NewsAlerts

Patient Records Showing Up on Black Market

Wed, 19 Jun 2013 00:00:00 -0700

Patients in California involved in a data breach are finding their medical information including their doctor's name, past illnesses, medical history and prescriptions on the black market, according to a study conducted by Bay Area NBC affiliate KNTV. The multimillion dollar underground market is stealing information from patients in order to bill insurance companies or Medicare.

Thieves are able to get more money on the black market for medical information than they can with a Social Security Number, Federal Trade Commission attorney Lisa Schifferle told NBC. Additional patient information on the black market includes insurance and Medicare numbers, addresses and how often an individual uses certain medications. Some of the records even list a person's favorite color, according to NBC.

The team of investigators from NBC interviewed some of the people whose names turned up on the market to confirm if the details listed were correct and, in most cases, they were. Some of those interviewed said they get calls from telemarketers asking them about medical equipment and supplies, the source reported.

One man who sells information on the black market said people will call posing as a telemarketer and ask for their doctor's name in order to access additional information.

The University of California Davis Health System announced it plans to begin recording sexual orientation, gender identity information and other demographic data in electronic health records, according to Think Progress. The announcement highlights the need to protect patient health information, as medical records contain highly sensitive, personal data.

Google challenges FISA

Wed, 19 Jun 2013 00:00:00 -0700

Google is challenging a secret United States national-security court regarding information about government data requests under the Foreign Intelligence Surveillance Act (FISA), according to Time. The petition by Google was filed with the Foreign Intelligence Surveillance Court June 18 and claims the federal restrictions that prevent the company from revealing data request information is a violation of its First Amendment rights.

Google, as well as other Internet companies like Apple, Facebook and Yahoo, are fighting back against claims that they release user information and provide the government with direct access to their servers through the government's Prism program, the source reported. The program allows the government to examine data from emails, videos and online chats to determine if there are any terroristic threats to the nation's security.

The court petition claims the restrictions are harming Google's reputation and business because of false and misleading reports presented in the media. Reports by The Guardian and The Washington Post said the government has direct access to Google's servers. The Internet company has since said those claims are false, Time reported.

Google sought permission from U.S. Attorney General Eric Holder as well as FBI Director Robert Mueller to publish the number of requests issued by the government under Prism. Currently, the company is not permitted to state whether or not it receives FISA requests, according to Time.

"By filing this motion, Google is bringing into focus First Amendment concerns that arise from a gag order that prevents companies from speaking out on a program at the center of a national and international debate," said Kurt Opsahl, senior staff attorney at the Electronic Frontier Foundation.

Facebook, Apple, Microsoft and Yahoo were able to reach an agreement with the government and release the number of information requests from in order to assure Americans of their privacy protection. However, these companies are not allowed to release how many FISA requests they have received.

Yolo Federal Credit Union Suffers Data Breach

Tue, 18 Jun 2013 00:00:00 -0700

Yolo Federal Credit Union is facing a potential data breach. Customers will be receiving new credit and debit cards due to the possible breach.

Yolo was told by Visa on May 31 that three possible breaches have occurred at "multiple merchant locations," and customer personal information may have been hacked, the Sacramento Business Journal reported. Customers impacted were sent letters warning them their information may be at risk. The company also sent out new cards recently and have canceled the old credit and debit cards.

Yolo did not disclose what merchants were compromised, the article stated. The credit union has more than 16,000 members.

Visa is also currently facing a lawsuit filed by Genesco Inc., which challenges the ability of credit card companies to fine merchants and their banks for data breaches, USA Today reported. The lawsuit was spurred after Genesco suffered a data breach in 2010 and Visa and MasterCard said the breach was because of the retailer's failure to comply with Payment Card Industry Data Security Standards. Credit card companies have enforced the standards since 2004, the article stated.

14 Convenience Stores Seized by Federal Authorities

Mon, 17 Jun 2013 00:00:00 -0700

Federal authorities detected an identity theft scandal and seized 14 7-Eleven stores in New York and Virginia, according to CNN Money. Nine owners and managers were charged with identity theft, conspiracy to commit wire fraud and concealing and harboring immigrants. The defendants allegedly used around 20 stolen identities to hide the true identities of their illegal workers.

Married couple Farrukh and Bushra Baig were two of the nine charged in the incident and owned or managed 12 of the stores.

"From their 7-Eleven stores, the defendants dispersed wire fraud and identity theft, along with Slurpees and hot dogs," said Loretta Lynch, U.S. attorney for the Eastern District of New York.

Those who were charged allegedly forced immigrants to work approximately 100 hours a week and kept most of their pay, the source reported. The immigrants being forced to work by the managers and owners were also required to live in boarding houses owned by the defendants. The scheme has allegedly been going on for more than 13 years.

Ten of the stores involved in the incident are located on New York's Long Island while the remaining four are in Virginia, according to the source. In addition to the seized stores, federal authorities also took control of five homes on Long Island.

James Hayes of the U.S. Immigration and Customs Enforcement's Homeland Securities Investigations said another 40 7-Eleven stores are being investigated, CNN Money reported.

Government Sent Thousands of Requests to Apple

Mon, 17 Jun 2013 00:00:00 -0700

New data revealed U.S. federal, state and local authorities sent Apple between 4,000 and 5,000 requests for user data between Dec.1, 2012 and May 31, 2013, according to The Washington Post. As many as 10,000 accounts or devices were affected due to the data requests. Apple's legal team looks at the appropriateness of each request to maintain customers' privacy protection.

"We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers' privacy as they expect and deserve," the company said in a statement on its website.

The number of requests sent by the National Security Agency under the Foreign Intelligence Surveillance Act was not specified, although the requests were related to national security, the report stated. The most common request was from local authorities who were attempting to locate missing children or investigating crimes like robberies.

Facebook and Microsoft released their data requests numbers on June 14. Those companies said many of the requests were to help find missing children. Although Apple holds onto some data, the company does not keep conversations that take place through the company's Messages or FaceTime programs, according to The Washington Post. Data involving location, map searches or Siri requests traceable to customers are also not kept by Apple.

Healthcare Data Breaches: Stanford, X-Ray Schemes

Fri, 14 Jun 2013 00:00:00 -0700

Stanford University's Lucile Packard Children's Hospital warned 12,900 patients of a data breach that potentially compromised their personal information, according to Health IT Security. The breach was the second for the children's hospital in the last six months, and both were due to laptops containing patient data being stolen from the facility. The laptops did not appear to be encrypted.

The laptop in the most recent breach was password-protected and non-functional, the source stated. The equipment, suspected to be stolen between May 2 and 8, was in a secured, badge-access controlled portion of the hospital.

So far, no evidence of wrongdoing with the data has been found. The hospital said patients should not worry about identity theft because Social Security numbers and insurance numbers were not included on the laptop.

