ID Theft Defense (IDTD)

Intelius Blog is Journalism First, Marketing Second

2009-05-14T19:18:00.001-06:00

http://www.peoplesearches.com/news/
Easton at BusinessBlogWire writes a review of the Intelius corporate blog today. Like Easton, I have some quibbles with style (the posts are awfully long). But it's a great example of the kind of "journamarketing" you could be doing.

Intelius helps people get access to public information through personal background checks and other services. They deal with a lot of complicated issues, and the people who work there become experts in that space. So they're using their blog to explain some of those complicated issues. It's really nothing more than journalism. There's no overt sales pitch for Intelius. For example, the blog has entries about what kinds of mistakes you might find in public records -- and whether it's a good idea to publicize the names of people who've received concealed-weapons permits.

You might think this is a silly thing for them to spend time on. But when people want to dig into public records, I'll bet they almost always go online first. So building a repository of information, dedicated to helping people track down public information, will pay off in the long run with more referral traffic and a better online reputation among people who might use Intelius' services.

Information about Intelius, Founded by Naveen Jain

Founded by Naveen Jain, Intelius well known in the information commerce industry helps clients make intelligent decisions about assets, people, and businesses. Intelius applies advanced heuristics to public and publicly-available information, delivering it on-demand and online to consumers and businesses to facilitate a more informed decision-making process in business and life.

Intelius ranks among the top 100 most trafficked Websites, with an average of one million unique visitors daily. The many products and offerings of the company include a set of comprehensive and customizable pre-employment screening services, a consumer-facing people search service, list management, and an award-winning identity theft detection, prevention and insurance service.

Intelius’ background checks have helped consumers make better decisions about the people, businesses and assets in their world, from potential dates to new neighbors.

People search by Intelius, has reconnected thousands of people with friends or relatives with whom they’ve lost touch. In the HR world, Intelius’ employment screening services enable companies to analyze candidates’ professional backgrounds, from drug testing and fingerprinting to criminal records, professional licenses and education verification, plus a best of breed SSN verification service.

These services have helped create leads and confirm data for millions of customers, in addition to giving them peace of mind and the ability to make better decisions by making use of valuable public information. The Intelius executive team consists of IT and Internet professionals, technologists, business providers, and security specialists, and is led by Chairman Bill Owens and CEO Naveen Jain.

Intelius makes security available at multiple levels, including the personal, technological, and operational levels. Intelius also protects customers’ personal names, credit card numbers, and social security numbers. Intelius’ Verisign certificate signals safe and secure web transactions.

Reference: Intelius.com

http://www.peoplesearches.com/news/

Intelius Blog is Journalism First, Marketing Second

2009-05-14T19:18:00.000-06:00

Reference: Intelius.com

http://www.peoplesearches.com/news/

ITRC's 5th Annual Aftermath Study Released: An Analysis of Identity Theft Through the Victims' Eyes

2008-08-12T23:47:00.003-06:00

The Identity Theft Resource Center (ITRC) released an important report today discussing the impact of identity theft victimization. Since 2003, the Identity Theft Resource Center has conducted annual victimization surveys to study the impact of identity theft crimes on its victims.

Now in its fifth year, the report allows us to analyze the data, draw some conclusions, map trends and identify areas for further research. While ITRC reports the data in terms of percentages, it is critical that we remember those numbers are people. These are people with lives that have been interrupted, altered, torn apart and/or changed.

According to several sources, The Aftermath is the only study of its kind. This study reflects only the experiences of confirmed identity theft victims who worked with the ITRC, and is not a census or general population-based study. The questions asked ranged from the emotional impact this crime has had on their lives all the way through to their ability to recover their good name. It includes the financial loss to the business community in goods and services.

The Aftermath 2007 does not distinguish between those who are still being affected from those who are not. Thus, certain measures of victimization represent conservative estimates since the assessment was limited to the ending date of the study.

The following are highlights of The Aftermath 2007 study. An analysis of the entire study was done by two business analysts and a psychologist, with their comments included in the full report. The full report can be found on the ITRC website: www.idtheftcenter.org.

Prevalence of Types of Identity Theft Crimes: Financial identity theft crimes were reported by 78% of the respondents, 2% reported criminal cases only, and 2% reported governmental issues only. The rest were combination cases: financial and criminal (7%), financial and governmental (9%), and a mixture of all three types (3%).

Uses of victim information: More than one-half (57%) of the 2007 sample reported their personal information had been used to open a new line of credit in their name. 13% of all respondents noted their information was used for obtaining new cable and/or utility services. It should be noted, check fraud and debit card fraud are increasing. The ITRC continues to predict that criminals will turn to other types of identity theft when it becomes more difficult to open new lines of credit. This may indicate changes due to the sampling taken.

Non-financial forms of identity theft: In 2007, 62% of respondents reported thieves had committed financial crimes that resulted in warrants being issued in the victim’s name, more than 2 ½ times higher than in 2006. All areas of criminal identity theft combined with other issues increased between 2006 and 2007. It should be noted that identity thieves continued to obtain government assistance and benefits using the victim’s information.

Sources of Stolen Information: With a five-year history to study, it is clear that according to the respondents about 1/3 of cases were started by a person known to the victim. The next highest category of identity theft originated from a lost/stolen wallet or PDA. Scams have become more of a problem for victims in 2007 than in previous years. Identity theft due to mail theft and theft of information from a burglary of car or home has dropped in the past few years.

Moment of Discovery: In 2007, 82% of victims found out about the identity theft through an adverse action compared to 76% in 2006. Only 10% of respondents found out about the crime due to proactive measures taken by businesses and 8% saw something unusual on their credit report. 42% reported that they found out within the first three months of the crime. One analyst believes that people found out more quickly because of the more aggressive nature of collection efforts and the tightening of the credit market.

Costs to Victim: Respondents in 2007 spent an average of $550.39 in out-of-pocket expenses for damage done to an existing account. In reference to new accounts, respondents spent an average of $1,865.27 compared to $1,342 in 2006.

Cost to Business: In 2007, the average loss in goods and services to businesses, as reported by survey respondents, was $48,941 compared to $87,303 in 2006. Six individuals exceeded $100,000, with one in excess of $700,000. This study only includes respondents who contacted the ITRC in 2007 and is not necessarily indicative of a national business loss average.

Victim Hours Repairing Damage: In The Aftermath 2007, victims reported spending an average of 116 hours repairing the damage done by identity theft to an existing account used or taken over by the thief. Answers included 6,000, 8,640, and 5 years of time (outliers). In cases where a new account was created, respondents reported an average of 158 hours to clean up the mess with outliers of “endless” and “too many to count."

Extended involvement: In 2007, 70% of victims indicated that it took up to 12 months to clear issues of all misinformation, compared to 50% in 2006. A moderate amount of victims (12%) took one to two years. Unfortunately, some 19% indicated that it took two or more years to resolve their case.

Response by Creditors, Utilities and Collection Agencies: As in previous years, credit issuers, utility companies and collection agencies continue to rate poorly in their handling of identity theft victims.

Inability to Clear Negative Records: Credit agencies, either by putting negative information back in records (31%) or not removing it in the first place (32%), topped the list of reasons for victims’ inability to clear their records. Other prominent responses include Social Security Number tied to another person’s file (22%) and victims’ fraud alerts ignored (19%). An increase was also seen in the sale of credit accounts even though the fraudulent account was cleared by the creditor and the inability to get proof even with a police report.

Unexpected secondary effects: Victims reported a number of additional problems including: increases in insurance rates, current credit card interest rates and criminal records not being cleared. The inability to get credit resonated with the majority of respondents (64%). In addition, 53% have collection agencies still calling, 27% had credit cards cancelled (even though the accounts were being properly maintained), 18% said it affected their ability to get a job, and 14% reported tenancy issues.

Relationship of Imposter to Victim: It is important to note that a large percentage of respondents seem to have been victimized by those who may have had easy access to personal identifying information including friends, family members, ex-spouses/significant other, or those in close contact with the victim, such as co-workers.

Child Identity Theft: In 2007, 47% of this special case group reported that one, both, or a step parent was the thief. Another 12% reported that it was another family member. 18% said that the person had access to information but is not related and 24% did not know how the case first began. The age of the victim when the crime FIRST began varied, with 18% under five years old. It should be noted that the crime may have been discovered years later.

Victim Response to Family or Child Identity Theft: Throughout the five year range, we have seen spikes in categories such as “family supports victim in trying to force responsibility on the thief.” Family support does appear to be increasing, yet some families are torn or still in denial or want the victim to drop the case.

Emotional Impact: Few significant positive changes have occurred in the feelings of victims and in terms of reported victim symptomology. More than 49% of the respondents reported stressed family life, 22% felt betrayed by unsupportive family members and friends, and 23% said their family didn’t understand. (Table 17)

The strongest feelings expressed were: rage or anger, betrayal, unprotected by police, personal financial fears, sense of powerlessness, sense they were grieving, annoyed, frustrated, exhausted, sleep disturbances, an inability to trust people, and the desire to give up and stop fighting the system. Long term emotional responses included: suicidal, feeling captive, ready to give up and felt that they have lost everything.

Reference: identitytheftdaily.com

(PeopleSearches.com) and (USPublicRecords.com) and (BackgroundCheckDirectory.com) and (IDTheftDefense.com) and (USPRS.com) and (USPeopleFinder.com) and (IdentityTheftDefense.com)

5 “DISPOSABLE” Web Accounts to Keep Your Identity Safe

2008-08-12T23:29:00.003-06:00

Fed up with spam? Tired of telemarketing calls? Feelin’ paranoid about identity theft? … Here you’ll find a bunch “throwaway” web tools that can help you out.

Disposable eMail Account:

Mintemail - Instant disposable email for any ‘fishy’ registration form or sign-up. Go to mintemail.com and a random email address will be automatically generated and copied to your clipboard. You can either bookmark the location of created inbox and use it on a regular basis or always use a new one.

Highlights include: Automatic eMail verification, email forwarding, option to set custom expiry times (from 1 hour to 1 month) and more.

Disposable Phone Number:

Numbr - This is a really good one. Basically, Numbr gives you an anonymous disposable phone number that can be set to forward all incoming calls to any provided landline or mobile number (US only). Absolutely-free. It’s an ideal solution for times when you want to keep your phone private but want to list your contact number in places like classifieds listings, social networking sites, blogs, etc.

Along with the number, you also get access to dozens of cool functionalities, i.e. forward to voicemail, ability to activate/deactivate nr. at any time, etc. Read more: Numbr - Disposable Phone Number.

Disposable Login Details:

BugMeNot - Here you can get disposable login details (username/password) for a huge number of popular news/review/download websites that normally require users to register.

For example, let’s say you clicked on a link that points to an article on a popular media website (eg. NYT). Usually instead of landing straight on the article page you’re asked to signin or register. Maybe there is a good reason behind it, but what’s the point of signing up if that is your first and only visit to that website.

When it comes to BugMeNot, it instantly gets you a number of “public” login details that can be used to access the website. It’s fast, it’s convenient and you don’t have to worry about getting spammed. Check out full feature list in BugMeNot review.

Disposable Name and Address Generator:

FakeNameGenerator - Fun tool for quickly generating fake but totally sound names and contact address. Cool part about it, not only you get to choose country of residence but can also specify what kind of name you’re looking for, i.e. Chinese, American, Indian, etc.

Disposable File Sharing:

File.io - Anonymous file sharing service where you can upload and share file/s (via password-protected URL) for 30 days. Once 30 day period is over, all shared files will be automatically deleted.

Read More on Disposable Accounts

Disposable Web Accounts: To Keep Your Internet Interactions Safe

The guys and gals over at MakeUseOf.com have put together a list of 5 useful disposable web services that allow you to make your web interactions a little more private.

The services are something that most everyone will use whether you are selling something on Craigslist, registering for a new forum where you'll need to click a verification link sent through e-mail to validate your account, or just a disposable account to share some files with co-workers or friends.

In addition to the links that they've put on their list, I'd like to toss out a couple of others.

PrivatePhone.com provides you with an anonymous voice mail box at a dedicated number. This is a service I use myself when I'm listing a contact number on Craigslist or other places where I sell stuff online.

I also use it for most any other occasion where I won't want to give my real cell phone number out. The service is free and I have never had a problem with it.

Giving out your real e-mail address nowadays is pretty much you requesting to get sent a bunch of spam e-mails. Spamgourmet solves that problem.

It allows you to create a disposable e-mail address that you can give out to people and places who you'd rather not give out your real e-mail address too.

But here's the twist. It also has a spam blocker built in. Here's a little more about it as they've described it on their website.

If you give your email address to everyone, you are bound to receive spam emails, and you won't know where they came from. Wouldn't it be convenient to give a different email address to every business or web site, while getting all your email as before?

Wouldn't it be easiest to assume the address will be given to spammers, and have it work as a spam blocker by shutting off automatically unless you decide otherwise?

That's exactly what spamgourmet offers! There is nothing to install on your computer, and once you're set up, it's likely you won't ever have to come back here. This is what makes spamgourmet one of the most convenient and effective anti-spam tools available.

Reference: makeuseof.com
-------------------------------------------------/////
DISPOSABLEACCOUNT.COM
DISPOSABLEACCOUNTS.COM
DISPOSABLEACCOUNTSERVICE.COM
DISPOSABLEACCOUNTSERVICES.COM
DISPOSABLEIDENTITIES.COM
DISPOSABLEIDENTITY.COM
DISPOSABLEWEBACCOUNT.COM
DISPOSABLEWEBACCOUNTS.COM
DISPOSABLEWEBSERVICE.COM
DISPOSABLEWEBSERVICES.COM

DOJ, Secret Service Move Against International Hacker, ID Theft Ring

2008-08-05T16:07:00.002-06:00

U.S. Attorney and Secret Service claim an international crime syndicate was behind the identity theft of more than 40 million credit and debit card numbers from TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Department of Justice and Secret Service allege the hackers used "Wardriving" to hack networks and "Sniffer" programs to capture card numbers and customer data.

In what is believed to the largest hacking and identity theft case ever prosecuted, the DOJ (Department of Justice) said Aug. 5 it has indicted 11 people for the theft and sale of more than 40 million credit and debit cards.

According to the DOJ, the card numbers were obtained by "wardriving" and hacking into the wireless computer networks of major retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Wardriving involves locating Wi-Fi networks from a moving vehicle with a laptop or PDA.

Once inside the networks, the hackers installed "sniffer" programs that would capture card numbers, as well as password and account information, as they moved through the retailers' credit and debit processing networks. After the thieves collected the data, they concealed the data in encrypted computer servers that they controlled in Eastern Europe and the United States.

The DOJ indictment claims the conspirators sold some of the credit and debit card numbers over the Internet to other criminals in the United States and Eastern Europe. The stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards. The thieves then used these cards to withdraw tens of thousands of dollars at a time from ATMs.

"So far as we know, this is the single largest and most complex identity theft case ever charged in this country," Attorney General Michael Mukasey said at a Boston news conference. "It highlights the efforts of the Justice Department to fight this pernicious crime and shows that, with the cooperation of our law enforcement partners around the world, we can identify, charge and apprehend even the most sophisticated international computer hackers."

In an indictment returned on Aug. 5 by a federal grand jury in Boston, Albert "Segvec" Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy for his role in the scheme. Gonzalez was previously arrested by the Secret Service in 2003 for access device fraud.

During the course of the current investigation, the Secret Service discovered that Gonzalez, who was working as a confidential informant for the agency, was criminally involved in the case. The DOJ said that because of the size and scope of his criminal activity, Gonzalez faces a maximum penalty of life in prison if he is convicted of all the charges alleged in the Boston indictment.

Criminal indictments were also released in Boston on related charges against Christopher Scott and Damon Patrick Toey, both of Miami. In addition, indictments were unsealed in San Diego against scheme participant Maksym "Maksik" Yastremskiy, of Kharkov, Ukraine, and Aleksandr "Jonny Hell" Suvorov, of Sillamae, Estonia.

The San Diego grand jury also indicted Hung-Ming Chiu and Zhi Zhi Wang, both of the People's Republic of China, and a person known only by the online nickname "Delpiero."

The indictments charge the defendants with crimes related to the sale of the stolen credit card data that Gonzalez and others illegally obtained, as well as additional stolen credit card data. Suvorov is charged with conspiracy to possess unauthorized access devices, possession of unauthorized access devices, trafficking in unauthorized access devices, identity theft, aggravated identity theft, and aiding and abetting.

Yastremskiy faces charges of trafficking in unauthorized access devices, identity theft, aggravated identity theft and conspiracy to launder monetary instruments. The indictment also contains a forfeiture allegation. Chiu, Wang and Delpiero are charged with conspiracy to possess unauthorized access devices, trafficking in unauthorized access devices, trafficking in counterfeit access devices, possession of unauthorized access devices, aggravated identity theft, and aiding and abetting. All are believed to be foreign nationals residing outside of the United States.

In May, Gonzalez, Suvorov and Yastremskiy were charged in a related indictment in the Eastern District of New York. The New York charges allege that the trio was engaged in a scheme to hack into computer networks run by the Dave & Buster’s restaurant chain. According to the indictment, they stole credit and debit card numbers from at least 11 locations.

The New York indictment claims the defendants gained unauthorized access to the cash register terminals and installed at each restaurant a packet sniffer. The packet sniffer was configured to capture credit and debit card numbers as the information was processed by the restaurants. At one Dave & Buster's location, the packet sniffer captured data for approximately 5,000 credit and debit cards, eventually causing losses of at least $600,000 to the financial institutions that issued the credit and debit cards.

Gonzalez is currently in pre-trial confinement on the New York charges. Based upon the San Diego charges, Turkish officials arrested Yastremskiy in July 2007 in Turkey when he travelled there on vacation. He has been in confinement since then in Turkey, pending the resolution of related Turkish charges, and the United States has made a formal request for his extradition.

Suvorov was apprehended by the German Federal Police in Frankfurt in March on the San Diego charges when he travelled there on vacation. He is currently in confinement pending the resolution of extradition proceedings.

"While technology has made our lives much easier it has also created new vulnerabilities. This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results," U.S. Attorney Michael J. Sullivan said. "Consumers, companies and governments from around the world must further develop ways to protect our sensitive personal and business information and detect those, whether here or abroad, that conspire to exploit technology for criminal gain."

Reference: eweek.com

(PeopleSearches.com) and (USPublicRecords.com) and (BackgroundCheckDirectory.com) and (USPRS.com) and (IDTheftDefense.com) and (USPeopleFinder.com) and (SecurityInformation.com)

Two Arrested in Countrywide Identity Theft Scam Investigation

2008-08-04T07:53:00.003-06:00

A former Countrywide Home Loan employee and another man were arrested Friday on suspicion of selling the identities of the troubled lender's customers, the FBI announced.

