in Search

ID theft

All about how it happens and how you can keep it from happening to you.

August 2009 - Posts

  • UMass Amhert data breach compromised 20 years of student records

    If you attended the University of Massachusetts Amherst between 1982 and 2002, your records might be among those involved in a data breach that occurred last fall.UMass alumni 

    UMass announced August 5 there was a security breach between September 15 and October 27, 2008 in which a single server was penetrated. The server contained the names, Social Security numbers and some credit card information of students attending the university during the 20-year period, and a few who attended the university before 1982.

    There has been no word yet about how many student records were compromised, but given that there are currently more than 25,000 undergraduate and graduate students attending the university, the breach is almost certain to have affected tens of thousands of current and former students.

    UMass officials were aware the server had been compromised, and hired computer forensics company, Stroz Friedberg, in May of this year. The notification was delayed until forensic investigators could determine the extent of the records stored on the server, according to Patrick J. Callahan, a spokesman for the university.

    The recent break-in occurred just five months after hackers attacked the UMass Amherst Health Services computer system in April 2008. The university never revealed the number of student records compromised in that attack, but is known that more that half the university’s student population have been patients at the University Health Services center.

    University officials said they were examining the entire computer system after the Health Services security lapse to prevent future incidents.

    The university posted notification of last fall’s data breach on their website. Within the Frequently Asked Questions section is a statement that the forensics experts hired by the university recommended “better security training for system administrators; automated software to detect malicious activity; increasing efforts to identify all computers that contain personal information, and retaining network data for longer periods to better assess incidents.”
    Posted Aug 24 2009, 02:49 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • LifeLock advantages for college students: Three July data breaches leave more than 30,000 as ID theft risks

    Just in time for Fall Semester, it’s time to look back on the three data breaches that occurred in July.

    To be fair, three data breaches in a single month is a pretty good month when you consider that Adam Dodge, who tracks data breaches at educational institutions, has recorded 94 on his Educational Security Incidents web page.

    The first reported data breach was a case of hacking and came from the University of California, San Diego’s Moores Cancer Center. Roughly 30,000 records were exposed, only 36 of which included Social Security numbers. All of the records contained patients’ names, birth dates, medical record numbers, and diagnoses and treatments dating from as far back as 2004.

    The theft of two laptops from Kansas University’s Pharmacology and Toxicology department resulted in an unknown number of exposed records. Police said an unnamed professor who resigned in March never returned the laptops, which are university property. Officials don’t know what information was stored on the computers, so cannot estimate how many people’s records may be at risk, or how vulnerable they might be to identity theft.

    Laptop theft was also the source of the third data breach, this time at University of Colorado at Colorado Springs. The university has notified 766 students that a laptop containing the names and grades of students who attended the university between 2003 and 2009. As many as 241 students’ Social Security numbers might also have been exposed because the university used Social Security numbers as student ID numbers until 2005.

    Millions of college students' records are lost or stolen every year. Click here to learn more about how students can protect their identities, and how LifeLock can help.

    Posted Aug 21 2009, 11:51 AM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • A light sentence for mom, 2 daughters who used stolen identities for $722,000 in student loans

    It’s a confusing tale that ultimately landed the two sisters in jail and placed their mom on house arrest for the next year.

    Leslie Gordon, the older sister at age 35, admitted to being the ringleader of a scam that netted the ladies $722,000 in student loans. While that might sound like a lot of money to you and me, it’s only a third of the $2.2 million they applied for using stolen identities.

    … And that’s where the mom, Kathy Hardy, age 60, came in. She worked in a doctor’s office, so had easy access to the patients’ personally identity information.

    The three were arrested last summer and indicted on charges of bank fraud and aggravated identity theft, and today they were sentenced.

    If the women had been convicted of all 22 counts in the indictment, they could have been sentence to as much as 30 years in prison and a $1 million fine for the bank fraud charges, and an additional two years and a $250,000 fine for the identity theft charges.

    But that’s not what happened.

    Leslie, the ringleader, threw herself on the mercy of the court, saying, “I just want to ask for forgiveness … I’m a good mother. I’m a good sister and I’m a good person overall … I regret the mistakes I made.”

    She received a sentence of 5 years, probably for having the audacity to describe herself as a good mom and sister. By definition, a good mom doesn’t risk having to leave her special-needs baby and teenage daughter at home while she does her prison time. A good sister doesn’t involve her sister in federal crimes.

    The younger sister, Theresa, received a sentence of 21 months, though she pleaded to be allowed to stay home with her 8-month-old daughter. Obviously it didn’t work.

    Now here’s the kicker: Kathy Hardy--the mother of these two criminals, the woman who stole people’s identities from a doctor’s office, from her employer—received a sentence of only one year of home detention.

    It boggles the imagination. When her attorney began his obligatory request for leniency, the judge cut him short, saying a letter from Kathy Hardy’s employer convinced him to keep her out of prison. Doing so, he said, allows her to take care of Leslie’s children while their mom does her time.