"Lucile Packard Children's Hospital strives to be an industry leader in the area of medical information security," the hospital said in a statement. "As a result of this incident, we are taking additional steps to further strengthen our policies and controls surrounding the protection of patient data."

The hospital reported yet another data breach involving 532 patients in 2010.

Hospitals Falling Victim to X-Ray Schemes
Criminals are targeting hospitals and healthcare providers in schemes that steal x-rays, according to The Wall Street Journal. Most are using the films for their silver content, however, it's sometimes being treated like a data breach.

Although a data breach typically involves hacking a computer network, it also includes theft or loss of physical items that contain data that can be used to identify a patient's personal information, according to the source.

"Often, the x-ray film itself is stamped with certain identifying information," said Katherine Keefe, head of Beazley Breach Response Services. "Sometimes the x-rays are still in their jackets. Seems like a lot of work to go through to get a small amount of silver."

Keefe said there has been a growing number of x-ray thefts in recent years where criminals enter a hospital posing as a service provider assigned to destroy the x-rays, The WSJ stated.

The U.S. Department of Health and Human Services posts information online about heists involving more than 500 patients, giving Americans the opportunity to learn if they are at risk of identity theft. Hospitals also send letters to patients when less than 500 are involved in a data breach, according to The WSJ.

Equifax Says Good Defense Will Help Combat Data Breaches

Fri, 14 Jun 2013 00:00:00 -0700

Equifax Canada discussed the best practices to protect against a data breach at a recent gathering with Canadian regulatory, legal and privacy experts.

"As malicious attacks and fraud are on the rise, when it comes to protecting organizations from data breaches, the old adage, the best defense is a good offense, applies," said John Russo, vice president of legal and chief privacy officer for Equifax Canada. "Today, companies are expected to take a proactive and planned approach to prepare and protect themselves, and most importantly, their clients from the negative impact a data breach can have on them."

The 2013 Data Breach Fraud Impact Report by Javelin Strategy and Research found that a large data breach can cost consumers billions of dollars in losses. Victimization is also becoming more connected to incidences involving fraud, the report stated.

Companies can protect themselves by taking the proper precautionary steps to reduce a breach response team's mobilization. Preparation will also minimize the negative effects of data breaches including company liability, negative public perception and revenue loss.

Equifax was also part of a discussion regarding the use of social media to stop online payment fraud. The credit bureau is partnering with government agencies to verify whether citizens receiving state or federal benefits are actually eligible or using falsified information, according to Bloomberg Businessweek.

Eight Charged in Hacking Financial Firms

Thu, 13 Jun 2013 00:00:00 -0700

At least two suspects remain at large after four others were arrested following charges of alleged hacking. The suspects are believed to have hacked customer accounts at more than 12 financial institutions including Citigroup Inc. and JPMorgan Chase and Co, according to Bloomberg. The scheme's participants tried to steal at least $15 million.

Among those who have evaded police capture are Oleksiy Sharapka and Leonid Yanovitsky, both from Kiev, Ukraine, and are believed to be the identity theft scheme leaders. One of the men, Sharapka, was just released from a U.S. prison last year after spending eight-and-a-half years locked up, the report stated.

"Cybercriminals penetrated some of our most trusted financial institutions as part of a global scheme that stole money and identities," said U.S. Attorney Paul Fishman. "They used stolen identities to 'cash out' hacked accounts in a series of internationally coordinated modern-day bank robberies."

The others accused of hacking and identity theft include Oleg Pidtergerya, Robert Dubuc, Andrey Yarmolitskiy and Ilya Ostapyuk. Yarmolitskiy was arrested at John F. Kennedy International Airport in New York, according to the source.

The defendants in the case are charged with conspiracy to commit wire fraud, money laundering and identity theft. On the most serious charge, they face 20 years in prison, Bloomberg stated.

U.S. Reportedly Hacked Chinese Computers

Thu, 13 Jun 2013 00:00:00 -0700

Edward Snowden, now known as the former government contractor employee who offered up some the the National Security Agency's biggest secrets and created one of the country's largest data breaches, now says the NSA has been hacking computers in Hong Kong and China since 2009, according to the Dow Jones Newswires. Snowden's allegations were published in the South China Morning Post June 12. In the interview with the newspaper, Snowden said he thought there were more than 61,000 NSA hacking operations across the globe, hundreds of which were in Hong Kong and China.

"We hack network backbones - like huge Internet routers, basically - that give us access to the communications of hundreds of thousands of computers without having to hack every single one," Snowden told the newspaper.

Snowden's last known location was Hong Kong and he plans to stay there and challenge the U.S. government in courts once charges are brought against him, the source reported. Snowden's former employer, Booz Allen Hamilton, said June 11 he had been fired.

Since the announcement, China has kept quiet on the issue while the state-run media outlets have used caution when it comes to covering Snowden and his allegations, according to CNN.

Risk of Data Breach Increases During Travel

Wed, 12 Jun 2013 00:00:00 -0700

Booking your hotel room online, purchasing souvenirs at a shop and using your credit card to pay for meals can make you susceptible to a data breach or identity theft while you're traveling, according to the 2013 Trustwave Global Security Report Preview. The reason for increased risk of identity theft while traveling is because thieves tend to hang out at retail stores, bars and restaurants and hotels in tourist areas.

These three industries are targets in 78 percent of all data breaches and are vulnerable because stores are focused more on customer service than data security. The fact that many consumers are using credit and debit cards for purchases at these locations also contributes to the heightened risk of identity theft, according to the report.

The size of a purchase does not, however, seem to be a contributing factor when it comes to identity theft while traveling. Whether its a small store or a large hotel, the company can be a target of a data breach.

"It used to be only large organizations had to worry about security," Jerry Irvine, chief information officer at the IT outsourcer Prescient Solutions and a member of the National Cyber Security Partnership, told Fox Business. "Now, just like an animal in the wild, they target the weakest in the herd."

Consumers' personal information may be stolen years after they visited a hotel during vacation. Hotels or other businesses may keep customer information on file long after they have left in order to continue to send that customer advertisements, Fox Business reported.

New HIPAA Rules Will Increase Security and Privacy

Wed, 12 Jun 2013 00:00:00 -0700

New Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules took effect in March and give U.S. businesses and subcontractors until September 23 to make sure they are complying with the regulations, according to HealthTechZone. The changes and updates to the rules aim to improve HIPAA enforcement and better protect against confidential data loss.

Some of the new rules include increased fines and prosecution for privacy and security violations, the source reported. A security risk analysis must be conducted or reviewed by healthcare providers as well as the implementation of necessary security updates, according to the new rules. Healthcare providers will also be responsible for correcting any deficiencies in their security risk analysis.