Rene L. Rebollo, Jr., 36, of Pasadena, and Wahid Siddiqi, 25, of Thousand Oaks, were arrested by FBI agents at their homes.

Authorities allege Rebollo, who was employed as a senior financial analyst for Countrywide Home Loan's subprime mortgage division, Full Spectrum Lending, sold the identification data to Siddiqi, who then sold it to others.

Rebollo had access to Countrywide's computer databases that contained private information about its customers, prosecutors said.

He was fired in July, according to the government.

The FBI and Countrywide Financial investigators discovered the security breach and began a joint investigation, U.S. Attorney's Office spokesman Thom Mrozek said.

During an interview with FBI agents last month, Rebollo said he gave out Countrywide customers' account information to third parties for two years, according to prosecutors.

Rebollo said he got the information from computers at work, then copied the data onto flash drives with the intent to sell it, according to the FBI.

He said he made between $50,000 and $70,000, prosecutors allege.

An FBI informant ordered personal profiles from Siddiqi, who later met the informant and allegedly sold the data for cash, prosecutors said.

Investigators are analyzing the data to determine if any customers' identities have been compromised, and Countrywide officials will notify and assist any victims in the case, Mrozek said.

Rebello is charged with exceeding authorized access to the computer of a financial institution, which is punishable by up to five years' imprisonment.

Siddiqi is charged with fraud and related activity in connection with access devices, which carries a penalty of up to 15 years in federal prison.

Reference: myfoxla.com

(IDTheftDefense.com) and (PeopleSearches.com) and (USPRS.com) and (USPeopleFinder.com) and (USPublicRecords.com) and (BackgroundCheckDirectory.com)

DMV Puts Coloradans at Risk of ID Theft

2008-07-09T18:30:00.001-06:00

The Division of Motor Vehicles put 3.4 million Coloradans at risk of identity theft due to flaws in the way driver's-license information is handled, lawmakers learned Tuesday at an interim transportation committee hearing.

The DMV regularly sends large batches of personal information over the Internet without encryption and has failed to properly limit access to its database, according to a recent audit. At one point, 33 former DMV employees could access names, addresses, dates of birth and Social Security numbers — some workers more than a year after their departure, auditors found.

Revenue Department leaders who oversee the division say they are working to hire internal watchdogs and build up their technological defenses.

But the state, facing a budget shortfall, will have no additional money in the foreseeable future for new computer systems. Cyber security alone is a $1.5 million problem that will be tough to solve, said Roxy Huber, Revenue Department executive director.

"To tell you that I'm going to have the tools to do what I need to do, I don't know where they're going to come from," Huber said. "But we will continue to do the best with the tools that we have."

A recent $1.168 million Homeland Security grant will buy some technology upgrades, but it's unclear how much will be used to safeguard personal information.

Colorado ranks eighth in the nation in identity-theft complaints per person and first in the nation when it comes to general fraud reports. On average, those frauds cost victims $4,041 each for a total of $41.3 million in 2007, according to in formation from the attorney general's office.

No cohesive responsibility plan

Auditors said the DMV's method for handling sensitive information was "fragmented, disorganized and poorly planned," partly because the division is made up of a number of decentralized offices scattered across the state. No one person is responsible for security.

High turnover — 60 percent of entry-level workers leave during their first year — and low, $26,280-a-year starting salaries make fraud more attractive and management more difficult, DMV officials said.

While employees have been caught issuing hundreds of fraudulent licenses, there are no known instances of identity theft or information security breaches, said Department of Revenue spokesman Mark Couch.

"It's not like we have a completely defenseless system," Couch said. The audit "says that we need to take more steps."

Funding losses cut resources

Lawmakers Tuesday cut the department some slack, acknowledging that steep budget cuts in the early 2000s led to downsizing.

"Without the appropriate resources, there's no way we can hold you accountable for doing some of the things you're expected to do," said Sen. Nancy Spence, R-Centennial.

Protecting personal information isn't the DMV's only immediate concern, however.

Auditors said the division must better ensure that its employees know how to spot fake documents, don't fraudulently issue IDs, deactivate the licenses of the deceased and perform checks of applicants' immigration status.

And while the state checks employee backgrounds for crimes committed in Colorado, it does not look at other states or federal crimes.

Positive steps

Some problems already have been fixed.

The 33 former employees with database access immediately had their passwords deactivated once auditors identified them, and the DMV now compiles monthly lists of departed workers to prevent future lapses.

The division has a long-standing policy of redacting the last four digits of Social Security numbers before they're transmitted, and the division plans to encrypt all transmitted information by June 2009.

Other audit findings:

While the DMV's most serious problems are with the way it protects personal information, state auditors also chided the division for:

1) Checking employees for criminal records in Colorado but not nationwide.

2) Frequently failing to check the immigration statuses of license and ID card applicants.

3) Needing better training on how to spot fake documents.

4) Failing to properly monitor employee activity to prevent the issuance of fraudulent licenses and ID cards.

5) Leaving active the licenses of dead people, though the DMV has since begun reconciling its records with death certificates.

Other audit findings are available online at www.leg.state.co.us/osa/coauditor1.nsf.

Reference: denverpost.com

(USPublicRecords.com) and (BackgroundCheckDirectory.com) and (IDTheftDefense.com) and (PeopleSearches.com) and (USPRS.com)

US Contradicts Itself Over Its Own ID Theft Advice

2008-07-02T21:21:00.002-06:00

When it comes to the risks of identity theft, the U.S. government isn't taking its own advice.

The nation's Medicare agency and the Pentagon compel at least 52 million Americans to carry their Social Security numbers in their wallets, contrary to warnings by the Federal Trade Commission that people should avoid doing so.

At least 44 million Medicare insurance cards include the beneficiary's full Social Security number.

Social Security numbers also appear on 8 million Defense Department identity cards used by active duty and reserve forces and their dependents, and on identification cards issued to military retirees. The Pentagon plans to remove the numbers but won't complete the effort until 2014.

And the Internal Revenue Service still tells taxpayers to write their Social Security number on checks used to make payments, a potential problem for those using the mail rather than filing electronically.

All this contradicts advice from the Federal Trade Commission, the lead federal agency for deterring identity theft.

"Protect your Social Security number. Don't carry your Social Security card in your wallet or write your Social Security number on a check," the FTC warned in a pamphlet sent months ago to every mailing address in the United States. The Social Security Administration offers similar advice.

Carrying a Medicare card with the full Social Security number is more of a problem than the Social Security card. People usually need the insurance card to visit a medical provider but can memorize their number and always leave their Social Security card at home.

The Centers for Medicare and Medicaid said it would be too expensive for the agency, and for medical providers linked to Medicare, to change their systems with new numbers. Medicare officials also said they know of no cases in which identity theft was traced directly to a lost or stolen Medicare card.

Charlene Frizzera, chief operating officer of the nation's Medicare agency, said it would cost half a billion dollars to make the change for the government alone. Medicare's budget is $466.1 billion for the current financial year.

"Our advice is, don't carry it with you unless you know you're going to need it," Frizzera said of the government insurance card. But that advice contradicts the message on the back of the card: "Carry your card with you when you are away from home."

The president's Identity Theft Task Force recommended last year that U.S. agencies reduce the unnecessary use of Social Security numbers, which it called "the most valuable commodity for an identity thief."

Arnold Werner, 84, a retired chemical engineer from Scott Depot, W.Va., was so upset over his Medicare card that he blacked out the two middle numbers of his Social Security number. His physician's office said he needed to write the number back so it could copy it for billing purposes.

Werner gave up his attempt to change the system. By the time he needed the card for a hospital visit, he had obtained a new card with his full Social Security number printed on it.
"The government doesn't know what it's doing," he said. "I don't think they do anything right these days."

Military forces, their dependents and retirees must carry their ID cards for a range of services and benefits. Army officials at Fort Bragg, N.C., mistakenly issued to an identity thief a military ID card in July 2001 in the name of retired Army Capt. John Harrison with Harrison's Social Security number.

The thief, Jerry Wayne Phillips, was later convicted and sentenced to 41 months in prison after running up more than $260,000 in charges, including two trucks and a $25,000 Harley Davidson motorcycle. Harrison has testified to Congress about the need for tougher identity theft laws.

Combined with other personal information — such as a victim's full name, birth date and home address — a Social Security number can be used to open fraudulent credit accounts using a victim's identity. With just a Social Security number, a clever thief can fraudulently obtain a victim's credit report for as little as $50, an important step toward ultimately impersonating a victim.

"The underground is using different pieces of information to put together a picture of you, and a key piece of the puzzle is your Social Security number," said Dan Clements, president of CardCops, which sells services that monitor consumer accounts for identity theft.

Medicare has no plans to change or revise its insurance cards.

The Pentagon will begin eliminating the Social Security number in stages starting at the end of this year.

The IRS said in a statement it would not return a check that was missing the Social Security number, but it has no plans to change its instructions.

"At the surface level, they're working at cross-purposes. There's a reason for that," said Joel Winston, the Federal Trade Commission's director of the division of privacy and identity protection. "They've historically used this as an identifier because it works very well. But there's a widespread recognition that it's not a good idea anymore."

The Defense Department said it doesn't have the money, people, equipment and work stations to replace the cards all at once.

By 2014, the number will not be printed on any of the Defense Department cards except those for retirees who fail to request new IDs. There is no expiration for retiree ID cards — used for access to base facilities and services such as the library, gym, bowling alley and golf course.

The Veterans Affairs Department, state governments, private companies and educational institutions already have acted to eliminate visible Social Security numbers:
1) Private insurers covering roughly 200 million people issued new cards in recent years that replaced Social Security numbers with different identifiers. "I don't know of private insurers who use a Social Security number on the card," said Susan Pisano, spokeswoman for America's Health Insurance Plans. "Industry practice is, where Social Security numbers are used at all, they are used internally." Byron Hollis, national anti-fraud director for the BlueCross BlueShield Association, said the 39 independent companies in the trade group spent about four years replacing insurance cards for more than 90 million customers by the start of 2006.

2) The VA spent roughly $6 million to replace about 4 million benefit cards to remove the Social Security number and birth date and placed all sensitive information on a bar code and magnetic strip. The only visible information on the new VA health cards is a color photo and identification of a special status, such as a Purple Heart recipient or former prisoner of war.

3) Most universities have eliminated use of Social Security numbers.

4) Forty-seven states have enacted laws to prevent identity theft, although their scope varies widely. In many instances, the laws ban use of the number for driver's licenses and other official state documents, student ID cards and cards issued by private health insurers. "States have really forged out ahead," said Richard Hamp, an assistant attorney general in Utah. "I'm disappointed that the federal government isn't more on top of it."

Reference: ap.google.com

(USPublicRecords.com) and (PeopleSearches.com) and (IDTheftDefense.com) and (BackgroundCheckDirectory.com) and (USPRS.com)

A 'Phishing' Trip for Identity Theft?

2008-06-22T12:19:00.002-06:00

A woman with a foreign accent called recently asking for one of my sons. I told her he wasn't here and asked who was calling. She said she'd call back later and hung up.

A few days later, three different women called to tell my wife that one of our sons had applied for health insurance with their company, and they needed to talk to him about his application.

When my wife asked for a number at which our son could call her back, she said, "You can't call me back." Our son maintains he never applied for health insurance.

Indeed, he has no reason to apply for health insurance. As a college student, he is automatically covered by our family policy.

Our caller ID registered the calls as coming from telephone number 720/724-9766 (Insurance Online), a Denver, Colo., number. This incident sounds like a phishing expedition - perhaps to steal our son's identity?

On the Internet, I can find no such company as Insurance Online, but I can find a lot of complaints about telephone number 720/724-9766.

Reference: desmoinesregister.com

(USPRS.com) and (IDTheftDefense.com) and (PeopleSearches.com) and (BackgroundCheckDirectory.com) and (USPublicRecords.com)

ID Theft CEO Has Identity Stolen

2008-05-25T21:36:00.002-06:00

LifeLock chief dared thieves to take his Social Security number... so they did

Todd Davis, CEO of an identity-theft protection service called LifeLock, kept putting his Social Security number in TV commercials and daring somebody to take it. So he shouldn’t have been surprised when an identity thief did just that.

But Davis says it just proves that his LifeLock identity protection service works.

“My Social Security number has been out there for two years,” the jovial exec told TODAY’s Matt Lauer Friday. “There’s been one instance where someone was successful in trying to turn my identity into money. There have been 87 other attempts to steal my identity, but the system works.”

But some of his customers disagree with that claim. Attorney Davis Paris has filed a class action lawsuit in Maryland, West Virginia and New Jersey saying that Davis and LifeLock engage in false advertising by seeming to offer absolute protection against identity theft in their ubiquitous ads.

Another lawsuit in Arizona alleges that his $1 million “service guarantee” is misleading and covers only defects in LifeLock services and not actual identity theft.

Another lawsuit has been filed against LifeLock by Experian, the credit-report company, alleging that Davis’ company deceives customers about the depth of its service. Experian claims LifeLock doesn’t give consumers any more protection for its $10 monthly fee than they can get for free on their own.

What does he guarantee?
Davis called the customer complaints “unfounded” and accused Experian of trying to protect its own practice of selling customer information.

He also said that his company does not guarantee that a customer’s identity won’t be stolen.

“No one can stop all identity theft. We say that on our Web site,” he told Lauer. “We even tell people some of the steps we do that they can do for free. But we also tell them they need to know their rights to put this front line of defense in place to minimize their risks.”

So what does he guarantee?

“What we guarantee is that if something happens, we’re going to do everything the law allows us to do to fix the problem for you,” Davis said.

LifeLock claims more than a million customers, and the class action lawsuit filed against the company is on behalf of four unhappy customers. Davis said that indicates that most of his customers are happy with the service provided.

Lauer told Davis that TODAY researchers used readily accessible databases to find more than a dozen people who have applied for driver’s licenses using Davis’ Social Security number: 457-55-5462. Among them were people who gave their names as “Joe Blow” and “Jabba T. Hutt,” and one person who gave an address of “123 Fake Street.”

Davis countered that none of the people who applied for licenses actually got them.

“Those are attempts,” he told Lauer. “Those are some of the 87 people who tried to use my identity. The system worked exactly as it was supposed to. They were turned away. It proves it does work.”

Lauer asked Davis if his company actually offers services that consumers can’t get for free on their own.

“Absolutely,” he said. “Beyond the fraud alerts and opting out of preapproved credit cards, we are out there scanning over 10,000 Web sites where people buy and sell people’s personal information. We’re going to authenticate when someone puts in a change-of-address form for you, which is a great indication you’ve been victimized.”

He expressed confidence that LifeLock would prevail in court.

“We’re going to spearhead the change and prevent this crime from affecting so many people,” he said, speaking with the same enthusiasm he puts into his commercials.

At the end of the interview, Lauer had just one more question: “What’s your bank account number?”

Davis laughed and shot back, “I’ll give it to you later — as long as I can get yours, too, Matt.”

Reference: msnbc.msn.com

(USPublicRecords.com) and (BackgroundCheckDirectory.com) and (USPRS.com) and (PeopleSearches.com)

Identity Theft Can Lead to Criminal Records

2008-05-22T20:45:00.002-06:00

Background checks can range from checking social security numbers and verifying identity, to criminal record checks and comprehensive reports on employment and credit history, education and character. These searches can be performed by third-party services such as specialized employment screening companies, private investigators or online data brokers, or they can be performed in-house by a company's own employees.

Increasingly, companies and organizations are requesting background checks for job applicants, existing employees seeking promotions, volunteers and even dating service members. A bad hiring decision can be ruinous to an organization's reputation and finances. The number of background checks being conducted is increasing for several reasons: national security concerns, a rise in negligent hiring lawsuits, recent corporate scandals and the ease of searching public records and commercial databases with the internet. Companies may use a background check as a way of verifying the information you give in your resume and application form.

In a comprehensive background check, records commonly searched include: social security, court, credit, criminal, incarceration, driving and vehicle registration, education, employment, property ownership, military, workers' compensation, drug test, state licensing, bankruptcy and sex offender lists. The Americans with Disabilities Act limits access to medical records to inquiries about your ability to perform specific job functions. In addition, background checks may include interviews with your neighbors, friends and acquaintances.

Under the federal Fair Credit Reporting Act (FCRA), employers must get your written permission before doing a background check, but this only applies when an organization is using a third-party screening service. If the company is conducting the background search in-house, they do not have to follow the FCRA regulations.

Problems with background checks can arise in several ways.

Identity theft can lead to criminal records being associated with your name, but not committed by you. If someone miswrites their social security number on an application form, their name can end up on your file. Reputable employment screening companies check negative information from database searches against courthouse public records. But if the information is simply obtained from internet records and databases, it may not be up-to-date, accurate or complete.

If you know that you are likely to have a background check for a job application or other reason, there are several ways to prepare for this and minimize the chances of inaccurate or misleading information being reported. Order a copy of your credit report, check court records, check Department of Motor Vehicle records, do your own background check (by hiring a record screening service yourself), request copies of previous background checks, and let your friends, neighbors and work colleagues know that they may be contacted by a background screening service.

(USPublicRecords.com) and (BackgroundCheckDirectory.com) and (USPRS.com) and (PeopleSearches.com)

Use Credit Monitoring Services to Detect Identity Thefts

2008-05-10T08:52:00.003-06:00

Modern technological innovations have given us the convenience to purchase everything from the comfort of our homes. With the help of the Internet and credit cards we can buy our desired products and services from anywhere in the world without physically visiting the showroom or even making the cash payment.

However, along with adding comforts to our shopping and many other benefits online transactions though credit cards might also bring troubles that are enough to take away your peaceful sleep! One of the most prevalent problems that credit cards users often face is identity theft, which is a new mode to duping without the knowledge of the victim.

Identity theft means stealing personal information of a person and impersonating him or her for making frauds. Phishing and hacking are some of the common means used for identity thefts involving credit cards.

Your credit card number or social security number can be misappropriated by unauthorized persons and misused to cheat banks by fraudulently getting loans, making online purchases, or taking money from the ATM and it is obvious that you will be held responsible for all the transactions being made from your account. IDTheftDefense.com provides you with A to Z information on identity thefts, the ways of detecting and preventing identity theft, credit reports and a lot more.

Credit monitoring or credit "file" monitoring is an easy, efficient and affordable way to identify theft detection. You can even prevent identity theft by detecting mistakes in your credit report and correct them using credit monitoring services.

Credit report, also known as credit history in many countries, provides detailed records of how much a person or company has borrowed and repaid in the past including information on late payments and bankruptcy. A credit score represents your creditworthiness based on the information collected from your credit report.

You can successfully monitor your credit report by using efficient credit monitoring services:

1. First of all, you can check credit report and make relevant inquiries into your credit line.

2. By reviewing your credit report you can easily identify if any new account has been activated using your identity.

3. Address changes on credit information and collection activities in your name can be easily detected from credit reports or credit histories.

