Articles

Steps Toward Tracking And Managing Your Digital Footprint

Wed, 22 May 2013 01:00:00 -0700

Even if you're not ecologically inclined, you've probably heard the term "carbon footprint"-a phrase that refers to the amount of excess carbon an individual, family or organization contributes to the earth's atmosphere. But are you as aware of your "digital footprint?" You should be.

The cyber dictionary netlingo.com defines digital footprint as "the trail you leave in cyberspace and on any form of digital communication." Hackers, identity thieves and other cyber crooks can use your digital footprint to collect identity theft data and misuse your personal identifying information. Companies may use legally collected information to market to you, and potential employers may review public parts of your footprint-such as your social media presence when considering you for a job.

It pays to not only be aware of your digital footprint, but to also take steps to manage it.

Making tracks

So how does a digital footprint occur? Simply put, everything you do in cyber space-emails, text messages, Web browsing, logging on or off a network, etc.-leaves a trail. Some of the information that makes up that trail are things you voluntarily share, such as anything on your social network profile, but other aspects occur invisibly, without your express consent or knowledge.

Most of us have only a rudimentary understanding of how to follow our own digital footprints (think backtracking through your browser history to find that cool site you came upon the other day). Cyber crooks, however, know how to track your trail straight to usable information.

With the use of mobile devices such as smartphones and tablets becoming wide-spread, the average person's digital footprint has grown even larger.

Managing your footprint

You can take steps to minimize privacy issues and identity theft risks associated with your digital foot print. It's important to realize that it is virtually impossible to entirely erase your digital footprint. Instead, focus on management techniques to ensure your footprint is small and positive.

• Track your own footprints as much as possible. You can find online calculators that can help you understand the reach of your digital footprint. Open your Web browser and search for your own name. Take steps to remove your information from mailing lists and Web lists.

• Another way to narrow your footprint is to delete all your social media accounts - something most of us aren't willing to do. A better option is to carefully review privacy settings on all your social media accounts, and choose settings that ensure the maximum protection for your information.

• When working online, always read a website's privacy policy (no matter how long and dull) before entering any personal information on the site. When shopping online, only deal with reputable websites that have demonstrated security measures in place.

• Regularly clear cookies and history from your browser, especially if you've used a public PC (such as in a hotel business center) for personal business. Avoid conducting personal online business over unsecured wireless networks.

As our digital lives continue to evolve, so will the ways in which we leave tracks through cyber space. Taking steps to manage you digital footprint can help ensure cyber criminals never pick up your trail.

When a Soldier Comes Home to Identity Theft

Fri, 17 May 2013 14:00:00 -0700

Norman Rockwell painted soldiers coming home to open-armed relatives, hot meals and hard-earned rest. Rick Martinez’s homecoming wasn’t so heartwarming.

The National Guardsman returned from an 11-month stint in Iraq, only to find a tangled web of identity theft. Someone had tried to open credit card accounts in his name, using his personal information. He worried it would negatively impact on his credit.

“I had heard horror stories about identities getting stolen when you’re overseas,” said Martinez, who also has served in Dubai and Colombia. “When you’re deployed, your only means of communicating is the Internet, and you’re dependent on foreign servers.”

Military personnel are at greater risk for identity theft because of their limited means of communication and the transient nature of their work. Long deployments and frequent relocations make it difficult to monitor bank accounts and credit card statements while abroad. In its 2013 Consumer Sentinel Report, the Federal Trade Commission noted that a full 37 percent of complaints filed by military personnel involved identity theft—compared to 18 percent of complaints in the general population.

Martinez tried to tackle the red tape on his own but quickly found himself stonewalled. He requested a free credit report and discovered the alias “Mary J. Richards,” an error so egregious it would have been funny if it didn’t have such serious ramifications. He called and wrote letters disputing the errors but made no progress. “There’s a mystique about it,” said Martinez. “You try to read the fine print and do what the fine print says, but it’s not happening. You see ‘Mary J. Richards’ on your credit report, and no one will help you.”

Martinez found the help he needed through Intelius, which offers IDentity Theft 911’s identity management services to its customers. Fraud Investigator Maria Valenzuela was assigned his case, and she:

• added a seven-year extended fraud alert to his credit files, which prevents new applications from being approved and entitles him to two free credit reports per year from each credit bureau;
• reviewed his credit reports with him to determine if any fraud existed; and
• removed his name and address from the nationwide pre-approval list, compiled by the credit bureaus and sold to their affiliates, who send pre-approved credit cards and insurance offers. (This is particularly helpful for military personnel who are not home to shred these offers.)

“Rick had taken all the right steps and made all the right phone calls,” said Valenzuela. “But it’s difficult to stamp out this kind of fraud, even when you’re a good investigator and you’re proactive like he was.”

Valenzuela recommends that active military:

• place a one-year active-duty alert on credit files, which requires potential creditors to confirm the applicant’s identity before issuing credit;
• notify credit card companies to place restrictions on card usage;
• have mail forwarded to a P.O. box or trusted relative; and
• check credit reports at least once a year at annualcreditreport.com.

“In your time of need,” added Martinez, “it’s good to know you can pick up the phone and there’s someone like Maria on the other end who’s going to listen, help, and answer questions you haven’t even thought of yet.”

GAO: Flaws In IRS Controls Led To Invalid Refunds to Dead Taxpayers

Wed, 15 May 2013 01:00:00 -0700

It's a sad statistical fact that when data breaches or business identity theft occur, a failure of internal safeguards is often to blame-partially or entirely. Often, organizations or companies leave themselves-and their customers-open to attacks by identity thieves and hackers because they haven't done enough to prevent those attacks. The same may be true of at least one government agency, a new report reveals.

A recent report by the Government Accountability Office, Congress' investigative agent, pointed to multiple deficiencies in how the IRS handles its business-and more than one of those issues speaks directly to identity theft risks and fraud.

The GAO said that as a result of its audit of the IRS's 2012 fiscal year financial statements, it uncovered problems with how the tax service estimates federal taxes it should be receiving and how much it should be paying out.

IRS internal controls aren't effectively ensuring that tax refunds don't go to dead people, the GAO cited in a list of concerns. Identity thieves commonly commit tax fraud by filing for refunds using the Social Security numbers of deceased taxpayers. The GAO reviewed refunds sent to dead taxpayers in 2012, and found that 88 percent were invalid-many because of identity theft.

Tax fraud and tax identity theft are growing concerns. In 2010, the most recent year for which figures are available from the Federal Trade Commission's Sentinel Network Data Book, tax- or wage-related fraud made up 15.5 percent of the nearly 251,000 identity theft complaints reported to the FTC. It was the most common type of identity theft reported that year, and had increased 12.7 percent from the previous year.

The GAO also took the IRS to task for employee-related issues. Specifically, the GAO said IRS procedures were ineffective in ensuring that IRS workers allowed to approve issuing a manual refund were properly appointed. And, other workers' access to sensitive taxpayer information was not effectively limited. In the corporate world, employees acting irresponsibly or criminally can cause or contribute to data breaches, fraud and outright theft.

In addition to tax fraud issues, another point of concern was ineffectively designed policies and procedures that employees are supposed to follow to record the purchase of goods and services, the GAO report said.

What's more, the GAO said, as of Sept. 30 of last year, the IRS had resolved only 23 of 69 recommendations the GAO had made after its 2011 audit of the tax service.

Security Advice for Mobile Device Users

Wed, 08 May 2013 01:00:00 -0700

With 87 percent of American adults owning cellphones (according to Pew Research Center), 45 percent possessing smartphones, 26 percent toting e-book readers and 31 percent owning tablet computers, it's safe to say the majority of Americans use a mobile device. But how safe are those devices from hackers and identity thieves?

Mobile malware threats soared 163 percent in 2012, according to a security report by NQ Mobile Inc., a mobile Internet services provider. More than 65,000 mobile malware threats infected nearly 33 million Android devices last year, NQ reports. That's a 200 percent increase from 2011.

Anti-viral and anti-malware software isn't always effective at protecting mobile devices, either. A recent study by Northwestern University and North Carolina State University found that popular mobile antivirus applications were vulnerable to some very basic evasion techniques favored by malware writers.

Security experts point out that many mobile users - especially smartphone users - carry a great deal of personal identifying and financial information on their devices. Losing the actual device, while disastrous enough, isn't the whole story when it comes to risks associated with mobile use. Downloading the wrong app, visiting a suspect website and opening a malicious email can all expose users to identity theft attacks. In fact, the NQ report found that bad apps, malicious URLs and smishing - bogus text messages designed to swindle information out of unsuspecting users - were the top three means of delivering malware to mobile devices in 2012.

So how can you protect your mobile device from cyber attacks such as identity theft and fraud? The U.S. Department of Health and Human Services has compiled guidelines for health care providers - who face substantial risks related to medical identity theft - that make sense for all mobile device users.

The department advises mobile users to employ device security. This can include passwords and other user authentication techniques such as PINS or pass codes, and automatic screen locking after a set period of inactivity. If your mobile device has built-in encryption capabilities, use them, and install an encryption tool if it doesn't already have one. Consider using remote wiping or disabling software that allows you to lock or completely remove sensitive information from a lost or stolen device.

Avoid using file-sharing on your mobile device, because it increases the risk of the wrong person accessing private information on your mobile. Use anti-viral, anti-malware and firewall software designed for your mobile device, and keep all security software up to date.

Finally, be very careful about what you download. There's an app for everything, but not all the millions of apps available - both free and those you pay for - are on the up-and-up. Some contain coding that can allow cyber crooks to steal your important information. Thoroughly vet any app before you download it.

Tax ID Theft Against Seniors Sparks Worry, Action Among Feds

Wed, 01 May 2013 01:00:00 -0700

Just when you think identity thieves can't sink any lower than robbing children by using their clean credit profiles for criminal purposes, news emerges of an escalating form of identity theft: tax identity theft against senior citizens. Government agencies from the IRS and Federal Trade Commission to the Senate Special Committee on Aging are taking action to fight the problem.

Tax identity theft is a favorite ploy of scammers and criminals. In fact, between 2008 and 2012, tax-related identity theft rose more than 650 percent, according to the IRS Taxpayer Advocate Service. Thieves defrauded American taxpayers of $5.2 billion by filing 1.5 million fake tax returns in 2011, an investigation by the U.S. Treasury Department's inspector general revealed.

Seniors are a favorite target - along with anyone else who doesn't have to file a tax return, such as students, low-income earners and the deceased, according to the Special Committee on Aging.

Seniors who have no income other than Social Security benefits, or whose additional income falls below the taxable threshold, don't have to file a federal tax return. Identity thieves can use that person's Social Security number to file a fraudulent tax return - seeking a refund - without the individual, or the IRS, being aware of the fraud. It can go on for years, or never be discovered at all. Because the crime goes unreported, it's difficult for the IRS to detect - allowing thieves to walk away with billions in fraudulent refunds.

At a senate hearing, Treasury Inspector General for Tax Administration J. Russell George told lawmakers that this year's identity theft data are not yet available, MSN Money reports. "However, it is highly likely that incidents of identity theft will show a continued increase when the current filing season is concluded," he said.

Federal agencies are taking steps to address the growing problem of tax identity theft and ensure seniors have better protection from identity fraud, including:

• In early May, the FTC will host a workshop, "Senior Identity Theft: A Problem in this Day and Age," aimed at addressing areas of identity theft that affect senior citizens. Consumer advocates, government officials and members of private industry are expected to participate and the forum is open to the public.

• The IRS expanded a program that makes it easier for law enforcement in all 50 states and the District of Columbia to obtain tax return data as part of their investigations and prosecution of identity theft cases.

• Multiple federal agencies and departments, from the FBI and IRS, to the FTC and Department of Justice offer extensive consumer information and identity theft prevention advice on their Web pages.

• The IRS has boosted its security efforts, including filters that are used in processing returns.

Senior citizens can take some steps to fight tax identity theft. If you receive an email, text message, instant message or other form of digital communication purporting to be from the IRS, forward the suspicious contact to the IRS at phishing@irs.gov. The IRS never uses any form of digital communication to initiate contact with taxpayers. If you receive a letter from the IRS rejecting your return because the service says you already have one on file, contact them immediately. Multiple returns are often an indicator of tax identity theft.

Cyber Security Giant: Attacks on Small Business 'Threaten All of Us'

Wed, 24 Apr 2013 01:00:00 -0700

Small businesses are the new darlings of cyber criminals. Business identity theft and cyber attacks are a rapidly growing problem with far-reaching ramifications for not only the companies targeted, but also for the private citizens and other companies that do business with them.

In 2012, half of all targeted cyber attacks were aimed at businesses with fewer than 2,500 employees, and 31 percent of all attacks targeted companies with fewer than 250 employees, according to Symantec's 2013 Internet Security Threat Report. And although the risk continues to grow for small businesses, many still believe they're safe from cyber attacks, Symantec discovered in a survey of small business owners. In that survey, 83 percent admitted they have no formal plan for cyber security, and 59 percent don't have procedures in place to respond to and report a data breach, even though federal law requires companies to inform consumers affected by such breaches.

From loss of business, reputation and actual financial losses, data breach costs can be devastating for small businesses. But the impact on the business' customers can be just as significant.
"The lack of adequate security practices by small businesses threatens all of us," Symantec says in its security report.