About 65 percent of deficiencies in a recent Office of Civil Rights (OCR) audit of 20 healthcare providers were security-related, while 26 percent were privacy-related, HealthTechZone reported.

"What we're learning from the audits […] is there's plenty of noncompliance out there and plenty of room for improvement," said Leon Rodriguez, director of the OCR.

The report showed that vendors working for hospitals and medical facilities risk violating the security of patient health information, according to the source. For example, South Shore Hospital in Mass., reported the vendor in charge of destroying confidential information lost backup computer tapes that contained patient information.

Regulators and Advocates Focus on Senior Identity Theft

Tue, 11 Jun 2013 00:00:00 -0700

Older consumers are more susceptible to identity theft than others, especially when it comes to cases involving tax returns and medical care, according to The Baltimore Sun. That is why the Federal Trade Commission (FTC) held a workshop in May regarding senior identity theft.

"Seniors are targeted because they have more disposable income," said Rebecca Bowman, administrator of the Office of Consumer Affairs in Howard County, Md. "Many of them have very good credit histories and so the ID thieves will go after seniors because the benefits they reap can be substantial."

There were 52,610 identity theft complaints from seniors 60 and older filed in 2012 with the FTC, up from 32,907 in 2010, the source reported. One of the largest complaints is about tax return identity theft where thieves use another individual's Social Security number to file a return and receive a refund.

Another type of fraud that's common among seniors is medical identity theft. Thieves will use another person's identity to get healthcare services, according to The Baltimore Sun. This can have severe consequences because a victim may be given the wrong medication or diagnosis if it's combined with a thief's medical history.

Cognitive impairment also leads to financial exploitation for seniors, including those in nursing homes and assisted living facilities. Suspects in senior identity theft can be family members, facility staffers, car providers and thieves that can access patients' hospital and nursing home rooms.

Israeli Leader Accuses Iran of Cyberattacks

Tue, 11 Jun 2013 00:00:00 -0700

Israeli Prime Minister Benjamin Netanyahu said the country's water, power, train and banking systems were under threat after a recent increase in cyberattacks from Iran. The prime minister also said that Iran's allies in Hamas and Hezbollah are participating in attacks on Israel's essential systems, according to The Telegraph.

"Every sphere of civilian economic life, let's not even talk about our security, is a potential or actual cyberattack target," Netanyahu said at a conference on cyber warfare.

Although the prime minister offered no details on the number or types of attacks alleged by Iran, he said it is likely they will continue to intensify in severity as the digital age continues to advance, the source reported. Netanyahu added that most of the attacks against Israel were not made public because the government was able to block some of the data breaches.

A national cyber directorate was set up in 2011 by the prime minister in order to protect Israel's computer systems. Officials have previously spoken of cyberattacks but most had little effect, The Telegraph stated. A pro-Palestinian attack briefly disrupted Israeli government sites two months ago.

While Israel accuses Iran of cyberattacks, Israel's secret service may be behind attacks on Iran's nuclear program, according to The Telegraph.

Firm Shocked By Employee's Data Breach

Mon, 10 Jun 2013 00:00:00 -0700

The name of the employee who leaked the information regarding the National Security Agency 's surveillance controversy was announced June 9, and now his employer, Booz Allen Hamilton Holding Corp., said it is shocked by his data breach, The Wall Street Journal reported. The firm is one of the nation's top-10 defense contractors and has more than 25,000 employees.

The 29-year-old employee, Edward Snowden, joined the firm three months ago in its Hawaii offices, according to the WSJ. Booz Allen said it's launched its own investigation into the data breach and was shocked by the allegations.

Booz Allen began a five-year contract with the Pentagon's Defense Intelligence Agency earlier this year and earns most of its revenue from work with government agencies. As a result of the data breach, the company may be facing a serious problem, the source reported.

There are five million people who hold security clearances with the U.S. government, including 1.4 million with top-secret clearance. Of those with top-secret clearance, one-third are contractors, according to the WSJ. At Booz Allen, approximately three-quarters of employees hold security clearances and more than 25 percent hold top-secret clearance, meaning they have access to the most controlled intelligence information.

Negligence and Glitches Are Leading Causes of Data Breaches

Mon, 10 Jun 2013 00:00:00 -0700

A new study by Ponemon-Symantec found that the majority of data breaches are caused by negligent employees and computer glitches, according to PC World. In 2012, 35 percent of data breaches were a result of negligence or human errors while 29 percent were caused by system glitches. Malicious attacks, the highest cause of breaches, accounted for 37 percent.

However, the figures of the survey varied among different countries, with 48 percent of breaches being malicious attacks and 52 percent caused by negligence and glitches in Germany. In comparison, Brazil saw 77 percent of breaches caused by human error and system failures, the source reported.

"Data breaches normally aren't about bad people," Larry Ponemon, founder and chairman of Ponemon. "It's normally about good people making mistakes or business processes that fail."

An increase in employees bringing personal devices to work was also cited as a source for data breaches, the article stated. Personal tablets and smart phones are not always secured because they are not protected as much as company computers and devices.

The Ponemon-Symantec report suggested ways to prevent data breaches including educating employees and training them on how to handle confidential information. Using a breach security solution will also ensure sensitive data is protected on employees' mobile devices. Encryption and strong authentication solutions are also smart steps to take, as is preparing an incident response plan including the proper steps for customer notification of a data breach.

U.S. Gathering Information From Internet Servicers

Fri, 07 Jun 2013 00:00:00 -0700

As news of U.S. intelligence mining data surfaced, many Americans are questioning privacy protection. The National Security Agency and the Federal Bureau of Investigation (FBI) are and have been tapping into nine of the leading Internet companies in the United States, according to The Washington Post.

The government is extracting information such as audio and video chats, photos, emails, documents and connection logs so they can track foreign targets. The program's code name is PRISM and has been top-secret until now. Companies included in the data collection are Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple, The Washington Post reported.

"Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats," said Director of National Intelligence James Clapper. "The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."

The program focuses on foreign communications traffic, and while American citizens are not targets of the searches, their communications are sometimes intercepted. However, the Obama administration noted ongoing safeguards including "extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons," according to The Washington Post.

Does HIPAA Fine Money Go To Data Security?

Fri, 07 Jun 2013 00:00:00 -0700

Some believe that Health Insurance Portability and Accountability Act (HIPAA) fine money isn't being allocated to data security after a healthcare provider suffers a data breach. Diane Oriza, whose son's information was compromised in a recent Palm Beach County Health Department data breach, said that she thinks HIPAA fine money is being allocated incorrectly and should be used in the organization's security program, according to Health IT Security.

One of the issues associated with lack of patient notification after a data breach is outdated contact information, Health IT Security reported. If patients are not receiving notifications about their personal data being compromised due to outdated contact information, there is a good chance they may never know about the breach. While an organization may post a notification on its website, it is unlikely every patient will check the site.