4. Your credit report will reflect delinquencies or any negative change made to your account as well as information on closed accounts.

Though credit monitoring is an important step towards Identity theft defense, it cannot be used to prevent them. Awareness is the key to check identity thefts. As an informed individual you can easily detect identity thefts or take appropriate steps regarding any mistake in your credit report.

Thus, you can lessen the amount of financial or credit rating damage which results from the false or negative activity on the report. Credit monitoring will keep you informed and definitely lower your risks in case of frauds resulting from identity thefts.

You should go for the credit monitoring scheme that suits your needs. Opting for monthly status reports through email is a viable option. IDTheftDefense.com recommends the 3-in-1 credit report which includes the three credit bureaus – Equifax, Experian, and TransUnion, as you may not come to know about all the credit problems if your monitoring plan covers only one credit bureau.

If you want to protect yourself and your family members from identity theft, then it is essential for you to educate yourself about it by getting all information from the IDTheftDefense.com website.

IDTheftDefense.com (IDTD) - Online defense against Identity theft, preventing identity theft, and comparing credit monitoring services.

(USPublicRecords.com) and (IdentityTheftDefense.com) and (USPRS.com) and (PeopleSearches.com)

Consumer Identity Theft Protection Services: What Works?

2008-05-06T18:07:00.002-06:00

You can't open a newspaper or a browser without reading about some data spill that has put consumers' personal information at risk. Over the past three years, more than 220 million private records have been lost or stolen, according to the San Diego-based Privacy Rights Clearinghouse.

In 2007, 8 million to 15 million Americans had their identities stolen.

The odds that it will happen to you are about one in five, according to surveys conducted by the Chubb Group.

Identity theft is a national epidemic, but some firms also see it as a marketing opportunity. In fact, some credit bureaus and banks that facilitated the spread of easy credit--and in the process unwittingly made identity theft a more profitable crime--now sell services to help you avoid having your identity pilfered.

For $10 to $20 a month, a company such as LifeLock or TransUnion will monitor your credit reports, alert you if anyone opens an account in your name, and help you recover fraudulent charges. But you can do many of the things these services offer to do, at no cost except for the effort (see "DIY identity-theft protection: A 12-step program" for details).

To assess the paid services, we signed up with six leading firms. Even services that worked as advertised weren't comprehensive. Only two -- Suze Orman's Identity Theft Kit and Identity Guard -- offered protection for anything beyond financial fraud. Using any of the services is better than doing nothing, but you may still have to work to safeguard your identity.

Monitoring your credit
Annual credit reports are free, but Javelin Strategy and Research president James Van Dyke says that credit monitoring has become a billion-dollar business for credit bureaus.

The keys to your financial identity jangle in the pockets of the Big Three credit bureaus: Equifax, Experian, and TransUnion. When you apply for a credit card, sign up for a wireless plan, or apply for a job, the company you're trying to do business with is likely to request a copy of your credit report. If anyone steals your identity, that person's bad behavior goes on your report, hurting your chances for a loan, a phone, or a job.

Federal law entitles you to a free annual report from each of the Big Three. You also qualify for a free copy if you've recently been denied credit or if you're an identity-theft victim. The bureaus make no money by supplying free credit reports, but they make a lot of money -- more than $1 billion annually, according to Javelin Strategy and Research president James Van Dyke--by selling credit-monitoring services.

For $5 to $20 per month, a credit-monitoring service will alert you whenever your report changes. If a thief opens new accounts in your name, you'll usually find out within a few days. Most monitoring services offer online credit reports, online credit scores (showing your chances of obtaining credit), and tools for managing and improving your credit rating.

But a credit-monitoring service won't tell you if someone steals your credit card and runs up huge bills; for that you must check your monthly billing statements. Furthermore, if you receive an alert about a dubious inquiry, you'll have to identify it as bogus and contact the credit bureaus on your own.

Our real-world tests of two major credit-monitoring services yielded mixed results. First we signed up for TrueCredit's three-in-one monitoring service, which promises to deliver e-mail alerts from all three bureaus for $15 a month. The first two times our tester tried to open a new credit account, TrueCredit failed to issue an alert. A third test a month later was more successful.

"The likely explanation is that [the bureaus] had not yet completed the processing required on their end by the time the first two inquiries were made," says Steve Katz, a spokesperson for TrueCredit's parent company, TransUnion.

Using TrueCredit was truly annoying in other ways. Whenever we accessed our account or received an e-mail alert, we had to wade through advertisements for credit scores, low-cost credit cards, and other services.

We had better luck with Identity Guard, whose parent company, Intersections, provides identity-theft protection sold through Citibank, Equifax, GE, and other firms. We signed up for Identity Guard's $17-per-month Total Protection plan--which provides credit monitoring, credit scores, security software, and public-records searches that identify names, addresses, and property associated with your identity, along with things like licenses, tax liens, and criminal convictions--and it alerted us to every change made in our credit reports.

Unfortunately, we found Identity Guard's interface confusing and its customer service line unhelpful. One particular annoyance: Our account page advertised services already covered under the Total Protection plan, inviting unwary consumers to buy the same services twice under different names. Tim Walston, a senior vice president for Intersections, explains that the ads are provided for people who may want to obtain fresh reports between Identity Guard's quarterly updates.

When fraudsters attack
If credit monitoring is a burglar alarm that goes off when someone steals your identity, a fraud alert is a deadbolt that prevents break-ins. At least, that's how it's supposed to work. By law, you can place a temporary fraud alert on your credit report, requiring lenders to verify your identity before issuing credit in your name. And if you tell one credit bureau to set up a fraud flag, it's obliged to notify the other two. But such alerts expire after 90 days. To address the lapses in coverage, companies such as Debix, LifeLock, LoudSiren, and TrustedID will renew alerts every three months for $9 to $13 a month.

These services set their alerts in different ways. LifeLock and TrustedID contact the bureaus and set the alert. Debix (which powers LoudSiren) provides its own contact number for lenders. When a creditor calls the number, Debix's automated voice network calls your phone and lets you approve or deny the transaction by entering a PIN. Debix can call up to three numbers until it finds you.

But in real-world tests, our results varied widely. After signing up for TrustedID, one of our testers applied for instant credit at The Gap. Store employees saw the fraud flag, called the Gap's internal credit division (operated by GE Money Bank), and put our tester on the phone to answer multiple-choice questions about his finances.

Another tester signed up for LifeLock and applied for a card at a different Gap store; he was granted instant credit after showing the store clerk his driver's license. In that case, LifeLock CEO Todd Davis admits, the fraud alert did not get set on the date it was requested. After requesting the alert a second time, our tester applied for another card and was asked to verify his identity more stringently. Davis adds that, either way, our tester would have been protected by LifeLock's service guarantee (see "The 'million dollar' question," below).

In our in-store Debix test, the creditor verified our tester's identity by putting him on the phone with the store's credit department, bypassing Debix's automated system. According to Julie Fergerson, Debix's vice president of emerging technologies, "80 percent" of creditors call Debix to verify transactions -- but they are not under any legal requirement to do so. Creditors can verify your identity in other ways, such as by sending a letter that asks you to mail them copies of W-2 statements, utility bills, or other documents.

In rare instances, creditors may issue credit without bothering to check your report. That seems to be what happened to Davis, who gained notoriety by publishing his Social Security number on LifeLock's home page and daring anyone to steal it. A Fort Worth, Texas, man promptly used Davis's identity to obtain a $500 loan. Davis says that many low-amount lenders don't pull credit reports, which is why the Fort Worth creditor didn't see the fraud flag that LifeLock had placed on its CEO's credit report.

"This person would have been able to get the loan no matter what form of protection was in place," says Mike Prusinski, LifeLock's vice president of communications. "As soon as Todd was aware of the problem, he reported it to LifeLock--and the remediation services investigated, found the source of the identity theft, stopped additional attempts by this same person to buy cell phones and other goods, and prevented any other consequences from the identity theft such as damage to a credit score."

In February, Experian sued LifeLock, claiming that federal law prohibits corporations from setting fraud alerts for consumers, and calling LifeLock's marketing practices fraudulent.

"LifeLock claims it can prevent identity theft, but that's simply not true," says Experian spokesperson Rod Griffin. "By the time a credit report has been pulled, the person's identity has already been stolen. It gives people a false sense of security."

Davis says he can't comment on an active lawsuit but would "welcome the chance to work out a business solution [with Experian] that will continue to protect consumers."

According to Scott Mitic, CEO of TrustedID, his company's strong suit is identity restoration, not identity-theft prevention.

Griffin won't say whether Experian will take legal action against other fraud-alert firms. TrustedID CEO Scott Mitic notes that the law allows consumers or their "personal representatives" to set flags, and says that his company has a good relationship with the bureaus. Debix pays one bureau for the right to set flags, Fergerson says, but she declines to identify which one. As we went to press, Identity Guard announced that it would stop setting alerts for consumers "because Experian asked us to stop," says Intersections' Walston.

The 'million dollar' question
Besides setting alerts, some services obtain your credit report and ask the bureaus to stop selling your info to credit card companies--two things you can do on your own (see "DIY Identity-Theft Protection"). Identity Guard and TrustedID will scan the Web and tell you if someone is trading your info online; but the odds of catching anyone are virtually nil, says Dmitri Alperovich, director of intelligence analysis for Secure Computing.

"This type of claim is mostly a gimmick," he says. "You might find a few credit card numbers by searching the Net, but most of them aren't lying around for public viewing, and the people who have them won't deal with you unless you're also a criminal."

LifeLock, LoudSiren, and TrustedID provide million-dollar guarantees against identity-theft losses, but that promise comes with some strings attached; LifeLock says that it will hire specialists to contact lenders and law-enforcement agencies for you, and will pay other direct costs up to $1 million. However, the guarantee doesn't define which costs LifeLock considers "direct," nor does it specify which costs are covered below the million-dollar cap.

TrustedID promises to pay the cost of reestablishing your identity, reimburse your legal fees, and restore up to $5000 in lost income. LoudSiren covers theft losses, attorneys' fees, and lost wages, with no cap. Debix's $25,000 policy covers expenses, attorneys' fees, and up to $2000 in lost wages.

But a million dollars is an inflated amount anyway. According to Javelin, the average out-of-pocket cost for identity theft victims in 2007 was $691, and the average loss for people who had false accounts opened in their names was $1066. Regardless, most victims of financial fraud don't pay anything out of pocket because the financial institutions typically bear the costs, notes Rachel Kim, an associate analyst at Javelin.

TrustedID's Mitic acknowledges the unlikelihood that anyone will need a million dollars of coverage. The real advantage, as he sees it, comes from having experts who can take the hassle and pain out of restoring customers' identities.

"I think the biggest benefit customers get from TrustedID's warranty is our restoration services--our commitment to hold a customer's hand, do everything and anything they need to help them put their lives back together again," Mitic says.

According to Prusinski, only 41 of LifeLock's 840,000 subscribers have ever needed its restoration services. Mitic declines to release TrustedID's customer numbers, but he estimates that 1 out of 10,000 need their identities restored. Debix's Fergerson says that just 9 of its 300,000 subscribers have filed insurance claims; in most cases the theft had happened before the customer signed on to the service.

The nuclear option: Security freeze
The third option beyond monitoring and alerts isn't pretty.

"Rather than relying on fraud alerts or spending $100 to $180 a year on credit monitoring, consumers should consider a security freeze," says Beth Givens, director of the Privacy Rights Clearinghouse. "Depending on how often you use it, a freeze can be an effective way to prevent identity theft and a lot cheaper than credit monitoring."

With a freeze (which you can set up yourself for a small fee), credit bureaus won't release your report at all -- not ideal if you need to obtain a mortgage, change cable providers, apply for a job, or do anything requiring a credit check. Freezes are free for identity-theft victims in most states, Givens notes.

TrustedID can set up a freeze for you for $15 plus any credit bureau fees, but you must mail it a power of attorney form. Or you can do it yourself via certified mail. The rules and fees vary depending on where you live, but the cost is usually $10 per bureau. (Consumers Union has a guide to each state's laws.)

If after freezing your account you decide to change your cable plan or apply for a loan, you'll probably have to pay $10 per bureau to unfreeze your account for a specific creditor or a certain period of time. And because credit bureaus tend to move at glacial speed, you should make an unfreeze request long before you actually need it.

Even with a freeze in place, identity thieves can use your medical insurance, ruin your eBay reputation, or apply for jobs with your name and résumé. Identity protection services can't prevent such problems, says Linda Foley, director of the Identity Theft Resource Center and an identity-theft victim.

Identity protection services may help people who can't be bothered to take the necessary precautions or who lack the resources to protect themselves. But you should choose carefully, read the fine print, and resist acting out of fear.

"I would say 'Buyer, beware,'" says Foley. "There is nothing you can buy that will keep you from becoming a victim of identity theft -- and if there was, I'd be the first in line to buy it."

Reference: computerworld.com

(USPublicRecords.com) and (BackgroundCheckDirectory.com) and (IDTheftDefense.com) and (USPRS.com)

Ten Ways to Stop ID Theft

2008-05-02T13:36:00.005-06:00

Stopping the Identity Theft Crisis:

Americans are facing an attack on their personal and financial privacy unlike that seen by any prior generation. Shielding your private financial information with no risk of a breakdown may be impossible these days. But it’s critical to understand how your privacy can be compromised and the consequences of such a breach -- and take a few simple steps to, if nothing else, better the odds in your favor.

Identity Theft - Identity Crisis:

This rather broad term takes in any number of privacy crimes, including theft of a Social Security number, a credit or debit card, or even the pilfering of phone calling cards.

The numbers associated with identity theft are beginning to add up fast.

A recent General Accounting Office report estimates that as many as 750,000 Americans are victims of identity theft every year. And that number may be low, as many people choose not to report the crime or, for that matter, even know they’ve been victimized.

Officials say much of identity theft still comes down to hands-on mischief -- things like ‘Dumpster diving’, in which criminals sift through trash to find a credit-card statement or solicitation that someone didn’t tear up, and 'shoulder surfing', where criminals try to spot calling card and personal identification numbers, and more commonly, mail theft.

Knowing which tricks thieves prefer remains an unquantifiable mystery. “Eighty percent of the victims who call The Federal Trade Commission’s Identity Theft Program and say they have no idea how it happened.

Officials also acknowledge that the Internet has opened new avenues for theft. If nothing else, the Web allows thieves to send stolen data to most any worldwide location.

How It Can Happen to You:

One popular scam involves fake mortgage brokers who dangle super low rates if the applicant is quick to provide personal data. Another uses e-mails in which the sender poses as an Internet service provider asking for information: “Even though people are told that ISPs will never ask for your Social Security number, one scam was just shut down after 70,000 people responded to their e-mails,” notes Crane.

More recently, criminals use email to link consumers to phony Web sites that ask users to "confirm" their account information by entering it into an official-looking online form. (For more on this newest wrinkle in identity theft, see " 'Phishing' scams: How to avoid getting hooked.")

Then, there's the infamous skimmer. “A skimmer is about the size of a credit card,” says Ellen Moriwaki, a senior product manager at Cyber Source, a payment processing and risk management concern. “And a criminal buys off a waiter in a restaurant. When you give him your credit card, he rings it up but also runs it through the skimmer, which collects your credit card information. In exchange for $50 a card, a waiter can gather as many as 100 credit cards a night.”

A Social Security card can also reap long-term fraudulent benefits, a stolen wallet containing a Social Security card lets a criminal quickly set up dummy bank and savings accounts. The very presence of the account may prompt the bank to give the criminal a credit card. From there, the con artist may waste little time maxing out the card, or take a bit more time and build up the card's buying power. That can mean fraudulent purchases as pricey as cars and boats.

Simple Ways to Get Protected Now:

There’s no ironclad protection that guarantees that you’ll never fall victim to some form of identity theft. But there are steps you can take to protect yourself, many of which are rather simple:

1. Destroy private records and statements. Tear up -- or, if you prefer, shred -- credit card statements, solicitations and other documents that contain private financial information.

2. Secure your mail. Empty your mailbox quickly, lock it or get a P.O. Box so criminals don’t have a chance to snatch credit card pitches. Never mail outgoing bill payments and checks from home. They can be stolen from your mailbox and the payee's name erased with solvents. Mail them from the post office or another secure location.

3. Safeguard your Social Security number. Never carry your card with you, or any other card that may have your number, like a health insurance card. And don’t put your number on your checks. It's the primary target for identity thieves because it gives them access to your credit report and bank accounts. (For more on protecting your Social Security number, see "Safeguard your Social Security number.")

4. Don't leave a paper trail. Never leave ATM, credit card or gas station receipts behind.

5. Never let your credit card out of your sight. Worried about credit card skimming? Always keep an eye on your card or, when that's not possible, pay with cash.

6. Know who you're dealing with. Whenever anyone contacts you asking for private identity or financial information, make no response other than to find out who they are, what company they represent and the reason for the call. If you think the request is legitimate, contact the company yourself and confirm what you were told before revealing any of your personal data.

7. Take your name off marketers' hit lists. In addition to the national Do-Not-Call registry (1-888-382-1222), you can also cut down on junk mail and opt out of credit card solicitations.

8. Be more defensive with personal information. Ask salespeople and others if information such as a Social Security or driver’s license number is absolutely necessary. Ask anyone who does require your Social Security number -- for instance, your insurance company -- what their privacy policy is and whether you can arrange for the organization not to share your information with anyone else.

9. Monitor your credit report. Obtain and thoroughly review your credit report (now available for free at Annualcreditreport.com or by calling 877-322-8228) at least once a year to look for suspicious activity. If you spot something, alert your card company or the creditor immediately. You may also want to subscribe to a credit protection service, like Experian's CreditCheck, which alerts you any time a change takes place with your credit report.

10. Review your credit card statements carefully. Make sure you recognize the merchants, locations and purchases listed before paying the bill. If you don't need or use department-store or bank-issued credit cards, consider closing the accounts. For more on when and how to close credit card accounts, see "Cancel a credit card -- the right way."
If something goes wrong

In Summary, protecting yourself from identity theft is no sure thing. But there is plenty you can do if you uncover some wrongdoing:

First, contact the fraud departments of each of the three major credit bureaus. Tell them that you're an identity theft victim. Request that a "fraud alert" be placed in your file, along with a victim's statement asking that creditors call you before opening any new accounts or changing your existing accounts.

Equifax
To report fraud: 1-800-525-6285 and write: P.O. Box 740241, Atlanta, GA 30374-0241

Experian
To report fraud: 1-888-EXPERIAN (397-3742) and write: P.O. Box 9532, Allen, TX 75013

TransUnion
To report fraud: 1-800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634 Contact the creditors for any accounts that have been tampered with or opened fraudulently. Speak with someone in the security or fraud department of each creditor, and follow up with a letter.

