ID theft : LifeLock

LifeLock advantages for college students: Three July data breaches leave more than 30,000 as ID theft risks

IdentityTheft — Fri, 21 Aug 2009 15:51:00 GMT

Just in time for Fall Semester, it’s time to look back on the three data breaches that occurred in July.

To be fair, three data breaches in a single month is a pretty good month when you consider that Adam Dodge, who tracks data breaches at educational institutions, has recorded 94 on his Educational Security Incidents web page.

The first reported data breach was a case of hacking and came from the University of California, San Diego’s Moores Cancer Center. Roughly 30,000 records were exposed, only 36 of which included Social Security numbers. All of the records contained patients’ names, birth dates, medical record numbers, and diagnoses and treatments dating from as far back as 2004.

The theft of two laptops from Kansas University’s Pharmacology and Toxicology department resulted in an unknown number of exposed records. Police said an unnamed professor who resigned in March never returned the laptops, which are university property. Officials don’t know what information was stored on the computers, so cannot estimate how many people’s records may be at risk, or how vulnerable they might be to identity theft.

Laptop theft was also the source of the third data breach, this time at University of Colorado at Colorado Springs. The university has notified 766 students that a laptop containing the names and grades of students who attended the university between 2003 and 2009. As many as 241 students’ Social Security numbers might also have been exposed because the university used Social Security numbers as student ID numbers until 2005.

Millions of college students' records are lost or stolen every year. Click here to learn more about how students can protect their identities, and how LifeLock can help.

Speakers Series brings ID theft education to communities nationwide

IdentityTheft — Tue, 21 Apr 2009 14:56:00 GMT

Ah, the good old days, when we were innocent enough to believe buying shredders and taking our Social Security numbers off our checks was all we had to do to protect ourselves from identity theft.

Alas, the data breach and identity theft headlines make it clear those days are over. The Identity Theft Resource Center announces there were 656 reported data breaches in 2008. Verizon Business’ Data Breach Investigations Report reveals a total of 1,152 data breaches (70% of which were unreported) with more than 285,000,000 records compromised. And every day there are more reports of threats as low-tech as mail theft, or as high-tech as the attacks by international identity theft syndicates.

In light of the escalating identity theft risks, LifeLock has launched a program to bring identity theft education and prevention resources to communities nationwide. The LifeLock Speakers Series features Certified Identity Theft Risk Management Specialists who deliver free audience-tailored presentations to update groups on identity theft trends and protection strategies.

They’ve already delivered several talks in Texas, Michigan, North Carolina and the District of Columbia, but if you’ve missed those, the schedule below provides some additional opportunities.

If you’re interested in scheduling a speaker for your group (senior citizens, high school and college students businesses and law enforcement agencies are among the groups who’ve already been scheduled), or if you’d like more details about the dates below, contact Cortney Read at (480) 457-2032.

5/18 Newark, Delaware
5/18 Pittsburgh, Pennsylvania
5/18 Benincia and Escalon, California
6/8 Cleveland and Columbus, Ohio
6/8 Detroit, Michigan
6/15 Las Vegas, Nevada
6/15 Pasadena and Newport Beach, California
6/22 Reno, Nevada
7/06 Chicago, Illinois
7/13 Ann Arbor and Warren, Michigan
8/3 Oklahoma City, Oklahoma
8/10 Dallas, Texas
8/10 Orlando, Florida
8/10 Denver, Colorado
9/21 Seattle, Washington
10/12 Kansas City, Missouri
11/2 Tampa, Florida
12/1 Los Angeles and San Diego, California

File-sharing software should be called identity sharing software

IdentityTheft — Fri, 27 Feb 2009 06:11:00 GMT

A friend of mine has told me more than once how dangerous file sharing software is. I didn’t pay much attention because I don’t download music, so it didn’t make much of an impression on me. Sometimes I have to see it to believe it, but after what I was this morning, I’m a believer.

There was a segment on The Today Show this morning that featured a New York state family with two teenage girls who frequently downloaded and shared free music using the family’s PC. It’s such a common thing to do, the parents never made the association when their $2,000 federal income tax return was electronically intercepted and stolen last year.

Identity theft prevention expert and LifeLock CEO Todd Davis likened having those file sharing software programs on your computer to leaving the keys in an unlocked car … with the windows down.