Oriza said that if a healthcare organization is fined $1 million for a data breach, they should make sure the payment goes toward its security budget. The job of the Office for Civil Rights (OCR) could then ensure the money was spent properly to improve patient record safety, the source reported.

However, the OCR says the money from fines is used for victim restitution, further enforcement and to make HIPAA more permanent.

"The idea after that is to have a permanent program, part of which will need to be funded by the proceeds of enforcement," said Leon Rodriguez, director of the Department of Health and Human Services Office for Civil Rights.

Eleven Accused in Credit Card Fraud Ring

Thu, 06 Jun 2013 00:00:00 -0700

The Federal Bureau of Investigation arrested and federally charged one of the leaders of an international data theft ring. The scheme led to about $200 million in fraudulent charges to credit cards issued in the United States and Europe, according to the FBI.

Duy Hai Truong of Ho Chi Minh City, Vietnam, was charged with conspiracy to commit bank fraud. He is accused of defrauding banks, stealing and later reselling information from more than 1.1 million credit cards to other criminals worldwide from 2007 until his recent arrest. The identity theft ring was disbanded after interference by the FBI, the United Kingdom's Serious Organised Crime Agency and Vietnamese authorities. Truong is also being charged by the United Kingdom, Vietnam, Italy and Germany.

The ring was based in Vietnam and specialized in stealing personal identifying information provided to companies receiving online credit card payments. Truong faces a maximum of 30 years in prison if he's convicted of the charges. Truong will also have to pay a $1 million fine or twice the gain derived from the office or twice the loss caused by the scheme, whichever is greatest, will also be paid by Truong.

UMass Notifies Patients of Data Breach

Thu, 06 Jun 2013 00:00:00 -0700

The University of Massachusetts Center for Language, Speech and Hearing is warning approximately 1,600 patients of a health data breach. The center, which provides clinical services for individuals with communication disorders, said the breach occurred on April 5, according to Health IT Security.

Patient data was compromised after a malware program infected a workstation. Compromised patient data included Social Security numbers, addresses, health insurer names and primary healthcare and referring doctors. Information specialists from UMass didn't find any evidence of stolen patient data, however, associated Dean of UMass' School of Public Health and Health Sciences sent a letter to patients to keep an eye out for "any unusual activity with respect to your health insurance information to limit the likelihood of misuse of protected health information (PHI)," the source reported.

UMass said it has improved security at all of its workstations since the incident and offers additional training on security practices to staff, the article stated. In order to prevent PHI availability at workstations, the center can use the data breach as a case for desktop virtualization and zero-client devices, according to the source.

Hacking Reported at Department of Veteran Affairs

Wed, 05 Jun 2013 00:00:00 -0700

Jerry Davis, former security chief at the Department of Veteran Affairs, revealed that at least eight foreign-sponsored organizations hacked into the department's computer networks. Most of the organizations were connected to the Chinese military and some of the attacks remain active even though the VA was notified of the computer hacking back in March 2010, according to The Washington Post.

The breaches "successfully compromised VA networks and data," Davis told the source. However, he did not say how the information was used by the criminals. The potential for identity theft was raised due to the hacks and may even complicate efforts to share disability claims information with the Pentagon.

"The entire veteran database in VA, containing personally identifiable information on roughly 20 million veterans, is not encrypted, and evidence suggests that it has repeatedly been compromised since 2010 by foreign actors, including in China and possibly in Russia," said Rep. Mike Coffman, chairman of the House Veterans' Affairs oversight and investigations subcommittee.

Officials believe the main threats associated with the data breaches include credit card theft, The Washington Post reported. Assistant inspector general Linda Halliday said she was aware of 4,000 weaknesses and vulnerabilities that haven't been addressed with the VA's computer security.

Americans Concerned About Data Breaches in Large Organizations

Wed, 05 Jun 2013 00:00:00 -0700

The latest Unisys Security Index by Unisys Corporation revealed that the majority of Americans are concerned about data breaches involving large organizations. According to the survey, although they're concerned about these data breaches, they remain mixed when it comes to legislation requiring private businesses to share cyber attack information with the government.

More than 1,000 Americans were surveyed and 67 percent of participants said they were most worried about their banks and financial institutions suffering data breaches. Another 62 percent were concerned about data breaches that involve government agencies, while 60 percent were concerned about the safety of personal information at health organizations and 59 percent were worried about data breaches at telecommunications and internet service providers.

There is also concern about identity theft (83 percent) and credit card fraud (62 percent) among Americans and the possibility of these thefts occurring due to data breaches at large organizations.

Forty-eight of those who responded don't believe a private business should be forced for share cyber attack information with the government while 46 percent said private businesses should be required to do so.

"Americans clearly see a need for stronger methods to prevent cyberattacks, and many see a natural role for government in that process, but they differ on precisely how government and the private sector should interact in that regard," said Steve Vinsik, vice president of enterprise security for Unisys. "Regardless of where the legislation ends up, businesses and government agencies need to realize that the costs of breaches far outweigh those of prevention - and that Americans are paying close attention."

New York State Requires Insurance Companies to Document Cybersecurity Preparedness

Tue, 04 Jun 2013 00:00:00 -0700

New York Gov. Andrew Cuomo required the 31 largest insurers regulated by the state to issue information regarding their cybersecurity preparedness. The state wants the information in order to determine if the companies have experienced any attacks in the last three years, Reuters reported.

The move by the state can help to protect more businesses than just those in the insurance industry.

Business hold large amounts of sensitive information that can be used for personal and medical identity theft, property theft or credit card data theft. Cyber criminals are making billions from stealing this kind of information from U.S. companies.

There are several companies that use proactive penetration testing and hire IT staff or an outsourced IT support company to manage their security. However, just having the support may not be enough to protect against cyber threats. Some believe it makes sense to have the state request this information in order to make sure insurance companies have the proper cybersecurity measures in place.

While there are many proactive measures insurance companies can take to protect against threats, penetration testing will provide an in-depth evaluation of the security threats and holes in the organization and show business executives and administrators how effective their current measures are.

Tweens' Social Media Use Can Lead to Identity Theft

Tue, 04 Jun 2013 00:00:00 -0700

Most tweens use social media platforms such as Facebook although the site says they must be at least 13 years old to log on. Anti-virus and anti-spyware security company McAfee completed a survey of 1,173 young people aged 10 to 23 and 1,301 parents to determine social media use and supervision, according to Reuters.

The survey found that young kids are using the online sites without much supervision and most children are unaware of the threats posed on the Internet, including identity theft. Half of those who responded to the survey said they've shared personal information online including their email address, and another 28 percent said they listed the school they attend in the information listed on their page.