File a report with your local police or the police in the community where the identity theft took place. Get a copy of the police report in case the bank, credit-card Company or others need proof of the crime.

Keep records of everything involved in your efforts to clear up fraud, including copies of written correspondence and records of telephone calls.

(USPublicRecords.com) and (BackgroundCheckDirectory.com) and (USPRS.com)

Prosecution Rare in Cases of Identity Theft, Report Says

2008-04-13T13:51:00.002-06:00

Fraudulent tax returns filed as a result of identity theft jumped more than sixfold over the past five years, but the Internal Revenue Service rarely pursues or prosecutes such cases, a Treasury Department watchdog said in a report released Tuesday.

J. Russell George, the Treasury inspector general for tax administration, said the IRS must do more to combat the growing problem of employment-related and tax-fraud identity theft.

The agency has placed only limited emphasis on these issues, George said. "The IRS' policy is that identity theft will only be investigated if it is committed in conjunction with other criminal offenses having a large tax impact."

New IRS Commissioner Douglas Shulman, National Taxpayer Advocate Nina Olson and George were to testify before the Senate Finance Committee on Thursday regarding the identity theft problem.

"The IRS needs to help stop identity theft in the first place, and go after perpetrators with enough vigor to deter future crimes," Senate Finance Committee Chairman Max Baucus, D-Mont., said Wednesday in response to the report. "It's time for the IRS to tackle identity theft head on, as a much higher priority than they do today."

The report cites two main incentives for stealing another person's Social Security number and taxpayer identity: to file a fraudulent tax return to steal a tax refund or to obtain employment.

The report said that between 2002 and 2007 the number of fraudulent tax return complaints the Federal Trade Commission received soared from 3,000 to more than 20,000. In the same period, complaints concerning employment-related identity theft more than doubled, from 15,000 to 35,000.

It said the IRS has tried to stem identity theft through public outreach programs, including creating an identity theft site on its Web page. The agency is warning taxpayers to be vigilant about "phishing" scams in which unscrupulous people claim in e-mails or phone calls to be from the IRS and demand that people reveal Social Security numbers and other confidential financial material.

But the agency rarely recommends identity theft cases for prosecution, the report found. Of 2,720 prosecution recommendations made by the IRS Criminal Investigation Division in fiscal year 2006, 55 involved identity theft.

The inspector general said the agency's preventive strategy does not include pursuing individuals using another person's identity unless their cases directly related to a substantive tax or conspiracy violation.

It also faulted the IRS for not notifying employers and otherwise not doing enough to stop unlawful use of a taxpayer's identity.

The tax agency, in response, agreed with recommendations that it develop a strategy for dealing with the identity theft problem, including coordinating with other agencies such as the Federal Trade Commission and the Social Security Administration.

But the IRS said it is constricted in doing more because it does not have the enforcement resources to address most of the cases and because disclosure rules hinder its ability to share information with employers and other agencies.

Reference: freep.com

(IDTheftDefense.com) and (USPublicRecords.com) and (BackgroundCheckDirectory.com) and (USPRS.com)

8.3 Million Records Spilled in Data Breaches This Year

2008-04-02T20:55:00.002-06:00

At least 8.3 million personal and financial records of consumers were potentially compromised by data spills or breaches at businesses, universities and government agencies in the first quarter of 2008, according to statistics released today.

The San Diego based Identity Theft Resource Center said it tracked public reports of 167 data breaches in the first three months of this year. The center recorded 448 data breaches total in 2007. A detailed breakdown of the incidents in 1Q of 2008 is available here (PDF) and the overall 2007 statistics can be downloaded here (PDF).

Roughly 4.2 million of the breached records were the result of digital intrusions at the Hannaford Bros. supermarket chain disclosed last month.

Overall, businesses were responsible for roughly 36 percent of the data breaches or spills, followed by schools and universities (25 percent), government and military (18 percent), medical/health care (14 percent) and banking and financial (7 percent). More details on the industry breakdown are available here (PDF).

While the center doesn't break its numbers down by data loss type, a review of the data from the first quarter of the year suggests that only about 13 percent of the breaches were the result of an outside hacker gaining unauthorized access to consumer records over the Internet.

According to a tally by Security Fix, 21 hacking incidents in the first three months of this year compromised at least 4,624,005 personal and financial records (again, the Hannaford breach accounts for the majority of those compromised records).

Most of the data spills in 1Q 2008 appear to have resulted from lost or stolen laptops, hard drives or thumb drives. Insider access and the inadvertent posting of sensitive data to a Web site or through e-mail also were cited frequently throughout the report.

A few caveats about the number of breached records are in order. First, in 66 of the 167 data breaches detailed in this report - 40 percent of the cases -- the organizations involved have not disclosed how many records might have been compromised. Nor do the affected organizations which have disclosed that data typically say how many individual consumers were affected.

For example, Okemo Mountain Ski Resort reported late last month that a hacker break-in compromised more than 28,000 credit card transactions, but it's not obvious from that data how many unique cards were affected.

The number of cases in which organizations report or acknowledge a data breach but offer no estimates of the number of victims appears to be increasing (although, I should note here that the ID Theft Resource Center's data is based largely on media reports about the incidents).

In all of 2007, affected organizations didn't say how many records were potentially affected in 138 of the 446 recorded breaches, or in roughly 31 percent of the cases.

Linda Foley, the ID Theft Resource Center's founder, said it's unclear what's behind the increase in data loss reports this year, whether it's a greater number of states with laws mandating data breach disclosures, a larger number of breaches or a combination of the two.

Nationwide, 39 states and the District of Columbia have laws on the books requiring organizations to notify consumers of a data breach that jeopardizes their personal and/or financial data.

"The question of why we are hearing more about data breaches is going to take us a couple of more years to sort out," Foley said. "I think, perhaps in addition to the state [disclosure laws], companies are urged on a bit by the fear of the media taking the story and releasing it rather than the companies themselves getting a chance to the spin the news."

Reference: blog.washingtonpost.com

(USPublicRecords.com) and (IDTheftDefense.com) and (BackgroundCheckDirectory.com)

Seattle Man Gets 51 Months in Jail in ID Theft Case

2008-03-20T21:08:00.003-06:00

Gregory Kopiloff, a Seattle man who pleaded guilty last November to stealing identity information over peer-to-peer (P2P) file-sharing networks has been sentenced to 51 months in prison.

In addition, Seattle District Court Judge James Robart ordered Kopiliff to serve in a three-year supervised-release program at the end of his prison term.

Kopiloff, 35 was arrested by federal authorities in September 2007 and charged with using P2P software such as LimeWire and Soulseek to snoop for and steal banking and credit information belonging to users on file-sharing networks. He was the first person in the U.S. to be indicted on charges of committing identity theft over P2P networks.

According to court documents, between March 2005 and August 2007, Kopiloff surreptitiously gained access to banking, financial and personal data stored on the computers of other users on file-sharing networks.

To get to that data, Kopiloff sometimes searched specifically for federal income tax returns, student financial aid applications and credit reports stored on users' systems. He also used the data to screen potential victims based on their income levels and credit histories in order to identify the most credit-worthy people.

He then used the stolen data to open fraudulent credit accounts or to make fraudulent purchases that he then had shipped to different locations in the Seattle area. The merchandise was later resold -- typically for half its purchase price, court documents said.

At the time of his arrest, Kopiloff had bought between $73,000 and $120,000 worth of merchandise using identity information belonging to at least 83 people.

Kopiloff in November pleaded guilty to mail fraud, accessing a protected computer without authorization to further fraud and aggravated identity theft. He faced a maximum of 20 years in prison and fines of up to $250,000.

Robart's sentence appeared to be in line with the government's call for a 54-month prison term.

In arguing for a prison term, prosecutors described Kopiloff's use of P2P networks as a "particularly pernicious and devious" technique for committing identity theft. "The defendant exploited the recent developments in 'peer to peer' computer file-sharing technology to access the most private financial information imaginable from the personal home computers of scores of victims located throughout the United States," Assistant U.S. Attorney Kathryn Warma said in court documents.

Warma noted that the use of P2P software on home computers, sometimes installed by young people without their parents' consent, can open up all of the data on these systems to criminals. Typically, victims have no clue how their identity information and other confidential data leaked out, she said.

Warma said that Kopiloff's techniques were not "run of the mill" and deserved a "sentence at the high end" of what would be applicable.

Reference: computerworld.com

(IDTheftDefense.com) and (USPublicRecords.com)

One Man's Struggle to Reclaim His Good Name

2008-03-09T18:17:00.002-06:00

Jeff Jones doesn't know where it happened, how it happened or when it happened.

All the Bel Air sales rep knows for sure is that someone swiped his Social Security number more than a year ago and opened Verizon Wireless and online accounts in his name 68 miles down the road in Washington.

Discovering the bad act by chance in January 2007, Jones quickly found out how a real case of identity theft can turn your world upside down.

I use the word "real" because a lot of the estimated 7 million to 10 million cases of so-called identity theft reported each year really involve fraud - unauthorized charges showing up on your credit or debit card and the like. True identity theft occurs when someone uses your SSN, home address, driver's license or other personal data to commit fraud and open a new credit card account, take out loans, rent or buy cars and homes, or even get medical treatment at your expense.

The first you'll discover easily enough when you check your credit card bills or bank account, and federal rules protect you from being held liable in most cases. The other could go unnoticed for a long time - until you're denied credit when you need it most.

One is an irritant. The other, a nightmare.

"It was beyond hard and so frustrating," Jones, 28, said about his 10-month ordeal to take his identity back.

"You basically have to prove who you are to everyone and then prove that those accounts aren't you," he said.

"I was really worried that I was never going to get it resolved. It seemed like nobody was willing to take the time to help me," Jones said.

Jones found out about the two accounts, both in arrears, by accident when his brother was trying to buy a home in California.

"I was more than surprised," Jones said. "For some reason our credit reports got merged and I saw an account with Verizon in my name that was due. I don't have and have never had an account with Verizon. My credit was perfect aside from these glitches."

So began Jones' attempts to clear his good name and financial record.

He immediately sent letters to the three credit-reporting agencies. He filed a police report. He called Verizon to alert them to the unauthorized account.

By providing the telecom's fraud department with verification of his identity using pay stubs and a utility bill, Jones convinced Verizon that the $176 unpaid bill sent to a Washington address was not his.

Then things got hairy.

A check of his credit reports found another ding from a debt collection agency for an $84 bill past due for a Verizon online account.

"In the calls I made to the debt collection agency, they told me I had to fix it through Verizon," Jones said. "In months' worth of calls to Verizon, they'd say, 'We're going to take care of this. It's been verified. We believe you.' And then I'd check with the credit agencies and the accounts were still there."

Bounced among the debt collector, the telecom and the credit-reporting agencies, everyone told Jones they believed him but no one seemed able to help clear him.

By August, Jones said he'd lost track of the hours he spent writing letters that got only rote responses, or calling customer service lines that put him on hold and then hung up on him.

Every time Jones was told the problem would be fixed, he'd get his credit report and see that it wasn't.

Meanwhile, he was feeling the effects of his identity theft.

When he went to buy his fiancee a necklace from Macy's in July, the sales clerk talked him into opening an account to save some money.

"I got denied for a credit card there," Jones said. "That's when I realized that if I were looking for a house or if I needed a loan, I wouldn't be able to get one.

"The mental stress from worrying about it and trying to get it resolved were the biggest things weighing on me.

"Thank God my dad, who is retired, was helping me with the letters and calls because I wouldn't have been able to do this all myself."

But even Jones and his dad, Albert Jones, had a limit. When they could take it no more, they turned to the Maryland attorney general's office.

"The AG's office sent letters to everyone and within 30 days" the Verizon accounts were cleared, Albert Jones said.

"My file on this is two inches think. I don't know how much we spent sending letters to everyone by registered mail. I'm not sure how many times we paid $30 to go online to get his credit report. Trying to fit it in during the day while he was at work. If it weren't for the fact that I'm retired and I was following up on some of it on his behalf, I don't know how most people handle it.

"It just really makes you feel victimized and emotional," he added. "It's so stressful."

You might say Jeff Jones could consider himself lucky. After all, he only had to deal with two accounts. As most law enforcement officers who investigate such economic crimes will tell you, it can get so much worse.

Also, most identity theft experts say it can take one to two years - or longer - for victims to clear their names.

But the ordeal isn't really over for Jones.

One month after he thought everything was resolved, an unauthorized DirecTV account showed up on his credit report. The problem was easily fixed by the credit agencies and the satellite TV company, but Jones now feels perpetually ill at ease.

"I just don't know if that person is going to strike again with my Social Security number," Jeff Jones said. "Will it pop up at the most inconvenient time, like when I go buy a house? Will I get calls from collection agencies down the road? It's always hanging over my head."

Reference: baltimoresun.com

(IDTheftDefense.com) and (USPublicRecords.com)

How to Out-Smart ID Thieves: Research, Vigilance is Key

2008-03-09T18:10:00.002-06:00

The statistics are disturbing — identity theft is increasing at an alarming rate.

In 2007, nearly one-third of all complaints reported to the Federal Trade Commission involved some form of identity theft. Identity theft can ruin your credit, jeopardize your job, or destroy your reputation.

You're especially vulnerable during tax season, when your mailbox and computer are a treasure trove of personal data. You can become an ID theft victim due to the careless handling of your personal information by companies with which you do business. A few years ago, the credit card information of tens of millions of people was compromised by a major U.S. retailer.

Responding to consumers' fears, growing numbers of products and services are being developed to help protect individuals and businesses from various forms of ID theft. You may have seen or read the advertisement in which the owner of the business announces his Social Security number to emphasize confidence in his company's ability to protect against a stolen identity.

His company is one of several that perform a number of typical services. They periodically order fraud alerts with the major credit bureaus, which tell potential creditors to take prudent action to verify your identity before issuing credit, they regularly obtain credit reports for you, send requests to remove your name from mailing lists for pre-approved credit cards, and assist customers who have had their wallets lost or stolen.

More recent ID fraud prevention and detection services survey the Internet, searching chat rooms and other Web sites for evidence of stolen credit card trafficking, offers to sell lists of Social Security numbers and other types of ID fraud. Some of these companies even guarantee to reimburse you if your identity is stolen while you are a subscriber to their services.

You can purchase a subscription to a credit monitoring service, which periodically reviews your credit reports and notifies subscribers when they detect potentially suspicious activity. The major advantage of purchasing these services is that the good ones have systems in place to save you the time and trouble of doing the work yourself.

But determining which service to use is an exercise itself. I found a Web site that purports to compare a number of such services, but I discounted its objectivity after reading the fine print that disclosed a compensation arrangement with the services listed on the site.

Check with your homeowners' insurance agent to see if your carrier offers an ID theft rider, but read both the coverage and exclusions sections carefully before deciding whether it's worth the cost.

If you're willing to do the work and you're diligent with follow-through, you should be able to handle most of the protective tasks yourself. For example, if you want to stop receiving unsolicited credit card offers, you can opt out for five years or permanently by calling toll-free 1-888-5-OPTOUT (1-888-567-8688) or visiting www.optoutprescreen.com.

The Federal Trade Commission is a valuable source of information about ID theft and the tools available to combat the problem. Go to www.ftc.gov/idtheft.

Another excellent and impartial source of information and victim assistance is the nonprofit Identity Theft Resource Center® (www.idtheftcenter.org). The sites of the major credit bureaus also contain helpful guidance: www.experian.com, www.equifax.com and www.tuc.com.

You can also go to www.annualcreditreport.com (not to be confused with another site with a similar name that is heavily advertised on TV).

Unfortunately, the problem of identity theft isn't going to go away any time soon. The creativity of the criminals is likely to accelerate, even as the tools to combat it become more sophisticated.

Whether you tackle this challenge yourself or obtains the assistance of commercial services, maintain your vigilance.

Reference: seacoastonline.com

(IDTheftDefense.com) and (USPublicRecords.com)

Identity Theft is Top Consumer Complaint in 2007'

2008-03-04T23:12:00.001-07:00

Identity theft was the No. 1 consumer complaint nationwide and in New York State last year for the seventh year in a row, according to a report to be released Tuesday by the Federal Trade Commission.

New Yorkers filed 19,319 identity-theft complaints last year, accounting for 32 percent of consumer complaints. The bulk of the cases involved phone, utilities and credit-card fraud.

New York had the sixth-highest identity-theft rate among the 50 states, with 100 complaints for every 100,000 residents.

Nationwide, Americans filed nearly 814,000 complaints of consumer fraud and identity theft, according to a report compiled from the FTC's Consumer Sentinel database of complaints collected from the FTC and more than 125 other organizations, including the FBI. Losses from consumer fraud exceeded $1.2 billion, the report said.

Tom Cohn, director of the FTC's Northeast region, noted that President George W. Bush launched a task force in 2006 to coordinate efforts among various government agencies to combat identity theft.

After identity theft, the top complaints nationally and in the state are shop-at-home and catalog sales, Internet services and foreign-money offers.

The majority the cases of the fraud originated online -- 49 percent via e-mail and 15 percent through Web sites.

Increasingly, thieves are luring consumers to send money via wire transfer, a transaction that consumers can't reverse and is difficult to trace. Twenty-eight percent of consumer fraud complaints involved wire transfers as the payment method, up from 23 percent in 2006. Many times the money is sent abroad, said Johannes Ullrich, chief technology officer at the SANS Institute, a computer security educational organization in Bethesda, Md.

"What that reflects is the increase of these professional scams," he said. "You don't really have kids with their home computer doing it in their spare time."

The Better Business Bureau of Metropolitan New York released the industries that received the top complaints on Long Island.

Financial services topped the list, mainly because of debt collection, said Claire Rosenzweig, president and chief executive of the bureau. Second was mail-order services, mainly consumers complaining about problems with magazine subscriptions, she said. No. 3 with complaints was the home improvement industry, involving credit, billing and workmanship, she said.

STATEWIDE FRAUD COMPLAINTS

Top consumer fraud complaints

ID theft 19,319

Home shopping/catalog sales 3,785

Internet services 2,332

Foreign money offers 1,720

Computer equipment, software 1,676

Internet auctions 1,659

More than 70% of fraud complaints involve ID theft

Top types of ID theft

Phone, utilities fraud 5,404

Credit card fraud 4,934

Government documents, benefits fraud 2,096

Bank fraud 1,942

Employment-related fraud 1,371

Loans fraud 901

54% of ID theft involves phone and credit card fraud

NOTE: Some victims report experiencing more than one type of theft.

SOURCE: FEDERAL TRADE COMMISSION CONSUMER FRAUD AND IDENTITY THEFT COMPLAINT DATA.

Reference: newsday.com

(IDTheftDefense.com) and (USPublicRecords.com)

Police Shine Light on Identity Theft

2008-03-02T13:10:00.002-07:00

EDMONTON - Acknowledging they don't have the resources or manpower to tackle the explosion of identity theft, police today called on individuals and businesses to take more responsibility to protect themselves.

