commerce Department reported more than 1,000 laptops missing, some with sensitive information. And the Department of Veterans Affairs had a laptop with information on 26.5- million people pinched last May. It was returned a month later with everything intact.
The IRS has 52,511 laptops, with the

IRS head: All laptops to be encrypted within weeks

2007-04-10T05:32:00.001-05:00

Everson defends agency's security record in wake of audit
Robert McMillan

April 09, 2007 (IDG News Service) -- After an auditor found serious security problems in the way it handled sensitive data on laptops, the Internal Revenue Service said it will have all laptops encrypted within the next few weeks.
Speaking in an interview with National Public Radio over the weekend, Internal Revenue Service Commissioner Mark Everson said his organization was making the effort following a recently released audit that found unencrypted data on a large percentage of IRS laptop computers.
"What the report showed, which was correct, was that we weren't taking the proper steps to protect some laptops," Everson said. "We've worked to encrypt all of the laptops and that's just about done. We've got a couple dozen more we've got to finish up in the next few weeks."
Auditors tested 100 laptop computers used by IRS employees and found that 44 of them contained "unencrypted sensitive data, including taxpayer data and employee personnel data."

Police: Protect your identity!

2007-04-09T17:37:00.000-05:00

Think identity theft doesn't effect you?
Think again, says Leitchfield City Police Detective Jared Mudd. It's right here in Leitchfield!
“It is probably the most recurring crime I deal with,” says Mudd. “I would say there are four to five new victims each week.”
It is also one the hardest crimes to solve and very seldom is anyone arrested, according to Mudd...

ID thief sent to prison

2007-04-09T17:33:00.000-05:00

ZERO DAY SECURITY

April 09, 2007

Law enforcement officials in Seattle are celebrating a victory against identity thieves in the region as a man accused of masterminding a widespread fraud scheme using stolen credit card data was sentenced to five years in prison there last week.

U.S. District Court Judge John Coughenour in Seattle sentenced Scott William McComb, 41, to 65 months in prison and three years of supervised release on charges of Social Security number fraud and aggravated identity theft.

According to prosecutors, McComb drove across the U.S. buying cars and other expensive items using other people's IDs, bank account information and credit card accounts.

First tipped off by two individual consumers who discovered that their credit cards and bank accounts were being violated, the investigation led police to a Seattle hotel room in late February 2006 where they found computer equipment with numerous programs for use in creating fake IDs. At least ten IDs that displayed McComb's picture with other people's personal details were also recovered in the raid...

KID 'I.D. THIEF' IN $1M STOCK CROCK

2007-04-09T17:27:00.000-05:00

April 9, 2007 -- A recent college grad made a killing by electronically looting $1.6 million from wealthy New Yorkers' bank accounts and buying penny stocks that he already owned - sending his portfolio through the roof, law-enforcement sources told The Post.

Alexis Ampudia, 22, and his father, also named Alexis, 44, were grabbed by Port Authority cops when they stepped off a jet Thursday night at Newark Airport from Panama, where investigators believe they have moved their ill-gotten bonanza.

The Ampudias were held on identity-theft charges related to the son's sophisticated "pump and dump" scam, pending an extradition hearing today in New Jersey, officials said.

Data security breach at UCSF may have exposed thousands

2007-04-07T07:45:00.000-05:00

SearchSecurity.com - Apr 5, 2007
By comparison, 26.5 million veterans and active duty personnel were affected by the theft of a Department of Veterans Affairs (VA) laptop and external hard drive last year

Two Alleged Gas Credit Card Thieves Arrested

2007-04-07T07:44:00.001-05:00

News10.net - 18 hours ago
Jesse Cruz, 29, and Dwight "Ken" Seitzer, 31, both of Modesto were arrested. They are facing felony charges of burglary, conspiracy, grand theft, and forging access cards. Boyett said the gas purchases using bogus credit cards ran to about $20000.

Identity theft hits area residents

2007-04-07T07:43:00.001-05:00

Inside Bay Area - Apr 6, 2007
The sheriff's office usually averages about 20 reports of identity theft per month, Madigan said. "We noticed a spike in the last few days," he added

Penn Yan man entangled in international identity theft

2007-04-07T07:41:00.000-05:00

Steuben Courier - 11 hours ago
The Penn Yan man was featured on the March 27 NBC television show Dateline as host Chris Hansen and Internet experts and investigators worked to expose identity thieves who use stolen credit card information to buy electronic goods and other items from ...

Identity Theft Operation Busted

2007-04-07T07:39:00.000-05:00

Fox 12 Boise - 13 hours agoNampa, Idaho --
Nampa Police have busted a fairly large identity theft operation, putting two people behind bars. Jamie Gregory, 25, was arrested for drug charges, while Chad Butherus, 25, was arrested for providing false identification.

FBI, retailers to share crime data

2007-04-07T07:38:00.000-05:00

Computerworld - 17 hours ago
"Organized theft rings steal billions of dollars of merchandise every year, which victimizes retailers, endangers the safety of retail employees and raises the price of consumer goods," Joseph LaRocca, the NRF vice president of loss prevention, ...

Stolen laptops contain data on 40000 Chicago schools employees

2007-04-07T07:37:00.000-05:00

About 40,000 Chicago Public Schools employees are at risk of identity fraud after two laptops containing their personal information were stolen on Friday.
The computers were taken from the CPS headquarters, the organization said in a statement. The laptops belong to accounting firm McGladrey and Pullen and its subcontractor, who were reviewing contributions to the Chicago Teacher Pension Fund, according to the statement.

IRS Audits Self Into Data-Theft Hot Seat

2007-04-07T07:35:00.000-05:00

InternetNews.com - Apr 5, 2007
The IRS laptop security problem is another in a series of embarrassing data leaks by government agencies. Last May, the Veterans Administration (VA) announced approximately 26.5 million veterans were at risk of identity theft after a VA employee ...

.ANI attack update: Rootkits, ‘Hot Britney pics’ spam

2007-04-07T06:52:00.001-05:00

April 3rd, 2007
Posted by Ryan Naraine @ 12:00 pm
The ongoing Windows animated cursor (.ani) flaw attack just keeps getting worse.
The latest reports indicate that an e-mail spam run promising hot photographs of Britney Spears is the latest lure to infect Windows users with backdoor Trojans and keystroke loggers

Busted: Stolen Credit Card Video Leads Police To Theft Ring

2007-04-07T06:50:00.001-05:00

Last Update: Apr 5, 2007 4:55 PM
Posted By: Vickie Jean Summers

Watch This Video What started out as a stolen credit card case turned into a major theft ring bust for San Antonio Police.
Police said surveillance video shows 28-year-old Joel Rodriguez using a stolen credit card to buy items at a local Target store. Investigators believe Rodriguez stole a DPS trooper's gun, badge, and credit cards.
During their investigation, officers discovered a whole lot more...

Hortica Alerting Public to Loss of Backup Tapes

2007-04-07T06:44:00.000-05:00

Print article

Refer to a friend
2007-04-06 19:48:09 -
EDWARDSVILLE, Ill., April 6 /PRNewswire/ -- Florists' Mutual Insurance Company (Hortica), an Illinois-based provider of employee benefits and insurance to companies in the horticultural industry, today announced that a locked shipping case containing magnetic backup tapes cannot be located. Hortica believes that the backup tapes contained personal information including names, Social Security numbers, drivers' license numbers, and/or bank account numbers.
The locked shipping case was being transported by UPS from a secure offsite facility to the company's Illinois headquarters. UPS informed Hortica that the shipping case could not be
located, and Hortica has been working with UPS in an attempt to locate the case. On April 5, 2007, UPS notified Hortica that all internal recovery processes had been exhausted and the shipping case could not be located...

From Hortica's website:

LET HORTICA INSURANCE BE YOUR GUIDE. Together, we will identify your specific evolving risks/needs. We deliver comprehensive, effective insurance solutions for Garden Centers, Nurseries, Retail Florists, Wholesale Floral Distributors, Greenhouse Growers, Landscape Contractors, and Interior Plantscapers at competitive prices...

Uh, do those risks include data loss? Hmmm.

Former Morgan Stanley Employee Arrested On Data Theft Charges

2007-04-07T06:42:00.000-05:00

By Martin H. BosworthConsumerAffairs.Com
April 5, 2007
Data Theft • Data Thieves Hit University of California-San Francisco• Former Morgan Stanley Employee Arrested On Data Theft Charges• Census Bureau Admits To Data Breach As ID Theft Levels Climb• Arrests Made In Stop & Shop Data Breach• Mysterious Computer Theft Hits Mystery Shopping Company• Data Thieves Hit Stop & Shop• Veterans Administration Loses Data on 1.8 Million• Johns Hopkins Loses Data; Congress Aflutter• Wisconsin Agency, Printer Tried To Cover Up Data Breach• Data Breach Hits Canada's Club Monaco• Nationwide, Aetna Customer Data Stolen• Consumers Must Act Fast in Data Theft Cases• Hackers Hit T.J.Maxx, Marshalls• Congress Takes On Data Security• Emory Healthcare Laptop Stolen• Wisconsin Mails Tax Forms With Exposed Social Security Numbers• Persecution of Immigrant Workers Won't Stop Identity Theft• Locking Down Your Laptop• Boeing Loses Laptop with 328,000 Workers' Information• Massive Data Breach At UCLA Endangers 800,000• Ameriprise Settles With Regulators Over Laptop Theft• More ...