Small businesses often have databases of customers' personal and financial information that identity thieves find useful. Once thieves have this information, they can use it in a number of ways, from opening bogus credit accounts in customers' names to using existing credit card accounts to make fraudulent purchases.

What's more, says Symantec, "attackers deterred by a large company's defenses often choose to breach the lesser defenses of a small business that has a business relationship with the attacker's ultimate target, using the smaller company to leap-frog into the larger one." Such tactics mean that the small business' lack of security not only exposes its own customers to identity theft and fraud, but also may put at risk the clients and customers of larger companies with whom it does business.

Symantec points to the increase in Web-based attacks as evidence of this trend. In 2012, such attacks rose by a third, "and many of these attacks originated from the compromised websites of small businesses," the security software giant said.

In 2012, the average number of identities exposed per breach was a staggering 604,826, according to Symantec. Every breached record is a potential ID theft case that could cost a consumer thousands of dollars. When a company experiences a data breach, federal law requires it to notify affected customers. Many companies also offer monitoring services to consumers caught up in the breach. The costs pile up for all parties involved.

"It's terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe," said Brian Burch, vice president of Americas Marketing for SMB at Symantec in a press release published by the company in late 2012. "Almost 40 percent of the over 1 billion cyber attacks ... in the first three months of 2012 targeted companies with less than 500 employees. And for the small, poorly protected companies that suffer an attack, it's often fatal to their business."

BYOD Puts Employees, Employers At Risk of ID Theft

Wed, 17 Apr 2013 01:00:00 -0700

Employees using personal smartphones or iPads for office work might seem like a win-win all around. Workers don't have to keep track of multiple devices or transfer data between devices, and they have easy access to work information whenever they need it. Employers save money not having to purchase or maintain the devices for employees, and get the assurance workers can access their office email quickly.

But the practice of BYOD - "Bring Your Own Device" - poses new security risks for both employees and their employers, including business ID theft, security experts say.

In the past year, 96 percent of American workers used their personal smartphones for work, according to a study by a network of Cisco partners. Yet less than half (46 percent) said they thought their employers could handle any problems that arose from BYOD, and 39 percent didn't bother to protect their personal devices with a password.

Always quick to identify new opportunities, cyber crooks are now focusing their efforts on taking advantage of the BYOD trend. Cyber criminals use a variety of tools and tactics to target personal devices being used for business - from data theft via malware to physical theft of devices containing sensitive information.

Both employers and employees are responsible for risky behaviors related to use of personal devices for business purposes, studies show.

In the Cicsco study, 52 percent of employees admitted to accessing unsecured Wi-Fi networks with their personal devices. A survey by information security trainers SANS found that 61 percent of employers allowed employees to use personal devices to connect to protected network resources, but only 9 percent were "fully aware" of what devices employees were using, or what they were accessing. Half didn't have policies governing BYOD, or trusted employees to follow corporate policies for securing personal devices, SANS found.

Risky employee behaviors include:

• Use of unsecured Wi-Fi networks
• Leaving mobile devices unattended and exposed to theft
• Losing mobile devices
• Downloading apps from questionable sources, or not checking privacy policies before downloading
• Visiting unverified websites
• Disregarding an employer's security protocols

Among employers, risk-engendering behaviors include:

• Failure to implement and enforce security standards for work use of personal devices
• Failure to have in place a response plan for data breaches when they occur
• Failure to educate employees on how cyber crime occurs and what they can do to help prevent it.

Cyber attacks against employees' personal devices can have far-reaching consequences for businesses. Data breach costs create huge losses for businesses, including direct theft of money from financial accounts, money lost on remediation, loss of business reputation, abandonment by customers and even fines and penalties for failing to report a breach in a timely manner.

Ensuring security while workers use personal devices for business takes a concerted effort from both sides of the equation.

"The threat against mobile devices has already been proven," write Kevin Johnson and Tony DeLaGrange, authors of "SANS Survey on Mobility/BYOD Security Policies and Practices." "Without security policies, allowing employee-owned devices to access company resources makes our protected IT networks sitting ducks."

Fame And Fortune Are No Defense Against Identity Theft

Wed, 10 Apr 2013 01:00:00 -0700

Celebrity, wealth and a battalion of body guards might seem like things that would deter identity thieves. But even the rich and famous can fall prey to identity theft. High-profile Americans from the Supreme Court to the basketball court and the White House to the house of blues have had their identities compromised.

Supreme Court Chief Justice John Roberts is the latest famous person to join the ranks of the millions of common folks who have their identities stolen every year. Multiple news reports say Roberts has been paying cash at D.C. area businesses, and explaining that his credit card information had been stolen. A Supreme Court spokesperson told an ABC reporter that the chief justice's credit card numbers had been used, according to one ABC.com.

While it may seem that a very recognizable name would be less appealing to identity thieves, fame doesn't seem to be a deterrent. First lady Michelle Obama and Vice President Joe Biden were among a number of famous people who had personal identifying, credit or financial information stolen and posted to a Russian website earlier this year. Former Secretary of State Hillary Clinton, former vice presidential candidate Sarah Palin, celebutante Paris Hilton, and actors Mel Gibson and Ashton Kutcher were also targeted in that attack.

Identity theft against celebrities is nothing new, and the culprits use the same tactics against famous people that they apply against average Americans. From picking through a celebrity's trash and stealing credit card information to cyber attacks on bank, brokerage and other financial accounts, identity thieves steal information in a number of ways.

The steps that can help ensure protection from identity fraud remain the same, whether you're anonymous or famous:

• Before you trash documents (including receipts, statements, credit card offers, catalogs, etc.) that contain identifying information, run them through a cross-cut shredder.
• Use up-to-date security software and encryption for all electronic communications, including on your smartphone.
• Employ secure, difficult-to-guess passwords for all your accounts.
• Lock up important paperwork, such as tax forms, passports and Social Security cards.
• Monitor your credit accounts, bank accounts and other financial accounts regularly.
• Vigilantly protect your Social Security number.

You may never have the financial resources of a celebrity or the legal clout of a Supreme Court justice, but you can still take steps to protect your identity. When it comes to identity theft prevention, all Americans really are created equal.

Parents Use Apps To Mobilize Against Child ID Theft

Wed, 03 Apr 2013 01:00:00 -0700

More kids than ever are accessing the Internet through mobile devices, and more children than ever are having their identities stolen. With child identity theft and Internet security concerns continuing to grow, parents are turning to mobile apps to help keep kids safe.

One in 40 households with children younger than 18 had at least one child compromised by identity theft, according to the 2012 Child Identity Fraud Survey by Javelin Strategy & Research, which was sponsored by the Identity Theft Assistance Center (ITAC).

Identity thieves and other predators are known to use social media and other online venues to target children. Widespread use of smartphones, which provide youngsters with direct access to the Internet, further complicates efforts to keep kids safe online.

Mobile apps aim to protect children in several ways.

First, apps like the FBI's Child ID App, allow parents to electronically store and easily access photos and vital information about their children in their own smartphones. If a child ever goes missing, parents can use the app to quickly share identifying information and images with law enforcement. The app also provides tips on keeping kids safe and what parents should do in the first few hours after a child goes missing - a critical time in any hunt for a missing person. The FBI says it does not use the app to collect or store information unless parents provide it during an emergency.

Other apps can help parents protect against child identity theft that might occur through online sources. Thirty-seven percent of teenagers own smartphones, and one in four accesses the Internet primarily through their phones, according to Pew Research Center's report "Teens and Technology 2013."

Identity thieves have been known to use social media sites to gather personal information that can be used to create synthetic identities. The most common ways is criminals combine a child's Social Security number with a different date of birth, according to the ITAC study.

Controlling a child's use of social media is another way to protect against identity theft, and apps like Kytephone allow parents to restrict the sites kids can access or apps they can download on their mobile devices. Net Nanny also offers a mobile app for Apple devices that filters online content and restricts what apps a child can download or use.

Teens aren't the only ones at risk on mobile devices, however. With many parents providing younger children with smartphones, or allowing them access to parents' devices for entertainment purposes, a younger group of kids may be exposed to child identity theft and other cyber crimes. Other apps, including free options, block a child's ability to access the browser on a smartphone and limit their mobile use to age-appropriate games, books or video.

"Smartphones and tablets have added new technology with new challenges (for parents)," Russ Warner, CEO of Net Nanny, told the Chicago Tribune.

Fortunately, it seems both parents and app makers recognize the need to take extra precautions to protect children from encountering online threats while they use mobile devices.

Retired Teacher Gets Tested By Tax Fraud

Thu, 28 Mar 2013 14:00:00 -0700

An accountant rarely rings at 8 a.m. with good news. Sure enough, when Paige Brown* took the call, she found out the IRS had rejected her tax return because someone already had filed in her name and pocketed the refund. To make matters worse, the IRS wanted Brown to pay back the money.

“I started frantically calling my credit card companies and telling everyone that my identity had been stolen,” said Brown, a retired English teacher from New England.

Tax-related identity theft is a growing problem. In 2012 alone, the IRS was hit with more than 600,000 false claims, according to a recent study from the U.S. Government Accountability Office. The high incidence of fraud is snarling the system. It takes dozens of phone calls and a wait time of six months to more than a year for cases like Brown’s to be resolved.

Fortunately, Brown’s auto insurance provider covered her for identity management services through IDentity Theft 911. Fraud Investigator Maria Valenzuela was dedicated to her case until its full resolution.

“Maria was very reassuring,” Brown said. “In a calm, authoritative and professional manner she outlined the steps I needed to take immediately.”

The first step: Valenzuela coached Brown on how to work with the three major credit bureaus—TransUnion, Experian and Equifax—to lock down her credit accounts and prevent the thieves from doing further damage.

But the IRS continued to hold Brown accountable for the money the agency had paid out to the identity thieves. She received letters from the IRS threatening to garnish her Social Security benefits to cover the loss.

“One of my biggest challenges was coordinating my efforts with the IRS,” Brown said. “That got straightened out thanks to Maria.”

Valenzuela moved quickly to protect Brown’s credit and resolve the fraud by:

• Calling the IRS to confirm a fraudulent refund had been submitted and paid out.
• Completing the IRS’s fraud affidavit.
• Adding a three-year tax marker to her tax file, which flags refunds for verification.
• Placing a 90-day alert with the credit bureaus and ChexSystems.
• Adding credit freezes to Brown’s credit files.
• Enrolling Brown in the monitoring of her credit reports.
• Calling the IRS every 30 days until the investigation was closed.

Brown credits IDentity Theft 911 with giving her peace of mind during a difficult time. Valenzuela’s support helped to reduce her anxiety about the situation as well as to resolve the case with minimal stress.

“IDentity Theft 911 was very good at making me feel secure that I was doing the right thing and that eventually things would be settled,” Brown said. “When I called Maria, she always got back to me. She gave me accurate information on the steps that had to be taken right away.”

In April, the IRS closed its investigation and acknowledged that the refund issued was fraudulent and stopped all garnishment threats.

One year later, Brown is taking steps to make sure her tax season is less turbulent. She’s set up a PIN on her accounts to help ensure the IRS flags any suspicious returns. And she knows where to turn if her identity is ever stolen again.

“If it happens to me again, I would go back to IDentity Theft 911 in a heartbeat.”

* Name has been changed to protect the victim's identity.

Privacy Concerns Pit Parents Against New York Education Department

Wed, 27 Mar 2013 01:00:00 -0700

Privacy-minded parents are clashing with the New York State Education Department (NYSED) over the development of a data cloud that will contain the personal information of millions of New York public school students - including their names, birth dates, addresses, phone numbers, e-mail addresses, discipline and attendance records, and test scores.

Parents and identity protection and privacy advocates are raising concerns that this sensitive information can be shared outside the school system, and that parents have no recourse for opting their children out of the database. The NYSED says the database, dubbed the New York State Education Data Portal (EDP), will only contain information that schools have been gathering for years, and will function as a tool for teachers, parents and students to track progress, set individual goals and facilitate the electronic transfer of high school transcripts to colleges and universities.

Tom Dunn, a spokesman for NYSED, told the Village Voice that the data housed in EDP will be "regular student information that, when parents register a child for school, they give up."

Opponents of the project say they fear that personal student information could be shared with outside companies who could then use that information for targeted marketing to children.

During a rally against the EDP earlier in March, New York City Councilman Steve Levin spoke out, according to the Village voice. "Our children are not commodities," Levin said. "They are not something to be bought and sold on the market place. Their achievement and their data is not something that's negotiable or something that should be for sale."

And, at least one education advocacy group has raised concerns over the security of the data cloud. Data breaches can lead to identity theft.

"Many technology professionals do not trust clouds for their more sensitive data," Leonie Haimson, executive director of Class Size Matters, a New York education advocacy group, wrote on the New York Daily News website.

The Federal Trade Commission cites child identity theft as a growing problem. In testimony before a subcommittee of the House Committee on Ways and Means, FTC representatives said "... a child's identity is a blank slate that can be used to obtain goods and services over a long time period because parents typically do not monitor their children's credit, often having no reason to suspect any problem."

inBloom, the company developing the EDP, says it operates in compliance with federal laws governing privacy in education.