"We're not putting nearly enough people into identity theft and fraud-related crime and that's because of some of the other priorities we're struggling to deal with," acknowledged Edmonton police Chief Mike Boyd, saying the department has a backlog of cases.

"What we want to do is prevent the problem rather than to have to investigate it, by educating the public."

Teaching them, for instance, that identity theft actually fuels other seemingly unrelated crimes - Boyd said credit card receipts discarded in dumpsters or stolen from cars can be sold by drug addicts for between $25 and $50 each.

Boyd was speaking during the launch of Alberta's third-annual Fraud Prevention Awareness Month at RCMP K Division headquarters, where police, government and business officials gathered against a backdrop of paper shredders and computer hard drives to illustrate the growing crime of identity theft, and ways it can be prevented.

In 2006, Canadians reported more than $16 million in losses as a result of identity theft.

Much of that could have been prevented using some simple precautions, beyond even shredding personal documents and regularly reviewing bank accounts and financial statements.

"Start by thinning out your wallet," advised Information and Privacy Commissioner Frank Work.

"Don't carry social insurance cards or birth certificates; those are valuable documents to an identity thief that can help them establish an identity and steal yours."

Here are some other tips:

- Write down all your card numbers so institutions can be advised quickly in case your wallet is lost or stolen.

- The tinier the pieces, the better the paper shredder. Ones that shred documents into strips aren't as good; diligent identity thieves can piece the strips together.

- Make sure whatever shredder you buy also has a feature to shred CDs and DVDs.

- Consider reusing your hard drive as extra storage if you buy a new computer; software can be deleted but data from the hard drive can still be retrieved. If you don't want to reuse the drive, remove it and destroy it, either by using a drill press to punch holes in it or by taking it to a machine shop.

- Don't leave any personal information lying around at home, in your vehicle or at work.

- If you don't have a shredder, CDs and DVDs can be rendered useless by placing them label up and using scissors to scrape off the surface aluminum.

- If you think you've been the victim of a scam, or want to report one, call PhoneBusters toll free at 888-495-8501.

Reference: canada.com

(IDTheftDefense.com) and (BackgroundCheckDirectory.com)

Medical Identity Theft Turns Patients Into Victims

2008-03-02T13:02:00.001-07:00

If identity thieves were to disregard your financial accounts and instead target your medical information, your first thought might well be, "Take my medical identity. Please."

What nut would want your high cholesterol, trick knee, and family history of Alzheimer's?

The answer is simple: one without health insurance who needs surgery or prescription drugs, or someone who sees a medical ID as the open sesame that will allow him or her to collect millions in false medical claims.

These thieves don't actually want your medical ailments, of course, but by pretending to be you they can get what they're really after. Untangling the mess is hard: Unlike financial identity theft, there's no straightforward process for challenging false medical claims or correcting inaccurate medical records. For victims, the result can be thousands in unpaid charges, damaged credit, and bogus, possibly dangerous details cluttering up their medical records for years to come.

Medical identity theft currently accounts for just 3 percent of identity theft crimes, or 249,000 of the estimated 8.3 million people who had their identities lifted in 2005, according to the Federal Trade Commission. But as the push toward electronic medical records gains momentum, privacy experts worry those numbers may grow substantially.

They're concerned that as doctors and hospitals switch from paper records to EMRs, as they're called, it may become easier for people to gain unauthorized access to sensitive patient information on a large scale. In addition, Microsoft, Revolution Health, and, just this week, Google have announced they're developing services that will allow consumers to store their health information online. Consumers may not even know their records have been compromised. In January, a new law took effect in California that requires providers to let consumers know if their medical information has been "breached." But only a handful of other states spell out notification requirements regarding unauthorized release of patient medical data.

In contrast, most states have so-called breach laws that address accidental disclosures of financial information; these may also apply to medical data in certain instances. This month, Democratic Reps. Ed Markey of Massachusetts and Rahm Emanuel of Illinois, with support from several privacy groups and Microsoft, introduced a bill that would strengthen safeguards protecting access to consumers' medical information and make it a federal requirement to notify patients if their healthcare data get exposed.

Brandon Reagin didn't realize someone had snatched his medical identity until his mother called to tell him he was the lead suspect in a car theft in South Carolina in 2005. The 22-year-old marine had lost his wallet more than a year earlier while celebrating with friends after completing boot camp at Parris Island, near Beaufort, S.C. After his training, he was posted to California.

But in South Carolina, Reagin lived on, as an impostor used his military ID and driver's license to not only test-drive new cars and then steal them but also visit hospitals on several occasions to treat kidney stones and an injured hand, running up nearly $20,000 in medical charges. Reagin found out about the unpaid hospital bills when he asked for a credit report following the car theft. "It was horrible," he says. "And what made it worse is that no one really knew what to do when it first started happening."

Reagin got nowhere with local police, but with the help of a state senator, he finally connected with the U.S. attorney's office in South Carolina. Staff there notified the Secret Service, and Reagin's doppelgänger, a 30-something guy named Arthur Watts from a tiny Midlands town called Blythewood, was eventually arrested. Watts pleaded guilty last September to identity theft and is awaiting sentencing.

But for Reagin, now serving in Iraq, the case isn't closed. Because of the outstanding hospital bills, the state intercepted his $362 tax refund, money he has yet to see. And although the hospitals no longer dun him for the unpaid balances, he's still trying to clean up his credit. (In addition to racking up medical bills, Watts opened cellphone and other accounts in Reagin's name and stole another car.)

There's another potential problem: The hospitals Watts used may have medical records in Reagin's name for treatment he never received. If he visits his family in South Carolina and needs medical attention, those records could complicate his treatment, even cause harm. And if those medical records someday become electronically linked to one big nationwide health information network, as envisioned by the Bush administration, some privacy experts worry it may be impossible to find and correct the errors once they percolate through the vast interconnected system.

Others argue that the technology could actually make tracking errors easier. The reality is unclear.

Victims of financial identity theft have a much clearer path to recovery than those whose medical identities are stolen. If someone swipes your wallet and goes on a spending spree, you can ask any of the three major credit bureaus for a free credit report, place a fraud alert on your account, and get inaccurate charges expunged. With medical identity theft, it's not that simple.

In the first place, your records are most likely scattered among many different providers, and there's no medical records clearinghouse that keeps them. Under HIPAA, the federal law that addresses medical privacy, you're entitled to a copy of these documents, though you may have to pay for it. If there's an error, you can add a correction to the record, but you can't have information deleted.

And if an impostor gets healthcare services in your name, you may really be stuck. Healthcare providers may actually refuse to let you see your own record because once it's intermingled with someone else's, that person's privacy must be protected.

Even seemingly obvious errors can be hard to clear up in this fragmented system. Wayne Ivey, who formerly led an identity theft task force at the Florida Department of Law Enforcement, remembers getting a call from an extremely agitated Illinois woman a few years ago. A hospital in Miami, she said, was calling her repeatedly and demanding that she pay a $2,000 bill for giving birth. She told the callers she'd never been to that hospital—and was 72 years old. It still took weeks of phone calls to various agencies to resolve the problem.

Insider fraud. Until recently, experts believed most medical identity thieves were solo operators who pretended to be someone else because they needed medical care. Now a different picture is emerging, one of employees inside the healthcare system stealing patients' information to make false insurance claims. "It's trending above the 90th percentile that insiders are doing the identity theft," says Pam Dixon, executive director of the World Privacy Forum, who authored a 2006 report on medical identity theft that was perhaps the first in-depth examination of this crime.

An insider was behind the theft of more than 1,100 Medicare beneficiaries' medical identities at the Cleveland Clinic in Weston, Fla., a few years ago. A front desk clerk named Isis Machado downloaded their names, addresses, and Social Security and Medicare numbers and sold the data to her cousin, who then made more than $2.8 million in false Medicare claims. Machado was caught because a coworker told her supervisor she was acting suspiciously. "

There's no way to prevent insiders from becoming crooks," says Robert Gellman, a privacy and information policy consultant in Washington, D.C. With sometimes hundreds of employees legitimately needing access to patient records, even robust computer monitoring and auditing systems may not pick up a problem.

Healthcare providers can be victims, too. A dying man confessed to his doctor that he'd posed as a cousin to fraudulently receive more than $85,000 in medical services at the University of Connecticut Health Center in Farmington.

The hospital got stuck with the bill when the patient died. It now requires a picture ID at every visit and pastes a photograph to the inside of each patient's medical chart, says Marie Whalen, assistant vice president for ambulatory services. But that's not going to protect the facility from the kind of insider crime that experts now believe is more common.

Ultimately, no matter how sophisticated the technology or diligent the healthcare provider, patients themselves may be the best first line of defense against medical identity theft. "

Most of the time, these problems are consumer reported," says Byron Hollis, managing director of the national antifraud department for the Blue Cross Blue Shield Association, which coordinates antifraud activities for the 39 independent BCBS companies nationwide. "They know what procedures they did or didn't receive."

Reference: health.usnews.com

(IDTheftDefense.com) and (USPublicRecords.com)

Identity Theft is Top Consumer Complaint

2008-02-14T18:35:00.003-07:00

Identity theft was the No. 1 fraud complaint in a government-maintained database that keeps track of consumer gripes, according to a Federal Trade Commission report this week.

In 2007, the database received more than 800,000 complaints, with 32% of those about identity theft and the rest, or 68%, pointing to various other types of fraud, according to FTC.

Overall, consumers reported fraud losses of more than $1.2 billion, with a median monetary loss per person of $349, according to the FTC report.

"This is the information that consumers have reported. It's not every complaint that exists," said John Krebs, an attorney in the FTC's consumer protection bureau. Information about complaints is self-reported and unverified. The database, called "consumer sentinel," collects information about fraud and identity theft from the FTC and other organizations.

Twenty-three percent of identity-theft complaints pointed to credit-card fraud, 18% cited phone or utilities fraud, 14% claimed employment fraud, and 13% cited bank fraud.
No identity theft 'silver bullet'

There's no "silver bullet" to prevent identity theft, said Susan Grant, consumer protection director with Consumer Federation of America.

"One of the problems with identity theft is that in many cases consumers aren't sure how it happened, which makes preventing it from happening difficult," she said.

Sometimes consumers don't realize their information has been improperly used until they apply for credit and it turns out that their good credit has turned bad, Grant said.

"A lot of times people discover identity theft long after it actually happened, and they have no idea who has their information or how they got the information," she said.

According to the Identity Theft Resource Center, about one-third of survey respondents spent four to six months dealing with their situation.

"Even after the thief stops using the information, victims struggle with the impact of identity theft," according to ITRC. "That might include increased insurance or credit-card fees, inability to find a job, higher interest rates and battling collection agencies and issuers who refuse to clear records despite substantiating evidence of the crime. This 'tail' may continue for more than 10 years after the crime was first discovered." Visit the ITRC site.

Report details
Fraud-related complaints totaled 68% of 2007's database. Fraud related to shop-at-home/catalog sales was the leading complaint category, with 8% of overall complaints.

Internet services accounted for 5% of complaints, followed by foreign money offers with 4% and prizes/sweepstakes and lotteries with 4%. Some other fraud complaint categories were computer equipment and software, Internet auctions and health care.

Among fraud complaints for which consumers reported the method of payment, 33% cited credit cards, 28% reported wire transfer, and 17% reported bank account debit. Checks, cash/cash advance, money order and telephone bill were also cited.

Internet solicitations were cited the most frequently among fraud complaints for which a company's method of initial contact was reported. Just under half of these complaints said email was the contact method, while another 15% cited other Internet contact methods. For the rest, 14% cited mail, 11% cited phone and 11% cited other methods.
Recover from identity theft

For identity-theft victims, the FTC recommends taking these steps:
Place a fraud alert on credit reports and review credit reports. Contact any of the three consumer reporting companies to place the fraud alert.

Close accounts believed or known to have been tampered with. Follow up in writing, and include copies, rather than originals, of documents.

File a complaint with the FTC, which can refer complaints to other agencies and companies for further action, and investigate companies for violations.

File a report with local police or law enforcement in the area where the identity theft took place.

Reference: marketwatch.com

(IDTheftDefense.com) and (USPublicRecords.com)

Startup Plans to Solve Online Identity Theft, But Does Anyone Care?

2008-02-08T14:31:00.000-07:00

Imagine you could prove you were 21 without revealing your date of birth -- or anything else about you, for that matter. Or qualify for a loan without disclosing your net worth. Or enjoy the benefits of e-commerce, e-health and e-government without a moment's fear that you are open to identity theft.

Sound impossible? It is. But it won’t be if cryptographer and entrepreneur Stefan Brands has his way.

Brands runs Credentica, a Montreal-based startup that is rolling out an encryption-and-authentication system called U-Prove that allows users to disclose the absolute minimum to complete digital transactions -- and to do so in a way that ensures the information they need to reveal has no shelf life whatsoever.

"By protecting privacy, you can actually enhance security," Brands says. "My goal is to get the best of both worlds."

Maintaining digital privacy and security has never been more important.

As more and more people trust their personal information to electronic databases, security and privacy are plummeting.

More than 79 million personal electronic records containing data like credit card and Social Security numbers were compromised in the United States last year -- almost four times the number reported in 2006, according to the San Diego-based Identity Theft Resource Center.

And more than 162 million such records were compromised globally, more than three times 2006 levels, according to Attrition.org.

Here’s the problem: Every time you use a credit card, somebody you didn’t actually give it to could be squirreling the numbers away.

"If you walk through a shopping center, you don’t have your personal information pinned to your shirt in a way that anyone you deal with can just walk up and read it," says Kim Cameron, Microsoft's chief architect of identity and author of the Identity Weblog.

"You control the information you release."

Over time, the problem compounds: Buy something here, provide an address there, use your driver’s license number somewhere else. "In the digital world, information leaks, and super-profiles can be assembled, just through continued use of the internet," Cameron says.

U-Prove promises security by revealing as little as possible and rendering what is disclosed useless for anything but the transaction at hand.

The technique employs secure multi-party computation, a branch of cryptography that can calculate meaningful answers about secret information by knowing only some nonrevealing clues about that secret.

The underlying theory was demonstrated in 1982 by Andrew Yao in the so-called Millionaire's Problem: Alice and Bob want to find out who has more money without disclosing the amount of their fortunes to each other, or even to a mutually trusted third party.

By applying special functions to their information that disguised it, Yao proved that each could know who was richer without either revealing their true holdings.

U-Prove employs an ID token, a special kind of digital certificate that allows for minimal selective disclosure. The tokens can store all kinds of information, but users can disclose only the minimum amount of data required in any given transaction.

They leave no unwanted data trails and permit both anonymity and pseudonymity.

The tokens are also loaded with cryptographic protections that make them resistant to phishing, forgery and all manner of online security woes. They cannot be traced back to their issuers. Separate tokens used by the same person cannot be linked together.

As a result, neither the people who create the tokens nor those who accept them can track and correlate their use. And users need never reveal more than they would like.

Credentica VP of engineering Greg Thompson says that's not the case with certificates generated by public key infrastructure, the cryptographic system that has long been the most common means of authenticating identities and encrypting messages online.

In conventional public key cryptography, Thompson says, "the math itself gives you linking and tracing, whether you want it or not."

The U-Prove approach has been tried before, without commercial success. Most companies tried to sell privacy software to consumers, which was the wrong approach.

So Brands is flipping it around by developing a software developers kit that would appeal to businesses and government agencies that want to prevent costly and damaging data breaches on behalf of their customers.

In addition, Brands hopes that by providing a somewhat stripped-down version of his technology under a noncommercial license he can encourage developers to explore its potential applications -– just like RSA Data Security did in the 1980s when it offered free, noncommercial use of its public-key cryptosystem and went on to dominate the online security market.

"They were a small company," Brands says. "Now everybody knows who RSA is."

Credentica is in licensing talks with several large original equipment manufacturers, and Brands hopes to announce one or more deals shortly.

It can still be a tough sell. Most technical personnel continue to think of attacks from outsiders -- not abuse or collusion by insiders -- as the primary threat to personal data. And for nontechnical personnel, the theory underlying ID tokens can be daunting. Both Brands and Thompson tend to refer to the math behind U-Prove as "magic" rather than going too deep into the details.

In the meantime, U-Prove is generating some street cred.

"I think that U-Prove adds a really interesting dimension to the discussion around identity, by allowing people to make claims which are authenticated, but not associated with a person," says Adam Shostack, a former cypherpunk who worked with Brands at Zero Knowledge Systems and now works at Microsoft.

"I remember when I saw my first driver's license scanner at a bar in Boston," Shostack says. "I didn't want the bar capturing everything on my license so they could prove due diligence in not letting minors drink.

U-Prove lets me prove my age, without providing anything else about me."

Reference: wired.com

(USPublicRecords.com) and (IDTheftDefense.com)

TechCrunch Endorses Obama, McCain

2008-01-30T20:01:00.000-07:00

Blog Gets '08 Contenders to Come Clean on Net Neutrality, ID Theft

After nearly a monthlong online voting process, popular tech blog TechCrunch has endorsed Sens. Barack Obama and John McCain as its picks for the Democratic and Republican presidential candidates.

"The blog's editors, readership and affiliates have concluded that in an era of great partisanship Sens. Obama and McCain best reflect the policies, core values and global vision to advocate for technology-based businesses, both large and small, should either candidate be elected president of the United States," the blog's founder and co-editor Michael Arrington said in a statement.

In December, TechCrunch, which is read by more than 400,000 people monthly according to Nielsen/NetRatings, allowed readers to vote on its site for a Republican and a Democratic presidential candidate based on the candidate's stance on issues such as net neutrality and ID theft.

The TechCrunch primary poll captured 15,734 votes. Obama received 61 percent of the votes, while former Sen. John Edwards received 26 percent.

Sen. Hillary Clinton received 6 percent. Although Rep. Ron Paul, R-Texas, received 74 percent of votes, TechCrunch endorsed McCain, who received 16 percent of the votes.

"What really surprised me is how much my readers wanted to see this information.

Candidates are seeing that it's not only important to jump on Facebook and YouTube & but it's also important to outline their policies on some of these issues," Arrington told ABCNEWS.com in December.

"We're not talking about issues that have a huge moral impact, but they're issues that are really hard to understand."

At primaries.techcrunch.com, readers could vote for a candidate and read more information on his or her positions on issues including technology education, immigration and H1B visas, the wireless spectrum, intellectual property and renewable energy, among others.

The idea for reader-endorsed candidates began after users responded strongly to the site's podcasts with candidates this fall, Arrington said. In the segments, candidates discussed openly, for the most part, according to Arrington their stance on various tech issues.

"The idea just sort of evolved. We reached out to really all of the candidates to do podcasts with them," Arrington said. "It became pretty clear a lot of these issues were pretty important to our readers."