Natalie Morales did some checking of her own and found that with that software she was able to find the family’s income tax forms online (think: Social Security numbers, dates of birth, bank account numbers, retirement account numbers …). Even more frightening, the files containing the family’s tax forms were found in four foreign countries, including Nigeria and Poland, known centers of organized identity theft rings.

Then she went a step further and, in the state of New York alone, was able to find 25,000 student loan applications and 600,000 credit reports.

Tax season, Part IV: Data breach risks

IdentityTheft — Fri, 16 Jan 2009 18:06:00 GMT

The first three installments focused on identity theft risks over which you have considerable control: your mail, your household and your email. This final installment pertains to the risk of a computer data breach that exposes your personal and financial information and leaves you vulnerable to identity theft, and that’s entirely out of your control.

The smattering of fearful Luddites who don’t file their taxes electronically can be reassured. Since Turbo Tax became available for paperless tax filing in 2001 there has been only one report of information exposure. A Nebraska woman searching for her past tax records in 2007 discovered she could view the records of other taxpayers with similar names. (The woman’s name has never been revealed because of security reasons. We can only pray that her last name wasn’t Smith or Jones.) Turbo Tax immediately fixed the glitch, and there were never any resultant identity theft cases.

If you are involved in a tax-related data breach this year, it will most likely occur at the Internal Revenue Service. In 2007, the Treasury Inspector General reported that the IRS lost track of almost 500 laptops in 387 separate security breaches affecting an untold number of taxpayers. Also in 2007, 26 IRS computer tapes went missing after they were delivered to City Hall in Kansas City. Again, an untold number of taxpayers’ personal and financial information was exposed.

Though the common perception is that hackers are the biggest threat to our electronic information, the Identity Theft Resource Center just reported that of the 110 federal, state and local government data breaches in 2008, hackers executed only 5%. Employees and subcontractors are to blame for the rest.

Conclusion

You know what they say about death and taxes: You can't avoid either of them. Unfortunately, they could say the same about data breaches. But you can significantly decrease your chances of becoming a tax season identity theft statistic. Protect your mail. Secure your personal finance records. Beware of phishing. Enroll in a comprehensive identity theft protection service because, like death and taxes, data breaches happen. Research and compare the most popular identity theft services. Be sure to look for one that monitors the websites, chat rooms and online forums where stolen identities are bought, sold and traded. To my knowledge LifeLock is the only one that provides this, but there may be others.

Happy filing.

My prediction: 2009 to be good year for weight loss; bad year for identity theft

IdentityTheft — Wed, 07 Jan 2009 18:30:00 GMT

“This year I’m going to eat healthier, work out more and lose weight.” Sound familiar? (I made the same resolutions last year and still gained 10 pounds. I’ve taken it off again already, but haven’t lost any of the weight I resolved to lose last year!)

This year I’ve also resolved to take better care of my finances and my credit. If you didn’t include that in your list of New Year’s resolutions on December 31st, January is Financial Wellness Month, so you still have time.

Maybe I shouldn’t admit it here, but I haven’t always practiced what I preach. I’ve missed the 90-day renewal on our fraud alerts more than I’ve met them. I carry too many credit and insurance cards in my wallet. My incoming mail sits in an unlocked mailbox, and when I bring it in it sits on my desk for days.

This year I really need to tighten up … and so do you. In all the articles and predictions I’ve read, 2009 is going to be an especially bad year for identity theft. The economic downturn has given us a spate of mortgage fraud rackets, data breaches and more jobless Americans desperate to make their house and credit card payments by whatever means necessary.

The Lowe’s gift card I got for Christmas will buy my new locking mailbox. My husband is going to replace the locks on the file cabinets (he says) and this time I’ll keep track of the keys so we can actually lock up our financial records.

I’m also renewing my identity theft protection coverage. For nine bucks a month somebody else can set my fraud alerts, order my credit reports, keep me off the junk mail lists and help me replace all that stuff in my wallet the next time I leave my purse in a fitting room at the mall (yes, I’ve actually done that).

If I really thought I’d take care of all that stuff myself, I’d be happy to save the $9, but I’d rather have the time and peace of mind knowing that someone else more reliable than me has got it covered.