Another disturbing result of the survey showed that 52 percent of young people spend at least five hours a day online but their parents think they spend much less time on the Internet. Only 9 percent of parents said they know how to check what their children have been doing online, and 58 percent of tweens said they know how to keep their online use hidden, the report stated.

"It's still the Wild West out there and because they are digital natives, our youth are engaging in all kinds of unsafe behavior without the benefit of how their actions will affect their lives," said Michelle Dennedy from McAfee.

Identity Thieves Use New Technology To Steal Information

Mon, 03 Jun 2013 00:00:00 -0700

Wonga.com, a London-based digital finance company that offers loans to customers, is facing scrutiny for having customers' accounts hacked into. Identity thieves are entering the company's database and stealing customer details and using the personal information to apply for loans, according to ITV.

One Wonga customer, Leigh Newman, for instance, noticed nearly $800 had been taken from her account. In response, Wonga said it would refund Newman and investigate the identity-theft scheme.

Consumers Face Increasing Risk of Online Identity Theft
More than 30 million debit and credit card holders remain at risk for identity theft thanks to "contactless" payment technology, the Daily Mail reported.

Mobile phones are able to read the information while more consumers use contactless cards to save time at the register. Because a personal identification number (PIN) isn't required within the first five transactions with the cards, thieves can use their electronic readers over the individual's wallet to grab the information, the source stated.

Thieves are able to hold the phone near a wallet and steal information within two seconds. The account-holder's name, card number and expiration date can be obtained with the reader. Some can even pull up the card's last 10 purchases, according to the Daily Mail.

After the information is stolen, it can be used to make purchases on websites including Amazon. The identity theft scheme has led some companies to issue more secure cards to their customers.

United States and China Hold Talks Regarding Hacking

Mon, 03 Jun 2013 00:00:00 -0700

After daily encounters with data breaches and theft of corporate and government secrets, the United States and China will hold talks on setting the standards of behavior for cyber security and commercial espionage, according to The Washington Post. The talks between presidents Barack Obama and Xi Jinping will begin talks in July.

The National Security Agency said the attacks resulted in the "greatest transfer of wealth in history," while hackers stole secrets such as negotiating strategies and schematics for next-generation fighter jets and gas pipeline control systems, The Washington Post reported.

"It is a serious issue that cannot simply be swatted away with talking points," said an American official. "Our concerns are not limited to that, but that's what needs urgent attention."

The Chinese government said it too is a victim of cyber attacks and is not the one issuing them. The Chinese are expected to discuss the use of cyber weapons by Americans at the Strategic and Economic Dialogue meeting between the two countries' officials, according to the source.

The use of hacking in military and corporate espionage is new enough that neither party is well-prepared for discussions of cyber issues. The conversation is expected to focus on corporate secret theft.

Scammers Target Online Apartment-hunters

Fri, 31 May 2013 01:00:00 -0700

Connecticut's Better Business Bureau advises individuals looking for rental properties on sites like Craigslist to be wary of identity theft scams during the heightened renting season.

Lenders have recently tightened their requirements for obtaining a mortgage, driving more people into the rental market. Identity thieves will pose as landlords and real estate agents posting fake listings in order to obtain personal information from potential renters. Some scammers have gone as far as providing an address and even a key to the property, persuading individuals to provide their personal information.

When researching rental properties, it is important to perform due diligence. Search your property on a website other than where you found it. Find out if the landlord or real estate agent is aware of the listing by calling their office or checking the official website, and never fill out a rental application online before you visit the home or apartment in person.

Rental applications ask for your name, Social Security and driver's license numbers, bank account information and current address. The request for a Social Security number may seem plausible because most landlord check credit as part of the rental application process. But in the wrong hands this information can lead to identity theft.

Follow our IDentity Theft 911 blog for more information on the latest identity theft scams and tips on how to safeguard you and your family from identity theft.

Two Men Indicted for Business Identity Theft Scheme

Fri, 31 May 2013 00:00:00 -0700

Many people may think identity theft is a consumer issue, but the escalating problem in the United States also affects businesses. Two Florida men were recently indicted by the Colorado attorney general's office for forging paperwork to obtain businesses and then selling them to make a profit.

Colorado Springs CBS affiliate KKTV reported John Parks would use the Colorado Secretary of State's website to look for businesses that were delinquent in filing renewal paperwork. He would then use various identities to pay filing fees, submit the Statement of Curing Delinquency and Statement of Change paperwork and falsely acquire the business.

Park, along with Daryl Honowitz, would then submit this paperwork to creditor Dun and Bradstreet, obtain a better credit rating for the fake business and then sell it. The two allegedly also entered lease-back schemes and stole money from secure creditors, the source said. The two men made $32,226 in their identify-theft scheme.

Colorado Chief Deputy Attorney General Cynthia Coffman told the source this proves businesses are not safe from identity theft.

"This case exemplifies that businesses are not immune to this crime and need to do their part to stay safe," she said.

A statement on the Colorado Attorney General website said the scheme ran between February 2011 to April 2012.

'Anonymous' Hacker Faces 10 Years In Prison

Thu, 30 May 2013 01:00:00 -0700

On Tuesday, Jeremy Hammond, 28, pled guilty to hacking private intelligence firms as well as other websites, illegally obtaining e-mail addresses and credit card numbers from nearly 1 million people.

Hammond, referring to himself as the "electronic Robin Hood", admitted to playing a role in "Anonymous" December 2011 cyber-attack of Stratfor Global Intelligence Service. He went on to admit his role in hacks of other government agencies. including the Arizona Department of Public Safety, the Boston Police Patrolmen's Association, the FBI's Virtual Academy and the Jefferson County, Ala. sheriff's office.

From the Stratfor attack alone Anonymous hackers obtained more than 60,000 credit card numbers and made roughly $700,000 in fraudulent purchases using the information.

Accepting a plea deal, Hammond faces up to a decade in prison instead of the initial potential 30-year sentence. He awaits official sentencing on Sept.6.

Follow our IDentity Theft 911 blog for updated information on the latest identity theft news and insightful tips and techniques to help safeguard you and your family from falling victim to identity theft.

Florida Company Posted Social Security Numbers Online

Thu, 30 May 2013 01:00:00 -0700

The Social Security Numbers of 77 Lee Memorial Health Systems employees were posted online.

A Florida-based company, UCAC Incorporated, wrongfully posted the employees claim information online with no protection.

UCAC handles unemployment compensation claims and had previously worked with Memorial employees. Memorial Health Systems had terminated the relationship with UCAC in 2004, but the information has been posted online for the past 10 years.

According to a victim of the posting, UCAC has not yet contacted her to explain the potential exposure to identity theft that they are facing.

A victim claims that this exposure explains problems she experienced like a parking ticket for state she'd never been in and a bank account opened in her name.

Follow our IDentity Theft 911 blog for more information on the latest tips to help safeguard you and your family from becoming a victim of identity theft.