The site featured interviews with several current and past candidates including former Massachusetts Republican Gov. Mitt Romney, Sens. McCain, R-Ariz., Mike Gravel, D-Alaska, and Obama, D-Ill., as well as Edwards of North Carolina.

Arrington said he was surprised that the candidates granted the site such broad access.

"To some extent we've forced the candidates to think hard about these issues when they otherwise might not have," he said. "They went to a lot of trouble to make sure they had a real position on net neutrality."

Arrington attributed that access both to candidates' heightened awareness of social networking tools and online video as well as to the site's apolitical stance.

"We just talk about technology," he said.

Candidates with libertarian leanings, like Gravel and Paul were undeniably Silicon Valley favorites. Paul has an extraordinarily active fan base on the Web, which he demonstrated during a record-breaking fundraising period of about $6 million in 24 hours.

Gravel, however, only received 7 percent of the votes in the TechCrunch poll.

Despite the blog's strong readership, endorsements rarely have a huge impact on elections, according to Rick Klein, ABC News' senior political reporter.

"Media endorsements are rarely game-changers few viewers or readers blindly follow their favorite media outlets or commentators," Klein said. "But they can be key in reinforcing certain themes candidates talk about, and in providing stamps of approval that candidates can tout on the trail."

Even so, for media outlets with a smaller, more niche audience like TechCrunch the endorsement may have more impact than a publication with a larger, but more disparate, audience.

"The more specialized the audience, generally, the more the sway an endorsement has," Klein said. "Dedicated viewers or users, who have gone out of their way to find a particular blog or commentator, are probably more likely to follow the lead of that outlet."

Reference: abcnews.go.com

(IDTheftDefense.com) and (USPublicRecords.com)

Credit Card Data on 650,000 Customers Lost

2008-01-20T11:43:00.000-07:00

The missing tape affects 230 retailers, whose customers may be vulnerable to data fraud.

A backup tape containing credit-card information from hundreds of U.S. retailers is missing, forcing the company responsible for the data to warn customers that they may become the targets of data fraud.

GE Money, which manages in-store credit-card programs for the majority of U.S. retailers, first realized that the tape was missing from an Iron Mountain secure storage facility in October, said Richard Jones, a company spokesman.

"We were informed that one of the tapes could not be located. But at the same time there was no record of it ever having been checked out," he said.

The tape contained in-store credit-card information on 650,000 retail customers, including those of J.C. Penney, he said. GE Money employees are also affected by the breach.

The missing backup tape was unencrypted.

Although J.C. Penney was the only company that Jones would confirm as affected by the missing tape, that retailer accounts for just a small percentage of all accounts that were compromised. In total, 230 retailers are affected by the breach.

"Clearly that number includes many of the national retail organizations," he said.

The tape also contained Social Security numbers of 150,000 customers. When matched with name and address information, Social Security numbers can be used to set up fraudulent credit-card accounts, a common form of identity theft.

Jones said that following a GE Money investigation, there is no evidence that the tape in question has been stolen or that the data it contained was misused.

After reconstructing the data that was on the missing tape, GE Money began sending out letters to those affected by the breach in December. The company has set up a toll-free number and is offering one year of free credit monitoring services to those affected by the breach.

In 2006, retailer TJ Maxx discovered that thieves had broken into its computer networks, stealing an estimated 94 million credit- and debit-card numbers. Costs related to that breach are expected to be in the hundreds of millions of dollars.

GE Money is a division of General Electric.

Reference: pcworld.com

(IDTheftDefense.com) and (USPublicRecords.com)

Data of 600,000 Lost in UK Laptop Theft

2008-01-20T11:37:00.000-07:00

The personal details of up to 600,000 people were lost when a Royal Navy officer's laptop was stolen in the latest embarrassment to hit British Prime Minister Gordon Brown.

The Defense Ministry said the laptop, containing personal information about people who had joined the Navy, Marines and Air Force and from people keen to join, was stolen from the officer in the central English city of Birmingham.

The timing could not be worse for Brown, currently on a trade visit to China and India.

He is seeking to put behind him several government blunders that have seen his popularity plummet in opinion polls.

In November, details on 25 million child benefit claimants were lost by the Revenue and Customs department and a week later information on three million learner drivers went missing.

Last month, it also was revealed that medical records had disappeared at some health trusts.

In the latest case, entries on the stolen computer included family and passport details which could be used by fraudsters bent on identity theft.

Police said the theft was being "thoroughly and professionally investigated" by their officers in conjunction with the Ministry of Defence.

The theft took place on January 9 but was not revealed until nine days later because of the possible impact that might have on the investigation, the Ministry of Defence said.

Media reports of the security gaffe prompted them to change their mind.

In a statement, it said: "The stolen laptop contained personal information relating to some 600,000 people who have either expressed an interest in, or have joined, the Royal Navy, Royal Marines and the Royal Air Force.

The information held is not the same for every individual. In some cases, for casual inquiries, the record is no more than a name."

But it did concede that "for those who progressed as far as submitting an application to join the Forces, extensive personal data may be held, including passport details, National Insurance numbers, drivers' licence details, family details, doctors' addresses and National Health Service numbers."

Revealing such a wide array of information could have devastating consequences for anyone trying to defend themselves from identify theft.

Banks holding personal accounts that could have been affected by the security breach have been "flagged for scrutiny against unauthorised access."

Reference: reuters.com

(IDTheftDefense.com) and (USPublicRecords.com)

Victims Urged to Use Credit Monitoring and Take Other Measures

2008-01-16T12:35:00.000-07:00

The 260,000 Wisconsin residents stung by accidental release of their Social Security numbers should sign up for the free credit monitoring being offered to shield them from fraud — but it shouldn't be their only protection.

Monitoring of borrowing and other credit activity done in their name won't protect them against all forms of identity theft, experts said.

"Credit monitoring is not the 100 percent solution to this," said Joseph Campana, a privacy consultant in Madison.

A state contractor, EDS of Plano, Texas, has offered one year of credit monitoring and identity theft insurance to those at risk of identity theft because the company mailed out their Social Security numbers on the outsides of newsletters.

In January 2007, the state Department of Revenue and a contractor offered free credit monitoring to 170,000 taxpayers when the contractor disclosed their Social Security numbers on a different mailing. EDS said consumers will receive letters about the offer in the coming days.

At-risk consumers often don't understand the need for credit monitoring and in the Revenue Department case, only 28,477 people, or 17 percent of those affected, took advantage of it.

Revenue Department officials have said that there have been no verified cases of identity theft from that mailing, though Campana and other fraud experts pointed out that it can take a year or more for victims to realize they've been scammed.

Campana said he's spoken with people affected by that Revenue Department case and said in some cases the taxpayers simply threw away the letter offering them the free credit monitoring.

Some of them thought they wouldn't be at risk because they kept track of their own credit cards and didn't realize that, by using their names, Social Security numbers and some other personal information, a criminal could take out a new credit card in their names, he said.

Credit monitoring allows consumers to learn if someone is seeking to borrow money or get a new credit card in their name as well as other changes made to their credit report. Identity theft insurance typically pays for the costs of restoring ruined credit, including lost wages and phone bills.

Fraud alert

Stephen Gilson of Madison said he's already asked his bank and credit card companies to be on the alert for fraudulent activity, and he's hoping to enroll in the free credit monitoring soon.

"I've covered as many bases as I can," said Gilson, a Senior Care participant who said his Social Security number was printed on a mailing label on the outside of the newsletter.

Ann Davidson, a risk manager who advises credit unions on identity theft for Madison insurer CUNA Mutual Group, said Medicaid recipients affected in the recent case should also consider contacting credit rating agencies to put a fraud alert on their account.

That puts lenders on notice the consumer is at risk of identity theft so they can verify the consumer's identity before issuing credit.

Mike Koll of Sun Prairie, a retired fraud investigator for the Social Security Administration who now trains police about identity theft, agreed that a fraud alert is a good idea for consumers who fear their Social Security number might have been compromised.

But he also had some good news for consumers upset over the mistake — the larger the breach of personal information such as Social Security numbers, the less likely any one consumer is to be a victim of identity theft because of it.

"When I do (classes for the public) I tell them I don't want you to slit your wrists over this," Koll said.

Be watchful

One of those affected by the EDS mailing, Sylvia Tiller, 78, of the town of Aiken in Richland County, said she's now worried about identity theft and eager to take advantage of the credit monitoring.

"I'm very careful," Tiller said. "I don't even open up charge accounts in these stores when they give you these big deals because I'm afraid of fraud. I rarely give out my Social Security number and here it is in bold print."

Campana cautioned that credit monitoring is only designed to catch criminals trying to borrow money or take out credit cards in someone else's name.

There are other forms of identity fraud, such as assuming someone's identity to gain a job or to get medical insurance, he said.

Reference: madison.com

(IDTheftDefense.com) and (USPublicRecords.com)

Identity Theft Gets Personal: When a Debit Card Number Is Stolen, America's New Crime Wave Hits Home

2008-01-14T10:35:00.000-07:00

It had been a pleasant Saturday afternoon until I got the dreadful cell phone call. The woman on the other end said she was from Bank of America. I immediately thought she was going to offer me another credit card. I told her I was busy.

Wait, she said. Are you at a Pacers Running Store in Arlington trying to buy $812.18 worth of merchandise?

No, I said.

Someone claiming to be you is there doing just that, she told me. My heart raced. The rent was due soon -- this was not a good time for money to disappear.

Suddenly I was a personal-finance writer whose finances were a mess thanks to an identity thief.

I took solace in the fact that millions of other people have had the same sinking feeling. In fact, 8.3 million, or nearly 4 percent, of American adults were victims of identity theft in 2005, according to the latest figures from the Federal Trade Commission, which enforces identity theft laws. Of those victims, 1.8 million had accounts opened or other types of fraud committed with stolen information. The rest had their credit cards or other financial accounts hijacked.

It is one of the nation's fastest growing crimes, so pervasive that President Bush has established a task force to combat it. That group issued recommendations last year, including reducing the unnecessary use of Social Security numbers by federal agencies and creating a National Identity Theft Law Enforcement Center to help local agencies coordinate investigations.

Federal lawmakers also have taken notice, introducing legislation to protect Social Security numbers.

"Unfortunately, the way things are set up today, there is way too much information available in way too many places," said Adam Levin, chairman of Identity Theft 911 and a former director of New Jersey's Division of Consumer Affairs.

Theft Trail Leads to Debit Card
While there is much the federal government can do, and much the private sector should do, I realized that there was also much that I could do to better protect myself. I set out to figure out how this happened and how I could keep it from happening again.

In my case, it was a debit card that was compromised. In my unsuccessful quest to keep myself debt-free, I avoid using credit cards whenever possible. So I end up using my debit card for purchases big and small. That way, I have reasoned, I am spending money I actually have.

When I want to indulge in a new purse or treat a friend to dinner or buy a latte, I whip out the debit card. Apparently, that's not the wisest thing to do if you want to protect your bank account.

I also learned that if someone fraudulently uses your credit card, you are reimbursed for nearly all the money lost. That may not be so with a debit card, especially if you do not notice it right away. According to the Electronic Fund Transfer Act, your liability is capped at $50 if you notify your bank in the first two business days. After that, you could lose up to $500. If you wait 60 days, you could lose it all. "You are more protected with credit cards than debit cards," said Levin, whose San Francisco Company specializes in identity-theft prevention and consumer education.

Luckily, Bank of America seemed willing to work with me. During that initial, alarming phone call, the employee put me on hold while she talked to the Pacers Running Store merchant. The store clerk had grown suspicious when a woman showed up to pick up a phone order and could not produce the debit card. The clerk called my bank.

While waiting on the line, I looked in my wallet -- and there it was: my debit card, supposedly safe and sound. I then went onto Bank of America's Web site to check my account. There was an $812.18 charge pending. The bank employee clicked back to me. She said the transaction had already gone through even though the suspected thief ran out of the store without taking the merchandise. Don't worry, she said. I would get my money back in a few days.

I started to relax. Then the bank employee told me something else that put me back in a panic. The impostor had an awful lot of information about me, she said: my full name, address, phone number, even the security code on the back of my debit card. Could it be someone I know? she asked. An ex-boyfriend?

Great, I thought, it's bad enough that some of my exes did what they did to become my exes. Now they might be robbing me too?

She asked me if I wanted my debit card canceled and reissued with a new number. I did.

File a Complaint, Request a Fraud Alert
She then instructed me what to do next. I learned that because the thief had so much of my information, she might be able to open other accounts in my name. First step: File a complaint with the FTC and call one of the three credit bureaus -- Equifax, Experian and TransUnion -- to request a fraud alert.

I thanked the bank employee and proceeded to figure out how to clean up this disaster. I got online and looked at the balance in another bank account I had. Well, at least, I could cover the rent.

But I couldn't shake that uneasy feeling. Brian Lapidus, chief operating officer of Kroll Fraud Solutions of Nashville, summed it up well. "That's a pretty scary feeling if someone was in your space. What's more personal [than] your identity?"

I filed the FTC complaint, which I would need to present to the police; the FTC Web site informed me. I then sought the fraud alert. This measure would require creditors to take extra steps to verify my identity, such as calling me or asking to meet me in person, in case my impostor tried to open credit cards in my name.

To place a fraud alert, you only have to contact one of the three credit bureaus. In turn, the agency you contact will contact the other two. I called Equifax. The automated system asked me to key in the numeric portion of my address, my phone number and other identifying information.

Then I had to decide whether I wanted the alert to stay on for 90 days or for seven years; both options were free. Ninety days didn't seem a long time to me and seven years seemed too long. Steven R. Katz, a spokesman for TransUnion, said few people request seven-year alerts because that can be a hassle. "You put it on four years ago when you thought you had a problem and four years later you have absolutely no problems and you're at a car dealership trying to buy a car, and you've forgotten about it," he said.

David Rubinger, a spokesman for Equifax, said I could keep extending the 90-day alert.

There was another option: a security freeze, which all three credit bureaus started offering recently. With a freeze, creditors cannot access your credit reports or scores unless you ask that the freeze be lifted. A security freeze is free if you have a police report proving that you are a victim. If you are not a victim, fees vary by state for the cost to freeze and thaw your report. Unlike the alert, you have to contact each credit bureau to request a freeze.

Considering that I feared even committing to a seven-year alert, I decided against a freeze. Instead, I chose the 90-day alert.

Safeguard Credit: Monitor Reports
One simple way to protect your credit reports is to monitor them regularly; even if you have not been a victim of fraud, said the experts I consulted. Credit bureaus and other private companies have monitoring services that range in price, but you can also do it on your own. Ordinarily, we are all entitled to one free copy of our credit report from each bureau once a year. (Experts say you should ask for your report from each bureau at different points in the year, not all at once, so you can get a snapshot of your credit history snapshots over time.) As a fraud victim, you are entitled to one more free copy once you request an alert. I assumed that the report would be automatically sent to me. Not so. I had to call back each credit bureau to specifically ask for a report. Why the extra step?

"Some people already have their copies by the time they put the alert on," said Maxine Sweet, vice president of public education for Experian. Plus, she said, some people simply don't want their report.

I was not one of those people even though, as one expert pointed out, any misuse of my debit card would not show up on my credit report.

Once I got that out of the way, I decided to play detective. The bank said my impostor had given the store a phone number.

I enlisted a friend to call the number. A woman picked up. "Do you know a Nancy Trejos?" my friend asked. The woman said no.

Is this your phone? He asked. "My son just bought this cell phone. He's 11 years old."

Did anyone come home with several pairs of new sneakers recently?

"I don't even know what you're talking about," she said.

We gave up after a few more questions.

How to Minimize Risks
The next day, a Wednesday, I visited the police. The FTC Web site warns that some police stations are not willing to take identity theft reports. But at the Arlington police station, I met Officer Garnell Stewart, who was eager to hear my story. It all started, I told him, with the Bank of America phone call.

Stop right there, he said. Did the woman ask for any information, such as the personal identification number for my debit card? Did she ask for a Social Security number?

I remembered her asking for the first three digits of my Social Security number but not my PIN.

He asked: How did I know she was really calling from the bank? The next time, he said, ask the person if you can call him or her back and call the phone number on the back of your card. "You just never know," he said.

I felt so dumb -- but it turned out I was lucky. The woman really was calling from Bank of America.

Stewart gave me other tips. Don't carry too many credit cards, debit cards or other information with personal information in my wallet. Don't use the debit card so much. If you need to use a debit card, have one with a small amount of money in the account to minimize how much of cash can be stolen. Use a marker to write a note on the back of your card asking that the merchant request an identification card. And think about asking your bank for a new card number every couple of years.

But after talking to a few other experts, I realized that there is only so much you really can do.

"There are lots of ways that consumers can minimize their risks but I would hesitate to say that someone can completely immunize themselves from identity theft," said Betsy Broder, assistant director in the FTC's Division of Privacy and Identity Protection. "That's because you're not the only one who has your data."

10% of Victims Lose at Least $1,200
Back at the police station, Stewart said a detective might follow up with me -- or not.

I was on my way to moving on when, a few weeks later, I got a surprising phone call from a Fairfax County detective.

She said she had found someone in possession of my debit-card number while conducting another investigation. As far as I know, it was not one of my ex-boyfriends.

She asked me to think back to all the places I had used my card. Safeway maybe? As a single, working woman, I don't cook. The last time I had been to a supermarket, frankly, was to buy bags of ice for a party. A doctor's office? I e-mailed her my bank statement so she could see where I have used my card.

Late last month, I received a call from another detective. The police might be close to charging at least one person in my case, he said. Both detectives asked me not to write much more about the investigation because it was ongoing.

In the end, I realized how lucky I was -- I didn't lose money. According to the FTC, 10 percent of victims lose $1,200 or more. I received my credit reports by mail and so far, they contain nothing suspicious, though I will keep monitoring them. And the person or people who stole my information might actually get charged with a crime. How often does that happen, I asked some experts.

"People don't get caught," said Broder. "There are 8 million cases and we know there are not 8 million prosecutions in a given year."

Reference: washingtonpost.com

(IDTheftDefense.com) and (USPublicRecords.com)

Some Worry About Kindergartner ID Theft as Company Gets Social Security Numbers, Other Data

2008-01-14T09:06:00.000-07:00

Permission Not Needed to Hand Over Social Security Info; TEA says It's Safe

Texas school districts are handing over Social Security numbers, dates of birth and other sensitive information about the state's kindergarten students to a private software company without permission from the children's parents.

A privacy expert says thousands of 5- and 6-year-olds are vulnerable to identity theft as a result.

"I would hope that any company that had the financial future of every single kindergartner in Texas would be put through the mill as far as security," said David Holtzman, a former security analyst who wrote the book Privacy Lost.

"This is more valuable than a million dollars in gold coins in the bank."

OZ Systems, an Arlington software company, has received at least $2.3 million in state money to create databases of preschool and kindergarten student records.