"Student data privacy is a top priority for inBloom, and protections for student privacy have been addressed throughout the design and ongoing operations of our solution, in compliance with the Family Educational Rights and Privacy Act (FERPA)," the company says on its website. The EDP is expected to be complete and operational in fall of 2013.

Are Your Electronic Communications Private? Think Twice Before You Send

Wed, 20 Mar 2013 01:00:00 -0700

You probably consider your emails and direct Twitter and Facebook messages to be private communications-something between you and the receiver. They aren't available for anyone else to read unless you include more names on the "To" line, or the message is retweeted or shared by the recipient.

The federal government might not agree. This week, in conflicting actions, the White House is backing away from the stance that police officers should be able to read emails without a warrant, but at the same time, the Justice Department is proposing that government offices be allowed to put Americans' emails, direct Twitter messages and direct Facebook messages under surveillance.

At stake are two factors, protection of civil rights and the ability for law enforcement to pursue and bring to conviction criminal behavior.

The 1986 privacy law was established before social media existed, and email was a raw concept. The law states that any form of electronic communication cannot be used without a warrant to convict or accuse a person of a crime. However, the law allows law enforcement to access records of calls made to and from specific phones without the need for a warrant, and there is argument that law enforcement should be able to access the same information for emails.

More recently at the federal appeals court level in 2010, the court determined that a search warrant was required before law enforcement could access information stored in the cloud. This also includes email communication.

There have been several cases over the past four months in which emails, tweets and Facebook postings resulted in people being tried for crimes ranging from violence-the Ohio football rape case-to high level political figures having to step down from their positions-retired General David Petraeus from his position as Director of the CIA.

Companies that administer email services like Facebook, Yahoo, Microsoft and Google say they require search warrants before responding to requests by law enforcement for email communication information. These requests happen frequently. In 2010, Google posted via an online tool how many requests it received for consumer data. In the United States, those requests totaled more than 4,000 in the first half of the year.

The question of how private an email, direct Twitter or direct Facebook communication will continue to be is hotly debated. Until then, users of these messaging tools should keep the following tips in mind:

• Don't use email or social media communications to conduct any business that you wouldn't want others to see. You never know when the recipient of your communication might decide to print it out, share it, or forward it to others, making it public.
• When using public computers or Wi-Fi, set up a Virtual Private Network account to give you mobile security and protect against anyone else accessing your information.
• Use generic subject lines in your emails. Something like "rainy weather today" is much less informative to a hacker than "Social Security number needed."

Be careful how you use electronic communications, and always keep in mind that whatever you send or post could be made public for everyone to see and read.

Woman Battles ID Thieves Who Keep Coming Like Zombies

Tue, 19 Mar 2013 14:00:00 -0700

Carole Stuber, a Long Island, N.Y., retiree, isn’t much of a gamer. So when she spotted a $400 charge from an online video game seller on a 2010 credit card statement, it stood out. Next came charges for subscriptions to music and motorcycle magazines—again, not really Stuber’s cup of tea.

Stuber successfully disputed the odd charges, but like in any good video game, the bad guys just kept coming back: Every time Stuber stomped out one problem, another popped up in its place—and suddenly she was at war with an unknown enemy. A few weeks after the initial charges, Stuber noticed a pending online payment of $4,000 in her checking account, which she hadn’t scheduled. She blocked it, closed her bank accounts and set up a 90-day alert with the three major credit bureaus. She also closed her credit card accounts and replaced them with new ones, put passwords on every account, and contacted the police and district attorney. Despite these precautions, one of her credit card companies issued a duplicate card to an Arizona address. But luckily she checked her email the day it was shipped, so she was able to keep the credit card company from activating it.

Stuber was a worthy adversary for the crooks who had taken over her accounts. She had worked as a town administrator for 15 years and a tax preparer for 34 years—and she was an enrolled agent with the IRS. She was informed and diligent. She took every step a person should take in these circumstances. So, game over, right?

Wrong.

Roughly a year after the initial fraud, someone walked into an Alabama military credit union and attempted to cash checks from her new account. Then someone began writing counterfeit checks—at least 10—averaging $2,000 each. The bank did not pay on any of these checks, but the thief, or thieves, was undeterred. Next came applications for payday loans and PayPal BillMeLater accounts (including a successful purchase of $2,300 worth of camera equipment), and many attempted online purchases.

Stuber was on perpetual high alert, always on the lookout for new kinds of fraud and theft in her name. “I didn’t see it ending. I was constantly on pins and needles,” she said. She scrutinized every piece of mail, even if it looked like junk mail, because she never knew when or how the thieves would try again. She put together a notebook to organize all the paperwork her case generated and had her bank review every check written on her account. Her diligence came at a price: The bank mistakenly flagged a check she’d written to her insurance company, which delayed the payment—nearly costing her the coverage. Just when it seemed Stuber would never get ahead of the criminals, she discovered she had IDentity Theft 911 coverage through her auto insurance policy.

IDentity Theft 911 Senior Fraud Investigator Vicki Volkert immediately put a seven-year fraud alert on Stuber’s files with the three big credit agencies. “I didn’t even know I could do that,” Stuber said. “I only had the 90-day alert set up.” And because thieves had attempted to obtain a payday loan, Volkert also set up fraud alerts with Teletrack, a specialty consumer-reporting agency. She filed a complaint with the Postal Inspection Service, a step she advises whenever a victim’s mailing address is used in the fraud. Perhaps most important, Volkert helped Stuber understand and manage the regular alerts that popped up. “Vicki is a godsend,” Stuber said. “Credit reports are like Greek. The thieves were pursuing so many avenues, but it wasn’t a full-time job for me once Vicki got involved.”

“It was just one thing after another for Carole,” Volkert said. “First her name, then her identity. It started with account takeover and that’s bad enough, but then it just kept piling on.”

Even after Volkert got involved, Stuber’s case went from bad to worse. Someone attempted to transfer $10,000 from her savings to her checking account, then move $5,000 of that money to an E-Trade account in someone else’s name in another state. Next, roughly two years after the initial fraud, someone used Stuber’s Social Security number to file a fraudulent 2011 return. Fortunately, Stuber’s tax expertise helped her spot the fraud—and resolve it—right away. A few months later, Stuber began receiving robocalls and collection letters for $3,000 worth of Apple computer products—which adversely affected her credit, despite the fraud alerts. Volkert and Stuber, by then a great team, quickly cleared Stuber’s credit report.

Now, the two are cautiously optimistic that they may, at last, finally have vanquished their foe.

“Carole always will have to be vigilant,” Volkert said. “But she knows what to do after all these years of working together. Whenever she sees something suspicious she calls me right away—I even recognize her number now—and we work together. To go from credit card fraud all the way to tax fraud…this case has really been up there with the worst of them.”

Through it all, Stuber has maintained a positive attitude and healthy perspective. “I haven’t lost any money, but it’s been horrible,” she said. “A lot of people have lost a lot of money [and] had their credit destroyed. It could have been so much worse. I can have a good attitude about it because of Vicki.”

Air Travel Security Changes Include Collection Of Additional Personal Information

Wed, 13 Mar 2013 01:00:00 -0700

Airport security is making news these days. A hot topic under discussion this week is how screeners will identify risk-based travelers. It has civil liberty groups worried about the security of travelers' personal identity and the risk of discrimination.

In a meeting last week in New York City, attended by security officials from around the world and Homeland Security Secretary Janet Napolitano, it was shared that governments and airlines are planning to use personal data for travelers to help distinguish between "trusted travelers"-who will be able to pass through security with less screening-and other travelers who will be put through a more thorough screening. The Transportation Security Administration calls this an "intelligence-driven, risk-based screening procedure."

Passengers will be asked to volunteer their information and apply for this trusted traveler status. What has civil liberties groups concerned is the question of how effective this data will be in identifying terrorists without the potential for discrimination. Also of concern is the risk of identity theft, with so much personal information accessible via many different agencies.

Supposedly this process will be designed, like the Global Entry program, to prescreen travelers. But the Global Entry program is not without problems. Reports of some travelers applying for the program and being put in an untrusted category have popped up, and not all these travelers were given a reason for this identification, or the ability to challenge the label.

Additional information is also gathered through border checkpoint encounters, terrorist watch lists and criminal background checks.

Other government regulators-especially in Europe-join the civil liberty groups in questioning how much personal information will be accessed and then examined to determine the threat level for air travelers.

Governments already have access to a lot of data about travelers, especially those flying between countries. Passport information, birth dates, home addresses and credit card numbers are all used by airlines for the purchase of tickets.

The information on passports themselves is also full of personal information. Since 2007, the United States and several other countries have been issuing electronic passports, allowing security agents to scan the chips embedded in the books to access the information electronically.

Currently travel data collected by airlines is made available to the Department of Homeland Security, although certain identifiers, like the request for a kosher meal, for example, are filtered out because they could indicate a traveler's religion. Of course, a loophole has been built into the filter, so that in "exceptional circumstances," these additional identifiers can be accessed by the government.

The TSA reports that in addition to the gathering of information, it also will be enhancing the use of passenger identification technology to help keep terrorists off airplanes. What won't be new are the random searches of travelers and personal bags by security at most airports.

Fraud Files: Identity Theft Grips Entire Neighborhood

Fri, 08 Mar 2013 14:00:00 -0700

Tucked in a pocket of northeast Ohio, not far from Lake Erie, is a little piece of the American dream. Two-story homes of brick and stone stand in front of big backyards, surrounded by a community of neighbors who know one another, socialize and watch one another’s kids.

But just last week, a rash of identity theft rocked the quiet waters of this typical upper-middle-class suburb. Police have found 18 victims, some with tens of thousands of dollars fraudulently spent in their name. And this home development isn’t alone. At least one other Ohio community has been hit with mass identity theft. It has all the trappings of an ugly new trend.

Alison Smith* first heard the news from a neighbor. “We’re all pretty close-knit around here,” she said. “A friend reached out and said, ‘Hey, a couple of neighbors have had identity theft issues.’ ” Smith called her homeowners insurance company and found she was covered by IDentity Theft 911. She connected with fraud investigator Maria Valenzuela on the phone.

“Alison did exactly the right thing,” Valenzuela said. “She knew of five neighbors who all had multiple accounts opened around the same time. She had no fraud, but called us as a preventive measure.”

Valenzuela quickly set up a 90-day fraud alert on Smith’s credit accounts, then removed her from a national database of pre-approved credit applications. They applied the same measures to Smith’s husband’s accounts, but as it would turn out, all the victims in this case were women.

The next day Valenzuela’s phone rang again: another victim from the same northeast Ohio housing development. This one wasn’t nearly as lucky as Smith. Thirteen accounts were opened in this victim’s name: $5,000 charged at Best Buy, $4,000 at Sears, more than $700 at Victoria’s Secret. The crook bought cell phones, paid utility bills, set up cable and Internet accounts.

“First I got a letter from Victoria’s Secret thanking me for applying for a new card,” said victim No. 2, Mary Jo Sullivan*. “Then a letter came from Carson’s, then Macy’s, Sears and on and on and on.” Sullivan was traveling on business when the first few letters arrived. In those two days that the accounts went unchecked, thieves managed to rack up tens of thousands of dollars in charges.

“They got me pretty bad,” Sullivan said. “Most of the people in my development caught it in the first day, or before it started, but in my case they got away with it a lot longer.”

After a few days of frantically calling all the credit companies, utilities and cell phone companies that had opened fraudulent accounts, Sullivan realized her homeowners policy offered identity protection services. Valenzuela picked up the torch again, making calls on Sullivan’s behalf, and got her squared away with police reports and credit bureaus, and put a freeze on all new credit activity.

“This information was compromised from one source,” Valenzuela said. While it might be quick to pinpoint stolen mail or home break-ins where documents are taken, that never happened in this community. And even if it did, Valenzuela said, thieves aren’t likely to get the volume of personally identifiable information that was clearly exposed here. “The damages wouldn’t have been this large-scale, this serious,” she said.

All clues point to the homebuilder, according to police. “Whenever you apply for a mortgage, that broker has all your information, so we’re probably looking at a breach or theft from the purchasing agent in that development,” Valenzuela said.

The local police told Alison Smith as much. Just a few days after calling IDentity Theft 911 and having a fraud alert set up, the thieves struck. AT&T called on a Saturday, confirming that she was setting up new service. AT&T called again, from another store location, an hour later. Smith told the agent she’d been a victim of identity theft and asked for information on the purchaser, but was told they couldn’t release personal information. “That’s my information!” Smith said. “They tried to make me out to be a criminal, because I’m asking for information on the person stealing my life.”

The fraud alert worked. The two AT&T applications were denied. A T-Mobile and a Sprint application were denied. A Kohl’s card was denied. But Verizon let five iPhones slip through. “When I talked to Verizon customer service, she came right out and said they’re not as diligent with online orders as they should be,” Smith told me.

Cell phone and store charge cards are common targets for thieves, Valenzuela said. Retailers often prioritize moving merchandise out the door over security. Most of the purchases in Smith’s case were made in Tulsa, Okla. Though the investigation is still pending, police said it likely will trace back to a crooked employee at the homebuilders office, which handled the mortgages for the entire development.

Smith, for her part, dodged a bullet, getting her accounts protected before the criminals dialed in. An ounce of prevention is truly worth a pound of cure.