International Ring Laundered Money, Stole Identities, Authorities Say

Wed, 29 May 2013 01:00:00 -0700

A cyber network hid illegal transactions and laundered money around the world. Federal authorities called this incident the largest international money-laundering case in history.

Five suspects were arrested in Brooklyn, Spain, and Costa Rica. According to Manhattan U.S.
Attorney Preet Bharara, suspects were indicted for allegedly facilitating 55 million transactions that concealed the proceeds of credit card fraud, identity theft, computer hacking, child pornography, narcotics trafficking and other crimes.

Under the veil of a company based in Costa Rica called Liberty Reserve, over 1 million users worldwide used the network to conduct illegal transactions and launder the financial proceeds.

Liberty Reserve processed more than 12 million financial transactions annually, with a combined value of more than $1.4 billion, prosecutors alleged.

Follow our IDentity Theft 911 blog for more information on the latest tips to help safeguard you and your family from becoming a victim of identity theft.

Identity Thieves Stealing From The Dead

Wed, 29 May 2013 01:00:00 -0700

Michigan's Attorney General Bill Schuette released a consumer alert over the weekend informing residents of the increased identity theft incidents involving the deceased.

Schuette referenced a case in Louisiana where three alleged perpetrators were arrested for stealing more than 100 identities of deceased individuals. One of the people charged worked at the emergency room of a hospital and would text the personal information of dying patients to an accomplice-an adult-aged son. The son and his wife would then apply for credit cards using the deceased individual's personal information.

The alleged identity theft criminals would also look through the obituaries and use the hospital's database to obtain more personal information like Social Security numbers and dates of birth. The deceased are targets of identity theft because the news of their death is not immediately shared with financial institutions.

When safeguarding the identity of deceased family members or friends from theft start by limiting the information shared in the obituary. Exclude the hospital where the deceased received treatment, obtain as many as 12 death certificates, immediately call credit card and insurance companies, banks and other financial institutions to verify the account reads "Closed: Account Holder is Deceased," and contact the three major credit reporting agencies to notify them of the individual's death.

Follow our IDentity Theft 911 blog for updated information on the best ways to safeguard you and your family from falling victim to identity theft.

High-Profile Twitter Hacks Led To New Security Feature

Tue, 28 May 2013 01:00:00 -0700

The social media network, Twitter, has released a new security feature called login verification. The feature has been successful on Facebook and links users' cellphone numbers to their account name.

Also known as two-factor authentication, the new feature sends a code to a pre-established cellphone number whenever a Twitter user signs into the social media site. The network then prompts users to enter the codes sent to their cellphones to verify their login. This is an optional feature that needs to be turned on in the settings menu.

In the past year, high-profile accounts like the Financial Times, The Guardian and most recently the Associated Press have been hacked. Hackers of the Associated Press sent out a tweet that caused the U.S. stock markets to plummet in minutes.

Several of these accounts were compromised resulting from e-mail phishing schemes while some suffered a breach of password data elsewhere on the Internet.

Follow our IDentity Theft 911 blog for up to date information on the latest Internet security and safeguards to protect you and your family from falling victim of identity theft.

Florida Leads Nation In Identity Theft Cases

Tue, 28 May 2013 01:00:00 -0700

Florida has become the U.S. breeding ground for identity theft incidents, with 70,000 identity theft incidents recorded in 2012. That amounts to 361 cases per every 100,000 residents.

The Federal Trade Commission's Consumer Sentinel Network Data Book analyzes identity theft incidents recorded state-by-state. In the most recent report, Florida's identity theft rates were jaw-dropping compared to the rest of the country. Many experts believe Florida's large population of vulnerable retirees and high crime rates make the state a hot spot of identity theft, but in comparison the numbers are still shocking.

Georgia ranked second in the report with 194 identity theft incidents per 100,000 residents. California, Michigan and New York, all states with above-average crime rates, combined account for one-third the amount of identity theft as the entire state of Florida. Finally, Arizona, another state full of retirees, records 30 percent the amount of identity theft incidents as Florida.

Follow our IDentity Theft 911 Blog for updated information on the latest identity theft research and techniques on how to safeguard you and your family from becoming victims of identity theft.

Alabama Woman Gets 10 Years In Prison For Fake Tax Returns

Fri, 24 May 2013 01:00:00 -0700

The leader of an identity theft ring, Rhashema Deramus, was sentenced to 10 years in prison for her involvement in an identity theft and tax refund scam.

The ring stole people's names, birthdates and Social Security numbers in order to file fraudulent tax returns and directed the refunds to pre-paid debit cards, according to the U.S. Department of Justice.

Deramus was ordered to pay $1,198,063 in restitution for the fraudulent refunds and more than 7,000 stolen identities.

She was caught when her vehicle was identified in connection to a string of suspicious ATM withdrawals. Officers found 65 pre-paid debit cards in other people's names and a computer containing stolen personal information in the vehicle.

More than 800 of the identities were stolen from Alabama's Troy Regional Medical Center.

Follow our IDentity Theft 911 blog for more information on the latest tips to help safeguard you and your family from becoming a victim of identity theft.

Homeland Security Discovers Flaw In Its Cyber Database

Fri, 24 May 2013 01:00:00 -0700

The Department of Homeland Security discovered a vulnerability in an outsourced vendor's database used for processing employee background checks, exposing personal information of tens of thousands of past and current employees.

The database was potentially accessible by unauthorized users since 2009. Employees working in the main Homeland Security headquarters as well as the office for Customs and Border Protection, Immigration and Customs Enforcement are at risk of identity theft as names, Social Security numbers and dates of birth are stored in the database.

The department currently has no evidence that any personal information was lost or stolen as a result of the data breach. However, as a safety precaution they immediately addressed the breach and notified the potentially affected employees.

This is not the first time a federal government department suffered a cyber-security problem. In 2007, another database vendor failed to secure unclassified computers at the headquarters of Transportation Security Administration, resulting in a hacker group stealing sensitive information.

Follow our IDentity Theft 911 blog for more information on the latest tips to help safeguard you and your family from becoming a victim of identity theft.

Idaho State University Fined $400 Thousand For Data Breach

Thu, 23 May 2013 01:00:00 -0700

Idaho State University's Pocatello Family Medicine Clinic has agreed to pay a fine of $400,000 for alleged HIPAA violations that date back to Aug. 9, 2011.

The clinic disabled a firewall for at least 10 months, leading to the exposure of personal data of 17,500 patients.

According to the Department of Health and Human Services, ISU didn't adequately implement security measures sufficient to reduce the risks of a breach, conduct an analysis of the risk, or implement procedures to regularly review records.

ISU has entered into a Corrective Action Plan agreement that will address the violations and its failure to ensure uniform implementation of HIPAA Security Rule protections at its clinics.