A former Morgan Stanley client service representative was arrested and charged with stealing proprietary information relating to the brokerage firm's hedge fund clients. Ronald Peteka surrendered yesterday and was charged with conspiracy, according to the U.S. Attorney's office in New York.
Peteka is alleged to have accessed information on Morgan Stanley's hedge fund clients and the rates they pay while he worked for another company, and sending the information to his personal e-mail account several times between December 2005 and February 2006.

Please Use Windows Update

2007-04-07T04:51:00.000-05:00

Businesses and individuals that have "Critical Use" PCs should test all patches on a test machine. For everyone else run Windows Update! An important part of keeping your data safe is updating ALL you programs on a regualr basis. This includes your operating system, yes, Mac and Linux too. It's not just your operating system, but also EVER program on your PC can become a security risk.

Before updating, I make a regestry backup using the regedit command from start> Run> Regedit> File> Export. Send it to a floppy or CD. Also create a restore point Start> Accessories> System Tools> System Restore> Create Restore Point> Name it B4 what ever update I am doing at the moment

Please run a firewall (free at zonelabs.com) Anti-Virus (free at grisoft.com) and some sort of spyware detection (Spybot is free). Be careful what you run, some spyware detectors actually install spyware.

Visit SANS Top twenty list of vulnerabilities http://www.sans.org/top20/

People are just not patching their PCs. Those that do not are a danger to themselves and others.

Netsky Tops Sophos' Malware Chart for March 2007
IT News Online Staff
2007-04-04
Sophos has announced its list the most prevalent malware threats and email hoaxes causing problems for computer users around the world during March 2007.

The figures, compiled by Sophos' global network of monitoring stations, show that the Netsky family has had the biggest impact on computer users this month, accounting for almost a third of all malware seen during March.

Netsky's return to the top comes despite protection against this family of worms having been available for more than three years. Interestingly, just 0.18% or one in 555 emails was infected in March, yet Sophos detected 8,835 new threats, bringing the total protected against to 231,548

Attack of the Zombie Computers Is Growing Threat
NY times
In their persistent quest to breach the Internet’s defenses, the bad guys are honing their weapons and increasing their firepower.

Related Tips for Protecting the Home Computer

With growing sophistication, they are taking advantage of programs that secretly install themselves on thousands or even millions of personal computers, band these computers together into an unwitting army of zombies, and use the collective power of the dragooned network to commit Internet crimes.

Use wireless?

December 15, 2004
R.I.P. W.E.P.
By Glenn Fleishman
Requiescat in pace, you broken, broken standard: Let’s call the time of death for WEP. Jim Thompson forwarded me this link that shows that an Aircrack—based on an Aug. 2004 set of code—can rely on just a few hundred thousand passively collected packets and crack a key in seconds. A few hundred thousand packets could be as little as two minutes of collection time on a busy 802.11g network. (Jim Geier ran the number on packets per second for 802.11a and 802.11g in this April article at Small Business Computing.)
Thus the death of WEP. Two to five minutes of collection. A few second most of the time to crack the key. Even keys changed every 10 minutes are thus susceptible to an attack that might allow several minutes of discrete information. Unique keys distributed by 802.1X to each machine on a network reduces the number of packets sent by individual computers, thus still offering a window of possibility of crack-free WEP use. But it’s a thin margin.

UPDATE 4/2007
Don't use WEP, say German security researchers
By Peter Sayer, IDG News Service, 04/04/07
The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend.

Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the interception of around 4 million packets of data in order to calculate the full WEP security key. Further flaws found in the algorithm have brought the time taken to find the key down to a matter of minutes, but that's not necessarily fast enough to break into systems that change their security keys every five minutes.
Now it takes just 3 seconds to extract a 104-bit WEP key from intercepted data using a 1.7GHz Pentium M processor. The necessary data can be captured in less than a minute, and the attack requires so much less computing power than previous attacks that it could even be performed in real time by someone walking through an office.

WAP2 is better By the way.

I am NOT saying you PC or laptop can't be used safely. It can. I am NOT saying that it will ever be bulletproof. It won't. There are ways you can reduce your risks. It is like a loaded gun. Use it wisely and don't point it at me :-)

Rodney

Around the world in search of ID thieves

2007-04-06T13:21:00.000-05:00

In case you have missed this show on Tuesdays, Chris Hansen, is tracking an Identity Theft Ring. In one segment in just over a minute after making available a credit card number in a IRC chat room, it was maxed out.

On the hunt for ID thieves part 1
Dateline goes undercover and uses bait credit cards and a fake online store to expose the activity in the Internet's underbelly

Around the world in search of ID thieves part 2
Can 'Dateline' find the ID thieves and con artists who try to scam Americans out of their money?

Personal data at risk in lost IRS laptops

2007-04-05T18:40:00.000-05:00

Personal data at risk in lost IRS laptops
By Kevin McCoy,
USA TODAY

At least 490 IRS computers have been stolen or lost since 2003 in security breaches that potentially jeopardized the personal information of more than 2,000 taxpayers, a government audit reported Wednesday.
The computers were lost in 387 incidents, most of which were not reported to the IRS computer security office as required, according to the report by the Treasury Inspector General for Tax Administration.
The audit also found that IRS laptops lacked adequate password controls and encryption software that would protect taxpayer information and other data...

2007-04-03T21:05:00.000-05:00

FTC Approves Final Guidance Settlement
April 3, 2007

By Roy Mark

Guidance Software's settlement with the Federal Trade Commission (FTC) became official today, almost five months after the Pasadena, Calif.-based computer forensics specialist admitted it did not adequately protect customer data...

New virus comes disguised as IE 7 download

2007-04-02T09:09:00.000-05:00

New virus comes disguised as IE 7 download

By James Niccolai,
IDG News Service, 03/30/07
If you receive an e-mail offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is making the rounds that comes disguised as a test version of Microsoft current Web browser.

The e-mails carry the subject line "Internet Explorer 7 Downloads" and appear to come from admin@microsoft.com. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe. ..

An Identity Theft Waiting to Happen?

2007-04-02T09:02:00.000-05:00

An Identity Theft Waiting to Happen?

A mundane trip manifest of reporters who traveled to Latin America with President Bush has turned colossally controversial because the White House included personal ID info on the E-mail sent to news bureaus. The key ingredients of identity theft-Social Security and passport numbers and dates of birth-were listed in the E-mail that the White House Travel Office sent out in what's typically the first stage of billing.
"A lot of us went crazy," says one reporter, "because it's an identify theft waiting to happen."

Among those on the trip were CBS's Bill Plante, Fox's Bret Baier, CNN's Ed Henry, NBC's Kelly O'Donnell. The manifest usually includes just the names of those on the trip and what they owe.
The E-mail went to media billing offices and bureau officials. "I don't know everyone on that list. It could have been taken by somebody shady," frets one TV reporter.

"It was an honest mistake," says C-SPAN's Steve Scully, president of the White House Correspondents' Association. He said that a day after the E-mail went out, the travel office apologized and tried to retrieve them. The event prompted the White House to speed up plans to institute a new and more secure system. Some news organizations aren't taking chances. They are warning correspondents to check their charge accounts.

Corporate Sloppiness Is the Real Culprit for Data Loss, Not Vilified Hackers

2007-04-02T08:55:00.000-05:00

Corporate Sloppiness Is the Real Culprit for Data Loss, Not Vilified Hackers
By Lisa Vaas

Expect to see the 2 billionth personal record compromised by year's end, according to recent research from the University of Washington. But don't blame it on rogue hackers; sorry to say, it's your own fault, Corporate America.
Researchers at the university in Seattle estimate that electronic records—those containing Social Security or credit card numbers, academic grades or medical history—are bleeding out of North American organizations at the rate of 6 million a month so far in 2007—up some 200,000 a month from last year. ..

2007-04-01T12:29:00.000-05:00

Social Security Numbers
Social Security Cards Issued by Woolworth

The story of the most misused number of all time. . .