“I don’t know what I would have done without Maria,” Smith said. “She’s done everything. She put all the paperwork in place to get the freezes. She was on the line with AT&T and sent letters to all three credit bureaus. I would have been lost without her.”

* Names and identifying details have been changed to protect the victim’s privacy.

How to Avoid Tax-Time Identity Theft

Wed, 06 Mar 2013 01:00:00 -0700

Still haven't filed your taxes this year? This fact will get you moving: Tax refund theft is the fastest-growing crime in the country, according to a government report.

It happens when crooks use your Social Security number to file before you and steal your refund. Victims can wait six months or longer to recover their money. The Federal Trade Commission's Consumer Sentinel Report showed a 43 percent growth in this type of crime and the IRS reported a 60 percent increase in suspected tax return fraud for the 2012 tax season.

The FTC releases the Consumer Sentinel Report annually, and it's used to track the most common types of fraud based on consumer complaints. As we recently reported, identity theft once again topped the FTC's list of complaints with roughly 370,000 complaints filed last year. Tax- and wage-related fraud was by far the fastest growing type of identity theft.

Thieves use two common methods for tax-related identity fraud. Under the first, the thief fraudulently files a tax return in the victim's name and claims the refund. Victims usually find out when they receive a notice from the IRS that more than one tax return was filed in their name.

In another scenario, identity thieves get paid for work while using the victim's identity on tax forms. In this instance, the thief would owe money come tax time, and the victim would be stuck with the bill. Victims discover the problem when their tax forms indicate they received wages from an unknown employer for work they have not completed.

So what can you do to protect yourself from tax-time identity theft? Our experts recommend following these six steps:

• Never, ever give out your Social Security number unless you have a very good reason for doing so. This is the key piece of information that identity thieves need to file fraudulent tax returns.

• Store tax forms in a secure location such as a safe or a safe-deposit box. Avoid saving forms on a computer, but if you must, make sure they are password-protected and kept on an encrypted drive.

• Use a reputable tax preparer or tax preparation software. Many tax-related identity theft schemes involve criminals falsely identifying themselves as tax professionals.

• Double-check your tax forms as soon as you receive them. If they report that you earned money that you know you did not, it's the first clue that someone has been illegally using your identity.

• Retrieve W-2s, 1099s or other tax forms that come by mail promptly.

• Opt for direct deposit of your return. You'll get it faster, giving criminals less time to file and benefit from fraudulent returns.

Video Game Focuses On Data Hacking

Wed, 27 Feb 2013 00:00:00 -0700

Recent data breaches occurring at government agencies and social media giants have made the issue a major topic of conversation.

With the announcement of Ubisoft's Watch Dogs for Play Station 4, the data security issue will now enter the video game world. According to VentureBeat, this game allows players to hack into "smart cities" through camera, monitoring and networking technology, which allows them to control every aspect of a city.

In a gameplay video for Watch Dogs, Jonathan Morin, creative director at Ubisoft, showed Aiden Pearce, the main character, walking the streets of Chicago and identifying a homeless man, as he was able to use his smartphone to access the city's "central operating system."

"Aiden will be able to tap into the city's omnipresent security cameras, download personal information to locate a target, control systems such as traffic lights or public transportation to stop a chase, and more," said the video game maker. "The city of Chicago is now the ultimate weapon."

In another instance, Aiden was able to track down a criminal who robbed a woman by hacking the city's monitoring technology. After the situation is handled, a sign appears on the screen saying, "Criminal neutralized."

Data security brought to the forefront
With the creation of Watch Dogs and the numerous attacks that have occurred in the past couple months, it is clear data security needs to be discussed more. Jeffrey Chester, president of the Center for Digital Democracy, told the Washington Post that the use of massive data collecting systems by companies should lead to bigger conversations about security.

"It's an increasingly out of control system that tracks and collects and targets us," he said. "I take it as a wake-up call that there needs to be a national debate or global debate about what the rules and limits are here."

Two of the most high profile attacks this year have been on Twitter and the U.S. Department of Energy. The social media giant announced it was breached and data for 250,000 users may have been compromised, including usernames, email addresses and encrypted passwords.

Meanwhile, the attack on the Department of Energy led to private information of several hundred employees and contractors being accessed, which could put them at risk of identity theft.

Other major companies that have found themselves targets include Apple, Facebook and Pinterest.

For more information on data security visit the IDentity Theft 911 blog.

Facebook, Apple Computers Hacked

Wed, 20 Feb 2013 00:00:00 -0700

The world's largest social media website recently fell victim to a data breach after an employee visited a mobile developer that was compromised. While at this developer, Facebook employees' laptops were infected with malware, which led to the attack on the social media giant.

As soon as Facebook realized the laptops were infected, the company remediated the problem, contacted law enforcement and began the necessary investigation.

With more than a billion active users as of December 2012, there was the potential for a significant amount of personal information to be stolen. However, Facebook has said that no user data was compromised during the incident.

It was found that the source of the malware was developer "iPhoneDevSDK.com."

"Today, we alerted that our site was part of an elaborate and sophisticated attack whose victims included large internet companies," the developer's co-founder Ian Sefferman, told Forbes.

Sefferman added that he was not aware of the attack until he read a blog post on AllThingsD.com.

"Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach," he said.

While no user information was compromised in this attack, there is always the chance that Facebook could be a victim of a greater data breach. That said, people on the website should be careful of the information they share.

Apple falls victim to same attack
Facebook wasn't the only large company that was infected with this malware, as Apple was targeted as well.

According to Reuters, Apple workers visited the software development website where their computers were infected with malware that was designed to attack Mac computers.

"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," an Apple spokesman said in a statement. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers."

The attack was said to create vulnerabilities for computers using Java, but Apple recently issued an update to the program to help thwart those issues.

Charlie Miller, a prominent expert on Apple security, told the news source that these attacks show that hackers are beginning to spend more time studying the Mac OS X operating system so they are able to complete more sophisticated attacks on Apple computers.

For more information on data breaches check out the IDentity Theft 911 blog.

An Ohio Contractor Rebuilds After Identity Theft

Thu, 14 Feb 2013 14:00:00 -0700

It should have been just another trip to Lowe’s for Don Brown. When his corporate credit card was turned down at the register, the self-employed contractor discovered that his credit card company had frozen the account due to potentially fraudulent activity: Someone had spent $700 at a deli, then tried to take an $8,000 cash advance. Brown had fallen victim to serious identity theft and would spend several months—and lose nearly three weeks of work—trying to clean up the mess.

Fortunately, Brown had purchased identity theft coverage through his insurer just one month earlier. “As an agent you get very nervous for your client and hope your policy is going to respond the right way to a circumstance like that,” said Joe Schauer of the Schauer Group, Brown’s insurance agent. Schauer had no reason to worry: Brown’s provider offered IDentity Theft 911’s services.

IDentity Theft 911 fraud investigator Maria Valenzuela began stomping out fires that popped up daily on more than 16 accounts: a successful $15,000 wire transfer from Brown’s business account; an attempt to cash checks from both business and personal accounts; and credit applications approved by several retailers, including a jewelry store and Home Depot, where the thieves used the entire credit line before returning the purchases for cash.

The stakes grew higher. “I had no idea what was going to happen,” Brown said. “They already took $15,000 and got into my other accounts. It went from something small to something huge.” The funds stolen through the wire transfer were an advance from a client so Brown could purchase materials for a job; without them, Brown was professionally paralyzed. His reputation and company were on the line. If his business suffered, so did his family.

“Don was the perfect victim,” Valenzuela said. “He has a common name, excellent credit and high limits. But Don didn’t ask for this. No one does.”

Valenzuela immediately placed a fraud alert on his file with the three major credit reporting bureaus and initiated credit monitoring. As Brown watched the credit alerts pop up on his computer—including the thieves’ attempt to purchase a car—he and Valenzuela waged a difficult but successful battle. Valenzuela got his cash back, disputed any debt incurred by the thieves and cleared Brown’s credit report, allowing him to get back to business and guard his assets.

“We follow up a lot,” Schauer said, “and every time we reached out to Don Brown, he felt that IDentity Theft 911 was right there, acting on his behalf and resolving his claim. It was everything we can ask for as an insurance agent—that the people we partner with respond to our clients in the appropriate way.”

“IDentity Theft 911 protected my children, my family, and my business from identity theft,” Brown said. And Valenzuela’s work didn’t end once the perpetrators were arrested and Brown’s credit cleared. She monitored his credit activity for more than a year, reassuring him that she would always be there to step in again if necessary. “They did a lot of damage,” Brown said. “Without IDentity Theft 911, I wouldn’t be sitting here. They would have wiped me out by now.”

Hacker Exposes Bush Private Photos

Tue, 12 Feb 2013 00:00:00 -0700

A hacker recently gained access to email accounts of people associated with Presidents George H.W. Bush and George W. Bush, which led to private emails and photographs being distributed online.

This high-profile data breach was conducted by a hacker who goes by the name of Guccifer, who said he doesn't fear any repercussions from the FBI or Secret Service, as they have been after him for a while to no avail.

Some of the images that were posted online include one depicting George W. Bush painting and one of George H.W. Bush in the hospital. A few of these photos came from the email account of Dorothy Bush Koch, Bush's sister.

In addition to the pictures, information from emails was also compromised. For example, a list that included home addresses and phone numbers for many relatives of the Bush family was made public. An email from George H.W. Bush's former Chief of Staff, which was written to the Bush children, explaining the former president's funeral team was ready to plan a service if necessary, was also published.

The Secret Service is currently investigating the situation to figure out how the hacker was able to gain access to the Bush's photos and emails.

"We are investigating the incident," U.S. Secret Service spokesman George Ogilvie told the Houston Chronicle. "Beyond that I can't get into anything else."

Texas lawmakers want more focus on data security
In response to the data breach faced by the Bush family, Texas lawmakers have made it clear that more needs to be done to prevent such incidents from occurring again.

"Hacking has become a serious problem," said U.S. Rep. Randy Weber. "Unfortunately, there are those who mean ill will to decent, honest, hardworking Americans. One of the things we first learned in Congress is that there are millions of attempts each year to hack into the federal government's computers."

Weber, a member of the Space, Science and Technology Committee in the House of Representatives, added that he plans to work harder to keep Americans safe from hackers.

Bhavani Thuraisingham, executive director of the Cyber Research and Education Center at the University of Texas at Dallas, told the Los Angeles Times that this type of attack can happen to anyone. It has become a lot easier and much more dangerous in recent years.

To read more about data breaches, check out the IDentity Theft 911 blog.

‘The Woman With 90 Names’ Finally Crosses One Off Her List

Sun, 10 Feb 2013 14:00:00 -0700

For most of us, $60 buys a nice dinner out, maybe with enough left over to split a dessert. For Tomas Alvarez*, it bought a new life. Or more accurately, it stole one.

In 1997, Alvarez slipped $60 to someone on a New York street corner in exchange for a no-questions-asked Social Security card. It was a great investment. The undocumented immigrant used it—and the sterling credit history associated with it—to establish and develop his own credit, get a job, and open bank and cell phone accounts. Heck, he even treated himself to a nice cable TV package.

He used it again, and again, and again. For 15 years.

The unraveling begins

In 2009, a no-nonsense kindergarten teacher and mom of two in suburban Denver decided it was high time she got a cell phone. Instead, she got a shock.

The Verizon store informed Emilee Harrison* it already had three accounts under her Social Security number (SSN). A few calls later, Harrison learned “she” had 25 Verizon accounts. There also were nine fraudulent accounts at Macy’s, and more at Sears, Best Buy, Direct TV, Frontier, Bank of America, Chase Bank, Comcast and others, totaling 44 accounts.

Harrison, it turned out, was unwittingly supplying the SSN for at least 90 aliases. Alvarez was one of them.

The nightmare scenario

For three years, Harrison filed police reports, logged phone calls, mailed and paid for registered return-receipt letters, and scoured her credit reports trying to wrestle her SSN free of fraud. She successfully disputed account after account. Still, credit rejections and calls from collection agencies kept coming. In May 2012, she opened a bill from her auto and home insurer and saw a flier for IDentity Theft 911.

“Until then, I didn’t realize I had identity theft coverage through my insurance company—and certainly not something free,” Harrison said.

She called and was assigned to IDentity Theft 911’s senior fraud investigator Vicki Volkert. After hearing Harrison’s story and doing a little digging, Volkert knew.

“This was the worst case of true-name identity theft I’d ever seen,” the veteran investigator said. “Emilee’s case is the nightmare scenario.”

Identity theft whack-a-mole

Volkert took Harrison beyond the big three credit reports to delve into a boggling web of (unconnected) consumer reports that capture such things as utilities, property addresses, and tax liens from public records. Two big ones—LexisNexis and ChexSystems—spotlighted the East Coast as a swamp of fraudulent activity tied to Harrison’s SSN.

The more they dug, the more scams surfaced. “It’s like we’d clear up one thing, and something else took its place,” Harrison said.

And although Volkert can fend off collection agencies and guide Harrison in this game of identity theft whack-a-mole, she can do only so much on Harrison’s behalf. Privacy laws intended to protect identity theft victims actually can work against them. The problem is further complicated by dismissive companies (that, Harrison says, don’t seem concerned as long as someone is paying the bill) and short-staffed law enforcement agencies that might offer to “take a look at it” and then never call back.