Check out some of the biggest identity theft protection providers and see which suits your needs best. Avoid credit-monitoring services; they’ll tell you when someone has already stolen your identity, but do nothing to keep it from happening in the first place. Besides that, they’re no cheaper than a lot of the other services that provide more for the money.

I use LifeLock because they’re cheaper than any of the other full-service companies, they have a good track record with the Better Business Bureau and they keep adding new services without raising prices. (I didn’t have them when I lost my wallet, and I’d gladly have paid for someone else to do the recovery work for me that time! And nobody else offers that.)

Like most everybody else, I’ve cut back on a lot of expenses: I get fewer highlights and get them less often; I do my own nails; I asked for and got lower rates on my credit cards, and I get only basic cable now.

This year we’ll eat out less often to save even more money, but cutting out my identity theft coverage seems penny-wise and pound-foolish to me.

Ohio State University experiences first reported data breach ... twice

IdentityTheft — Mon, 05 Jan 2009 17:09:00 GMT

Ohio State University sent out data breach notices last week to roughly 18,000 current and former students, alerting them that their personal information, including addresses and at least partial Social Security numbers, had been posted on the Internet.

Only students who were enrolled in the university’s Student Health Insurance Plan during the 2005-06 academic year were affected. About 4,000 of those students are currently enrolled.

According to the letter, it’s another screw up by a contractor handling outsourced work. In this case, the company mistakenly posted the info on an Internet server. The OSU Office of Student Life has posted an FAQ on the Internet in which they say stringent security precautions were part of their contract, but the vendor failed to meet those standards.

University officials said they thought they’d already effectively dealt with the data breach after a student reported having seen his personal information on the Internet. OSU removed the file containing his info and that of 600 others. But, darn, four more students came forward in December and said their personal information was also posted on the Internet.

This is OSU’s first reported data breach, which isn’t bad considering educational institutions accounted for more than 20% of the 342 reported data breaches in the first half of 2008.

The type of data breach OSU experienced—the inadvertent posting of personal and financial information on the Internet—accounted for 15% of all data breaches in that same period. Lost and stolen laptops, PDAs and other mobile devices accounted for more than 20% of the breaches.

Good customer service shouldn't include identity theft

IdentityTheft — Tue, 09 Dec 2008 22:51:00 GMT

"Thank you for calling. May I have your account number, please?"

Sometimes you have no choice but to give out personal or financial information over the phone. Have a question about your credit card account? Want to increase the minutes on your cell phone contract? You have to tell all to the customer service rep in the call center. But, hey, you can trust them, right? Maybe. Maybe not.

ID Analytics recently reported results from their study of 12 internal data theft incidents, eight of which led to more 1,300 fraud attempts involving bankcards, retail cards and wireless service.

Among the ID Analytics findings:
• If your information is part of an internal data theft, the chance of your info being used fraudulently goes up 2,400%.

• If your info is used fraudulently, it’s probably going to be used within 20 miles of the place it was stolen.

• Just like identities stolen from outside an organization, most identities stolen from the inside are used quickly then discarded within a two-week period. In five of the eight incidents, online purchases and services were responsible for 80% of the fraudulent activity.

When you call a customer service center, there’s nothing you can do to protect your information. Like it or not, once your data is out there, it’s completely out of your control.

News Flash! Laptops and mobile data devices to blame for half of all data breaches!

IdentityTheft — Fri, 05 Dec 2008 14:40:00 GMT

Brendon Lynch, Microsoft’s director of privacy strategy, delivered this bit of news you already knew at the Privacy and ID Theft Conference in Vancouver last week. He also made the dubious statement that businesses were protecting our personal information inside the office.

While he’s right about the first part—that laptops, PDAs and flash drives are responsible for most data losses—he was a little too optimistic about the second part.

In fact, if companies and public entities had better security policies, far less data would be walking out the door. Even within the office, there are often few restrictions on who is allowed access to sensitive information. And, without a strongly-worded and strictly-enforced policy demanding that data taken away on laptops, etc. must be password protected and encrypted, every lost or stolen laptop leaves more people at an elevated risk of becoming identity theft victims.

Bryant again resorted to common knowledge to fill his minutes at the podium with his remarks regarding hackers and how they’ve changed over the years.

He reminded us all that hackers were originally geeky guys with greasy hair who wanted to impress their equally geeky and greasy friends by gaining inside access. Now, he said, hackers are cogs within sophisticated organized crime syndicates.