The most misused SSN of all time was (078-05-1120). In 1938, wallet manufacturer the E. H. Ferree company in Lockport, New York decided to promote its product by showing how a Social Security card would fit into its wallets. A sample card, used for display purposes, was inserted in each wallet. Company Vice President and Treasurer Douglas Patterson thought it would be a clever idea to use the actual SSN of his secretary, Mrs. Hilda Schrader Whitcher.
The wallet was sold by Woolworth stores and other department stores all over the country. Even though the card was only half the size of a real card, was printed all in red, and had the word "specimen" written across the face, many purchasers of the wallet adopted the SSN as their own. In the peak year of 1943, 5,755 people were using Hilda's number. SSA acted to eliminate the problem by voiding the number and publicizing that it was incorrect to use it. (Mrs. Whitcher was given a new number.) However, the number continued to be used for many years. In all, over 40,000 people reported this as their SSN. As late as 1977, 12 people were found to still be using the SSN "issued by Woolworth."
Mrs. Whitcher recalled coming back from lunch one day to find her fellow workers teasing her about her new-found fame. They were singing the refrain from a popular song of the day: "Here comes the million-dollar baby from the five and ten cent store."
Although the snafu gave her a measure of fame, it was mostly a nuisance. The FBI even showed up at her door to ask her about the widespread use of her number. In later years she observed: "They started using the number. They thought it was their own. I can't understand how people can be so stupid. I can't understand that."
Mrs. Whitcher compares the Social Security card "issued by Woolworth" with her own real card of the same number.

The card that started all the fuss!
Not The Only One
The New York wallet manufacturer was not the only one to cause confusion about Social Security numbers. More than a dozen similar cases have occurred over the years--usually when someone publishes a facsimile of an SSN using a made-up number. (The Whitcher case is far and away the worst involving a real SSN and an actual person.)One embarrassing episode was the fault of the Social Security Board itself. In 1940 the Board published a pamphlet explaining the new program and showing a facsimile of a card on the cover. The card in the illustration used a made-up number of 219-09-9999. Sure enough, in 1962 a woman presented herself to the Provo, Utah Social Security office complaining that her new employer was refusing to accept her old Social Security number--219-09-9999. When it was explained that this could not possibly be her number, she whipped out her copy of the 1940 pamphlet to prove that yes indeed it was her number!

Greenville County School District

2007-04-01T12:06:00.000-05:00

Senator Involved In Computer Case Fires Back

School District Alleges Senator Took Advantage Of Situation
POSTED: 3:34 pm EDT March 28, 2007
UPDATED: 10:01 am EDT March 29, 2007

GREENVILLE, S.C. -- The Greenville County School District alleges that a South Carolina senator misused his office when he didn't tell the district about school computers that were auctioned off while they still contained personal information.
VIDEO: Thomas Responds To School District's Charges ...

Previous Stories:
March 27, 2007: School District Says 'No Deal' In Computer Case
March 6, 2007: Men Want Cash, Apology In School Computer-Sale Case

2007-04-01T11:58:00.000-05:00

Eviction Puts Sensitive Papers On The Street
Written by Audrey Barnes
9NEWS NOW
Created:3/29/2007 6:35:39 PM
Last Updated:3/30/2007 12:37:44 PM

WASHINGTON, DC (WUSA) -- Thousands of DC area residents are at risk of identity theft after the eviction of a downtown employment agency.

US Marshals removed everything from the Unique International Recruiting Service at 1625 K Street, NW, and left it curbside overnight.

Besides computers and artwork, boxes of personal information including Social Security numbers and tax records from hundreds of clients were left on the street.

By morning, much of it had disappeared.

The landlord, Shorenstein Properties says the agency owes more than $25,000 in back rent.

After exhausting every legal channel to get it, eviction was the last resort

Loyalty of Ex-Employees & Medical ID Theft

2007-03-31T04:34:00.000-05:00

Ex-UIC Medical Center worker charged with identity theft
By Dan P. Blake
Tribune staff reporter
Published March 29, 2007, 9:11 PM CDT
A former University of Illinois Medical Center at Chicago employee has been charged with identity theft following an investigation that officials say determined he misused personal information of at least eight patients.Leslie Langford, 28, who worked as an emergency medical technician in the West Side hospital, was arrested on Feb. 23 after police discovered evidence he had illegally used patients' information he had accessed through using its electronic medical records system, authorities said.

REPRISED Due to relevance
Medical theft - an underreported aspect of identity theft
By Mark Stalcup, staff writer
Imagine a trip to the hospital gone horribly wrong: a patient given the wrong blood type because information is stored incorrectly on his medical records.

2007-03-31T04:26:00.000-05:00

TJX card problem flags retail identify theft risk
By Brad Dorfman
Reuters
Fri Mar 30, 4:47 PM ET
CHICAGO (Reuters) - Consumers who want to be sure about protecting their personal data and preventing identity theft might need to pay solely with cash, shun retailer loyalty programs and only make returns when they have a receipt.
Otherwise, they could be turning over data to a retailer vulnerable to hackers hunting for credit card information, social security numbers and anything else they can use to commit fraud, computer security and financial experts said on Friday.

2007-03-29T14:14:00.000-05:00

Child support data may be at risk
L.A. County agency tells 243,000 clients that three missing laptops may contain personal info.
By Susannah Rosenblatt, Times Staff Writer
March 30, 2007
In the weeks after three laptops went missing from a Los Angeles County Child Support Services office, officials sent letters to 243,000 clients in Los Angeles, Orange and San Diego counties, warning that their personal information — including Social Security numbers — might be at risk.

RadioShack customers' personal info found in dumpster
Dallas Business Journal -
5:25 PM CDT Wednesday, March 28, 2007

Thousands of payment slips showing the credit card numbers and other personal information of RadioShack employees was found in a dumpster behind a Corpus Christi-area RadioShack, a news station reported Wednesday.
According to the KZTV report, a man rummaging through trash behind a RadioShack store in Portland, Texas, found nearly 20 boxes of discarded records.

News Update 3-25-07

2007-03-25T17:42:00.000-05:00

From Columbia SC...

Online: Identity theft
The State Newspaper

If you aren’t convinced of the threat posed by identity theft, there are plenty of Web sites out there to nudge you over to the side of reason — and maybe scare the bejabbers out of you...

Are you part of a botnet?

3/24/2007
I received the following e-mail this week, along with others like it:
"In your Daily News, you said the following: 'According to Symantec, more than six million computers worldwide are part of a botnet. Criminals are consolidating their networks, making it easier to use them in attacks. More than 30 percent of computer attacks originate in the United States. Are you part of a botnet?' How will I know? What software will detect this and remove it?"

News Update 3-24-07

2007-03-23T23:28:00.000-05:00

All right... it's soapbox time. Call your congressman or Representative on this one. Yes Really! This about Homeland Security

Hole Found in Protocol Handling Vital National Infrastructure (E-Week)
By Lisa Vaas March 23, 2007
Researchers on March 21 announced that the systems which control dams, oil refineries, railroads and nuclear power plants have a vulnerability that could be used to cause a denial of service or a system takeover...

Graham said that the real problem isn't vulnerabilities but the fact that OPC installations are normally run without authentication such as a username and password. "[That] means a hacker can control them without having to mess around with things like buffer overflows," he wrote...

In fact, Graham said, he doesn't believe that many SCADA organizations will take this recent vulnerability warning seriously because they know that since their systems are already wide open to attack, patching them against this bug won't stop a hacker.

Microsoft Xbox Phone Staffers Giving Away Private Information
By Lisa Vaas March 22, 2007

Hijackers are getting access to Xbox Live gaming accounts, credit cards and PayPal accounts with repeated calls to support staff, who are easy prey for social engineering stunts.

"As the stomach turns"... The continuing saga of TJX...
Stolen TJ Maxx Data Used in $8M Gift Card Scam

Information stolen from the systems of massive retailer TJX was being used fraudulently in November 2006 in an $8 million gift card scheme, one month before TJX officials said they learned of the breach, according to Florida law enforcement officials.
The significance of this new TJX detail—discovered as Florida authorities issued arrest warrants for 10 suspects and took six of them into custody—is not clear, but it might yield clues as to how TJX learned of the breach.

The $16 billion retail chain has officially said that a huge amount of information was accessed as early as 2005 (with some of the captured data dating back to 2003), but that TJX officials didn't learn of the breach until December 2006. The company didn't announce the breach until mid-January 2007 due to—according to one credit-card source—a request from the Secret Service because it was actively pursuing a suspect

Oracle sues rival for hacking, data theft
Robert Lemos, SecurityFocus
2007-03-22
Database and enterprise software firm Oracle filed a lawsuit on Thursday against German application maker SAP claiming that the European firm pilfered an enormous number of documents and software from Oracle's customer-only support systems.
“ SAP employees used the log-in IDs of multiple customers, combined with phony user log-in information, to gain access to Oracle's system under false pretexts. Employing these techniques, SAP users effectively swept much of the contents of Oracle's system onto SAP's servers. ”

News Update 3-23-07

2007-03-22T20:42:00.000-05:00

Stolen Credit Card Data Used in Florida Crime Spree
Officials arrest individuals suspected of carrying out fraud with credit card data stolen from retailer TJX Companies.Part 1 of a special five-part series. -->
Matt Hines, Computerworld
Wednesday, March 21, 2007 10:00 AM PDT
Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Companies.
In partnership with the Gainesville Police Department, officials from the Florida Department of Law Enforcement said they have taken six of 10 suspects into custody for allegedly using the TJX customer data to purchase large quantities of gift cards from discount chains Wal-Mart and Sam's Club

Google shock for Los Rios
By Eric Stern and Dorothy Korber - Bee Staff Writers
Published 12:00 am PST Wednesday, March 7, 2007
Story appeared in MAIN NEWS section, Page A1
A community college student who was "Googling" himself last month found some disconcerting information when he typed his name into the popular Internet search engine.