     

    Posted Aug 20 2009, 06:52 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • TJX hacker accused in Hannaford Brothers, Heartland Payment Systems data breaches

    It started in 2006 with the Office Max data breach. Then, tumbling like dominoes, came TJX, Dave & Busters, Hannaford Brothers and 7-Eleven. According to today federal grand jury indictment, Albert “Segvec” Gonzalez was the hacker responsible for them all.

    Gonzalez, 28, and two unnamed Russian co-conspirators are blamed for stealing more than 130,000,000 credit and debit card numbers from Heartland and Hannaford combined, according to the indictment.

    “The fact that we’re not seeing a huge array of hackers capable of doing this, but rather a more select group demonstrates that there is a level of sophistication involved in these hacks,” Liebermann said.

    The three are also considered suspects in other data breaches, including two involving national retailers. The retailers aren’t being identified because they haven’t yet gone public with their data breaches, Liebermann said.

    Gonzalez--a former Secret Service informant--and another uncharged conspirator scoured the list of Fortune 500 companies, and researched their payment processing systems to identity potential weaknesses. The attacks were launched, malware stored and stolen data received on computers in California, Illinois and New Jersey in the United States, and in Latvia, Ukraine and the Netherlands.

    Jury selection for the TJX-related trial will begin September 14 in Massachusetts.

    Stephen Watt, the 25-year-old Morgan Stanley programmer who wrote the program Gonzalez’ credit card theft ring “Operation Get Rich or Die Tryin” used to pilfer the credit and debit card numbers from TJX and other companies, wasn’t charged in the Heartland and Hannaford hackings.
     

    Posted Aug 17 2009, 05:34 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • ID theft prevention: Iowa Secretary of State pulls public records from Internet to protect SSNs

    Iowa’s Secretary of State’s office removed thousands of records from state websites last week after learning that hundreds of them contain business officers' and board members’ Social Security numbers.

    At first glance, it seems a common sense decision, welcomed by anyone concerned about personal privacy and identity theft prevention.

    But Iowa’s banking and business leaders accustomed to the easy access to information afforded by the Internet are howling about expensive delays in their day to day business activities.

    “Banks can’t make loans without access to these records,” said *** Davidson, a corporate and bank attorney in Davenport.

    “This is creating an absolutely impossible situation for lawyers and lenders. We have to have this stuff,” Davidson said in an interview with the Des Moines Register.

    For it’s part, the Secretary of State’s office will provide hard copies of the deleted records with the Social Security numbers blackened out--just like it did in the old days--but the process is much slower than viewing them over the Internet.

    In a perfect world, the solution would be to remove the Social Security numbers, restore the records and return them to their earlier, easier accessibility.

    Unfortunately, perfection doesn’t come cheap. The Iowa legislature just approved increased land record transaction fees to raise $2.4 million to remove thousands of Social Security numbers from IowaLandRecords.org. Secretary of State Michael Mauro just discovered last year that his own Social Security was visible on that site.

    Mauro said he’d might ask legislators to appropriate millions more to pay for additional redaction.

     
    Posted Aug 11 2009, 04:23 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Identity theft protection for elderly family members

    As my mother’s Alzheimer progressed, she lost more and more stuff. Her watch, eyeglasses and rings always showed up eventually, but never her lost wallets.

    She was lucky and no one used her credit cards or identity. But, Alzheimer or no Alzheimer, seniors are frequently easy targets for ID thieves. Here are a few steps you can take to protect someone you love.

    • For some insane reason, Medicare cards have the owners’ Social Security number on them. To get around this, make a copy of the card, and blacken out the last digits of their SSN on the copy. This can be safely carried in a wallet, ensure medical care, and allow that the original be locked up safely.
    • Make sure elderly family members order their credit reports annually. They can be hard to interpret, so offer to help review them.
    • Recommend that your loved one never donate to a charity before checking it at CharityNavigator.org. If the charity checks out, it’s safe to make a contribution, otherwise report it to the police.
    • Sign your loved one up on the Do Not Call Registry to prevent spammers from calling.
    • Cut down on junk mail and pre-approved credit offers by calling 1-888-567-8688. The less they receive, the less dumpster divers have to go on.
    • Be sure your parents or grandparents have a good crosscut shredder. If they don’t use it, tell them to save the mail, and you can shred for them when you visit.
    • Replace their old mailbox with a locking one. Advise them to use public post office boxes for outgoing mail.
    Posted Aug 10 2009, 05:26 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Stolen bank card leads Maryland cops to teenager's wild weekend spree

    A woman walked into a Maryland State Police barracks in May and reported that someone was using her debit card. She probably wouldn’t have found out about it so quickly, but she got a call from her bank saying her card was canceled because of the high number of strange purchases in a very short time.

    Nightclub

    If the police are right, Rasheed A. Adedokun, 19, of Prince George County, took his car in for an emissions test, bought two women’s wigs, a guitar and some underwear, had dinner in a nice restaurant and picked up the $650 tab at a nightclub where he partied with friends—all in a single weekend, and all on the woman’s card.

    Police say they saw Adedokun making purchases on two surveillance videos, and when they searched his house they found evidence that seems to indicate he was involved in more than just a weekend spree.