Follow our IDentity Theft 911 blog for more information on the latest tips to help safeguard you and your family from becoming a victim of identity theft.

Identity Theft Scams Resulting From Tragedy

Thu, 23 May 2013 01:00:00 -0700

Be cautious of financial fraud scams asking for donations to help the victims of the tornado that hit Moore, Okla. on Monday.

Scammers can create emails and social media accounts that look authentic and resemble the Red Cross or another natural disaster organization. By clicking the links provided in these emails, those wanting to donate are unintentionally downloading spyware to the computer, tracking history and recording personal information like credit card and bank numbers.

Anyone wanting to support the victims of the Oklahoma tornado - or any other disaster - should refrain from clicking links on emails or Internet sites and providing personal information when called on the phone. Often these emails, phone calls and fishing scams are ignored, but when genuine emotion and desire to help victims of a tragedy are top of mind, it's easy to forget about the potential of foul play.

Learn more about how to donate to an Oklahoma tornado relief fund here without the fear of falling victim to financial fraud or identity theft.

Follow our IDentity Theft 911 blog for up to date information on the latest tips and techniques scammers are using and helpful tricks to avoid becoming a victim.

Yahoo Japan Data Breach Exposed 22 Million User IDs

Wed, 22 May 2013 01:00:00 -0700

Hackers compromised a user data file from Yahoo, Japan's largest Web portal. Yahoo stated that it isn't certain if the file containing 22 million user IDs was leaked or not, but cannot deny the possibility.

Turning off Internet access to the company's servers was the only way Yahoo could halt the attack.

Yahoo said it is contacting affected users and added a tool on the homepage for users to check if their ID was at risk from the suspected breach. Yahoo has since strengthened network security and recommended that all users change their passwords as an extra measure of security.

Last month Yahoo Japan discovered malware on its servers and added a "Secret ID" capability, which allows users to use an ID separate from the one that appears publicly to log on.

Follow our IDentity Theft 911 blog to stay informed on the most recent tips and techniques used to help safeguard you and your family from becoming a victim of identity theft.

Low-income Families Hacked Through Federal Phone Program

Wed, 22 May 2013 01:00:00 -0700

More than 170,000 personal records from the federal government's Lifeline program have been hacked and published online. The records were accessed through an Oklahoma City-based cell phone distributor, TerraCom Inc. and their affiliate YourTel America Inc.

The personal information included Social Security numbers, home addresses and financial account information. Lifeline is a federal program providing millions of low-income families with affordable phone service.

TerraCom Inc. and YourTel America Inc. were unaware of the hack and Scripps News uncovered the information on the web tracing it back to the Lifeline program and distributors. When Scripps informed dozens of victims of the hack they were "shocked" to learn about the news.

Multiple forms of personal information are needed to qualify for Lifeline phone services, including a driver's license number, Social Security number and Medicaid cards. An Indianapolis-based Lifeline distributor claims their employer has never asked about how they destroy this information as the majority of it is kept in a notebook or captured on a personal camera. This is a strict violation of Lifeline policy.

Follow our IDentity Theft 911 blog for more information on the latest tips to help safeguard you and your family from becoming a victim of identity theft.

House To Consider Privacy, Protection And Security Act

Tue, 21 May 2013 01:00:00 -0700

Georgia Rep. Hank Johnson introduced the Application Privacy, Protection and Security (APPS) Act to the House of Representatives Friday.

The act aims to help protect the privacy of users who use applications like photo or location-sharing on their mobile devices. The Federal Trade Commission would enforce the act and state attorneys general will be able to bring civil actions on behalf of consumers.

The act will require app developers to include a data-retention policy and allow users to request the developer to stop collecting data and delete stored data.

According to Rep. Johnson, consumers who helped build the legislation called for simple controls over privacy, security to prevent data breaches, and a notice of data collection on the device.

Follow our IDentity Theft 911 blog to stay informed on the most recent tips and techniques used to help safeguard you and your family from becoming a victim of identity theft.

Court Data Breach Affects More Than 1 Million In Washington

Tue, 21 May 2013 01:00:00 -0700

The Washington court system's public website was hacked early this year, potentially compromising more than 1 million Social Security and driver's license numbers of Washington residents within the court's system.

The Administrative Office of the Courts sent a letter to 94 victims whose Social Security numbers were obtained through a "fishing" scam. The courts also believe upwards of 160,000 Social Security numbers may have been obtained as a result of the data breach.

In addition to the Social Security numbers, the hackers may have had access to more than 1 million driver's license numbers belonging to residents in the court system. Any Washington resident who has received a petty speeding ticket to a serious criminal offense is vulnerable to the attack.

An IT operations manager for the Washington court system believes the attack derived from a weakness in an Adobe software program on the site. The portion of the database was password controlled but not encrypted, giving the hackers easy access.

For more information on the ways to help safeguard you and your small business from data breaches follow our IDentity Theft 911 blog.

Identity Theft Victim Jailed In Place of Perpetrator

Mon, 20 May 2013 01:00:00 -0700

When a friend told Kurt Millard that a local bail bondsman had an arrest warrant for him for failure to appear in court, Millard went to the police station to resolve the mistake. Police arrested Millard, 26, of Joplin, Mo.

The arrest warrant, however, was actually intended for another man. Police say when Jesse Boyd was arrested on vehicle tampering charges, he provided police with Millard's birth date, Social Security number and former address.

The jail did not learn that Millard's and Boyd's fingerprints did not match until Monday due to delayed communication from the Automated Fingerprint Identification System, according to the sheriff's office.

Millard was released. Boyd remains at large. In addition to the existing charges against him, Boyd will now also face additional charges of forgery and identity theft, according to the Jasper County Sheriff's Department.

Follow our IDentity Theft 911 blog to stay informed on the most recent tips and techniques used to help safeguard you and your family from becoming a victim of identity theft.

Repeat Offenders Strike Out With Baseball Team Theft

Mon, 20 May 2013 01:00:00 -0700

Fresno police executing a search warrant say they found the emergency information of the Clovis North baseball team, Social Security cards, driver's licenses and credit cards in the possession of a couple who have extensive criminal histories.

Police say they are not sure if Jack and Jennifer Fenton, the couple arrested in connection with the stolen identities, committed the original theft of the information or bought the stolen info from a third party.

Clovis Unified administrators say the emergency cards were stolen two years ago from the baseball coach's vehicle.

According to police, the couple has previously victimized hundreds of people, but the information of the baseball player's information has not yet shown signs of misuse.

Charges are still pending in this investigation, but Jack Fenton is already in jail on a theft conviction. Jennifer is facing a misdemeanor identity theft charge.

Follow our IDentity Theft 911 blog to stay informed on the most recent tips and techniques used to help safeguard you and your family from becoming a victim of identity theft.