A Los Rios Community College District database popped up that included his name, birth date and Social Security number. The file also contained data on about 2,000 other students.

"Botherder" Dealt Record Prison Sentence for Selling and Spreading Malicious Computer Code
May 8, 2006
U.S. Department of Justice
Central District of California
Debra Wong Chang
Concluding the first prosecution of its kind in the United States, a wellknown member of the "botmaster underground" was sentenced this afternoon to nearly five years in prison for profiting from his use of "botnets" == armies of compromised computers == that he used to launch destructive attacks, to send huge quantities of spam across the Internet and to receive surreptitious installations of adware.

California exposed SSNs to theft
Information on hundreds of thousands available on secretary of state's Web site.
By Harrison Sheppard, Sacramento Bureau
Article Launched: 03/22/2007 10:15:28 PM PDT
SACRAMENTO - Hundreds of thousands of Californians' Social Security numbers were vulnerable to abuse by identity thieves because they were made publicly available through the Secretary of State's Web site over the last three years, officials said Thursday.
The personal data was removed from Secretary of State Debra Bowen's Web site earlier this week after a state legislator notified her office of the possible vulnerability.
The data was available in Uniform Commercial Code filings - documents lenders file relating to collateral securing a loan.
About one-third of the 2 million UCC documents on file had the borrower's name, address, Social Security number and signature. The other two-thirds of the documents were for loans to businesses, rather than individuals...

Private Tax Files Stolen From SoCo Accounting Firm
March 20, 2007
By Jeffrey Schaub
The private financial records of thousands of people are potentially at risk for identity theft after thieves stole three years' worth of tax returns from a Santa Rosa accounting firm.
Tax Service Plus has alerted up to 4,000 of its clients that all of their private financial records have been stolen. The records contained Social Security numbers, addresses, credit card information, and documents with signatures.

Laptop with city school employees' information stolen
March 16, 2007
By Andrew McGinn, Staff Writer

Nearly 2,000 current and former employees of Springfield City Schools are being notified their personal information was on a stolen laptop belonging to the state auditor's office.
The information includes the names and social security numbers of 1,950 employees who received paychecks on two dates in 2004 - Jan. 30 and Dec. 17 - and Dec. 19, 2003, according to school payroll supervisor Rebecca Scovill.

Another computer security breach at UI
March 10, 2007
Associated Press and KLEW Staff

The University of Idaho says a data file posted to the school's web site may have put at risk the personal information of approximately 2,700 university employees.
It's the third time in almost a year that the personal information of people affiliated with the school has been compromised.

News Update 3-22-07

2007-03-22T06:03:00.000-05:00

I know, this is the second post this week, but between the articles talking about an arrest being made for the TJX data theft that has been an on going issue since 2003, and the skimming of credit card numbers AND PINs from gas stations and ATMs, I just had to let you know about this (And create the longest runon sentence of my life). Grab on to the headlines and go!

FTC: Identity theft keeps expanding
By Herb Weisbaum Watch the story We all know that identity theft is a serious problem. In fact, it's the number one consumer crime in the country.Wednesday, the Federal Trade Commission told Congress that it is now getting 15,000-20,000 contacts each week from people who want to know how to recover from identity theft, or how to avoid becoming a victim in the first place.

Six individuals suspected of using stolen TJX data

Six individuals have beendetained in Florida for suspicion of fraud by using credit card information stolen from TJX. It is the first arrests connected with the theft of customer details from the company, which owns retail outlets including TJ Maxx, Marshalls, HomeGoods and A J Wright.

T.J. Maxx parent company sued in credit card hack probe

By Caroline McCarthy Staff writer, CNET News.com
Published: March 21, 2007, 3:23 PM PDT

A major shareholder in T.J. Maxx and Marshalls parent company TJX Companies has filed a lawsuit to obtain documents concerning a hacking incident that left large amounts of customer credit card data vulnerable.

Utility Worker Charged With Identity Theft

Aired 3-21-07
A former Colorado Springs Utilities worker has been arrested on suspiscion of identity theft involving at least one utilities customer. The employee had access to addresses; payment histories; social security numbers; and, bank records of thousands of customers. Company Spokesperson, Rachel Beck says, "as you might imagine it's very concerning to us and very disappointing because we take the protection of our customers information very seriously."

Guilty plea in credit card data theft
Aman who stole credit card information from customers at a major gas station chain and then took thousands of dollars from their bank accounts has pleaded guilty in federal court, prosecutors said Wednesday.
Claudiu Hotea, 34, of Orange County, used a process called skimming to steal electronic data from credit and debit cards from customers at Arco/AM-PM stations, the U.S. Attorney's Office said.

Rating apologies
Deep regrets, from TJX to ChoicePoint, about data leaks
By Jon Brodkin, Network World, 03/14/07

Exposing sensitive personal information means always having to say you’re sorry. Some people do it better than others, however.

Hot Air Swirls Around ID Theft Measure

At a Senate Judiciary subcommittee hearing on a data breach bill introduced by panel Chairman Dianne Feinstein (D-Calif.), experts looked at making key components of California's influential data breach notification statute the law of the land. EXCEPT...

Identity theft ring leader pleads guilty in federal court
By: Penne Usher, Journal Staff WriterWednesday, March 21, 2007 10:54 PM PDT
numSlides = 1;document.all["totalPhoto"].innerHTML = numSlides
Claudiu Hotea
A Romanian man suspected of orchestrating a prolific identity theft ring in Placer County pleaded guilty in federal court Wednesday.United States Attorney McGregor W. Scott said Claudiu Hotea, 34, of Orange County, pleaded guilty to credit card fraud before United States District Judge Morrison C. England Jr

We're Number One! ... For Malicious Internet Activity
By Lisa Vaas March 19, 2007

Romanian hackers, eat your hearts out: The United States has far and away the most malicious code, spam, phishing, attack and botnetwork activity on the planet, according to Symantec's most recent semi-annual Internet Security Threat Report.

Any Questions?

I saw this and Just had to post today!

2007-03-19T09:42:00.000-05:00

Symantec Sees Rise in Data Theft, Data Leakage & Targeted Attacks
IT News Online Staff
2007-03-19

For the first time, Symantec tracked the trade of stolen confidential information and captured data frequently sold on underground economy servers. These servers are often used by hackers and criminal organizations to sell stolen information, including social security numbers, credit cards, personal identification numbers (PINs) and email address lists. During the last six months of 2006, 51% of all known underground economy servers in the world were located in the U.S. U.S.-based credit cards with a card verification number were available for between $1-$6 while an identity, including a U.S. bank account, credit card, date of birth and government issued identification number, was available for between $14-$18.

Weekly Update 3-18 - 3-25-07

2007-03-18T17:23:00.000-05:00

You just couldn't make this stuff up. ID theft is a BOOMING Business. When you were making those copies of bodily parts at the office party, did you know the COPIER was storing those images? As embarrassing as that is, do you make copies of sensitive company data on public copy machines? If so your data is at risk.

How about the secretary at a lawyers office pulling ID theft on a member of the firm? With all the safeguards required by FACTA, GLB and SOX, why weren't they safe? No Plan and too much access from the employees.

To help reduce your personal risk, I encourage you to visit the Identity Shield link on the right.
If you want to reduce your companies risk of data breeches please view the link: What happens if your business looses Non Public Info?
To find out more information on helping others to protect themselves and/or their business please view: Want YOUR Own Business Helping to Protect Others?

And now without further fanfare, here are some of the stories in the news this week.

Even copy machines pose identity theft risk
By May Wong
The Associated Press
SAN JOSE, Calif. -
Consumers are bombarded with warnings about identity theft. Publicized threats range from mailbox thieves and lost laptops to the higher-tech methods of e-mail scams and corporate data invasions.
Now, experts are warning that photocopiers could be a culprit as well.

Chinese hackers wake up to malware
Criminal switch from copycats into malware authors

Tom Sanders in California, vnunet.com,
16 Mar 2007
Chinese criminals are developing their own file downloaders and rootkits
Security researchers are noticing an increase in malware originating from China, which is adding to the challenge of investigating online threats.
"The past three to four months have seen a slow increase in Chinese malware. It used to be the odd file every now and then, but it is now almost every day," Chris Boyd, director of malware research at FaceTime Communications, told vnunet.com.

ID theft suspect set up new life
Carpentersville man arrested after probe
By Gene HaschakDaily Herald Staff WriterPosted Saturday, March 17, 2007

Using a Social Security number stolen 20 years ago in California, an illegal immigrant living in Carpentersville got a job and a driver’s license, opened checking accounts, took out two mortgages, and even filed bankruptcy, police said Friday.

