in Search

ID theft

All about how it happens and how you can keep it from happening to you.

February 2009 - Posts

  • Summary of the 2008 FTC report on identity theft

     

    The Federal Trade Commission’s annual report on fraud and identity theft was just released and it’s full of discouraging if not unexpected news.

    The Consumer Sentinel Network Complaint Data Book shows 313,982 complaints in 2008, a 20% increase in reported identity theft over 2007.

    Among the other significant findings reported:

    • Credit card fraud (20%) was the most common form of reported identity theft followed by government documents/benefits fraud (15%), employment fraud (15%), and phone or utilities fraud (13%). Other significant categories of identity theft reported by victims were bank fraud (11%) and loan fraud (4%).
    • Government documents/benefits fraud is now the second most common reported type of identity theft after credit card fraud. Fraudulent tax return-related identity theft, a subtype of government documents/benefits fraud, has increased nearly six percentage points since calendar year 2006.
    • Electronic fund transfer-related identity theft continues to be the most frequently reported type of identity theft bank fraud during calendar year 2008, despite declining since calendar year 2006.
    • Arizona is the state with the highest per capita rate of reported identity theft complaints, followed by California and Florida.
    • Only 35% of those who filed identity theft complaints with the FTC contacted their local law enforcement agencies. Those consumers who did report their identity theft incidents to a local agency might have experienced frustration; 73% of the time, the police didn’t take a report.

    If your identity is stolen take the following steps:

    • Contact your credit card companies, bank and any government agency that issued stolen government documents—for instance if you discover that someone is using your Social Security number for employment purposes, contact the Social Security Administration.
    • Contact all three credit reporting agencies and place a fraud alert on your credit records. Place a reminder in your calendar that the fraud alerts must be renewed every 90days.
    • Contact local law enforcement and insist that they make a report. Keep a copy of the report in your files.
    Posted Feb 27 2009, 08:40 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • File-sharing software should be called identity sharing software

    A friend of mine has told me more than once how dangerous file sharing software is. I didn’t pay much attention because I don’t download music, so it didn’t make much of an impression on me. Sometimes I have to see it to believe it, but after what I was this morning, I’m a believer.

    There was a segment on The Today Show this morning that featured a New York state family with two teenage girls who frequently downloaded and shared free music using the family’s PC. It’s such a common thing to do, the parents never made the association when their $2,000 federal income tax return was electronically intercepted and stolen last year.

    Identity theft prevention expert and LifeLock CEO Todd Davis likened having those file sharing software programs on your computer to leaving the keys in an unlocked car … with the windows down.

    Natalie Morales did some checking of her own and found that with that software she was able to find the family’s income tax forms online (think: Social Security numbers, dates of birth, bank account numbers, retirement account numbers …). Even more frightening, the files containing the family’s tax forms were found in four foreign countries, including Nigeria and Poland, known centers of organized identity theft rings.

    Then she went a step further and, in the state of New York alone, was able to find 25,000 student loan applications and 600,000 credit reports.

    Posted Feb 27 2009, 01:11 AM by IdentityTheft with 1 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Breaking up is easier when she steals your identity

    Feelings get hurt when romantic relationships end; a little bit of drama is practically inevitable. Some people are better at avoiding drama at the end of relationships than others, though, and some people are really bad at it. Take Tracy Rankin, of Fargo N.D. for instance. She falls into the category of people who are really bad at it.

    The former day care operator used two stolen identities to take out at least seven credit cards and run up a tab of more than $76,000.

    One of the stolen identities was that of her former boyfriend, Arlen Tenold.

    Rankin made an appearance in federal court today, and pleaded not guilty to five counts of mail fraud and two counts of identity theft. Arlen Tenold was there too. He says the debt Rankin is accused of accumulating in his name has been financially devastating, and that that he nearly lost his house because of it.

    It’s not uncommon for victims of identity theft to know the people who steal their identities. Tenold probably gave Rankin plenty of opportunities to gather the information she needed. Mail left lying casually around, openly sharing information like Social Security numbers, wallets left on the dresser, personal documents left in unlocked desk drawers—people make it easy for criminals to steal their identities.

    Rankin will go to trial in May and her future will be determined then. If convicted, she could face as much as 20 years in prison and $250,000 in fines.

    Tenold’s future probably holds a long string of girlfriends who just can’t get past his paranoia and financial problems.