The new database for kindergarten test scores also includes sections for children's names, Social Security numbers, dates of birth, gender, school identification numbers and parents' names and addresses, educators say.

OZ Systems was hired by a University of Texas research group that describes itself as the early childhood arm of the Texas Education Agency, which regulates public schools.

"It's quite amazing the security that OZ has in place for this information," said Susan Landry, director of the UT group, known as the State Center for Early Childhood Development. "You are overemphasizing the Social Security number."

More than 350,000 children attend public school kindergarten in Texas.

Dr. Landry's group uses their scores on the Texas Primary Reading Index and its Spanish equivalent, the Tejas LEE, as part of a new "school ready" ratings system that gauges the quality of preschools in Texas.

The UT-developed ratings system hopes to judge public and private preschool classrooms by how children fare on reading and behavior tests that they take as kindergartners the following school year.

A new state law requires school districts to report the kindergarten reading scores to UT. But it doesn't require the behavior test or the reporting of a child's personal information

Tracking from preschool

TEA officials said Social Security numbers help UT researchers track children from preschool, when they're too young to have a state-assigned school identification number.

"We have a great deal of experience in keeping that information secure," said Gina Day, deputy associate commissioner at TEA.

Dr. Landry said elementary school teachers are not required to enter student Social Security numbers into the OZ database. But some school officials dispute that.

"It won't let you do anything until you put the Social Security number in," said Mark Lukert, principal of Lakeside Elementary School in Coppell.

Social Security numbers and dates of birth are key ingredients for cooking up a fake identity, said Mr. Holtzman, the privacy expert.

"Just think about when you have to identify yourself to a credit card company," he said. "These are the questions they ask."

In recent years, government agencies have moved away from using Social Security numbers to identify people and now use random numbers instead.

Pearson Educational Measurement officials, who develop or administer standardized tests in Texas and 22 other states, say they use ID numbers to link students to their test data.

"I don't think in the testing side of it that we ever encounter Social Security numbers," said David Hakensen, vice president of public relations.

Last month, TEA told elementary school principals in a letter that they have until Feb. 22 to enter the student records in the OZ database. Some educators said they didn't question the database security because they believed the information goes to TEA and not a private vendor.

"As adults you don't even put your Social Security card in your wallet," said Mr. Lukert, an officer with the Texas Elementary Principals and Supervisors Association. "And yet here we are required to give that information out. It doesn't make sense."

TEA officials said OZ Systems' contract requires the company to comply with the Family Educational Rights and Privacy Act, a federal law that protects student educational records.

OZ Systems executives compare their security levels to that of a bank. Steve Montgomery, the company's vice president of operations, said software hasn't fallen prey to hackers in OZ Systems' 22-year history.

'Nothing to worry about'

The company also has a proven track record in Texas and worldwide, Mr. Montgomery said.

Parents "have nothing to worry about," he said. "If you think about the state maintaining the information, your best and brightest in technology don't work for state departments. They're in the private sector."

Laura Jordan isn't convinced. The Richardson mother of three doesn't like putting her own Social Security number on secure Web sites, let alone her children's.

"I don't feel comfortable with my son's Social Security number being out there," said Mrs. Jordan, whose son is a kindergartner at Yale Elementary School. "Certainly, I would like to be asked for permission."

Mari McGowan, a McKinney attorney who represents Dallas-area school districts, said releasing student Social Security numbers to OZ probably doesn't break federal privacy laws that require parents' consent.

One exemption to the federal student privacy law appears to allow schools to send private student information to organizations working on behalf of state education agencies.

Kyle Ward, a Texas Parent Teacher Association spokesman, says he trusts UT and TEA officials to safeguard children's identities as closely as they safeguard them in the classroom.

"We have no reason to believe there is a problem," Mr. Ward said.

But problems have cropped up in the past.

Personal data for millions of U.S. veterans fell into the hands of thieves who stole a laptop computer from a Department of Veterans Affairs computer analyst in 2006.

"People have a hard time getting worked up because they don't see the cause and effect," Mr. Holtzman said. "You've got to stop it when they're collecting it because by the time they've lost it, it's too late."

Reference: dallasnews.com

(IDTheftDefense.com) and (USPublicRecords.com)

Report: TSA Site Exposed Travelers to ID Theft

2008-01-14T08:55:00.000-07:00

A House of Representatives panel yesterday released a damning report about a Transportation Security Administration Web site built to address grievances from travelers errantly flagged by the government's no-fly list.

It concluded that cronyism and a lack of oversight exposed thousands of site visitors to identity theft.

The House Committee on Oversight and Government Reform began its investigation into security lapses at the TSA's Traveler Redress Web site last year, after Security Fix and other media outlets pointed out that the site accepted Social Security numbers and other sensitive information from travelers without encrypting the data, potentially allowing hackers to intercept the data.

Wired.com noted in its coverage that the site was so laden in spelling errors that it resembled a phishing Web site, the sort typically set up by scammers to lure people into giving away personal and financial data.

The report, which liberally cites content and reader comments from Security Fix and Wired.com, found that the TSA awarded the contract without competition to Boston, VA based Desyne Web Services, and that the guy in charge of awarding the contract had previously worked at Desyne and was good friends with the owner.

To date, Desyne has been awarded more than half a million taxpayer dollars worth of no-bid contracts by the TSA, according to the report.

The site's security weaknesses remained undetected by the TSA for more than four months, despite congressional testimony from TSA Administrator Kip Hawley that the agency had assured "the privacy of users and the security of the system" before its launch, the report notes.

"Thousands of individuals used the insecure website, including at least 247 travelers who submitted large amounts of personal information through an insecure webpage."

Chris "Boarding Pass Hacker" Soghoian, the researcher and now cnet.com blogger who first discovered the TSA site screw-up, said half a million bucks is a lot of change for a few Web site forms.

"It's strange that with $500,000 in TSA's money, they couldn't afford a real SSL cert," Soghoian said.

This type of security oversight is unfortunately not as uncommon as you might think.

On Wednesday, a reader tipped me off that the new member registration page for The Computing Technology Administration (COMPTIA) -- which requests credit card numbers in addition to other sensitive data -- was accepting new memberships and their credit card numbers without encrypting the data with Secure Sockets Layer (SSL) technology on the site.

The security glitch was fixed within a few hours after I notified COMPTIA, but a COMPTIA spokesperson claimed that the organization had made no relevant changes to the site since my e-mail was sent.

Reference: blog.washingtonpost.com

(IDTheftDefense.com) and (USPublicRecords.com)

ID Theft Suspect Pleads Guilty

2008-01-13T09:01:00.000-07:00

A Columbia man's computer fraud scheme allegedly involved more than 600 victims worldwide.

A Colombian man has pleaded guilty to a 16-county indictment involving an identity theft scheme in which he installed key logging software on hotel business center computers and Internet lounges in order to steal passwords, account data and other personal information, the U.S. Department of Justice announced.

The computer fraud scheme had more than 600 victims worldwide, including U.S. Department of Defense employees, the DOJ said.

Mario Simbaqueba Bonilla, 40, used money obtained in the scheme to buy expensive electronic devices, including a home theater system, and to fund luxury travel to Hong Kong, France, Jamaica, the U.S. and other locations, according to a DOJ news release and the indictment in U.S. District Court for the Southern District of Florida.

Simbaqueba Bonilla, sometimes working with a co-conspirator, used a series of complex computer intrusions to steal money from payroll, bank and other accounts, the DOJ said. Much of the identity theft activity targeted U.S. residents, including employees of the Department of Defense.

Simbaqueba Bonilla used the data he intercepted from his victims, who were typically guests at hotels throughout the U.S., to steal or divert money from their accounts into other accounts he had created in the names of other people he had victimized in the same way, the DOJ said.

Through a complex series of electronic transactions designed to cover his trail, Simbaqueba Bonilla would transfer the stolen money to credit, cash or debit cards and have the cards mailed to himself and others at Pak Mail and other commercial mailing addresses.

Federal agents arrested Simbaqueba Bonilla when he flew into the U.S. in August.

Simbaqueba Bonilla was flying on an airline ticket purchased with stolen funds, and had in his possession a laptop also purchased with stolen funds, the DOJ said.

That laptop contained the names, passwords and other personal and financial information of more than 600 people.

R. Alexander Acosta, U.S. Attorney for the Southern District of Florida, warned travelers to think twice before entering personal information on a public computer.

"Unfortunately, this is not an isolated case," Acosta said in a statement. "The Internet is an outstanding tool, but it is vulnerable. Criminals like Bonilla use the Internet to steal our banking and personal data, and then our money."

The DOJ was assisted in the investigation by the Department of Defense, the Defense Criminal Investigative Service and the U.S. Postal Inspection Service.

Reference: pcworld.com

(IDTheftDefense.com) and (USPublicRecords.com)

Use Credit Monitoring Services to Detect Identity Thefts

2008-01-07T22:57:00.000-07:00

Modern technological innovations have given us the convenience to purchase everything from the comfort of our homes.

With the help of the Internet and credit cards we can buy our desired products and services from anywhere in the world without physically visiting the showroom or even making the cash payment.

However, along with adding comforts to our shopping and many other benefits online transactions though credit cards might also bring troubles that are enough to take away your peaceful sleep!

One of the most prevalent problems that credit cards users often face is identity theft, which is a new mode to duping without the knowledge of the victim.

Identity theft means stealing personal information of a person and impersonating him or her for making frauds. Phishing and hacking are some of the common means used for identity thefts involving credit cards.

Your credit card number or social security number can be misappropriated by unauthorized persons and misused to cheat banks by fraudulently getting loans, making online purchases, or taking money from the ATM and it is obvious that you will be held responsible for all the transactions being made from your account.

IDTheftDefense.com provides you with A to Z information on identity thefts, the ways of detecting and preventing identity theft, credit reports and a lot more.

Credit monitoring or credit “file” monitoring is an easy, efficient and affordable way to identify theft detection.

You can even prevent identity theft by detecting mistakes in your credit report and correct them using credit monitoring services.

Credit report, also known as credit history in many countries, provides detailed records of how much a person or company has borrowed and repaid in the past including information on late payments and bankruptcy.

A credit score represents your creditworthiness based on the information collected from your credit report.

You can successfully monitor your credit report by using efficient credit monitoring services:

First of all, you can check credit report and make relevant inquiries into your credit line.
By reviewing your credit report you can easily identify if any new account has been activated using your identity.

Address changes on credit information and collection activities in your name can be easily detected from credit reports or credit histories.

Your credit report will reflect delinquencies or any negative change made to your account as well as information on closed accounts.

Though credit monitoring is an important step towards ID theft defense, it cannot be used to prevent them. Awareness is the key to check identity thefts. As an informed individual you can easily detect identity thefts or take appropriate steps regarding any mistake in your credit report.

Thus, you can lessen the amount of financial or credit rating damage which results from the false or negative activity on the report. Credit monitoring will keep you informed and definitely lower your risks in case of frauds resulting from identity thefts.

You should go for the credit monitoring scheme that suits your needs.

Opting for monthly status reports through email is a viable option.

IDTheftDefense.com recommends the 3-in-1 credit report which includes the three credit bureaus – Equifax, Experian, and TransUnion, as you may not come to know about all the credit problems if your monitoring plan covers only one credit bureau.

If you want to protect yourself and your family members from identity theft, then it is essential for you to educate yourself about it by getting all information from the IDTheftDefense.com site.

Reference: IDTD

(USPublicRecords.com)

Ways to Shield Yourself From Identity Theft

2008-01-06T11:39:00.000-07:00

Arizona is No. 1. Hold your applause.

For the fourth consecutive year, our state is tops in the nation for identity theft, according to a recent report from the Better Business Bureau.

The Federal Trade Commission's Identity Theft Data Clearinghouse reports that Arizonans filed 9,113 identity-theft complaints in 2006, the most recent year for which data were available. A little more than 1,500 of those complaints came from Tucsonans. Sierra Vista and Douglas residents accounted for another 229.

While most people think of credit cards and other forms of financial fraud, identity theft — specifically, misuse of another person's Social Security number and personal identifying information — is also used to commit employment fraud, fraudulent reporting to police and medical fraud.

It's enough to keep some people paralyzed with worry, and the crime has spawned an entire industry dedicated to identity protection and recovery.

But take a deep breath — your identity might already be safer than the identity-protection marketers would have you believe.

According to 2006 Census Bureau statistics, Arizona had about 2.95 million people old enough to be in the labor force. That means less than 1 percent of the labor force — three-tenths of 1 percent, in fact — reported having their identities stolen that year.

However, for the small percentage of people whose identities are stolen each year, life can be a twisted nightmare to get back on track.

don't become a victim of

STEPS TO AVOID ID THEFT

Protect your Social Security Number. Don't write it on a check or use it as your driver's license number or health-insurance policy number. Don't carry your Social Security card in your wallet. When people ask for the number, find out why they need it, how it will be used, how it will be protected and what will happen if you don't give the number.

Treat your trash and mail carefully. Identity thieves have been known to pick through garbage and steal mail from mailboxes. Shred financial papers that have personal identifying information.

Send outgoing mail through a post office collection box instead of an unsecured mailbox. Opt out of pre-screened credit offers that come in the mail by calling 1-888-5-OPT-OUT (1-888-567-8688). Be advised: You will be asked for your Social Security number so the consumer reporting companies can match you with your file.

Don't respond to unknown solicitations by phone or e-mail. Verify a source before sharing information. Don't give out personal information unless you initiated the contact and you're sure you know whom you're dealing with.

Be on guard when using the Internet. Update firewalls and anti-virus software on your computer.

Pick intricate passwords. Put passwords on your credit, bank and phone accounts, and avoid passwords that might be easily guessed, such as your birthdate, mother's maiden name, the last four digits of your Social Security number, a series of consecutive numbers, etc.

Consider placing a credit freeze or fraud alert. Credit freezes are meant as a preventive measure, while fraud alerts are for people who think their Social Security numbers already have been compromised. For more information, see the related box.

Sources: Federal Trade Commission and Arizona attorney general

REPORTING ID THEFT

The Federal Trade Commission's identity theft site, including instructions and complaint forms, can be accessed through www.consumer.gov. Or call the FTC's identity theft hot line toll-free at 1-877-ID-THEFT (1-877-438-4338).

The Arizona attorney general's site has an entire section dedicated to avoiding identity theft and what to do if you're a victim, including a downloadable Identity Theft Repair Kit: www.azag.gov. For more information, call 1-800-352-8431.

ID THEFT PROTECTION

If you search online for identity theft protection, you'll discover there are dozens of companies that offer various kinds of service. In fact, some homeowners insurance policies even offer it.
Experts including the Identity Theft Resource Center advise consumers to compare services carefully, keeping in mind that you may be able to take many of the steps yourself at little or no cost.

Here's a snapshot of a few ID-theft protection services:
Tempe-based LifeLock:
• $10 per month.
• Sets and renews fraud alerts.
• Removes your name from mailing lists for junk mail and pre-approved credit offers.
• Offers up to $1 million to repair any fraud damage done to your identity while covered by the company.
• Go online to www.lifelock.com or call 1-877-LIFELOCK (543-3562).
Pre-Paid Legal Services Inc.'s Identity Theft Shield:
• $9.95 per month per couple in conjunction with a legal service plan, or $12.95 per month on its own, with a one-time $10 enrollment fee. The Gold plan is $3 more per month.
• A risk-management firm monitors your Experian credit report — or all three credit reports under the Gold plan — and sends monthly updates by e-mail or regular mail to inform you of any activity. It notifies you immediately if fraud is detected.
• The firm will investigate and work on your behalf with banks and creditors after you sign a limited power of attorney to restore your identity if it is compromised.
• Go online to www.prepaidlegal.com, find a local Pre-Paid Legal independent associate in the telephone book or check with your chamber of commerce.
Intelius Inc.'s IDWatch:
• Three billing options, each prepaid in one installment: Three months for $9.95 per month, a year for $7.95 per month, or three years for $4.95 per month.
• Builds an "identity profile" that includes a current credit report, address history, aliases and background information to help determine if you are at risk for identity theft. Sends alerts about suspicious activity within your identity and monitors your identity profile daily, scouring the black market for the use, trade or sale of your identity-related information.
• Includes a $25,000 insurance policy for recovery-related expenses in case someone uses your identity.
• Go online to www.intelius.com or call 1-425-974-6100.
ALERTS AND REPORTS
• Call the toll-free number of any of the three credit-reporting companies to place a fraud alert on your credit report and order a free copy of your credit report. When you receive your credit report, review it carefully.
• To place an initial fraud alert, contact Equifax at 1-800-525-6285, www.equifax.com; Experian at 1-888-397-3742, www.experian.com; and TransUnion at 1-800-680-7289, www.transunion.com.
• To take advantage of your right to one free copy per year of your credit report from each of the three consumer reporting companies, call 1-877-322-8228 or order online at www.annualcreditreport.com.

CREDIT FREEZE VS. FRAUD ALERT

When you place a credit freeze, potential creditors will not be able to access your credit report unless you temporarily lift the freeze. This makes it difficult for an identity thief to open a new financial account in your name.

In Arizona, all consumers are eligible to place a credit freeze. There is no cost for identity-theft victims, and there is a $10 fee for anyone else to place, temporarily lift or completely remove the credit freeze.

A fraud alert is a tool for people who have had or suspect they've had their identity stolen. With a fraud alert in place, businesses may still check your credit report.

With an initial fraud alert, which is good for 90 days, when someone tries to take out credit in your name, you are contacted and must give verification that it's you, or else the credit is denied.

Reference: azstarnet.com

(IDTheftDefense.com) and (USPublicRecords.com)

ID Theft Defense Necessary in Today’s World

2008-01-03T19:30:00.000-07:00

In the course of one day many people write checks at the grocery store, charge tickets to ball games, rent cars and call home on cell phones.

Chances are they don't give these everyday transactions a second thought. But someone else may be looking over their shoulder.

Identity theft is one of the fastest growing crimes in America.

An identity thief takes some piece of personal information: bank account number, social security number, address or phone number, and uses it without that person's knowledge to commit fraud or theft.

An all-too-common example is when a thief uses personal information to open a credit card account in someone else's name.

While identity theft cannot be prevented entirely, there are simple steps that will minimize the risk. By managing personal information wisely and being educated on the issue, a person can protect themselves by following a few simple rules.

Before revealing personally identifying information, people should find out how it will be used and whether it will be shared with others. They should ask if there is a choice about the use of personal information. For example, can this information be kept confidential?

People need to pay attention to billing cycles and follow up with creditors if bills don't arrive on time. A missing credit card bill could mean an identity thief has taken over a credit card account and changed the billing address to cover his tracks.

Passwords should be placed on credit cards, bank and phone accounts. Using easily available information like a parent's last name, birth date, the last four digits of Social Security or phone numbers or a series of consecutive numbers should be avoided.