“I can’t stress enough how important it is for people to be persistent and follow through until you see results,” Harrison said.

A partner and confidant

“I’d been fighting this alone for years,” Harrison said. “Knowing I have someone to talk to, someone who doesn’t trivialize it, is cathartic.”

And Volkert, with 30 years of fraud investigation experience, has been able to exert pressure that Harrison never could.

“She knows how to word things in a forceful way that gets people to pay attention,” Harrison says of Volkert.

Eventually, persistence paid off. With help from a Social Security special agent and a sympathetic police detective, Alvarez’s long run as Harrison’s alter ego ended. In November, he was convicted of five counts of identity theft and sentenced to 18 months’ probation. Because of his undocumented status, he was deported to Mexico in January.

Ironically, some of his accounts remain open (with Harrison’s SSN removed) because Alvarez’s family has stayed behind.

At the hearing, Harrison read a three-page letter detailing how Alvarez’s crime kept her and her husband from living a normal financial life. “I was scared and nervous more than angry,” Harrison said. And although the $600 restitution the judge could award “was little more than a polite acknowledgment,” Harrison said she felt some sense of closure.

Going forward

Volkert and Harrison now are honing in on another active name on their list.

Weary and cautious, Harrison hasn’t let her expectations soar. “I know I’ll never be fully rid of this,” she said, explaining that even getting a new SSN can’t free her, since all of her retirement benefits and the good credit she’s legitimately built are tied to the old number. She and her husband are struggling to get a better mortgage rate for their home, and neither dares shop online or use a debit card. They still don’t have accounts at stores like Best Buy and JCPenney because to get rid of fraudulent accounts with Harrison’s information, the stores also had to close her legitimate accounts. Now, they refuse to open any account with information connected to Harrison for fear they can’t verify her identity— even though she has plenty of documentation to prove who she is.

“I wish someone could wave a magic wand and make this all go away,” Harrison said.

Volkert, of course, would love to be that person. “This is so unfair, because Emilee did nothing wrong,” she said. Still, she sees progress and will keep working with Harrison as long as she wants to continue.

“We stick by our clients for as long as it takes,” Volkert said.

* Names and identifying details have been changed to protect the victim’s privacy.

Data Breaches More Problematic in 2012

Wed, 30 Jan 2013 00:00:00 -0700

Hundreds of millions of pieces of personal information are exposed in data breaches every year, and unfortunately for those who are victimized by such incidents, it seems that nearly all of them were easily preventable.

In a study of nearly 1,500 data breaches suffered last year and tracked by the Open Security Foundation - a total that was up 35 percent from 2011 - it was found that there were about 242.6 million records exposed last year alone, according to a new study by the nonprofit Online Trust Alliance. However, some 97 percent of those investigated would not have taken place if the organization responsible for protecting the data that ended up being exposed had adopted industry standard best practices for safeguarding it, including having internal controls. In all, only 26 percent of breaches examined were the result of either internal threats by knowing employees or accidental exposure.

"Organizations of all sizes and in both the public and private sectors have an obligation to make privacy and data protection part of their value proposition," said Craig Spiezle, executive director and president for the Online Trust Alliance. "Being stewards of data and having a comprehensive data breach plan is the responsibility of every executive, who otherwise puts consumers, employees, companies and shareholders at an unacceptable risk."

There is also financial incentive for businesses to adopt these best practices, with the most obvious being the cost of mitigation following such an incident, the report said. Last year alone, organizations that suffered data breaches paid some $8 billion to cover associated costs. Of course, it's not just businesses that were hit by these incidents, the report said. In all, 43 percent of these breaches affected non-business organizations.

One of the biggest problems that can cause these incidents is that many workers are now storing sensitive private data on personal devices they bring with them to and from work, significantly increasing the chances of exposure in the real world, the report said. As such, more controls likely have to be put in place to make sure this data is properly protected.

The IDentity Theft 911 blog has a wealth of information about the ways in which data breaches can affect both consumers and organizations, including what can be done to prevent these incidents, and how to better protect victims in the wake of them.

Hacker Sentenced in Massive Subway Breach

Wed, 23 Jan 2013 00:00:00 -0700

One man behind a massive hacking attack that went undetected for years and cost thousands of consumers a combined total of millions of dollars were recently sentenced for his role in the crimes.

Cezar Butu of Romania recently pled guilty to charges that he participated in a conspiracy to hack into point-of-sale credit card readers all across the U.S. as a means of illegally acquiring consumers' credit and debit card information, according to a report from Bank Info Security. One of the most famous companies the hackers targeted was the popular chain Subway, and the scheme is believed to have compromised the payment card data of more than 40 million accounts. Earlier this month, Butu was sentenced to 21 months in prison. However, the scheme itself targeted not the companies themselves, but rather merchant computer networks that processed the payments.

Butu and three other men - Iulian Dolan, Florin Radu and Adrian-Tiberiu Oprea - carried out their crimes from 2008 until May 2011, and gained access to the card readers for more than 150 Subway franchises nationwide, the report said. They then used the stolen credit card data to complete millions of dollars worth of fraudulent transactions. Included in those were both transfers of funds and purchases.

In his plea, Butu also admitted to trying to sell stolen payment card data, and said that he personally used about 140 different cardholders' information fraudulently over the course of the scheme, the report said. Dolan, who pled guilty the same day as Butu but has yet to be formally sentenced, has agreed to face seven years of prison time. Oprea's trial won't begin until February 20, and Radu is still at large.

This case is of particular interest today because of the recent data breach suffered by the fried chicken chain Zaxby's, in which dozens of the restaurant's locations had their point-of-sale card readers hacked, the report said. In that incident, too, the chain said it discovered malware loaded onto the card readers, which were designed to steal consumers' payment card information.

Ondrej Krehel, the chief information security officer for IDentity Theft 911, writes regularly about the dangers data breaches cause for consumers and businesses alike, and the ways in which they may be able to increase their protections from such an incident both before and after they take place.

Expert Calls for Java Security Overhaul

Wed, 16 Jan 2013 00:00:00 -0700

Many within the tech industry have said for some time that there are numerous security flaws in all kinds of popular and widely-used programs that could pose significant security problems, and one could be particularly problematic.

Security expert Bogdan Botezatu, a senior e-threat analyst at the antivirus firm Bitdefender, recently said that as many as 100 million personal computers around the world are currently vulnerable to hacker attacks as a result of a newly-discovered defect with the popular program Java, according to a report from PC World. This is likely because Oracle, the company that releases Java, no longer has full control over its code, and therefore more security flaws are coming to light.

The only thing to fix this issue, he added, is to completely rewrite Java from the ground up, the report said.

"Oracle needs to take some core components of Java and write them from scratch," he told the site. "These products have become so large and have been developed by so many programmers that the makers have most probably lost control over what's in the product."

The most recent Java vulnerability discovered came as a result of a patch released in October 2012, the report said. However, while many security experts have criticized the usefulness the program serves at this point and more security flaws are now becoming apparent, Botezatu further said that his recommendation that Oracle rewrite the code is unlikely to actually be followed. This is largely because the many Java-based applications that are already available to consumers might no longer work with any new code the company introduces, and that could cause more problems.

However, Oracle may be starting to get out in front of these concerns in one way: More regular releases, the report said. Beginning with the release of Java 8 later this year, each new version will be slated for release every two years.

In the meantime, as a means of addressing the security issues that currently exist, the U.S. Department of Homeland Security recently suggested that users go into their browsers' settings and shutoff Java altogether, the report said.

Ondrej Krehel, the chief information security officer for IDentity Theft 911, writes regularly about the ways in which consumers can protect themselves from hacking attacks and other security concerns when browsing the Internet.

Disney Faces Privacy Concerns over Plan

Wed, 09 Jan 2013 00:00:00 -0700

Consumers worried about their privacy might soon think Disney World is no longer the Happiest Place on Earth once the theme park's new MyMagic+ system is rolled out this spring.

The system will allow visitors to eschew using cash to pay for their various purchases around the park, and instead use rubber bracelets with their credit card information embedded on it to complete transactions, according to a report from the New York Times. However, at the same time, privacy experts worry about not only the financial implications this may have, but also the ways in which these bracelets will allow the park to track guests' movements.

The company will be constantly tracking guests' movements as they travel throughout Disney World's various theme parks, and that in turn will allow it to better understand visitors' habits, the report said. From that data, it will be able to tailor marketing messages and better customize visitors' experiences.

For its part, Disney acknowledges the privacy concerns that the MyMagic+ program entails, particularly for the millions of children it attracts every year, the report said. However, it pressed ahead anyway as part of a massive effort to modernize many aspects of the park. Further, experts fear that if the move proves successful - and knowing the way in which Disney operates, many believe it will - then that will likely lead to copycat programs for other theme parks and resorts around the world, which will only increase consumer privacy concerns.

Disney also has answers related to the potential for identity theft these bracelets may present for users, the report said. If one is lost or stolen, employees will know exactly how to deactivate them, and guests also have the ability to do so through the company's My Disney Experience smartphone app. Further, all purchases of $50 or more require the visitor to enter a PIN code, and the bracelets will carry no personal information of any kind.

Eduard Goodman, the chief privacy officer for IDentity Theft 911, writes regularly on his official blog about the ways in which consumers might encounter privacy challenges in their everyday lives, and what they may be able to do to better protect themselves in the future.

Instagram Privacy Changes Prompts User Exit

Wed, 02 Jan 2013 00:00:00 -0700

The wildly popular photography application Instagram recently went through a bit of a row with its users when its parent company changed the language of its privacy policy.

Facebook, which owns the app, recently changed the language of its policy to state that advertisers could be sold data such as consumers' usernames, likenesses, photos and metadata, according to a report from Reuters. There was significant outcry over the changes, to the point where Instagram founder Kevin Systrom posted an apology online, and some aspects of the policy reverted back to their original language.

Nonetheless, numbers compiled by the tracking service AppData shows that in the course of a week, Instagram's users who accessed the service through their Facebook accounts dropped to 12.4 million from 16.4 million, the report said. The social networking giant, for its part, disputes that data, saying it has seen a steady increase in users. Overall, AppData conceded that there have been 1.7 million users added in the last week, bringing its monthly active users to 43.6 million.

However, it's important to note that only between 20 and 30 percent of Instagram users link that account to their Facebook accounts, historically, the report said. Further, because it was the holiday season, when use of these services can often swing wildly in one direction or another, it may be more difficult to judge whether this drop in user logins is tied to the privacy dispute or just traditional shifts. By way of comparison, the popular service Yelp saw a decline of 320,000 users during the same period from its 820,000 a week prior.

"We'll have to monitor the data over the coming weeks to gain perspective on trends in Instagram's performance," AppData marketing manager Ashley Taylor Anderson told the news agency in an email.

Facebook has had its fair share of privacy controversies in the last few years, and has often run afoul of federal government agencies in the process. Nonetheless, it remains the most popular social network in the world and adds users at a very rapid pace.

Eduard Goodman, the chief privacy officer for IDentity Theft 911, has a blog about the ways in which consumers may be putting their privacy at risk through their various social media apps and activities.

Green Beret Warns Retirees: Leave No IDs Behind

Fri, 28 Dec 2012 14:00:00 -0700

When Richard Barnhill travels to the Southwest for winter, he takes steps to protect his main residence: Relatives and neighbors drop by to make sure everything is secure.

Despite this, thieves ransacked the retiree’s home and stole, among other items, his late wife’s Social Security card, driver’s license and checkbook, which he kept in a desk drawer.

“I’m a great saver,” said Barnhill, 79, whose wife had kept the house in meticulous order. “I had stuff I didn’t know I had.”

Barnhill, a former parole officer and Green Beret, knew well enough to have relatives call the police, and then change the locks to his house and cars, and to contact his insurance company. But his greatest concern was for the safety of his identity and credit—as well as that of his late wife’s.

“I was really worried because I didn’t know how many checks were out there,” he said. The process involved to safeguard their good names and credit appeared daunting, involving phone calls, letters, notarized copies of death certificates. “It was very stressful and time-consuming—my daughter and I put in hours to figure everything out.”

Fortunately, Barnhill’s auto insurance provided him with identity management services from IDentity Theft 911. Fraud Investigator Donna Miller was dedicated to his case until its full resolution.

“After dealing with so many institutions and trying to get a hold of real people, I was pretty stressed out by the time I got to Donna,” Barnhill said. “She was just wonderful. She took care of me, and I was just so pleased with her.”

Miller moved quickly to shield Barnhill’s and his wife’s credit:

She coordinated calls to Equifax to put a fraud alert on both their credit files.
She prepared letters, copies of his wife’s death certificate and envelopes with postage to all three credit bureaus for Barnhill to sign and mail.
She ordered a ChexSystems report.
She followed up to make sure no new issues developed.

For snowbirds like Barnhill who travel to warmer climates, here are some tips to keep the bad guys away:

1. Make your home look lived-in. Put mail on “postal hold” and stop newspapers while you’re gone or ask a neighbor to pick them up in a timely fashion. Don’t forget to have your yard maintained and use timers on your lights.

2. Lock it up. Secure doors and drawers. Store paper files such as bank or credit card statements and earning statements behind locked drawers. Keep important documents such as passports, Social Security cards, and birth certificates in a safe deposit box.