    Posted Feb 26 2009, 08:59 AM by IdentityTheft with 1 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Starbucks' data breach leads to class action lawsuit

    Until now the most memorable lawsuit relating to coffee involved McDonald’s and a lady with a scalded lap. But there’s another lawsuit brewing in response to Starbucks second data breach. (I can only apologize for the puns; I can’t stop myself.)

    One of the 97,000 employees whose information was contained on a lost laptop is steamed enough that she’s filed a class action lawsuit against the grande coffee purveyor. The lost information contained employees’ names, addresses and Social Security numbers—in short, all the information an identity thief needs to steal an identity.

    The lawsuit accuses the company of fraud and negligence, and asks that Starbucks be made to offer five years of free credit monitoring and that they be made to submit to periodic security audits of their computer systems.

    Though the plaintiff, Laura Krottner, has not become an identity theft victim as a result of this data breach, she has asked for unspecified damages. A precedent for payment of damages related to a data breach without identity theft was set in January when the U.S. Department of Veterans Affairs agreed to a $20 million settlement in a class action suit. The plaintiffs argued that the stress and anxiety of having their personal information stolen was damaging enough.

    In 2006 Starbucks notified 60,000 current and former employees that their personal information was contained on two laptops that had gone missing.



     

    Posted Feb 25 2009, 01:03 AM by IdentityTheft with 1 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • University of Florida: 3 hackings in 3 months; 6 data breaches in 15 months!

    University of Florida has suffered another huge data breach, the third in three months. In the most recent data breach, the personal information of more than 97,000 students, staffers and faculty members was compromised.

    That any organization should lose control of their constituents’ information three times in three months is shocking, but that all three of the data breaches should be the result of successful attacks by hackers is outrageous. Even more egregious is the fact that if you look backward in time beyond these three data breaches, you’ll see that this is the sixth data breach of University of Florida information in the last 15 months.

    Six data breaches in 15 months! Details are as follows:

    • November, 2007: The information of 534 former UF students was inadvertently posted on a website. Social Security numbers were included in 415 of the students’ records.
    • May 2008: An assistant professor of plastic surgery gave away a laptop that contained the photos, names, dates of birth, Social Security numbers and Medicare numbers of 1,900 of his patients.
    • June 2008: The personal information, including names, addresses and Social Security numbers of 11,300 current and former students was inadvertently posted on a website.
    • November 2008: Hackers accessed the personal information of 330,000 dental patients. The compromised information included names, addresses, birth dates and Social Security numbers of patients who had dental work done at the College of Dentistry as long ago as 1990.
    • January 2009: The Social Security numbers of 101 “users” might have been accessed because of a directory service configuration error. The University data breach notice provides no further details such as who the “users” were, or what other personal information might have been accessed.
    • February 2009: 97,200 students, staffers and faculty members placed at risk of identity theft because the University of Florida allowed hackers to access personal information for the third time in three months.

    Posted Feb 23 2009, 10:55 PM by IdentityTheft with 1 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Esther Reed receives 4-year sentence after 10 years of stolen identities

     Esther Reed dropped out of high school, attended Harvard, Columbia University and California State University, Fullerton. She was a chess tournament champion and a valuable addition to the debate teams at CSU Fullerton and Harvard. She was widely regarded as being very intelligent, if a little “off.”

    Natalie Bowman graduated from Harvard, and is currently a med student at Columbia. Bowman was also on the debate team at Harvard, but graduated before Reed arrived there.

    Brooke Henson was a pretty girl who grew up in the small town of Travelers Rest, SC, got involved with a dangerous man and went missing in July 1999 and was never seen again.

    Esther Reed used the identities of the other two women and many others to escape family dysfunction, and maybe herself, according to her attorney, Ann Fitz of Atlanta. Though Fitz’s theory might be on target, it didn’t work as a defense; Reed was sentenced last week in a South Carolina federal court to four years in prison for stealing their identities and receiving more than $100,000 in student loans in their names.

    When Reed was arrested she was still using Henson’s identity. Her fraud was so complete she was even able to answer personal questions about her life in the Henson family, and convinced the New York police detective who interrogated her that she fled South Carolina to escape domestic abuse. Nonetheless, he contacted the Henson family to let them know that their daughter and sister was alive and well.

