All about how it happens and how you can keep it from happening to you.
March 2009 - Posts
What are the limitations on our privacy rights? That’s one of questions raised in the case of Sam Wurzelbacher.
Love him or hate him, Samuel J. Wurzelbacher is back in the news. If the name doesn’t ring a bell, maybe you know him better as “Joe the Plumber.”
This time Wurzelbacher is getting attention for bringing a lawsuit against three former Ohio state government officials who violated his privacy by snooping into his records after John McCain launched him into the national spotlight.
Wurzelbacher is seeking unspecified damages from Helen Jones-Kelly, former director of Job and Family Services, and Fred Williams and Doug Thompson. Williams and Thompson helped in the search of state records.
In the complaint, Wurzelbacher alleges his constitutional rights were violated, and that he’s been unable to find a job as a plumber because of his notoriety.
“No American should be investigated for simply asking a question of a public official,” said Tom Fitton, president of Judicial Watch, the conservative legal group who filed the lawsuit for Sam/Joe.
I think most of us would agree with Fitton, and, because all three of the former state officials named in Wurzelbacher’s lawsuit have either resigned or been fired, I’d say it’s a safe bet that Ohio governor Ted Strickland agrees on this point, too.
You go, Joe! Stand up for your privacy rights and ours!
Uhm, but Joe, about that you can’t get a job thing?
Your notoriety didn’t begin when Jones-Kelly et al searched your records; it began when Sen. John McCain made you a centerpiece in a presidential debate.
And then you made the most of that notoriety by traveling with the McCain campaign and making public appearances. Publishing a book immediately after the campaign might lead some to think you relish the notoriety.
Maybe the reason you’re having a hard time getting a job is because you’re an unlicensed plumber in one of the states hardest hit by the recession.
March came in like a data breach lion, with five new reported data breaches, according to the Privacy Rights Clearinghouse's Chronology of Data Breaches. These most recent data breaches add 86,762 to the known number of records exposed in data breaches since in just over four years, bringing that total to a staggering 253,488,925.
The reason for the emphasis of the terms “reported” and “known” is this: The number of reported data breaches is much lower than the actual total, as evidenced by recent surveys.
- In December 2008 the Ponemon Institute released the results of a survey in which 92% of information technology professionals said their company had experienced a data breach within the previous year.
- In October 2008 Logica, an information security company, announced that their survey of company executives showed only 40% of companies notify their customers of data breaches; only 50% report their data breaches to any law enforcement or government oversight agencies.
Further, many of the organizations that report data breaches cannot or will not reveal the number of compromised records. A powerful example of this is the Heartland Payment Systems data breach. Heartland claims they still don’t know how many records were hacked, however many information security experts expect that the number will exceed 100 million.
Here’s what we know about the five most recently reported breaches:
- A city employee in Muskogee, Okla. sold a zip drive as surplus in 2000 with personal information of 4,500 people on it.
- A server was hacked at Western Oklahoma State College, exposing the Social Security numbers of 1,500 library users.
- An Elk Grove Unified School District (Cal.) employee lost a document containing the Social Security numbers of 520 employees.
- An NYPD employee stole pension fund information of 80,000 current and former NYPD officers.
- A car belonging to a St. Rita’s Medical Center (Lima, Ohio) employee was broken into and a bag containing 242 patient files was stolen.
Most cities have services for vetting tenants, and Toronto has the Landlord Source Centre, a subscription service for landlords to check out tenants and prospective tenants. Landlord Source Centre maintains extensive databases of landlord-tenant disputes and will, for a fee, check for tenants’ criminal records, prior convictions, bankruptcies and credit records. For American landlords, the company has a branch in Springfield, Mass.
All in all, it’s a terrific service, unless you’re among the 1,393 tenants whose records were readily available on the Internet.
The database showed not only the names and addresses pertaining to landlord-tenant disputes, but tenants’ other personal information as well including the Canadian equivalent of Social Security numbers. Among the information available were things like a tenant’s children’s names, ages and school addresses. Another file revealed that a tenant’s son has mental and physical disabilities. On another page a tenant is said to have been diagnosed with depression.
When Geordie Dent, director of the tenant hotline for the Federation of Metro Tenants’ Associations, confronted Jennifer Smith, the company’s operations officer, this was her emphatic reply: "To be clear, we don't have a database with tenant information, with tenants' social (insurance numbers) etc."
The next day a reporter for The Star, Toronto’s largest newspaper, easily accessed the database on the Landlord Source Centre website. That’s when Smith quit answering her phone and returning emails.