Secretary accused of identity theft
Authorities say she charged purchases in Louisa lawyer's name
BY ROB SEAL
MEDIA GENERAL NEWS SERVICE
Mar 17, 2007
CHARLOTTESVILLE --

A former secretary accused of using a lawyer's identity to rack up more than $145,000 in fraudulent purchases and cash was arrested Thursday on federal identity theft charges.
Authorities allege that 27-year-old Paula Jean Hufner used a computer to open two credit accounts in the name of the Louisa County attorney and to later raid his personal bank account.

Identity Theft: Do Your Employees Have Too Much Access?
AccountingWEB.com - March 14, 2007 - About a month after a woman was hired to help with receptionist duties, accounting, invoicing and filing at a small Midwest shipping company, she started calling in sick. And her absences? She needed her sick days to appear in court on other identity theft charges...

What can I do?

2007-03-10T07:23:00.000-05:00

With all the Personally Identifiable Information out and readily available, what can I do? Well, BOTH individuals AND businesses with 1-1,500,000 employees fall under the same advise.

Take reasonable steps to Properly handle personal data.
To the extent possible, make sure your computers have the proper patches for your "Operating System" and for every program you use.
Get an early warning system in place to show you when data has been compromised.
Get access to an Identity Restoration package (NOTE: I DID NOT say Insurance, Credit FREEZE or what you can do about it type information packages... more later).
If data loss occurs DO NOT GET OSTRICH SYNDROME and bury your head in the sand... TAKE MASSIVE action early to avoid future problems early.
If data loss occurs, you are probably going to need a good attorney licensed in multiple states.

In a perfect world everyone would take all these steps and everyone would be safe and secure but, the world isn't perfect, now, is it?

Please check the links on the right of this page for solutions to limit your liability and reduce your risk of being a victim.

I will be moving this back to a weekly Blog. I really have NO shortage of finding these articles. They are in Google News http://news.google.com/, Yahoo News http://my.yahoo.com/ , just create customized pages using filters or alerts for common words like "Identity Theft", Phishing, rootkits, "Data Loss -recovery" or TJX. Using this, you can find your own articles just like I have.

As they say in The X Files, "The Truth Is Out There".

Rodney Wise

News Update 3-10-07

2007-03-09T10:12:00.000-05:00

Enjoy lottery winnings before identity theft hits
Kennebec Journal - 2 hours ago
The photo not only shows his address, phone number, but also his Social Security number. Identity theft is on the increase so I was surprised you published this

Security expert able to siphon data from RFID in transit!
By Douglas Schweitzer on Thu, 03/08/2007 - 7:40am
Apparently, a security expert has accessed data from a newly issued, biometric British RFID passport. According to this article, the security expert was able to do so without the owner's knowledge, as the envelope the new biometric passport was sent in (straight from government issue), was still intact. The information on the chips within these new cards can only be unlocked with an RFID reader. The expert was able to determine the passport's key by using a combination of a 'brute force' program he wrote himself, along with personal information he was able to obtain about the passport holder.

Calif. Guard Troops' Data On Stolen Hard Drive
CBS 5 - 9 hours ago(AP) SACRAMENTO
The Navy is investigating the apparent theft of a hard drive containing the Social Security numbers and other personal information for nearly 1300 California National Guard troops deployed to the US-Mexico border.

Company X's shoestring budget caused data breach
John Webster
March 08, 2007 (Computerworld) -- Who's to Blame at Company X?
Here's a story about Company X. Company X has been much in the news lately because credit card data was stolen from its IT department. When first reported, Company X admitted somewhat belatedly that the security of possibly a million records was compromised. Recently, it disclosed that the multiple security breaches had actually extended farther back in time than originally thought. The number grew into the millions. Clearly, senior executives at Company X had no idea what had happened to its IT department. Who did it? How did they get in? For how long? What could they see? Clueless...

Lawyer sleuths out mystery around 'Winfixer'
Case of the Shady Security Software unraveling
Jeremy Kirk
March 08, 2007 (IDG News Service) --
The suit was filed on behalf of Beatrice Ochoa, a mother of two who paid $39.95 for Winfixer after it badgered her with repeated pop-up warnings that her computer had security threats. The program eventually rendered her computer's hard drive unusable, Bochner said. The suit counts another 100 anonymous victims.
"All of these people are being defrauded and they're just ordinary folks," Bochner said. "They buy a computer, they surf the Internet, they're not doing anything unreasonable and suddenly they're defrauded."

Langley warns customers of credit data theft
cflores@dailypress.com 247-4738
March 10, 2007 When Langley Federal Credit Union heard about a major breach of customer data at T.J. Maxx, the financial institution scrambled to find out whether any of its customers might have been affected.The company that processes Langley's debit and credit cards found 13,000 Langley members who'd shopped at the stores during the period. Langley decided to notify all of the affected members that their account numbers might have been stolen but didn't name T.J. Maxx because the chain hadn't gone public.Langley members are getting letters with only a mention of an unnamed retailer. So are customers of BB&T - and some of them are even getting new cards issued preemptively. But many members of other banks and credit unions in Hampton Roads and elsewhere might have heard nothing.Virginia law does not require notification of customers when their personal information might have been stolen...

TJX Breach Leads Ohio CU to Reissue Cards
Posted by Damien Weaver on Mar 06 2007 05:57:29 PST
Wright-Patt Credit Union Inc. has begun reissuing thousands of MasterCard and Visa credit and debit cards to customers after their personal information was compromised following a security breach at retailer TJX Companies Inc. [ticker: TJX].

PCI DSS auditors see lessons in TJX data breach
By Bill Brenner, Senior News Writer01 Mar 2007 SearchSecurity.com
TJX Companies Inc. violated some of the basic tenets of the PCI Data Security Standard (PCI DSS) and according to several PCI auditors, it will pay a heavy financial price. They said companies should study the TJX security breach for clear lessons on what not to do with customer data.
Roger Nebel, director of strategic security for Washington D.C.-based FTI Consulting, said fines will almost certainly be imposed on TJX because it was clearly negligent in holding onto unencrypted cardholder data, a direct violation of the PCI DSS.
Framingham, Mass.-based TJX acknowledged in January that an attacker exploited a flaw in a portion of its computer network that handles credit card, debit card, check and merchandise return transactions.

IT Confidential: Is Anyone Doing Anything About Identity Theft?
InformationWeek - 7 hours ago
Incidents of identity theft are increasing in the United States at an alarming rate, according to a survey by Gartner. Approximately 15 million Americans were victims of fraud related to identity theft in the 12 months from August 2005 to August 2006, ...

Cyber Crooks Go Phishing
MSNBC - 19 hours ago
Large websites like PayPal, eBay and Amazon have all been targeted by phishing scam e-mails in the past, but experts say these days, online consumers are seeing even more "phishy" e-mails in their in-box.

ZDNet Flickr issues security (phishing) alert
ZDNet - 17 hours ago
Flickr users, beware. Identity thieves are using fake "photo packages" to trick you into giving up your Yahoo username and password.

Paypal main subject of phishing scams
PC Retail - 18 hours ago
In light of the growing number of malicious spam attacks which often result in ID theft and financial loss, security software firm McAfee has constructed a top ten list of the most common phishing attacks that occurred during February

News Update 3-9-07

2007-03-08T11:07:00.000-05:00

When disgruntled employees get clever
Insider Threat By Ratinder Paul Singh Ahuja, Network World, 03/05/07
I've heard of disgruntled employees taking company secrets, breaking them into several documents, and e-mailing them to competitors. Is it possible to capture data if it's leaving the network in multiple formats across different ports?
As many people have discovered, what you describe really is an excellent way for disgruntled employees or other malicious insiders to smuggle sensitive and secret data out of a network without anyone noticing.

NO PHISHING: Fake e-mail targets Heritage Trust customers
Charleston Post Courier (subscription) - 19 hours ago
The e-mail, which bears the subject "Error in your billing information," is an example of a "phishing" scam, the purpose of which is to dupe Heritage customers into providing the passwords they use to access their accounts online.

Census Bureau Admits To Data Breach As ID Theft Levels Climb
By Martin H. Bosworth
ConsumerAffairs.Com
March 8, 2007 The U.S. Bureau of the Census has admitted to posting the personal information of 302 households on a public Web site over a six-month period between 2006 and 2007.
The posted information included names, dates of birth, addresses, and income levels, but not Social Security numbers, according to Ruth Cymber of the Bureau's Public Information Office.

The Census Bureau had previously disclosed that its employees had "lost or misplaced" 672 laptop computers between 2001 and 2006. 241 of those laptops contained personally-identifying information. The Commerce Department, which oversees the Census Bureau, "lost" 1,137 laptops in the previous five years.

Education is the key in guarding against ID theft
Friday Flyer - 10 hours ago
Regularly frequented businesses can also be a source of identity theft, especially if the victim has paid using a debit or credit card. Unscrupulous employees may copy the number from credit and debit cards used to pay for goods or services in order to ...