People need to avoid giving out personal information on the phone, through the mail or over the Internet unless the contact was personally initiated or that contact is personally known. Social Security numbers should be kept in a secure place and should be given out only when absolutely necessary.

Those who think they may be a victim of identity theft should take action immediately. In addition to canceling stolen checks and credit cards, victims need to file a police report and dispute any accounts opened under the stolen identity.

Just as Vandneberg members have been trained to prevent security breaches here, they shouldn't forget to safeguard personal information. Be cautious and keep personal information in a safe place.

Reference: vandenberg.af.mil

(IDTheftDefense.com) and (USPublicRecords.com)

2008 Simplify Your LIfe Checklist

2008-01-02T19:20:00.000-07:00

Were you one of the 10 million Americans who were a victim of identity theft last year? If not, you are really lucky, because the personal loss figure is estimated at a minimum of $5 billion dollars.

Plus, California comes in at number two (after New York) among the highest risk states. Contra Costa County and the Los Angeles metropolis are the two highest risk areas inside California according to Analytics, Inc.

It turns out that personal identity theft costs more than previously reported. Secret Service case reviews find that the median actual loss for individual victims is $31,356.00.

U.S. businesses and financial institutions lost at least 50 billion dollars last year to fraud and identity theft last year alone.

How Vulnerable Are You?

You can take a quick test at the Identity Theft Resource Center that let's you know your Identity Quotient, or just how badly you are at risk for ID Theft. Now that is motivation! http://www.idtheftcenter.org/artman2/publish/c_theft_test/index.shtml

Identity Restoration

You may have seen a recent TV advertisement about a brand new kind of insurance coverage for, "Identity Restoration".

The most ironic aspect of this new profitable product for insurance companies is that the insurance industry is notable for the early and frequent selling of individual's information on a scale too large for mere mortals like me to comprehend.

41 Pounds

The typical adult in the U.S. gets 41 pounds of junk mail annually. Stop junk mail to reduce your risk profile for ID theft and save precious time.

Plus, help keep the planet green by reducing the resources it takes to produce junk mail. By signing up at 41pounds.org, you are part of the solution to keeping millions of trees in the forest cooling our planet. Junk mail produces more C02 than 2.8 million cars!

You have to stop it!

You can stop the companies and Federal and State agencies that generate your productivity problems from profiting off of you and your business.

I guarantee if you and your employees take advantage of the following "2008 Simplify Your Life Checklist" that you will not only be more productive, you will enjoy an improved quality of life as well.

Make 2008 the year you free yourself and your enterprise from wasted time and privacy piracy!

The 2008 Simplify Your Life Checklist:

Get Rid of Junk Mail:

To opt out of several mailing lists at once, contact the Direct Marketing Association's Mail Preference Service at PO Box 643, Carmel NY 10512 or fill out their online form: http://www.dmaconsumers.org/consumerassistance.html

41 Pounds

For severe infestation contact http://www.41pounds.org/ and sign up for 5 years of protection for just $41.00. They donate more than 1/3 of your fee to environmental or community organizations of your choice.

Do Not Call Listing:

Register your phones at https://www.donotcall.gov or by calling (888) 382-1222.

Social Security:

Review your Earnings and Benefits Statement carefully for errors once a year. Order a free copy by calling (800) 772-1213. You will also spot if someone else is using your SS number: a favorite step by undocumented foreign nationals.

Credit Ratings and Credit Fraud:

Reduce the number of pre-approved credit offers you get by requesting these bureaus remove your name from their lists: Experian (800)353-0809 Equifax(800)219-1251 TransUnion (800)241-2858.

Every quarter carefully check your free credit report from one of the three credit bureaus by contacting the only authorized source at www.annualcreditreport.com OR by calling (877) 322-8228.

Opt Out of Prescreened Credit Offers:

Go to www.optoutprescreen.com or call (888) 567-8688) to protect yourself, elderly family members , college-aged kids and employees from solicitations of creditors. This improves your credit rating, too!

Government Agencies: Birth, Marriage, Home Purchase, & Death

Public records of all our major life events are sold to advertisers. Call the largest dealer, Acxiom, at their Consumer Advocate Hotline (877) 774-2094. OR go to www.acxiom.com and hit the "Contact Us" link to request an opt-out form.

Terminate Unwanted Catalogs:

Contact Abacus at optout@abacus-direct.com or write Abacus, PO Box 1478, Broomfield CO 80093. Supply your address and the full names of everyone in your household or at your company address.

Prevent Your Internet Browsing Data from being shared:

Register at www.networkadvertising.org to opt out of advertisers selling your browsing "cookies".

I hope you never have to use these resources. But, just in case!

Reporting ID Theft or Credit Fraud:

Equifax (800) 525-6285

Experian (formerly TRW) (800) 301-7195

Trans Union (800) 680-7289

Social Security Administration fraud line (800) 269-0271

Federal Trade Commission ID Theft Hotline (877) 438-4338

Report Id Theft to your local police department and

keep copies of the report for creditors, etc.

The FTC now has an ID Theft website which provides guidelines for victims of identity theft: http://www.consumer.gov/idtheft/recovering_idt.html

If you would like more painless productivity resources check out the free ezine at: http://www.ABrainNewWaytoWork.com

Reference: americanchronicle.com

(IDTheftDefense.com) and (USPublicRecords.com)

Report: Identity Theft Worse in 2008

2008-01-02T19:05:00.000-07:00

In its latest report on data breaches and identity theft, the Identity Theft Resource Center (ITRC) offered several disturbing predictions for 2008.

For example, the ITRC predicts identity theft will continue to grow more international in scope and that identity-theft scams will become more sophisticated and will be harder to detect.

According to the latest data from the Identity Theft Resource Center (ITRC), the number of publicly reported data breaches in the U.S. rose by more than 40 percent in 2007.

The ITRC cited 443 publicly reported breaches in 2007 as of December 24. That compares to 315 publicized breaches in 2006.

In all, 127 million data records were exposed during 2007, compared to nearly 20 million in 2006. In 2005, the ITRC reported 158 publicly disclosed breaches exposing about 65 million records.

Identity theft continues to thrive despite efforts by governmental agencies, businesses, consumer advocates, and law enforcement. Identity thieves keep finding innovative new ways to steal, and are becoming more sophisticated and skilled at their craft.

On the positive side, there has been improved communication among businesses, consumers, and law enforcement as to the causes and possible solutions to reduce identity theft.

Predictions for 2008

"Identity theft is like the never-ending story," ITRC Founder Linda Foley said in a statement. "It acts like an oil spill that spreads in yet another direction with the ocean currents and wind despite best efforts to contain it."

One need look only at news reports to see that identity thieves are getting younger and younger. Recently, two people in their early 20s were arrested.

The duo was in possession of sophisticated forgery equipment, which, according to the ITRC, is a strong indicator that identity theft is becoming a lucrative career path.

The ITRC offered several disturbing predictions for 2008. For example, the ITRC predicts identity theft will continue to grow more international in scope.

Scams will become more sophisticated and will be harder to detect, as thieves become more industrious and skilled at designing viruses and ways to trick people into divulging personal information.

The group also is predicting an increase in the number of data breaches due to poor information-handling policies.

In addition, the ITRC predicts contradictory studies that do not agree on facts such as the overall cost of identity theft. These conflicting reports, the ITRC maintains, will lead to confusion and misguided legislation.

Looking on the Bright Side

On the positive side, the ITRC believes businesses will develop and implement better ways to authenticate the identity of applicants.

What's more, the group said, there will be a higher recognition of identity theft as a crime by law enforcement, which will lead to more reports written to assist victims in taking advantage of state and federal victim-recovery rights.

"The Identity Theft Resource Center, when making some negative predictions for 2008, truly hopes that we will be wrong," remarked ITRC Executive Director Jay Foley.

"We will work collaboratively with others toward making the positive predictions come true," Foley added. "The ITRC will be watching closely as the year 2008 unfolds."

Reference: sci-tech-today.com

(IDTheftDefense.com) and (USPublicRecords.com)

Minors are Often Targets of Identity Theft, If Unmonitored

2008-01-02T18:54:00.000-07:00

Zach Friesen became the poster child for ID theft when at 17 he applied for a job and a school loan and discovered he was in debt for a $40,000 houseboat. Someone had stolen his identity when he was only 7.

Now 21 and a political science student at the University of Colorado, Friesen also works for Qwest Communications' Incredible Internet Program spreading the "Beware child ID theft" gospel to teens, parents, legislators and others who need to know.

When someone steals your identity, you don't walk around in a daze like an amnesic John or Jane Doe.

Instead, crooks take your personal information - Social Security number, driver's license, address and other identifying information - and use it to open accounts, make purchases or siphon money from accounts.

Catching the culprit and cleaning up corrupted credit could take years. Meanwhile, the mess can stand in the way of obtaining credit, insurance, a job or a home.

Friesen says, in the latest spin on ID theft, children have become easy targets for a host of reasons.

Few people assume a child has a credit record, perhaps rightfully so. Most kids don't have a record unless someone gets a hold of their Social Security number or other information and goes shopping with the clean slate of a perfect credit record.

Because of the assumption, however, a kid's credit record is rarely checked, and it becomes easy to get away with the crime for long periods of time before discovery.

Kids are also exposed during popular social networking activities on the Internet. In their naiveté, younger people are too often willing to give out information that can be used for fraud.

Advocacy group, the Identity Theft Resource Center, says half the cases of ID theft involve relatives pilfering identities because of their easy access to children's personal information.

According to the Federal Trade Commission, some 400,000 kids 18 or younger have their IDs stolen each year.

Fortunately, children have the same protections adults should use to protect their identity.

It starts with free annual access to a child's credit reports, available from the big three credit reporting agencies Equifax, Experian and TransUnion - the federally sanctioned Annual Credit Report.

You get one report free from each agency every year. Getting one free from a different company every four months is a good idea to spread over time your credit report monitoring.

The Social Security number assigned at birth could be enough to trigger the creation of a credit report, say some consumer experts.

Most children won't get a credit report, until, say, a parent's credit card account is used to issue a card in the child's name, a child co-signs for a auto or other loan, or perhaps if an older teen manages to secure a gas, retail or other merchant card. Youth employment, a rental application or other activities that warrant a credit check could also generate an initial credit report.

If a child spends a lot of time online in chat rooms, social networking sites or other information-gathering and sharing sites, parents checking for a credit report isn't a bad idea, if only to determine a credit report doesn't exist or that there is no suspicious activity.

Another tool is a no- or low-cost credit freeze that blocks requests for credit - a particularly useful tool for kids who typically don't need credit until they are young adults.

In California, you must contact each individual credit agency to apply a freeze on each report. It's free if you are already an ID-theft victim. Otherwise pay $10 to invoke, temporarily remove or permanently remove the freeze.

Also, for kids who become ID theft victims and generate a police report, parents can, for free, call any one of the three credit bureaus and have a fraud alert placed on the credit report to help prevent future infractions while sorting out the mess.

Reference: mercurynews.com

(IDTheftDefense.com) and (USPublicRecords.com)

Online Records May Aid ID Theft: Government Sites Post Personal Data

2008-01-02T18:39:00.000-07:00

Colin L. Powell's Social Security number is out there. So is Troy Aikman's. Want more?

The "social" of Maryland Attorney General Douglas F. Gansler (D) is xxx-xx-xx34.

In an era when government officials from President Bush to local sheriffs warn of the growing dangers of identity theft, the full Social Security numbers of untold numbers of Americans can be found in file rooms and on Web sites run by, well, governments.

"This is very dangerous," Gansler said after learning that his number had been posted on a Maryland government records site. "You know, a Social Security number is really the fingerprint to somebody's identification."

The Federal Trade Commission has estimated that 8.3 million Americans were victims of identity theft in 2005, the most recent data available. But the crown jewel in identity theft -- the Social Security number -- can be mined easily in the government's own records, creating a measure of social insecurity for millions, identity experts say.

Social Security numbers are readily available in many courthouses -- in land records and criminal and civil case files -- as well as on many government Web sites that serve up public documents with a few clicks of a mouse. From state to state, and even within states, there is little uniformity in how access to the private information in these records is controlled.

A recent spot-check found the nine-digit numbers -- introduced in 1936 to track employee earnings and benefits -- on hundreds of land deeds, death certificates, traffic tickets, creditors' filings and other documents related to civil and criminal court cases.

Federal courts have banned the numbers from appearing on public documents since 2001. And in recent years, many jurisdictions, including Virginia, Maryland and the District, have enacted laws or made rules barring various types of personal information from being filed with courts or government agencies. Most court Web sites in the Washington region list partial Social Security numbers or none at all.

However, millions of paper records were filed across the United States before the laws and rules took effect. Generally, such records are not covered by the prohibitions. And court clerks said it would be virtually impossible to redact all of the Social Security numbers in them.

"That's just plain nutty," said Wendy Jones, former acting clerk of the Prince William County Circuit Court. "I mean, we're talking about hundreds and hundreds of thousands of files in our court alone."

In Loudoun County General District Court, Social Security numbers were found on documents filed in 38 of the 48 criminal cases heard by a judge on a recent day. The numbers were typed or written on summonses, arrest warrants, criminal complaints and jail commitment and release orders, among other documents.

"I don't like it. I don't like it at all," said the court's clerk, Judith S. Waddell. "Would you like your Social Security number being disclosed to the public? I know I wouldn't."

A one-hour search of Maryland's land records Web site found the Social Security numbers and signatures of two dozen property owners.

"It's alarming, because the government should be setting the example in really trying to protect people's private information," said state Sen. Jamie B. Raskin (D-Montgomery).

"Look, there's a whole criminal underground now that thrives on stealing people's credit cards and usurping their identity for as long as they can."

A 15-minute search on the Maryland Department of Assessments and Taxation Web site found Social Security numbers on statements filed by creditors who had financed purchases by four consumers in Waldorf, Cambridge, Bowie and Landover in 2003 and 2004.

A dozen more numbers, including former secretary of state Powell's, turned up on a Fairfax County site that requires a $25 monthly subscription fee. Powell, in an e-mail, declined to comment.

A Texas land records site had the Social Security number of Aikman, the former Dallas Cowboys quarterback. Aikman, a Fox Sports analyst, declined through a Fox spokesman to comment.

Although it's rare to find the numbers in new criminal court filings in Maryland and the District, they often appear on summonses and arrest warrants in Virginia.

Typical is the Nov. 13 summons issued to a Sterling woman charged with failing to register her dog, a gray Shih Tzu named Puzzle, which had been declared dangerous.

In addition to her name and Social Security number, the one-page document -- filed in Loudoun General District Court -- listed her home address, birth date, race, driver's license number, eye and hair color, height and weight.

"With that information, an identity thief could open up new accounts in her name," said Betsy Broder, an identity fraud expert with the Federal Trade Commission, "because the identity thief has virtually all the information that he or she needs to open up a credit card account, seek employment if they don't have legal status in this country, apply for a driver's license or, if they are arrested for some crime, use this other person's identity as their own."

The Social Security number of another Loudoun defendant, charged with stealing a mountain bike and then failing to appear in court, was found on seven documents in his case file.

"This is an issue the General Assembly needs to look at," said Loudoun Circuit Court Clerk Gary M. Clemens, president of the Virginia Court Clerks' Association.

Identity fraud has been around for centuries. But widespread use of credit cards and the growth of the Internet have fueled a plague that costs businesses and consumers billions of dollars a year.

The problem took a giant leap in the public consciousness after the Sept. 11, 2001, terrorist attacks, when it was revealed that several hijackers had used fraudulently obtained IDs to open bank accounts, rent apartments and board planes.

The federal government responded with a law in 2004 that mandated prison sentences for people who use identity theft to commit other crimes and prohibited Social Security numbers from being displayed on newly issued driver's licenses.

A presidential task force called on federal agencies last spring to "reduce the unnecessary use" of Social Security numbers, which it called "the most valuable commodity for an identity thief."

But with a few keystrokes, anybody can view the deed to Jamie and Sarah Raskin's house in Takoma Park.

The state senator said that when he refinanced the house in 1994, he gave no thought to the two Social Security numbers printed near the bottom of his property deed. But in March, he received a call from Betty "B.J." Ostergren, an activist from central Virginia who pushes lawmakers and government agencies to take sensitive personal data off state-run Web sites.

"She said, 'Do you know I was able to find your Social Security number and other private information about you and your wife online?' " Raskin said. "I was shocked, and I briefly flipped out, because, you know, these are days when everybody's privacy is under assault."

Ostergren's site, http://thevirginiawatchdog.com, offers dozens of examples of public figures whose Social Security numbers have appeared in public records in recent years. They include former CIA director Porter J. Goss, former Florida governor Jeb Bush (R) and former Virginia attorney general Jerry W. Kilgore (R).

"The government loves to spoon-feed criminals by putting these dern records on their Web sites," Ostergren said.

Raskin said he plans to call for legislation that would give Maryland residents the right to request redaction of their Social Security numbers from public records.

"The public certainly has the right to know who owns a particular property," he said. "But I don't think the public has the right to know what that person's Social Security number is."

Gansler cracked a joke when he learned recently that his number appeared on a real estate document he had signed in 1996.

"You can steal all of my money that you want. I don't have any," he said.

Then he turned serious.

"Our laws need to be tightened up," he said. "There's no legitimate reason why somebody should be able to surf the Internet and gain another person's Social Security number."

Reference: washingtonpost.com

(IDTheftDefense.com) and (USPublicRecords.com)

Record Number Of Data Breaches In 2007

2008-01-01T18:34:00.000-07:00

Whether or not 2007 was a good year or a bad year generally comes down to your own personal experience, but in one business-related realm it was definitely a year to forget.

Data security breaches soared to unprecedented levels in 2007, a trend experts say likely won't turn around anytime soon. That's because as quickly as companies put new security measures in place, hackers are already finding ways to beat those methods.

"More (companies) are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after falling victim to identity theft.

According to Foley's agency, there were 79 million records reported compromised in the U.S. through December 18. That's four times as many as in 2006.

Another group, Attrition.org, figures that more than 162 million records were compromised from the start of the year up until Dec. 21. Unlike Theft Research Center, Attrition looks at breaches around the world.

"It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin.

More than half the total records for both groups were part of the massive theft of credit card data at TJX Cos., which owns discount stores including T.J. Maxx and Marshalls. Attrition.org figured 94 million records were exposed when hackers intercepted wireless transfers of customer information at two Marshall’s stores in Miami. That allowed the perpetrators to get into TJX's central databases.

Before the breach, which came to light in January, the company had apparently invested millions of dollars in computer security.

The two nonprofit groups suggest 2007 will end up being a record year in terms of the amount of compromised information, not just because of greater data loss, but because of greater reporting of breaches.

Reference: citynews.ca

(IDTheftDefense.com) and (USPublicRecords.com)