3. Shred it. Buy a quality crosscut shredder and shred everything with your name and address, such as statements and invoices and pre-approved credit offers.

4. Check your credit reports. Review your credit reports from the three reporting agencies—TransUnion, Experian and Equifax—twice a year. Visit annualcreditreport.com, the government-mandated source for free credit reports.

5. Tell your banks and credit card companies about your travel plans. Provide them with your cell phone number in case they notice unusual charges.

“It was so worth it to have this coverage,” Barnhill said. “I’m familiar with the system, but you don’t realize what’s involved until you’ve been the victim.”

Major Online Privacy Problems Still Linger

Wed, 28 Nov 2012 00:00:00 -0700

Though the vast majority of consumers say that they're aware of just how fragile their online privacy may be when they surf the Web, most don't do nearly enough to protect themselves from the threats they know exist.

In all, 90 percent of Americans who use a computer, tablet or smartphone for work-related activities say that they feel their online privacy is threatened, but seem willing to engage in behavior that can put their personal information at risk, according to a new survey from the global IT nonprofit ISACA. For instance, to get a 50 percent discount on an item that costs $100, 58 percent of those polled say they would give up their email address, 22 percent would turn over the street upon which they grew up, and 15 percent would grant the company their mother's maiden name.

Further, 33 percent say they would be just as inclined to use a personal device for work purposes if they knew their employer would be able to keep tabs on their habits, and 15 percent say they've used location-based mobile apps, the report said. This despite the fact that more than half - 53 percent - felt that sharing information online in general has become a greater risk in the past year.

"As people share more intimate details about themselves online, they are more likely to be victims of targeted fraud and social engineering attacks," said John Pironti, advisor with ISACA and president of IP Architects LLC.

Many consumers admitted to other risky behaviors as well, the report said. For instance, 65 percent don't verify their security settings when using online shopping sites, and 36 percent have clicked links to social media sites when using work devices. Another 19 percent use their work emails for personal shopping and other activities not related to their jobs, and 12 percent store work passwords on personal devices. Finally, 11 percent use cloud services to store work documents without permission from their employers.

Eduard Goodman, the chief privacy officer for IDentity Theft 911, writes regularly about the dangers to consumer privacy employees may encounter in their everyday lives, and what they can do to increase the protection of that sensitive personal or professional information.

SEC Data Breach Prompts Major Hire

Wed, 21 Nov 2012 00:00:00 -0700

The U.S. Securities and Exchange Commission recently suffered a security breach, and now the New York Stock Exchange has hired the former head of the U.S. Department of Homeland Security to make sure it wasn't exposed.

The SEC's data security issue arose when it was discovered that computers, iPads and other devices owned by employees in one of the organization's Trading and Markets Division were left unencrypted, according to a report from Wall Street and Tech. Specifically, those employees were responsible for making sure exchanges protect themselves from cyber attacks and breaches.

The discoveries were first reported in late August, though the SEC says no information was exposed and the issue was fixed, plus two of the people responsible for the problem no longer work there, the report said. However, the NYSE believes the SEC's investigation wasn't thorough enough, prompting it to hire the former Secretary of Homeland Security, Michael Chertoff.

"[The NYSE was victimized by] a gross mishandling of data that would get an F from any security official," a person with knowledge of the situation, who spoke on the condition of anonymity, told the news site.

For its part, the SEC spend close to $350,000 to hire a forensics team to test its laptops to ensure they had not been hacked, and further strengthened its policies for protecting proprietary data internally, the report said. But the NYSE believes more devices than just laptops might have been exposed, and while 28 such computers were involved in the incident, the forensics team only tested a select few of that group, rather than all of them.

Further, the SEC also acknowledged in a recent investigation that many of the staffers whose devices were exposed did not take all precautions to secure them, the report said. Many didn't even have virus protection or encryption, and some were even brought to a hacking convention. They were also used on hotel wireless networks to download music and movies, as well as for personal banking, and one staffer said he sent sensitive SEC data through his personal email account using one of the devices.

Ondrej Krehel, chief information security officer for IDentity Theft 911, writes often about the ways in which mishandled security protocols can lead to massive problems for consumers and organizations alike.

Twitter Users Forced to Reset Passwords

Wed, 14 Nov 2012 00:00:00 -0700

Millions of users of the popular microblogging social network Twitter may have inadvertently been affected by the site's effort to deter a potential security threat.

A large number of Twitter users recently received an email from the site saying that it had automatically reset their passwords, after many - including some well-known accounts - may have been compromised, according to a report from ABC News. This was a relatively simple, if annoying, process for the affected users.

However, the company also admitted that it may have forced more people than was necessary to go through the process, the report said. More than just those that were compromised - and the company says that the problem wasn’t the result of a hacking attack or other type of security breach - went through the forced resets.

"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised," Twitter spokeswoman Carolyn Penner told the news agency. "We apologize for any inconvenience or confusion this may have caused."

The company also warned users that in many cases, hackers send bogus emails that look legitimate, and direct users to attack sites that are used to steal their account data, the report said. To be sure that this doesn't happen when they receive such an email, users are encouraged to copy and paste the URL in such a message into the address bar for their Web browser to see whether it actually directs them to a twitter.com address.

Meanwhile, the company is now under fire from more than just the perturbed users who had to reset their passwords, the report said. In addition, many Web security experts say that the social network needs to do more to increase the safety of users' accounts, which should include two-factor authentication. Twitter, for its part, says it has explored such an option, but for now will stick with using HTTPS.

Ondrej Krehel, the chief information security officer for IDentity Theft 911, has a blog about the ways in which hackers might try to access users' online accounts for various reasons, and the ways in which both companies and consumers can increase protections in this area.

After South Carolina Breach, States Prepare

Wed, 07 Nov 2012 00:00:00 -0700

South Carolina's well-known data breach, which exposed sensitive details including Social Security numbers for more than 3.6 million people, seems to have highlighted the problem that many state governments may have when it comes to information security.

In the immediate wake of the attack, a number of states have begun to look into their policies for protecting consumer data, particularly where tax information is concerned, according to a report from the New York Times. But South Carolina is only part of the problem. Since 2005, 11 state tax agencies across the country have been hit by data breaches, though not all were attacks.

Experts believe that the criminals responsible for the hack were fully aware of the state agency's vulnerability to such an attack, the report said. None of the tax breaches in the last seven years have been anywhere near this scale, though others related to different categories have come close.

"Obviously these hackers picked South Carolina because it was vulnerable," former South Carolina state senator John Hawkins, who recently filed a lawsuit against its Department of Revenue, told the newspaper. "I equate it to a burglar going into a neighborhood. He's going to break into the house with no alarms and the door open."

Officials in the state say that it had the most up to date security measures available, but evidence stands to the contrary, the report said. Now, Governor Nikki Haley says her office is encrypting all the tax files it has so that if any are stolen, it would be harder to crack them. However, that process could take as long as 90 days.

The state is also offering potential victims of the hacking attack free credit monitoring and identity theft protection, but so far, relatively few have taken advantage, the report said. In all, just 653,000 people have called the state's emergency data breach hotline, and only 521,000 of them have also signed up for the protection services.

Ondrej Krehel, the chief information security officer for IDentity Theft 911, has a blog about how hackers can target and infiltrate systems with a wealth of consumer data, and the kind of harm these attacks can do.

Credit Monitoring Bureaus Suffering Data Losses

Wed, 31 Oct 2012 00:00:00 -0700

In the past several years, hackers have focused many of their attacks on credit rating agencies because of the wealth of information these companies keep on consumers, and experts say it's becoming a real cause for concern.

Data shows that since 2006, more than 17,000 consumers in just six states across the country have been affected by hacking attacks against the three major credit reporting bureaus, according to a report from Bloomberg News. However, it's likely that these attacks are far more effective than that, as the incidents in the six states in question (Maine, Maryland, New Hampshire, New Jersey, North Carolina and Vermont) were only uncovered through public records requests.

For their part, the credit bureaus mostly say that they can do little to protect consumers from data breaches, especially because it wasn't their servers that were compromised, the report said. For example, in a data breach suffered by Abilene Telco Federal Credit Union last year, hackers didn't gain direct access to consumers' credit information, but rather uncovered the institution's login data for running credit checks on consumers through Experian. As such, they were able to download the credit documents for 847 people who never did business with the credit union, including their Social Security numbers, dates of birth and financial information.

Even though credit bureaus say they have little to do with these breaches and don't have the ability to meaningfully protect every bit of consumer data, the problem has certainly come to a head, the report said. Both houses of the U.S. Congress have begun full investigations into the way in which these bureaus compile, use and share consumer data, because the amount they control is massive. Experian alone has data on more than 740 million people.

"This is profoundly important, because it illustrates a growing problem when it comes to data breaches and security –the chain is only as strong as its weakest link,” Senator Richard Blumenthal of Connecticut, who once served as an attorney general, told the news agency. "If their customers have inadequate security practices, so do the credit bureaus."

Ondrej Krehel, chief information security officer for IDentity Theft 911, has a blog about the ways in which hacking attacks can compromise consumers' private personal data.

Voting Technology Still Needs Major Overhaul

Wed, 24 Oct 2012 00:00:00 -0700

Though technology has improved significantly in the last several years, particularly where data security is concerned, the fact remains that in many cases, the machines used for Americans' voting efforts in a few weeks remain somewhat insecure.

Efforts to improve the security of voting machines used in local, state, and national elections have been considerable in the last several years, but new data suggests that in many cases, it still falls short, and therefore makes election fraud a very real possibility, according to a report from the Caltech-MIT Voting Technology Project. Part of the problem with these efforts is that in many cases, government authorities have tried to standardize security requirements.

A more reasonable approach might be to count by hand using a large random sample of paper records of votes cast electronically, the report suggested. This will help to ensure that polling data is reflected far more accurately.

And given the volume of areas in which electronic voting or counting of some kind will take place - about 60 percent of all counties nationwide - the importance of making sure of the integrity of votes is at perhaps the highest it’s ever been, the report said. Fortunately, in the last 10 years or more (potentially due to the controversy and fallout surrounding recounts in the 2000 presidential election), there has been a significant shift away from all-electronic voting systems, and toward those that make it easier to verify actual votes with a physical paper trail.

In particular, the state of California has been vigilant in increasing these safeguards so that it can be assured of greater security of ballots cast by its voters, the report said. The state decertified all direct-record electronic voting machines - perhaps the most infamous of which were manufactured by Diebold and, again, played a crucial role in the 2000 election - back in 2007.

In that election 12 years ago, experts estimate that between four million and six million votes were simply lost nationwide as a result of problems caused by voting equipment, as well as due to problems verifying whether voters were actually registered, the report said. However, this time around, that number is expected to be far lower as a result of these greater efforts to introduce more safeguards.

Adam Levin, chief information security officer for IDentity Theft 911, has a blog about the ways in which security concerns of all types can affect consumers.

It's National Protect Your Identity Week

Wed, 17 Oct 2012 00:00:00 -0700

From October 20-27, it's National Protect Your Identity Week in the U.S., and therefore serves as an excellent opportunity for you to brush up on your skills when it comes to making sure no one can get access to your most sensitive data.

IDentity Theft 911 has a number of tips you can follow to make sure whatever information you don't want getting out there stays secret. Perhaps the easiest is to make sure that whenever you want to dispose of any documents you have that may contain sensitive data - bank records and credit card statements with account numbers, forms that list your Social Security number or other information - you put it through the shredder at least once. Plus, if you store these documents somewhere before disposing of them, such as a file cabinet or the like, it can be vitally important to keep it locked.

But these days, more thieves may be interested in digital documents, and that's another area you can safeguard. The simplest way to do this is to password-protect everything. Your computer, your tablet PC, and even your smartphone can store all kinds of sensitive data that would be a boon to identity thieves, and keeping them as locked-down as possible is vital to making sure that information doesn't get out.

And when it comes to constructing the passwords you use, whether it's on those devices or your email, online banking and other accounts, you should always try to mix things up as much as possible. It's generally recommended that you use a lengthy string of totally random numbers, letters and symbols that you and you alone can remember. This will ensure that even if a thief gets a hold of your device or tries to hack one of your accounts, their entry into it will be significantly impeded, if not stopped altogether.

Further, it also makes sense to regularly order copies of your credit report, and closely monitor your monthly bank statements and credit card bills. This will help to alert you to any unrecognized transactions or accounts listed in your name, and allow you to begin resolving them.

Adam Levin, the chairman of IDentity Theft 911, has more tips for consumers on his official blog about how they can protect themselves.

Anthem Settles Recent Data Breach Case

Wed, 03 Oct 2012 00:00:00 -0700

A health insurance provider in California recently agreed to the terms of a settlement with the state attorney general regarding its role in a data breach earlier this year.

Anthem Blue Cross suffered a data breach earlier this year as a result of its printing the Social Security numbers of recipients of letters related to its Medicare Supplement and Medicare Part D programs between April 2011 and March 2012, according to a report from the office of state attorney general Kamala Harris. In all, more than 33,000 subscribers to these programs had their personal data compromised.

As a consequence, California said the business violated state laws related to how companies or other organizations are supposed to protect consumers' Social Security numbers, the report said. In the immediate wake of the incident, Anthem sent affected customers letters notifying them that their personal information had been exposed, and offered a year of free credit monitoring to help remediate the issue.