Security experts help companies comply with identity theft protection laws
FACTA was originally created in 2003 in an attempt to protect consumers from discrimination and identity theft and to regulate merchants on protecting private consumer information. Since 2003, identity thefts have increased in both quantity and severity, and Internet merchants have experienced increasing breaches of security.In an attempt to curb the rising security risks, the Federal Trade Commission (FTC) has put compliance regulations in place, holding businesses accountable for security breaches. However, many companies don’t know about the regulation or how to protect against identity theft, Felten said.

ID Theft Is Exploding In The U.S.
The number of victims and the amount stolen are both ballooning, according to a new study.
Identity theft is exploding in the U.S., with 15 million Americans victimized in just a 12-month period, according to a new study.
The amount of money that is being stolen from them is on the rise, as well, more than doubling between 2005 and 2006, Gartner analysts report in a study. And more of what they're losing is staying lost. The report also shows that people managed to recover 87% of what was stolen from them back in 2005, but in 2006 that number dropped to 61%.
"Hackers are exploiting Internet auctions, non-regulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams," said Avivah Litan, a VP at Gartner, in a written statement. "The thieves have also discovered the weakest links in the U.S. payments systems. Typically the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves."
Gartner's survey of 5,000 online U.S. adults in August 2006 showed that the rate of identity theft has jumped by 50% since 2003 when the Federal Trade Commission reported that 9.9 million Americans had been victimized. The average loss was $3,257 in 2006, up from $1,408 in 2005.

Daily Update 3-8-07

2007-03-08T07:55:00.000-05:00

Identity Theft Passing Drug Trafficking As #1 US CrimeFamily Security Matters - 4 hours agoWhile, according to the US Federal Trade Commission, it takes 12 months on average for a victim of identity theft even to notice the crime, it was in the flash of a bank statement that Cathy learned of hers

Identity theft a big problem in the US
Published in: Legalbrief Today
Date: Thu 08 March 2007Category: GeneralIssue No: 1781
Seven defendants pleaded guilty in Corpus Christi recently to charges of selling their birth certificates and Social Security cards for $100 each

Annual report concludes that malware increased 172% in 2006Posted on 05 March 2007.
The number of malware detections in 2006 was 172 percent up on 2005. PandaLabs’ 2006 annual report (registration required) explains this growth and other aspects of the current malware situation.

60% Rise in Rootkit-based Malicious Code in 2006
PR Newswire (press release) - 1 hour ago
Rootkits are programs that use stealth techniques to prevent malicious code from being detected by traditional security and system administration solutions such as antivirus or anti-spyware software.

Visa summit will counter data breach hype
InfoWorld - 18 hours ago
Credit-card payments giant Visa is hoping to shed new light on problems like consumer data theft and identity fraud through a conference that will bring together leaders from the business, government, and technology communities to discuss security for ...

ID theft forecast: gloomy today, worse tomorrow
Computerworld - 15 hours ago
Of those surveyed who knew or suspected the cause of the identity theft, data breaches led the charge with 15%. "Banks eat the fraud there," said Litan, at least for now.

Gartner: IT departments lack finances to protect data
By Bill Brenner, Senior News Writer06 Mar 2007 SearchSecurity.com
Data breaches like the one TJX recently disclosed are starting to take a heavy toll on consumers, according to the newly-released results of a Gartner Inc. survey.

Personal Security and Identity Theft Expert Repeats His Call for ...
openPR (press release) - 18 hours ago
The Privacy Learning Institute has featured Siciliano, a longtime speaker on identity theft. Author of "The Safety Minute: 01," Siciliano has discussed identity theft and data security on CNBC, on NBC's "Today Show," FOX News, and elsewhere.

Phishing victims increase by 20%
Independent Online - 2 hours ago
The number of bank customers falling prey to thieves through "phishing" is on the rise, largely because of people using internet cafes for their online banking, says Neville Melville, outgoing ombudsman for banking services.

Phishing scam uses other phishing scams to steal personal information
SC Magazine - 14 hours ago
The phishing email asks recipients if they’re a party to a high-end business transaction, have been told they’re lottery winners, have overdue contract funds or promised large sums of money, researcher Eric Chien said on the Symantec Security Response ...

ID theft is exploding in the US
iT News - 12 hours ago
Unauthorised charges to credit cards rose nearly fourfold from an average of US$734 in 2005 to US$2550 in 2006, Gartner reports.

Dodging the Perils of Online Shopping
TechNewsWorld - 1 hour ago"
As a former victim of ID theft, I feel safe using my regular credit card for my purchases, because I look carefully at my bills and question anything I don't recognize immediately -- before I pay the bill," says attorney Frank.

READ IT: Thwarting Credit Card Fraud
MyFox Milwaukee - 12 hours ago
WITI-TV, MILWAUKEE --
Two restaurant chains are tackling credit card and identity theft. The Ruby Tuesday's chain and Hooters restaurants will begin using more secure systems

Ex-Little City aide accused of scheme using patient's IDChicago Tribune - 1 hour agoHinkle opened at least four credit-card accounts and told police he spent the money on utilities and other bills, she said.

Teen cited for using stolen credit card
Gateway Newspapers - 22 hours ago
A Carnegie teenager was charged late last month with theft and a related charge following the use of a stolen credit card. Joss Deuerling, 18, also faces a charge of access device fraud. He is charged with using a stolen credit card at the BP gas ...

Report: Some Companies Lose Data Six Times a Year
eWeek - 15 hours ago
The second most common channel of data loss was through e-mail, IM and other electronic means. Software applications, including databases and the systems they work on, came in as the third most frequent channel through which data is being lost.

News Update 3-7-07

2007-03-07T08:15:00.000-05:00

Black Hat Demonstrations Shatter Hardware Hacking Myths
John Heasman from Next Generation Security Software demonstrated a rootkit that hides itself in firmware. Completely erase the hard drive, reinstall the OS, and the rootkit is right back where it was before your exercise in futility.

Chamber focuses on identity theft, fraud
Olney Daily Mail - 15 hours ago
The seminar was to educate local business owners on identity theft and identity fraud and on how to protect themselves and their businesses against such crimes, said Chamber Director Jessica Akes.

Great Falls woman sentenced on wire fraud, identity theft charges Is this happening in small towns? (ED)
Great Falls Tribune - 1 hour ago
Misty Ilene Ray, 26, pleaded guilty to wire fraud and aggravated identity theft, the US attorney's office said. Between Jan. 8, and June 21, 2005, Ray and an accomplice completed loan documents without customer approval while working at B & R Check ...

Study: Identity theft keeps climbing
ZDNet - 19 hours ago
By Caroline McCarthy, CNET News.com.
The rate of identity theft-related fraud has risen sharply since 2003, a new report from Gartner Research suggests. ...

ID Bill
March 5, 2007
Related Items: Senate Bill 3034
Identity theft bill nears approval
By Natalie Chandler
A bill that would allow identity theft victims to freeze their credit appears close to becoming law.Senate Bill 3034 would require victims to show a police report and pay $10 to credit agencies before their credit could be frozen. The bill has received House approval. States such as Florida and Louisiana have laws that permit anyone to freeze their credit for a reasonable fee. The service is free to elderly residents and identity theft victims. "This bill is a reasonable compromise," Sen. Nolan Mettetal, D-Sardis, said

COMMENT:
Now I am going to carefully climb up on a soap box so as to not hurt myself when I fall off it. Senate Bill 3034 provides for a credit freeze. (In my best Columbo voice and trench coat) "Just one more thing mam, there is just one thing that is bugging me about his... If your credit is frozen, your bank account is frozen, then how do you get access to it? It is a little chily in here, do you mind turning up the heat?

News Update 3-06-07

2007-03-05T16:06:00.000-05:00

Hacker suspected behind massive virus
Virus hits "The State" Newspaper in Columbia SC...
From information gathered it sounds like this virus might be Rinbot:
"They're using [the worm] for spam," says Ullrich, noting that Rinbot is "rather well entrenched" and hard to get rid of. "They're spamming for money. They're being hired out." The malware looks to open backdoors, connecting to remote servers and enabling a hacker to control the machine remotely.

Google Continues to Show Private Data
Korea Times - 3 hours ago
The leakage and illegal use of the information-packed citizenship numbers have generated concerns that it makes identity theft easy. Identity theft is one of the fastest-growing crimes in the digital age. Last July, the Ministry of Information and ...

Trooper: Identity theft on rise because it's getting easier to do
Oil City Derrick - 8 hours ago
That was the message from Trooper David Wargo of the state police Franklin barracks who warned Oil City Rotary members of the dangers of identity theft during a presentation at the club's Monday meeting. Simple scams like printing and using fraudulent ...

Hashes could be only half the security recipe
GCN.com - 19 hours ago
Or there could be “invisible” files, hidden from systems administrators, such as keystroke loggers, that intend to carry out some malicious assignment.