    Lisa Henson, Brooke’s sister, recounted her family’s elation on hearing of Brooke’s well being, and their emotional devastation on learning the truth. She asked the judge to punish Reed with the longest possible prison term for the torture she put the Henson through. She attended Reed’s sentencing last week and after hearing the judge deliver a four year sentence she said didn’t think Reed had gotten a long enough sentence.

    “She should be locked up and never see the light of day again for what she put us through,” she said.

    Posted Feb 19 2009, 10:28 PM by IdentityTheft with 2 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Identity theft, methamphetamine and gambling

    Sometimes identity thieves are petty criminals, taking advantage of an opportunity that presents itself in the form of a lost wallet or carelessly junk mail. But often, identity theft is just part of wider criminal activity.

    Stolen mail, credit card templates, methamphetamine and slot machines: that’s what investigators found a couple weeks ago when they busted a home nicknamed “the Castle” in San Francisco.

    It’s not uncommon for criminals involved in identity theft to diversify their operations, using the proceeds from one arena of criminal activity to finance another. At the Castle, that meant taking stolen mail from drug addicts, and paying them off in methamphetamine. Money made from gambling at the small time, after hours casino no doubt contributed to the funds needed for the crime ring leaders to buy more meth.

    Members of the Santa Clara County Rapid Enforcement Allied Computer Team found mail from at least 15 victims at the Castle. Apparently mailboxes belonging to the affluent residents of areas like Santa Clara and San Mateo counties were the favorite targets.

    Personal and financial information—names, addresses and credit card account numbers—found in the stolen mail was then coded onto magnetic strips and embossed onto blank plastic credit cards. The fraudulent credit cards could then be used to purchase merchandise, which could then be sold to make more money.

    The Castle and its residents were under investigation for roughly a year after police got information from informants about the illegal activity conducted there. Twenty-seven people were in the home when police made the arrests.

    Posted Feb 18 2009, 09:53 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • ID theft up 22% in 2008

    More than 10 million Americans became identity theft victims in 2008, according to the annual report released by Javelin Strategy and Research last week. That's a huge increase over the 8.1 million victims of 2007, and the first time Javelin has reported an increase in the number of victims since they began tracking ID theft in 2003.

    The report also confirms findings from early surveys regarding the source of personal and financial information used by thieves. Among the 35% of respondents who are certain who stole their information and how it was obtained,

        * 43% can trace the crime to a lost or stolen wallet, checkbook, credit card or other document.
        * 19% know that the information was stolen while they were making purchases or other transactions.
        * 13% knew the criminal as a friend, acquaintance or in-home employee.

    Of the 10 million people who became identity theft victims last year, more than 1 million of them place the blame squarely on business or government institutions that lost information in data breaches.

    Another 11% reported their information was stolen while they were online, mostly through the machinations of hackers, viruses or spyware. A few more of the victims admit to falling prey to phishing attempts.

    It's nearly impossible to establish a causal relationship between the declining economy and increasing numbers of identity theft crimes, but there's certainly a correlation.

    "The short story is that criminals are getting more desperate," said Jim Van Dyke, a Javelin spokesman.

    Almost 600,000 people lost their jobs during the first week of February, the same week the report was released.

    If there's any good news to be found in the report, it's that the average out of pocket loss for an ID theft victim is down to only $500.

     

      

     
    Posted Feb 17 2009, 09:24 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • The vultures are circling

    And so it begins. It’s been less than a month since Heartland Payment Systems revealed they’d been hacked and consumers’ data stolen and already three class actions suits have been filed.

     

    In the class action suits filed on behalf of consumers the attorneys involved allege that Heartland failed to safeguard consumer data. In another lawsuit filed by the  Haverford, PA law firm Chrimicles & Tilellis against Heartland on behalf of an individual cardholder, the law firm asserts that the credit card transaction processing company “made unreasonably belated and inaccurate statements concerning the breach.”

     

    One of the class action suits has been filed by the Philadelphia law firm Berger and Montague, a firm involved in a class action suit against TJX that delivered a $200 million settlement for their claimants. To date, the TJX data breach, formerly the largest breach on record, has cost the retail giant somewhere in the neighborhood of $1 billion. In that hacking, 45.7 million credit card accounts were compromised.

     

    There is still a dearth of information when it comes to how many credit card accounts were actually affected by the data breach, but it is known that Heartland processes roughly 100 million credit card transactions each month.