The federal privacy commissioner's office has begun investigating a complaint from the tenants' federation about the security breach, according to a spokesman for the federal privacy commission’s office.
Law enforcement officers choose that career knowing of its inherent risks. But now a new, and unanticipated work-related threat faces the officers of the New York Police Department. It’s identity theft, and the perpetrator is one of their own.
Anthony Bonelli, an employee within the NYPD’s pension fund, was arrested this week and accused of stealing eight tapes which stored the names, Social Security numbers, bank account direct-deposit information for 80,000 NYPD officers.
Bonelli made comments at work last week that raised suspicions. NYPD to sent technology specialists to the undisclosed Staten Island site where the tapes were stored to investigate further. They discovered that the facility’s security cameras had been disabled on Feb. 21 and the back-up tapes were gone.
Bonelli, 46, had 17 years of tenure with the police department and served most recently as the pension fund’s communications director. He did not have authority to access the site.
Officers arrested Bonelli at his home Saturday and found the missing tapes there. He’s been charged with computer trespass, burglary and grand larceny, and is being held on $2 million bail.
The NYPD’s pension fund office is sending out letters today to the 80,000 officers who now face an elevated risk of identity theft.
This isn’t the first time NYPD’s officers have been the target of identity thieves. Jaquaja Price, a housing police officer, was arrested for stealing the personal information of 10 NYPD officers and passing them along to Radio Shack employee Candace Johnson-Davis. Johnson-Davis used the information to open credit accounts at the store and purchased high-end electronics.
This post is a sort of update to my Feb. 27 post regarding file-sharing software and the associated risks. I wrote about a New York family whose personal and financial information was accessed and stolen via their daughters’ use of a P2P software program for downloading and sharing music.
A lot has happened or come to my attention since that post that illustrates much larger risks and incidents that jeopardize national security.
- The same day I wrote about the dangers of peer-to-peer software, Tiversa, a P2P security consulting firm in Pittsburgh, announced they’d discovered that an American defense industry executive inadvertently leaked blueprints and avionic details about President Obama’s helicopter. The contractor apparently had the documents on a home computer or laptop that also had the file-sharing software used for music and movie sharing.
- M. Eric Johnson, director of the Center for Digital Strategy at Dartmouth College was able to access information on tens of thousands of patients at hospitals with P2P software on their hard drives. The information include names, addresses, Social Security numbers, insurance account information and diagnostic codes. Twenty thousand such files were from a single unnamed hospital. The revelation was part of a paper he presented at a Feb.23 conference.
- June 2008: The names, Social Security numbers and medical records of more than 1,000 Walter Reed Army Medical Center patients were accessed through a peer-to-peer network.
These are only a few of the most recent and relevant examples of the startling dangers of file-sharing software.
In this lousy economy people are already taking steps to save money, but they might not be aware of all the new tactics identity thieves are using to steal their credit, savings and identities. It’s National Consumer Protection Week, and while it’s not exactly cause for celebration and silly hats, it’s deserving of observance and participation.
Wayne Ivey has 27 years for law enforcement experience, and has handled more than $45 million in fraud cases in two years. He’s testified as an identity theft expert before the U.S. Congress and the Florida legislature.
And he’s an identity theft victim. If it can happen to him, it can happen to anyone.
“Consumers need to take action. This is a time for everyone to take a good, hard look at their personal information and everything they’re doing that could potentially put them at risk,” Ivey said. “Consumers need to realize that their sensitive personal information is valuable to thieves who are continuously looking for new ways to make a buck.”
Ivey has been working closely with LifeLock, presenting identity theft seminars to law enforcement agencies and helping them create symbiotic relationships to fight criminals. Together they’ve come up with a list of some of the newest strategies identity thieves are employing to steal from consumers.
- Tax time has always been a period of increased identity theft. Traditionally, thieves have stolen tax forms and tax return checks from mailboxes, but new technologies present new opportunities. File sharing software, allows users to access other people’s computers, including sensitive financial information. If you (or your kids) are using it, you need to stop.
- There’s always a rash of emails purportedly from the Internal Revenue Service, requesting identity or account confirmation during tax season. These are phishing attempts. Never reply to any emails asking for your personal or financial information; the IRS, banks and credit card companies will never request this information via email.
- A recent hack of Monster.com illustrates just one of the ploys thieves are using to access job hunters’ information. Another increasingly common strategy is posting a bogus job ad, and conducting bogus job interviews. Once the interview is over, the interviewer requests personal information like birth date and Social Security number under the guise of conducting a background search. Always research a company before giving out any personal information.
More Posts « Previous page