Identity theft syndicate smashed
The Age - 6 hours ago
A 24-year-old Southbank man has been arrested and named as the alleged key figure in one of Australia's largest identity crime syndicates. Edy Kuswoyo was arrested yesterday at his Southbank premises by Australian Federal Police as part of Operation ...Alleged ID theft ring head arrested NEWS.com.auall 10 news articles »

Knoxville police and postal inspectors search for identity thief
WATE.com - 13 hours ago
There are at least ten victims that they know of. If you have any information, please call Knoxville police investigators at 215-7149.Police seek identity theft suspect Knoxville News Sentinel (subscription)An identity thief is at work in Knoxville WBIR-TVall 4 news articles »

Identity theft can happen to anyone
Cleveland Daily Banner - 15 hours ago
Identity theft and fraud are not faceless crimes in the electronic money world. Each is a crime which can happen to anyone.

Identity theft prevention seminar planned in Wyoming
Community Press - 19 hours ago
WYOMING - The Wyoming Police Department is sponsoring a free Identity Theft Prevention Seminar at 7 pm Wednesday, March 14, at the Wyoming Civic Center, 1 Worthington Ave.

Identity Theft - Defendant Sentenced For Conspiring To Commit ...
Lawfuel (press release) - 15 hours ago...
was sentenced today by United States District Court Judge Kenneth L. Ryskamp in West Palm Beach, after having pleaded guilty earlier to conspiracy to commit computer fraud and identity theft in connection with the Accurint database intrusion.

New phishing scam revealed
ihotdesk - IT News - 18 hours ago
Firms and individuals have been told to be on the look out for a new phishing scam. The New York State Consumer Protection Board (CPB) is warning people to be wary of emails that are titled: "Phishing: Security measures." ...

'Attacks moving beyond phishing & ID theft'
Moneycontrol.com - Mar 5, 2007
Today's attacks are moving beyond phishing and ID theft on the individual scale. Attackers are targeting large repositories of IDs and credit cards.

Keeping your card safe
Marketplace - 13 hours ago
Credit card use is up at most retailers - including the nearly 1 million restaurants in this country. And in an age where identity theft is rampant, pressure's rising to make using those credit cards safer. Marketplace's Lisa Napoli reports one ...

Better security seen for credit cards
Financial Express - 18 hours ago
American financial institutions also are starting to offer similar so-called smart cards that promise to better protect consumer data following credit- and debit-card theft from retailers such as TJX Cos. and Stop and Shop Supermarket Cos.

Daily News Update 3-5-07... 50 NEW articles in the last 5 days!

2007-03-05T09:08:00.000-05:00

Identity Theft and Employer Liability
CummingHome.com - 1 hour ago
Through this program businesses, small or large, can learn about their risks for non-compliance with federal legislation regarding identity theft and data breaches. Statistics show that nearly 87% of business owners aren't aware that these laws affect ...

IP Theft Plagues Third of Surveyed Companies
Cellular-News - 25 minutes ago
The research, conducted by the Enterprise Strategy Group found that one-third of the enterprises surveyed acknowledged loss of sensitive data in the last 12 months, while another 11% were unsure whether a breach occurred.

How do we tackle data theft?
ElectronicsWeekly.com - Feb 27, 2007
The number of instances of data theft has increased exponentially in recent years, and even months. Over 98 million data records of US residents have been exposed due to security breaches since February 2005, and the trend is set to replicate in Europe ...

Identity Theft and Employer Liability ADRS is featured here! We make the news!
CummingHome.com - 1 hour ago
The Federal Bureau of Investigation calls identity theft an "increasingly insidious and pervasive problem" that can threaten virtually anyone.

Report: Plugging Data Leaks Is High Priority
eWeek - 2 hours ago
As for the biggest perceived threat when it comes to data loss, either malicious or sloppy insiders scare the respondents the most.

Study: college students most at risk for identity theft
The Massachusetts Daily Collegian - 8 hours ago
A research group has concluded that college-aged individuals of today's tech-savvy generation don't use their talents to protect against identity theft. In a recent study conducted by Javelin Strategy and Research - an organization that carries out ...

Area veterans sound off on identity theft
Altoona Mirror - 8 hours ago
Foy, vice president of the Vietnam Veterans of America Chapter 967 in Altoona, said the organization does everything it can to prevent identity theft of local veterans. When a veteran submits papers to the chapter, the information gets shredded within ...

White Supremacist Gang Gains Clout
CBS News - 22 minutes ago
The Aryan Brotherhood has long been the dominant white supremacist gang behind bars, with the Nazi Low Riders acting as its foot soldiers on the outside for drug dealing and identity theft. In 2000, officials reclassified the Low Riders as a ...

Legislators consider driver certificate ban, tougher identity ...
Oak Ridger - 10 hours ago
“More important, agencies may not charge fees to identity theft victims who request freezes on their reports. Resellers of credit information are also barred from ordering frozen reports

Young adults are likely ID theft victims
Patriot-News - 8 hours ago
Identity theft is a common problem, particularly for young adults and college students, authorities say. From 2003-2005, almost 30 percent of identity theft victims were ages 18 to 29, according to the Federal Trade Commission

Elertz web-based broadcast battles concerns over spam and phishing ...
Security Park - 16 minutes ago
Latest figures reveal that around 95 per cent of e-mail today is spam or phishing scams and more than 2500 new phishing sites are created each month. Businesses are finding it increasingly hard to communicate directly with customers as inboxes become ...

'Attacks moving beyond phishing & ID theft'
Moneycontrol.com - 3 hours ago
Today's attacks are moving beyond phishing and ID theft on the individual scale. Attackers are targeting large repositories of IDs and credit cards.

"Phishing" Scam Takes New Tack
Consumer Affairs - 19 hours ago
E-mails sent during February appeared to be from Chase Bank with the subject line reading "Phishing: Security Measures.

Something Fishy in Your Email?
East West Magazine - 31 minutes ago
Unfortunately, however, millions of unsuspecting Internet users without sons who write tech columns fall prey to “phishing” every day, willingly providing personal information such as social security numbers, credit card numbers, PINs - even mothers’ ...

Restaurants tighten credit card security
WKYC-TV - 36 minutes ago
Late last year, several dozen retailers, including California Pizza Kitchen and El Pollo Loco, were named in identity theft class-action lawsuits for violating federal law that requires retailers to truncate credit card numbers on receipts.

Police: City woman stole credit card, spent $6000 Sound like a small town to me (ED)
Newington Town Crier - Mar 2, 2007
A 37-year-old New Britain woman was arrested Monday after police said they were able to connect her with a July 2006 credit-card theft in which more than $6000 was charged to several cards belonging to a Newington resident.

The news is full or reports of ordinary people having their identity stolen. Don't be a victim.Get an ID Shield Today!

Daily News Update

2007-03-04T07:46:00.000-05:00

8th Circuit upholds conviction in Acxiom data-theft case
Kansas City Star - Feb 21, 2007
Data stolen included names, telephone numbers, street addresses and e-mail addresses, along with highly detailed demographic information.

Debit card holders feel data-theft fallout
MaineToday.com - Mar 1, 2007
The customers have card numbers that Visa has identified as affected by the theft of information from TJX. The bank has 1 million debit cards in circulation.

Here is a PARTIAL List of Data Loss for 2006
HAVE YOU SONE BUSINESS WITH ANY OF THE COMPANIES LISTED?
From: The Identity Theft Resource Center (ITRC), a nonprofit, nationally respected program dedicated exclusively to identity theft It provides consumer and victim support and advises governmental agencies, legislators and companies about this evolving and growing crime.

Greenville, SC School District - 1000 Teachers and 100,000 Students Records Breached
Announced January 20th, 2007
Greenville, SC School District1000 Employees and 100,000 StudentsSchool district leaves personnel records behind during renovations
Governing Privacy Law or Rule - State Laws
Associated Press GREENVILLE, S.C. -
Boxes of personnel records - including the Social Security numbers of thousands of teachers - were accidentally left behind by the Greenville County school district when it vacated its office for renovations, officials say.

Group offers settlement in lawsuit over student records
WH Group wants school district to return money, apologize
Published: Friday, March 2, 2007 - 5:53 pm
By Ron Barnett
STAFF WRITER
The two men who found thousands of Social Security numbers on computers they bought from the Greenville County Schools district want the district to give their money back for the computers, to pay their legal costs -- and to publicly apologize to them.

Stealing IDs for food
Finance24 - Feb 13, 2007
Keystroke logging "has become a lot more prevalent", Litan said. That's when thieves download software onto an unwitting victim's computer, then capture what the victim types, including passwords and other sensitive information.

Nationwide under fire for customer data loss
SC Magazine - Feb 20, 2007
Nationwide Building Society could have easily and cheaply avoided the financial loss and reputation damage it suffered recently when one of its laptops containing the details of nearly 11 million customers was stolen, it was claimed today.

Identity Scoring: New Defense Against Data Breaches
By now, you're probably familiar with the scenario: A major retailer or private institution is hit with a hack that compromises the stored data of thousands of individuals. Names, debit and credit cards, and Social Security numbers are up for grabs to the highest bidder.
The breached institution offers credit monitoring to the affected individuals, along with a perfunctory "We're sorry" letter, and life goes on. However, credit monitoring services fail to pick up some of the most common and dangerous forms of fraud and identity theft. The danger for breach victims goes well beyond what credit monitoring detects. [More...]