    Police found a computer with a magnetic card reader/writer, more than 80 credit cards and computer files containing names, Social Security numbers and other personally identifying information. They suspect some of the other goodies at Adedokun’s home—including a large flat-screen TV, a DVD player, a Honda lawn mower and a weed-trimmer--were also purchased with stolen cards.

    Adedokun was arrested yesterday and charged with five counts of unlawful use of a payment device and one count of theft over $500.


     

    Posted Aug 07 2009, 04:15 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • ID thief sentenced for medical ID theft, documents left in Denver storage unit

    Paul Simmons was sentenced in Denver District Court to a total of six years for stealing identities and medical records. His accomplice, Dawn Philbin, pleaded guilty to the same charges, but hasn’t been sentenced yet.

    The two were busted after Simmons, 46, got behind on the rent for his storage unit and its contents were auctioned off. When the highest bidder, Brandon Michael, began going through his winnings he discovered hundreds of hospital records, real and fraudulent identifying documents, cameras, video recorders, cell phones and drug paraphernalia.

    Michael’s first tried taking the stolen records to the Denver police, but was told he should just throw them away himself. Michael instead took the records to Deborah Sherman, a reporter for 9NEWS, who tracked down Simmons. Sherman turned over all the evidence to the police in January, when her investigation was complete.

    Simmons tried to turn himself in a few days later at the Denver City Jail after the police called to say they had an arrest warrant. But, just like the police initially refused the evidence against him, a Sheriff’s deputy at the jail said he didn’t know anything about a warrant for Simmons and sent him away.

    The next day when police arrested Simmons, he told the police investigators he used the stolen identities to buy the over-the-counter ingredients to make methamphetamine.

    Philbin, 51, worked at St. Anthony Central Hospital, and admitted to stealing 20 patients’ records each week over a period of a year and a half for Simmons. On Simmons’ instruction, she stole the records of white men who’d undergone scheduled surgeries or been emergency room patients.
     

    Posted Aug 05 2009, 05:46 PM by IdentityTheft with 2 comment(s)
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • What happened to Irina Malezhik, and why were Julia and Dmitriy Yakovlev using her identity after she went missing?

    Irina Malezhik was a 47-year-old Ukrainian native, an American citizen and a Brooklyn resident. She worked as a Russian translator for law enforcement agencies, courts and private companies. She was described as a workaholic and a very private person. And, on October 15, 2007, she walked through the lobby of her apartment building and was never seen again.

    Anna Val, Julia YakovlevIf, on the day Malezhik went missing, four checks with her forged signature were deposited into a married couple’s account, what conclusion would you draw?

    What if, the next day, the couple—Julia and Dmitriy Yakovlev--used Malezhik's name to open a credit card account and used it to make $37,000 in ATM withdrawals and purchases?

    And if, on the third day, Julia Yakovlev bought men’s and women’s Franck Muller watches (typically costing tens of thousands of dollars) and showed the missing woman’s Social Security card to the jeweler, would you think the couple was maybe more than identity thieves?

    So far, the Yakovlevs have been charged only with identity theft. Dmitriy Yakovlev is in jail and has been denied bail. Julia Yakovlev (seen on the right in the photo; her attorney, Anna Val is on the left) is free on $500,000 bond.

    Maybe I should have described Irina Malezhik in the present tense. Maybe she’s still alive and simply had enough of her quiet work-filled life. Maybe she decided to leave behind her apartment, furniture, mail and Social Security card. Maybe she crossed her apartment building lobby, hailed a cab for the airport and returned to the Ukraine to begin the next chapter of her life.

    That’s the story Julia Yakovlev’s attorney Anna Val says her sources told her. But, what if she lied?
     

    Posted Aug 04 2009, 02:39 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web
  • Data Breach at University of Colorado-Colorado Springs; 766 students at risk of ID theft

    College students are especially vulnerable to identity theft, and just in time for Fall Semester there’s been another data breach involving students’ personal information to prove it.
    College Classroom
    Usually, when a house is robbed, the problem and headache is limited to the home’s residents. But when the home of a University of Colorado at Colorado Springs professor was broken into July 5, more than 750 current and former students were placed at risk of becoming identity theft victims.

    The professor laptop was stolen during the break-in, and on it he stored unencrypted lists of the 766 students who attended his classes from 2003 to 2009.

    In most cases, the stored information was limited to students’ names, student ID numbers, email addresses, graduation year and grades, but 241 students weren’t so lucky: The university used students’ Social Security numbers as student ID numbers until Summer Semester, 2005.

    The university began sending letters to the affected students last Monday. A reporter for KKTV, a local television channel, asked a university official why it took three weeks to notify students of the data breach. The university official said it simply took that long for them to figure out exactly what was on the laptop and who was involved.

    Although the information on the stolen laptop wasn’t encrypted, the university’s notification letter states they “will continue working with all departments to encrypt all personally identifiable data on laptop computers and portable devices to help prevent this situation from occurring in the future.”

    There has been no mention as to whether the information was password protected.


    Posted Aug 03 2009, 03:40 PM by IdentityTheft with no comments
    Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web

This Blog

Syndication

Tags