     

    So far, more than 330 financial institutions say they’ve had to reissue their credit cards because of fraud or the fear thereof. No word yet on lawsuits on behalf of the banks, but it’s just a matter of time.

     

     

     

     
    Posted Feb 16 2009, 10:12 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • First arrests in Heartland Payment Systems' hacking

    Three men in Tallahassee, Fla. were arrested last week on fraud charges related to the massive Heartland Payment Systems data breach that came to light in January.

     

    Timothy Johns, Jeremy Fisher and Tony Acreus are accused of using credit card information stolen from Heartland, a credit card processing company, to electronically encode Visa gift cards. They used the cards to buy goods from Wal-Mart stores in the Tallahassee area, and then sold the purchases for cash.

     

    The arrests are the result of a three month investigation conducted by the U.S. Secret Service, Tallahassee Police Department and the Leon County Sheriff’s Office. The suspects have been charged with multiple charges of grand theft and fraud. The investigation is continuing and will likely result in more arrests and reveal losses much higher than the $100,000 already discovered.

     

    Heartland Payment Systems processes credit card payments for more than 4 billion credit card payments for more than 250,000 businesses nationwide. Heartland has refused to disclose the number of credit card accounts lost to the hackers, but security experts believe the total will probably dwarf the TJX data breach which, till now, held the dubious distinction of being the largest data breach in history with the account information of 45.7 million credit and debit cards stolen.

     

    Visa and MasterCard notified Heartland of suspicious transactions last fall, but an internal investigation conducted by Heartland failed to find the malware installed by the hackers.

     

    Posted Feb 15 2009, 01:03 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Beware of "free" money from credit card companies

    Free money! Who can resist an unsolicited $10 check that just appears in the mailbox like manna? The answer is, anyone with young eyes or bifocals easily within reach; the fine print (and it is very fine and very faint) is the deal killer.

    A recent example was found in a coworker’s mailbox. In this case, the fine print reveals that cashing the check automatically and immediately enrolls the endorsee in a yearlong membership in Great Fun, a discount program offered to “valued Travelers Advantage members.” Great Fun savings include deep discounts at restaurants, hotels and stores, PLUS 2% back on $5,000 worth of credit card purchases. What a deal!

    Now, get out the bifocals. The annual membership begins with a free 30-day trial period, but members’ credit cards are automatically billed for an additional 11-month membership. And, at the end of that first year, an annual fee of $139.99 will be automatically charged to your credit card. And in all subsequent years, your credit card will be automatically charged at whatever the current rate is at the time.

    To be fair, there is a limited opportunity for the “valued member” to cancel their Great Fun membership during the 30-day trial period by calling a toll free phone number. To be frank, the program is a product of Trilegiant, a corporation with a history of consumer complaints and class action lawsuits pertaining to unauthorized credit card charges and members’ enrollment in Trilegiant programs without informed consent.

    Posted Feb 10 2009, 01:10 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Heartland data breach may be the worst ever

    If you have a credit card, expect a letter from Heartland Payment Systems soon. The New Jersey credit-card processor revealed that their computer network has been hacked in what is thought to be the biggest data breach ever.

    Heartland counts more than 250,000 businesses as clients, and processes roughly 100 million transactions every month. Robert Baldwin, Heartland’s president and CFO said they don’t know yet how many transaction records were exposed.

    The records that were accessed include the credit card numbers, expiration dates and internal bank codes. In short, the hackers now have everything from the cards’ magnetic strip, and everything needed to create duplicate cards.

    Until now, TJX--parent company of TJ Maxx, Marshall’s and other retail stores—claimed the dubious distinction of having the largest data breach. Approximately 45 million card numbers were stolen in that case.

    Visa and MasterCard officials notified Heartland last fall that they’d had a number of suspicious transactions, but an investigation conducted by Heartland didn’t corroborate the credit card companies’ findings.

    A forensic investigator dropped the hammer last week when he discovered evidence supporting the earlier alerts from Visa and MasterCard. Baldwin described the malware used in the breach as being “light years more sophisticated” those commonly launched from the Internet.

    The Identity Theft Resource Center recently announced that data breaches in 2008 reflect a 47% increase over the number of breaches disclosed in 2007.
     

    Posted Feb 03 2009, 09:24 AM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web

This Blog

Syndication

Tags