Developing Best Practices to Combat ID Theft, Part 2

Sunday - March 4, 2007Approximately 10 million Americans fall victim to identity theft each year, a statistic that is expected to increase despite the diligent efforts of government and institutions to turn the tide. Leading IT security providers are arguably in the best position to understand the nature and scale of the problem, as well as ways they are working to help organizations and individuals prevent ID theft. "ID theft is a huge problem," said Craig Schmugar at McAfee Avert Labs. [More...]

The news is full or reports of ordinary people having their identity stolen. Don't be a victim.Get an ID Shield Today!

Daily News

2007-03-03T05:51:00.000-05:00

iDefense: New attack blends rootkits with HTML-injections to phish ...
SC Magazine US - 8 hours ago
An organized crime network is distributing new malware that takes advantage of rootkits and a state-of-the-art HTML injection to phish consumers on the fly as they browse the Web, a new report from VeriSign's iDefense warned on Wednesday.

Firmware rootkits are the latest threat
ZDNet - 11 hours ago
Firmware rootkits aren't an imminent threat, but Heasman's demonstration shows that we can't ignore the firmware in systems anymore.

A Conversation with Jamie Butler
ACM Queue - 11 hours ago
Although that debacle increased general awareness of rootkits, the technology remains the scourge of the software industry through its ability to hide processes and files from detection by system analysis and anti-malware tools.

Is my computer really 'clean?'
Norman Transcript - 5 hours ago
The war against malware (short for "malicious software") like viruses, spyware and rootkits is a constant cat-and-mouse game between malware writers and distributors (the "bad guys") and those who write, update and use antivirus and antispyware ...

Ottumwa police hold seminar on identity theft
Ottumwa Courier - 5 hours ago
OTTUMWA - Identity theft is America’s fastest growing criminal act and southern Iowa is starting to see more cases. At a seminar Friday, Ottumwa Police Department Investigator Noah Aljets said there are at least three current investigations in the area ...

Twelve Ways to protect yourself from Identity Theft
Digital Home - 13 hours ago
March is fraud prevention month in Canada and privacy guardians are joining together in their respective roles to call for renewed efforts in the fight against frauds such as identity theft. In this article, Digital Home examines what identity theft is ...

Identity theft creates major headaches
Ottumwa Courier - 5 hours agoBy MARK NEWMAN Courier staff writer. FAIRFIELD -
When he gets angry, Alex Ortega gives off the energy of a man who won’t back down from a fight.

Better Business Bureau Warns of Phishing Scam Using Their Name
WIBW - 15 hours ago
The e-mails contain a false return address of consumer-complaints@bbb.org and a phishing hyperlink citing a BBB complaint case number, eg "DOCUMENTS FOR CASE #BBA749BED0".

The news is full or reports of ordinary people having their identity stolen. Don't be a victim.
Get an ID Shield Today!

Are ATMs Totally Safe?

2007-03-02T14:56:00.000-05:00

We were warned about this when I worked at NCR fixing ATM machines at banks.

Lebanese Loop Used in ATM Thefts

Rodney Wise

News From the Web

2007-03-02T14:43:00.000-05:00

Proposal could help victims of identity theft , mistaken identity But it seems to take an act of congress to accomplish it (ED)
KOB-TV - 2 hours ago
Senate Majority Leader Michael Sanchez of Belen says the measure would help people who had been wrongly arrested for a crime, including victims of identity theft who might initially be accused of wrongdoing. Sanchez had helped a young man who applied ...

Strom rages again: Self-morphing Trojan uses blogs to spread rootkits
SearchSecurity.com, MA - Feb 27, 2007By Bill Brenner, Senior News Writer.
Secure Computing Corp. warned Tuesday that attackers are using a new variant of the Storm Trojan horse to insert ...

Valentine's Day emails hiding viruses and rootkits
TG Daily - Feb 14, 2007
Valentines' Day isn't all about hugs and kisses and some hackers are taking advantage of the day by sending virus and rootkit-laden emails masquerading as love letters.

FTC: Pop-up Ads, Failure to Disclose Rootkits Are Bad Business Ya think??? (ED)
CSO - Feb 19, 2007
Over the past few years, computer crimes and annoyances have become an increasingly important part of the US Federal Trade Commission's work.

http://www.honoluluadvertiser.com/apps/pbcs.dll/article?AID=/20070302/NEWS06/703020364/1010/NEWS
Leticia-Mae Liwayway Pitts, 32, is accused of making purchases of $2,938 from a jewelry store and $1,490 and $5,010 from a hardware store on credit cards she allegedly established using the identity of a woman, 34. Pitts was being held on $50,000 bail.

Identity Theft: How To Protect Your Tax Information
eMaxHealth.com - 3 hours ago
With identity theft cases on the rise, the California Tax Education Council (CTEC) is warning you to take extra precaution this tax season.

Tax information can expose filers to identity theft
Denver Post - 17 hours ago
James T. Ahler, executive director of the NC Association of CPAs, said that the group is offering more seminars about identity theft . It has had an array of speakers, including FBI agents who specialize in ID theft and ex-cons who share how they were ...

Warning about phishing e-mails wait... didn't the FTC say it was BAD for business??? (ED) Tucson Citizen - 10 hours ago
For the second time in less than a month a phishing attack has been launched nationwide using the Better Business Bureau name.

KFOXtv.com Consumer Watch: Experts Warn To Ignore Bait With Phishing Schemes
KFOXtv.com - 14 hours ago
It's called phishing, and Consumer Reports National Research Center estimates it has cost victims $630 million over the past two years.

Phishing scams pose constant threat
Vero Beach Press-Journal (subscription) - 12 hours ago
Bank of America spokesperson Betty Riess confirmed Thursday what Stewart suspected - her husband was likely the target of a type of e-mail scam known as phishing. By Thursday afternoon, the official-sounding recording at the number was gone, ...

Credit card offers pose risk for identity theft
KOAA - 16 hours ago
Credit card fraud is the number one type of identity theft in the country and the pre-approved credit card offers that companies send through the mail could be trouble.

Police say credit card theft ring stretches from Frankfort to Nigeria
WAVE - Feb 28, 2007
Police in Frankfort think they've busted a credit card theft ring right here in the Bluegrass. They're not sure how many victims are out there, and they're urging you to take a close look at your bills.

Warren man, 54, admits stealing mail, police say
Youngstown Vindicator - 12 hours ago
The money orders were forged and used to pay on his personal credit card and a credit card account he opened under a false name, Krafcik explained.

Doctor falls victim to ID theft
Independent Online - 7 hours ago
Mkgoro, who lives in Pinetown, first noticed that something was amiss when she received confirmation earlier this year that she had activated a credit card with Kulula Credit. Mkgoro had not applied for the card, which came with a R36 000 credit limit.

Lingerie purchased with stolen credit card
Napa Valley Register - 4 hours agoA Campbell resident called Calistoga police to report a credit card was fraudulently obtained in his name, Calistoga Police Chief Jonathan Mills said.

At Tax Time, Tax Man Isn't The Only Worry
CBS News - 8 hours ago
Gibson, along with other security experts, worries about "keystroke loggers" - malicious software that can be surreptitiously installed on a PC to record everything the user types, including of course user names, passwords and, in the case of tax ...

The news is full or reports of ordinary people having their identity stolen. Don't be a victim.Get an ID Shield Today!

Why I am Blogging

2007-03-02T14:31:00.000-05:00

I have been a computer tech and on the net since 1992. As early as that, I became aware of viruses on the net. Now, viruses are still a problem, but we have to also protect ourselves from Keystroke Loggers, Rootkits, and "Loader" programs. All of these can be used to steal credit card info, banking info, medical data, Social Security Numbers, and Drivers License Numbers from you. These are the tools of Identity Thieves. There impact can be devastating.

The purpose of this Blog is to inform you and show you what you can do to mitigate your risk of becoming an Identity Theft Victim. I am not a lawyer. I am NOT telling you that by being informed and using layered defenses, that you will always be totally protected and safe on the Internet or from Identity Theft.

The ONLY way I know to REALLY do this is to go to a cabin in the woods, use no electricity, a computer, or paper (yes even toilet paper as someone could get your DNA), use locks and doors like banks use (only the ones that have never been broken into... oh wait, I can't name one. Can you?), have a lifetime supply of safe food, water, and medical supplies and DO NOT TALK TO, OR WRITE ANYTHING DOWN. Now FYI, you will probably go insane in short order and be labled a wackjob (Did I mention the tinfoil to prevent them from stealing your thoughts?), so I am NOT suggesting you follow that idea. I am just saying the only way to be totally safe is complete isolation and if Al Gore is right about Global Warming, an Asteroid hits the Earth, aliens take over the planet, the sun explodes, the poles shift, OR... (YOU GET THE PICTURE YET?) then you are relatively safe being totally isolated.

I will try to provide you with news, and practical ideas.
What you decide to do with them is up to you.

The news is full or reports of ordinary people having their identity stolen. Don't be a victim.Get an ID Shield Today!

Rodney Wise