The settlement, which was agreed upon and filed at the same time as the state's suit against Anthem, includes the company paying $150,000 in penalties, the report said. Further, the insurance provider will also be required to update its protocols for protecting the personal identifying information of its customers.

This includes new technical safeguards for its data management systems, and restricting employees' access to members more sensitive data, including their Social Security numbers, the report said. Further, it will have to give its workers and associated enhanced data security training.

"Our office is committed to protecting the privacy of Californians," said Attorney General Harris. "This settlement requires the company to make significant improvements to its data security procedures to ensure this type of error does not happen again."

An exposed Social Security number can play havoc on a person's finances if they are not careful, because it can so easily be used by criminals to commit identity theft. For this reason, as well as others, it's important that consumers take the time to order and check over their credit reports with regularity, as it may help them identify accounts credited to them for which they are not responsible.

Adam Levin, the chairman for Identity Theft 911, writes on his blog about the types of fraud consumers may face in their everyday lives.

Most Data Breaches Caused by Workers

Wed, 26 Sep 2012 00:00:00 -0700

When many people hear the word data breach, they picture it as being the result of a hacking attack or other kind of intentional attempt to steal sensitive information, but that's not usually the case.

New data from Forrester Research suggests that the most common causes of data breaches are loss or theft of data and inadvertent misuse of information by an employee, according to a report from PC World. In all, these incidents accounted for 31 and 27 percent of all cases of data breaches, respectively.

"Whether their actions are intentional or unintentional, insiders cause their fair share of breaches," the authors of the report wrote, according to the tech site. "Other common sources of breach include loss or theft of corporate assets, such as laptops or USB drives, and external attacks that target corporate servers or users."

However, in just 25 percent of cases, an external attack caused the breach, with another 12 percent coming as a result of insiders with malicious intent, the report said. Much of this could be the result of companies simply not having enough precautions in place to shield from these actions, either because they are not aware of the dangers these incidents pose, or do not have the ability to pay for better security.

Also to that end, many companies may put in place controls for making sure data stored on mobile devices is not exposed, but likewise do not have the capability to enforce those guidelines with its employees, the report said. In all, 39 percent of IT executives said they worried about the dangers posed by data breaches from mobile devices.

Typically, the most common way in which companies protect their mobile devices is by giving them passwords and taking advantage of the ability to both remotely lock and wipe their memory, the report said. However, close to a quarter of these IT professionals also say they haven't put any form of mobile data protection into place on these devices at all.

Ondrej Krehel, the chief information security officer for Identity Theft 911, has a blog about the ways in which consumers and organizations can increase the security of the sensitive data they want to protect, and what to do when data breaches take place.

Do Not Track Becoming More Popular

Wed, 19 Sep 2012 00:00:00 -0700

In the near future, it may soon come to pass that most major Web browsers come with a relatively new feature that allows consumers to avoid having their online habits tracked by advertising companies and other entities.

More companies are now building the popular Do Not Track feature into their Web browsers as a standard feature, allowing consumers to opt out of having companies keep tabs on how they use the Internet, according to a report from the New York Times. For instance, Microsoft's Windows 8 operating system will feature its new Internet Explorer browser that comes with Do Not Track built in. It joins other browsers, like Mozilla's Firefox, Apple's Safari and even an earlier build of IE, which already had the feature in place.

The difference between those browsers' options, and the latest version of IE, however, is how open Microsoft is being with consumers about the protections Do Not Track provides, the report said. For one thing, IE 10 comes with Do Not Track enabled by default, meaning consumers have to opt into it if they want to receive ads tailored to their personal habits. This move may be particularly surprising because Microsoft actually owns a targeted online ad business.

"No one says today, when a consumer first loads a product, 'Hey, by the way, there are some privacy choices you may want to consider,'" Alex Fowler, the global privacy and policy leader at Mozilla, told the newspaper.

Meanwhile, Google Chrome does not yet feature a Do Not Track option for its users, but will likely do so by the end of the year, according to a separate report from ComputerWorld. Chromium, an open-source browser development project that is often used to build new updates for Chrome itself, recently came out with a version that features a Do Not Track option, though it's unclear when the choice will be added to the more widely-used Chrome itself. However, some experts believe the latest full update - Chrome 22 - could come out sometime in November.

For more information on Microsoft's decision to include Do Not Track in IE 10, please visit Identity Theft 911's earlier blog post on the subject. Further, Eduard Goodman, the chief privacy officer for Identity Theft 911, has a blog about the privacy concerns consumers may face on a daily basis.

School Year Poses Identity Theft Concern?

Wed, 12 Sep 2012 00:00:00 -0700

For parents across the country, registering their children for preschool, kindergarten or a new school system is a necessary part of making sure those kids get the education they need. But at the same time, doing so might also pose a significant problem when it comes to protecting their personal information.

Many school registration forms require parents to turn over large amounts of private and sensitive data about their children, which in turn poses an identity theft threat, according to a report from the Christian Science Monitor. The required information and associated documents can include everything form their names and dates of birth to their Social Security numbers and even copies of their birth certificate.

All that information could therefore fall into the wrong hands if the school to which it is being turned over does not take all precautions to completely protect it, the report said. For this reason, the U.S. Federal Trade Commission recently took the time to warn parents about all documents their kids' schools make them fill out, including registrations, permission slips, health forms and student directories. This is because a large number of cases of identity theft are the result of a rogue employee stealing data.

In fact, a study from Carnegie Mellon University conducted last year found that more than 10 percent of all children had someone else using their Social Security number, the report said. When compared with the same statistic for adults, the rate is 50 times larger. Child victims who are affected by these crimes can be just about any age - the youngest ever was just five months old - and their data can be used to obtain everything from a credit card, mortgage or auto loan, to jobs and official government documents like drivers' licenses.

Identity theft involving children is often problematic because in many cases it may take several years or more for victims or their parents to realize they've been affected by such a crime, because there's no reason for anyone under the age of 18 to have a credit report in their own name at all.

Matt Cullina, the chief executive officer for Identity Theft 911, has a blog about the ways in which children can be affected by this type of fraud.

Do Republicans Want Less Online Regulation?

Wed, 05 Sep 2012 00:00:00 -0700

As the presidential election approaches, there are many issues on voters' minds, and one that may not get much attention in the coming weeks is the way data is protected and exchanged online.

The latest party platform from Republicans states that it wants to see more support for Internet freedom and increased data protection, and more privacy from aerial drones, according to a report from Ars Technica. But at the same time, it takes a strong stand against the Federal Communications Commission's Net neutrality efforts, essentially calling it unnecessary regulation. Further, it wants the federal government involved in offensive cybersecurity measures, rather than just defensive ones.

And while the GOP has stated that consumers' private data should remain more or less in their control, it does not believe the government should be responsible for protecting such information, the report said. Rather, it would like to see private companies develop solutions for the problems many consumers face for dealing with their personal data, and who has it, online.

"We will ensure that personal data receives full constitutional protection from government overreach and that individuals retain the right to control the use of their data by third parties; the only way to safeguard or improve these systems is through the private sector," the platform said.

However, those who deal with consumer privacy on a daily basis believe that this approach cannot work, and never has in the past, the report said. Privacy experts have long called for a makeover for the Electronic Communications Privacy Act, passed in 1986, to reflect the current climate in data protection.

"We believe that the private sector approach to protect personal data has failed," Amie Stepanovich, an associate litigation counsel at the Electronic Privacy Information Center, an advocacy group, told the site.

Further, the GOP platform leaves significant room for clarification, the report said. Unclear terms and a lack of explanation about what constitutes consumer data could lead to groups on both sides of the argument over online privacy to misunderstand or misinterpret the actual intent of the message.

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes regularly on his blog about the problems consumers face when putting any of their personal information online, and sharing it with other parties.

Crooks Ripping Off Financial Advisers' Clients

Wed, 29 Aug 2012 00:00:00 -0700

Never let it be said that cybercriminals are not endlessly creative and devious. The latest scam to rip off unsuspecting victims involves email, financial advisors, and consumers' personal accounts.

A new scam from top cybercriminals involves sending emails to financial advisors and other professionals who have access to many consumers' accounts and posing as a client or other official entity, according to a report from USA Today based on data from Identity Theft 911. For instance, one such scam, imparted by Identity Theft 911 chairman Adam Levin, involved a long-tenured financial planner getting an email from what looked like a client's insurance company asking him to wire $15,850 into an unrecognized account.

Fortunately, they called the intended victim to verify the transaction, and the fraud was successfully avoided, the report said. However, others may not be so lucky.

These days, many financial professionals use email - and often, casual messages and language - to validate and push through transactions that can often be sizable, the report said. Perhaps unsurprisingly, criminals have somehow seized on this new trend in the financial industry and are now trying to exploit it for their own fraudulent gains.

Often, this may be done by either hacking an email address a crook knows is used to complete such transactions, or creating one that looks legitimate but isn't, the report said. The technique is also likely in response to new efforts on the part of major financial institutions and other companies to make it more difficult to hack computers the old fashioned way, particularly where consumers' finances are concerned. It's relatively low-tech and doesn't necessarily take a lot of work to carry out.

In the past, these attacks were more often carried out against small businesses and other, similarly sized entities, but the new trend is notable, the report said.

"The shift to personal advisers and individual wire transfers is an indication that the well is running dry for them with small businesses and small government," Jon Callas, chief technology officer at authentication firm Entrust, told the newspaper.

Ondrej Krehel, the chief information security officer for Identity Theft 911, has a blog about the ways in which hackers are now trying to rip off unwary victims, and methods consumers can use to avoid them.

License Plate Scanners Called Privacy Problem

Tue, 21 Aug 2012 00:00:00 -0700

Government and law enforcement agencies are now set to roll out a new type of device that reads drivers' license plates, but privacy experts say that doing so poses a major problem for the average person.

Automatic license plate readers are now becoming more prolific around the country, but these devices are believed to be a threat to consumers' privacy, according to a report from the American Civil Liberties Union. They can take as many as 3,000 photos of license plates per minute, and software allows it to cross-reference the number on the plate with information about the driver.

And, thanks to millions of dollars worth of investments from numerous government agencies include the U.S. Departments of Homeland Security, Justice and Transportation, that information is also saved, the report said. As a consequence, these agencies - and others in law enforcement - may have access to information on which consumers were driving where and when. As a consequence, the ACLU believes that regulations need to be put into place which will limit how agencies collect, save and share this data.

Only two states in the entire country have regulations in place right now, the report said. New Hampshire essentially bans them for all but monitoring infrastructure, while in Maine, police must delete the information collected on these devices after 21 days. Meanwhile, New Jersey has guidelines in place for ALPRs, but they are limited.

The problem with this practice is that privacy experts don't know much about how widespread it is, the report said. The U.S. Drug Enforcement Administration is set to install large numbers of these devices on highways nationwide, while Homeland Security uses them to record every vehicle coming into the country, but information on state and local authorities deploy them is limited.

Moreover, state and local law enforcement agencies are receiving significant amounts of money from the federal government to purchase this technology, the report said. And the cost for such a device has fallen by nearly half in just the last few years.

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes regularly about the concerns consumers face when it comes to protecting themselves in their everyday lives, and what they can do to increase their safeguards.

The Importance of Protecting Cloud Data

Wed, 15 Aug 2012 00:00:00 -0700

Many companies and individuals are now moving more of their sensitive personal or business data into the cloud as a means of giving them greater flexibility in dealing with that information, but in doing so are also putting themselves at risk.

While the move to the cloud continues largely unabated, there are many risks associated with it, according to a report from CNN. The most important is that there is a greater danger that users' information could be exposed in hacking attacks. As such, they will need to do everything in their power to increase protections above and beyond what their cloud storage providers give them.

That should include backing up everything stored on the cloud, both there - in a wholly separate directory - and on physical computers, the report said. Security experts generally agree that the more places data is backed up, the more assurance users have that they will always be able to access it.

Further, it's vitally important that passwords not be shared across a number of accounts, and be extremely difficult to decipher, the report said. The best passwords are those that are completely random assortments of numbers, letters and symbols, and it may be helpful to rely on services that create multiple passwords for users.

Along similar lines, cloud users should try to avoid linking accounts whenever possible, because as with using the same password across multiple services, when one falls, they all become susceptible, the report said. For instance, linking Facebook, Twitter and Google accounts to one another and other sites can be convenient in some cases, but also create an elaborate house of cards, so to speak, that makes it far easier for hackers to topple.

Finally, it is important to use as many levels of authentication as are available from service providers or websites, the report said. This will help to make sure the only person who can access critical data is authorized to do so. The best authentication techniques require you to both know something (such as a password or bit of private personal information) and have something (such as a phone).

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes regularly on his blog about the many privacy challenges organizations and consumers face on a daily basis.

It's Important To Diversify Online Accounts

Wed, 08 Aug 2012 00:00:00 -0700

When hackers gain access to a consumer's accounts, it can create a domino effect that can wreak havoc on many aspects of their life, both personal and financial.

One issue that many people who use a large number of services online will typically run into if they're ever hacked is that many of their accounts are in inexorably linked in some way, according to a report from Wired. For instance, Amazon login details might be linked to Apple ID, which might be linked to Google, which might be further linked to Twitter. Therefore, if one account is compromised, many might end up being accessed by hackers.