What he failed to mention was the international flavor of those crime rings. Federal officials are still investigating the recent hackings of then-presidential candidates Barack Obama and John McCain, presumably to gain insight into future foreign policy. The feds seem to think the attack originated in Russia or China.

Microsoft is working on a new system that replaces the username and password with “Information Cards” that wouldn’t contain any personal information, but would connect the user to service providers, banks, etc.

However, given all the other tired old news Bryant trotted out, it’s hard to get excited about what he called “game-changing strategies.”

It's all about your wallet

IdentityTheft — Thu, 04 Dec 2008 16:29:00 GMT

Pickpockets, strap-slashers and food court loiterers know that once they get their hands on your wallet they have everything they need to assume your identity.

Here’s what you do to thwart the sleazebags:

• Stay alert, especially during the holiday season when there are so many crowds and distractions.
• Never leave your purse or wallet in the car where it’s visible to passersby.
• Plan ahead. Put your cash, check or credit card along with your driver’s license into a fanny pack or a small bag you can wear across your chest. Leave your purse at home, or lock it in the trunk before leaving home. DON’T put it in the trunk in a parking lot where everyone can see.
• Use a money clip for cash, credit card and ID instead of a wallet so you can more easily carry it in your front pocket. If you don’t think a pickpocket to reach into your pants pocket without your knowing, you’re wrong; it happens everyday, and crowds make it easier.
• Clean out your wallet, and carry only the essentials: Your driver’s license, one credit card OR one check OR cash. NEVER carry your Social Security card with you. Leave your auto insurance card in the glove compartment. Everything else belongs at home in a lockbox.
• Make sure you know what’s in your wallet in case it’s stolen. The sooner you can contact the credit card issuers the better; time is on the side of the identity thief.

I already warned you that I’d be plugging some LifeLock products, and WalletLock is my personal favorite—because I’ve left my wallet in a phone booth, a fitting room and the Rome Airport.

With WalletLock you make only one call to LifeLock if your wallet is swiped or lost and they’ll take care of canceling and replacing just about anything except your photos.

Covered documents include your driver’s license, health and auto insurance cards, Social Security card (what was that doing in there, anyhow?), professional association cards, credit cards, bank cards, check book or checks—even your passport, visa or immigration documents. They’re open 24/7 so they’ll always be able to help you, even if you’re out of the country and several time zones away.

Florida agency posts 250,000 names, SSNs to website

IdentityTheft — Wed, 03 Dec 2008 18:58:00 GMT

The following article is about yet another data breach. The loss and exposure of personal data is one of the reasons all Americans are vulnerable to identity theft and need identity theft protection like that offered by LifeLock.

More than a quarter million Floridians have been placed at an elevated risk of identity theft after The Florida Agency for Workforce Innovation posted their names and Social Security numbers on the Internet. Some of the records go back as far as 2002.

The records were on the Internet for approximately one month, according to an Agency spokesman. They weren’t password protected, encrypted or behind a firewall, all of which are considered elementary procedures in data protection. As a result, anyone with an Internet connection would have been able to view the information.

Fifty minors’ Social Security numbers were among the records. The Agency has not responded to the nonprofit Liberty Coalition’s inquiry as why the Agency had records for these Floridians under the age of eighteen.

The data breach victims haven’t been notified yet, but a spokesman for the Agency said they plan to send letters to them. There has been no mention of whether credit monitoring or identity theft protection services will be provided to the victims.

Even if free credit monitoring is provided, its protection is limited to customer notification after a new account is opened by the thieves. In comparison, LifeLock takes measures to prevent the thieves from using stolen personal information, and from buying, selling or trading it on the Internet.

In a response to questions from Liberty Coalition, the Agency said they “pledge to learn from its mistakes.” However the Agency apparently didn’t learn from an earlier, similar mistake. In 2002 4,624 Floridians’ names and Social Security numbers were posted on the Internet. That data wasn’t password protected, encrypted or behind a firewall, either, and was discovered when one of the victims did a Google search on his own name.

Visit LifeLock.com to learn more about Life Lock's innovative services that have made them the ID protection service chosen by more than a million Americans. If, after you’ve read the article, you decide to fully safeguard your credit and finances, use the LifeLock promotion code RD17 for the best available discount.