New Team Takes Helm Of Global Credit Card Security Group

Fri, 17 May 2013 01:00:00 -0700

The Payment Card Industry Security Standards Council (PCI SSC), a global organization that sets credit card security standards for more than 650 member organizations worldwide, has announced the 2013-2015 Board of Advisors election results.

The new board members will be integral in developing the standards that member organizations agree to follow in order to increase data security when managing credit card payments. Major credit card brands such as American Express, Discover Financial Services, MasterCard Worldwide and Visa Inc. founded the organization in 2006.

The council now represents a wide variety of global organizations, and new board members hail from global organizations such as Bank of America, Cisco, Middle East Payment Systems, Woolworths Limited, Starbucks Coffee Company and British Airways.

The board will aim to support the Security Standards Council's mission of raising awareness and driving adoption of PCI Standards, like ensuring the safe handling of cardholder information, worldwide.

The PCI SSC is responsible for the development, management, education, and awareness of the PCI security standards, and other standards that increase payment data security.

Follow our IDentity Theft 911 blog to stay informed on the most recent tips and techniques used to help safeguard you and your family from becoming a victim of identity theft.

Two Companies Seek To Boost Android Security

Fri, 17 May 2013 01:00:00 -0700

Two major players in the telecommunications field have taken action to improve the image of the Android platform.

The telecommunications company Qualcomm has signed a deal with security specialist Kapersky to preinstall antivirus tools on Android devices running Qualcomm's Snapdragon processor.

The security application will be free for a period of time, then users will be asked to upgrade to a paid service.

Verizon has announced that it teamed up with American software company, VMware, to separate work and life profiles on Android devices. They hope to make Andriod more business friendly by promising tight data security with a dual persona solution, which enables a single device to house two separate user identities.

If an employee leaves the company, for example, the IT department could wipe out company data but cannot access the personal end of the device.

Follow our IDentity Theft 911 blog to stay informed on the most recent tips and techniques used to help safeguard you and your family from becoming a victim of identity theft.

Bronx Woman Indicted In Charity Scam

Thu, 16 May 2013 01:00:00 -0700

Nouel Alba, 37, was indicted on charges of scheming to defraud and identity theft, according to the Bronx District Attorney's Office.

Alba is accused of falsely claiming to be an aunt of one of the 20 school children killed at the deadly shooting at Sandy Hook Elementary School in Newtown, Conn. late last year.

Prosecutors say that Alba posted photos of a child and solicited donations on a Facebook page -totaling $240 in a PayPal account- claiming the funds would be used to help pay for his funeral.

Alba was first arrested in December and charged with one count of making false statements to federal agents. Alba denied being involved in a scam during news appearances in December.

Follow our IDentity Theft 911 blog to stay informed on the most recent tips and techniques used to help safeguard you and your family from becoming a victim of identity theft.

Identity Theft Ring Broke Into 800 Mailboxes

Thu, 16 May 2013 01:00:00 -0700

Thieves broke into approximately 800 mailboxes and numerous cars in Jackson County, Ore. to obtain checks and personal documents that could be used to generate cash.

Two suspects, Eduardo Navarro and Dallas Lee Tedford, are in custody and another two are being sought in connection with the ring, according to police reports.

Police believe up to 20 thieves may be associated with the identity theft ring.

Thieves used stolen mail to forge checks and illegally attain debit and credit cards in the victims' names. While many people are concerned about online identity theft and fraud, the majority of identity theft still occurs in very low-tech ways, such as through theft from mailboxes, cars and homes, and by picking through trash for discarded documents.

According to police reports the thieves used a smartphone app to take pictures of stolen checks to upload the money to prepaid debit cards, and they rewrote new amounts on stolen checks.

Follow the IDentity Theft 911 blog for updated information on Internet privacy solutions available to you and your business.

Florida Cracking Down On Welfare Fraud

Wed, 15 May 2013 01:00:00 -0700

Department of Children and Families (DFC) Secretary David Wilkins announced Florida is launching a new technology to crack down on welfare fraud.

The new program will ask applicants a series of personalized questions, flag applications made on behalf of prisoners or the deceased, and monitor websites for those who are selling, stealing or buying electronic benefit cards, which are used to authorize transfers of government benefits from a Federal account to a retailer account. Thieves register for a card through the online system using a stolen identity of an eligible recipient and divert the cards to their addresses.

The program is projected to save $60 million dollars a year according to DFC.

DCF received federal funds from the U.S. Department of Agriculture -which oversees food stamps- to pilot a program that uses computer technology similar to what credit card companies rely on to analyze suspicious billing patterns to spot fraud before the payment goes through.

Florida is a hotbed for identity theft. According to the Federal Trade Commission's 2012 Consumer Sentinel Network Report, the state is the country's per capita leader in identity theft.

Follow the IDentity Theft 911 blog for updated information on Internet privacy solutions available to you and your business.

North Carolina Anesthesiologists Report Data Breach

Wed, 15 May 2013 01:00:00 -0700

Hackers broke through a security flaw on the Presbyterian Anesthesia Associates website to access the healthcare provider's database.

The database included personal information such as names, contact information, dates of birth and credit card numbers for 9,988 people.

Presbyterian Anesthesia Associates has hired an identity theft firm to provide free fraud monitoring and insurance for people whose data was compromised, and the hospital claims that no medical data was taken in the attack.

Presbyterian Anesthesia notified the FBI and an investigation has been launched.

North Carolina is one of 46 states that require organizations to disclose data breaches to the people affected and to the state justice department.

According to The Third Annual Survey on Medical Identity Theft by Ponemon Institute, 6 percent of identity theft cases came from a data breach of a healthcare provider or insurer in 2012.

Follow the IDentity Theft 911 blog for updated information on Internet privacy solutions available to you and your business.

Social Media Helped to Catch Identity Thieves

Tue, 14 May 2013 01:00:00 -0700

A Florida couple is facing up to 12 years in prison and hefty fines after attempting to sell stolen identities. Nathaniel Troy Maye and Tiwanna Tenise Thomason pled guilty to aggravated identity theft and possession of unauthorized access devices.

The couple met with an undercover IRS informant at Morton's steakhouse, where they handed the informant a USB drive containing 50,000 identities to be used to file fraudulent income tax returns.

The photo Maye took of his meal was used to correctly identify him and link him to the crime. The photo, posted to the photo-sharing social media site Instagram, helped police locate and identify the thieves.

The drive they acquired from the couple contained 50 identities and hidden data linking the drive to "Troy Maye," according to IRS agents.

When the IRS agents arrested the couple, they found two additional flash drives containing as many as 55,000 stolen identities in Thomason's apartment.

Follow the IDentity Theft 911 blog for updated information on Internet privacy solutions available to you and your business.