The problem can be further exacerbated by weak security controls for these companies, which may not go as deeply as they could to make sure the people trying to access accounts are who they claim to be, the report said. In the example given in the report, Apple gave a hacker who called with limited identifying or account information access to a victim's data despite the fact that he failed to answer a security question. Similar lack of authentication processes existed for Google, though some of those were voluntarily ignored.

For these reasons, it's important for consumers to simultaneously take on as many voluntary security protocols as they possibly can in dealing with any of their accounts, and to keep them as unrelated to each other as possible. In some cases, such as setting up email services, this may not be plausible or even possible, but taking as many steps as necessary to separate sensitive data is of the utmost significance.

These days, there is simply a wealth of information about a person available online for those who know where to look and how to access it, meaning that unless all precautions are taken, it can be easy to get data that can then be used for identity theft. Consumers should take steps to diversify passwords, keep login names unique from each other and otherwise avoid linking various Web services.

Eduard Goodman, chief privacy officer for Identity Theft 911, writes regularly about the many ways in which consumers can protect themselves from online threats, especially those that could compromise their personal information and put them at significant risk.

Google Hasn't Cleared Wi-Fi Data Yet

Wed, 01 Aug 2012 00:00:00 -0700

In 2010, one of the world's largest Web companies engaged in a practice of collecting information about consumers' personal Wi-Fi networks using its Street View cars, and despite a recent settlement related to the privacy invasion, has kept that information.

Google told regulators that it would get rid of the data it collected using its Street View cars, but has yet to do so, according to a report from TechNewsWorld, based on data from the Telegraph. The company initially told regulators in the U.S., Britain, and other countries around the world, that it had collected the data accidentally.

However, the Federal Communications Commission recently found that Google engineers and managers were aware of the code that allowed Street View cars to keep tabs on consumers' Wi-Fi information. This resulted in a $25,000 fine for impeding the FCC's investigation into the allegations, because Google would not grant regulators access to the necessary people or documents.

For its part, the company says its actions - regardless of whether they were intentional or accidental - were not illegal, because the Wi-Fi networks in question were left unprotected by their owners, the report said. In all, it gathered this type of information from users in the U.S., Ireland, France, Belgium, the Netherlands, Norway, Sweden, Finland, Switzerland, Austria and Australia.

"It may not be illegal for Google to have collected this data, but that's not because it's harmless," Jeff Kagan, a technology analyst and consultant, told the tech website. "No, it's because this is all too advanced and new, and the law could never have predicted this would become an invention and then an issue. Now, after the fact, is when the lawmakers generally take a closer look and write law. The lawmaking process takes time."

The problem, then, is that Google lied to regulators in saying that it was unaware of the activity, the report said. That in turn could lead to tougher rule-making in the future, which could be important given the sheer volume of privacy legislation now being considered in the U.S. and abroad.

Eduard Goodman, chief privacy officer for Identity Theft 911, maintains a blog about how consumers can best protect their personal information from any unwanted intrusion.

Do Not Track Legislation Edging Closer?

Wed, 25 Jul 2012 00:00:00 -0700

The controversial "Do Not Track" option that many privacy advocates believe is key to helping protect consumers has drawn a considerable amount of opposition.

The White House would like to see legislation passed for Do Not Track that would mandate all Web companies give consumers greater control over their personal data online, but warring factions are extremely divided on what that should entail, according to a report from Reuters. On the one hand, privacy advocates say that Americans should have full control over how all of their information is handled online, while Internet companies believe that this type of reform would be extremely damaging to their businesses.

For instance, both Google and Facebook rely heavily on being able to cull and share consumer data to turn profits from online advertising, the report said. However, the Obama administration is now focused on having the matter resolved by an agency that sets online standards. It very much backs a Do Not Track standardization, and would like to set a hard deadline for getting the dispute resolved.

It is threatening to use regulatory and Congressional measures if the two sides cannot hammer out an agreement by the end of the year, the report said. Such a decision would put far more pressure on the companies that collect data than the privacy advocates who want greater protection for it.

In the first half of last year alone, revenue from online ads climbed to slightly less than $15 billion, an annual increase of about 23 percent, the report said. However, those who specialize in data collection say that because they get so much of their revenue from this type of advertising, any amount of regulation could be devastating. Some have been willing to explore industry-driven options rather than taking on government oversight.

"If you get rid of [the ability to collect and sell data to advertisers], you kill the Internet," Linda Woolley, executive vice president of government affairs at the Direct Marketing Association, an industry group, told the news agency. "It's just that simple."

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes frequently on his blog about the privacy challenges consumers face when they post any amount of their personal information online.

Users Prefer Facebook Feature Goes Unseen

Wed, 18 Jul 2012 00:00:00 -0700

A new feature on the world's most popular social network is once again drawing the ire of users and privacy advocates alike, as people may soon be able to see who has read their online messages.

In many areas of people's lives, they may have dealt with what are known as "read receipts" before, according to a report from Tech Crunch. These messages are displayed to let a person who sends an email, text, IM chat, or similar communication know that the person on the other end looked at it. Facebook recently incorporated read receipts into its chat and messaging features. However, its latest step is what has become a point of concern for some.

Now, Facebook users who participate in English-language groups on the site will be able to receive extremely specific read receipts for links or files they post on those group pages, the report said. Not only will the original poster be able to see how many people have viewed the content they shared, but also exactly which group members did so. Some might consider this useful - for instance, if an employer posts a pertinent document, he or she will be able to see exactly who has looked at it.

But there is also a concern among experts that this type of read receipt might eventually be broadened once again, to include users' standard timelines, the report said. Users would likely not be entirely comfortable knowing that all other people in their circle of friends can see what they're viewing on the site, whether it's pictures of others, linked articles, profiles and the like. Further, it's speculated that this type of monitoring would drive people to use the site less often so as to avoid seeming as though they've spent hours on it every day, even though many do exactly that. For its part, Facebook only told the site that it does not discuss plans for future features.

Recently, Facebook has also received criticism for the way it scans users' chatlogs for potential illegal activity, and because of the user information companies that develop apps for it are able to access.

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes regularly on his official blog about the many ways in which consumers might face privacy concerns when they use Facebook, and what they can do to increase the protections around their personal information.

Authorities Submitting More Cellphone Tracking Requests

Wed, 11 Jul 2012 00:00:00 -0700

The number of requests authorities across the country are now submitting to cellphone service providers to keep tabs on Americans' records is massive, and rising.

Last year, law enforcement agencies in the U.S. submitted more than 1.3 million requests for customers' cellphone records from the nation's nine largest service providers, according to a report from Reuters. The data was compiled by U.S. Representative Ed Markey, who led a congressional inquiry into this type of surveillance. It was believed to be the first public investigation into this type of tracking by law enforcement.

Further, the study found that the number of requests is going up, and neither law enforcement nor the companies are required to report that such a request took place, the report said. The study was spurred by a New York Times report earlier this year that highlighted how common the practice was, and how little oversight existed.

Verizon Wireless, the nation's largest service provider, has seen requests for its customers records increase about 15 percent per year in each of the last five years, and received roughly 260,000 in 2011, the report said. T-Mobile, the fourth-largest service provider in the U.S., reported similar numbers, with increases of between 12 and 16 percent every year.

"We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers," Markey, who is also a senior member of the House Energy and Commerce Committee, told the news agency. "Law enforcement agencies are looking for a needle, but what are they doing with the haystack?"

The study found most service providers have individual teams that deal exclusively with law enforcement requests, but usually only release the information when they receive a subpoena, the report said. However, they noted they will also turn over the data when officials certify that there is an emergency that involves death or serious physical harm.

Privacy advocates, however, say the practice is troubling, especially given the lack of oversight, especially because subpoenas do not require a judge's oversight as warrants do, the report said.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the issues consumers might face in their everyday lives, and how they can increase the safety of their personal information.

Activists Author Online Declaration of Independence

Thu, 05 Jul 2012 00:00:00 -0700

Three online activist groups recently came together to co-author a new document that is intended to preserve the Internet's freedoms.

The Electronic Frontier Foundation, Free Press and Access Now recently wrote a document they call the Declaration of Internet Freedom, and have already gained significant support for their vision of keeping the Internet as a place for new ideas, free speech and creativity, according to a report from CBS News. Organizations such as the American Civil Liberties Union, Amnesty International and Mozilla have all backed the document as worthwhile.

The Declaration of Internet Freedom places importance on five values that help make the online world what it is: Expression, access, openness, innovation and privacy, the report said. In short, the groups want to see the Internet remain uncensored, and for organizations to promote universal access to fast, affordable networks. Further, they want the Internet to be open to as many people as possible, where innovation can be fostered without permission from organizations, and on which privacy can be protected and defended according to users' wants and needs.

The document is seen as an answer to the U.S. governments recent attempts to pass the controversial Stop Online Piracy Act and Protect IP Act, which spawned the recent Internet blackout day observed by many extremely popular websites, the report said. Those proposed laws were ostensibly framed as ways to crack down on illegal activity online but were seen as being far too broad, and led to fears that consumers' activities online would become far more heavily monitored. And while those bills were delayed indefinitely, another (the Cyber Intelligence Sharing and Protection Act) has recently been introduced, and faces the same type of criticism.

"Today's launch of the Declaration of Internet Freedom is another major step forward in the growing movement to define and defend the online freedoms all people should enjoy," Free Press chief executive officer Craig Aaron said, according to the news agency. "We've seen the power that millions of people have against threats from corporate and government interests alike - whether in fighting for Net Neutrality or against SOPA. Now comes a moment for us to shape, to debate and to unite behind a positive, proactive vision for the Internet's future."

Eduard Goodman, the chief privacy officer for Identity Theft 911, maintains a blog about the privacy challenges consumers face online.

Many Teens Hide Their Online Lives

Wed, 27 Jun 2012 00:00:00 -0700

Many teens go to great lengths to hide the way they behave online from their parents, and the number of those who do is growing quickly.

A new study from security firm McAfee reveals that these days, about 70 percent of teens say they hide their online behavior from their parents, up from just 45 percent in 2010, according to a report from CNN. Most of that hidden behavior is related to teens looking at violent or pornographic content online, with 43 and 32 percent, respectively, saying they do so. Another 16 percent say they use their phones to cheat on tests.

However, other online teen behavior is more worrying: about 15 percent have hacked another person's social networking profile, and 9 percent say they have done the same for email accounts, the report said. Further, 12 percent have met face-to-face with people they only knew online.

And teens, having been brought up in the electronic age when Internet use was more or less ubiquitous, are quite skilled at hiding any info their parents might have otherwise stumbled across, the report said. More than half of respondents say they have cleared their browser history, and 46 percent say they either close or minimize content they'd like to hide when their parents walk in. Another 34 percent hide or delete IMs and videos.

Others are more duplicitous, with 23 percent using a computer parents don't check, and the same proportion lying about or not fully disclosing their activities when asked, the report said. Another 20 percent use privacy settings to hide information on their profiles from their parents, and this is also true of private browsing modes. More troubling, 15 percent have email addresses their parents don't know about, and 9 percent make fake social networking profiles to show their parents. The study found they behave in this way because they know they can get away with it.

"Half of teens say they would think twice about their online activities if they knew parents were watching," the report said, according to the news agency.

Matt Cullina, chief executive officer for Identity Theft 911, has a blog about the ways in which kids put themselves at risk online, and what parents can do to increase their protection.

Teens Facing More Online Privacy Concerns

Wed, 20 Jun 2012 00:00:00 -0700

Teens have access to a large amount of technology that helps them interact with people around the world, but some experts say this isn't necessarily a good thing.

In recent months, a good amount of attention has been paid to the fact that many kids are using online services such as social networks or applications in direct violation of the user agreements, and that often, their parents don't know they're doing so. As such, they may be putting themselves at risk for a wide variety of problems, and some of the worst have been in the news lately.

For instance, a popular location-based dating and social networking application for smartphones known as Skout recently shuttered its service for teens after it was alleged that three men between the ages of 21 and 37 used its teen-centric service to lure boys and girls between the ages of 12 and 15, and later sexually assaulted them, according to a report from the Los Angeles Times. The company started out as a service for adults but had recently started a separate service for children between 13 and 17 when many in that demographic began using it.

For its part, Skout says that its service has technology that helps to scan for nude photos, sexually suggestive messages, profanity and other troubling activity, the report said. It also characterized its closing of the teen service as "temporary."

Similarly, a 17-year-old girl is being sought in connection with an alleged prostitution ring in Ottawa that worked through social networks, according to a report from the Canadian Press. Two 15-year-old girls are already in custody in connection with the ongoing investigation. It's alleged that the girls they lured into the service were between the ages of 13 and 17.

Officials believe that parents need to take a larger role in dealing with kids' online behavior, the report said.

"Know who your kids are talking to online," Ottawa police Staff Sgt. John McGetrick told the news agency. "If they are going to meet someone you're not familiar with, ask them: 'How did you meet them? Did you meet them online? What did they say?' If I’m a parent, I'm going to have access to my kids' accounts and I'm going to read them. If they don’t like it, that's unfortunate."

Matt Cullina, CEO for Identity Theft 911, has a blog about kids' privacy concerns.