New York College Students Receive Letter Regarding Loss of Personal Information

A computer stolen from City University of New York causes the school to send out letters to its students regarding a security breach due to a database that was stored on the computer and contained the Social Security numbers and personal information of some 7,000 students.

A rude awakening into the world of identity theft, these students have been notified that the computer was indeed password protected, but there is always the concern that the information could be hacked by someone seriously willing to obtain the data on the computer and cause malicious attempts at identity theft with the information.

Those concerned about their information are strongly encouraged to sign up with whoever they think is the best credit monitoring service to make sure their data has not been compromised or tampered with by identity thieves and to start monitoring their credit.

Texas Company Offering Credit Monitoring Services After E-Mail Attachment with Sensitive Data was Sent Inadvertently by Employee

Texas-based hospitality product company, Kinetic Concepts, Inc., is currently contacting some 4,000 employees of their company regarding an accidental data breach that occurred after an employee emailed a document as an attachment with sensitive and personally identifiable information included.

This email attachment, which included Social Security numbers, names, addresses, and birthdates, is the reason why the company is sending letters to a majority of its employees and offering credit and identity theft protection services to those affected. The email, which was sent and quickly detected as being inappropriate material to send via electronic means, was quickly followed by another email asking that the attachment be deleted in its entirety. Internal experts investigated and have determined that the email has not been downloaded, forwarded, or saved to any computers within the company.

Those affected are being notified by Kinetic Concepts, Inc., but if you have any concern over your personal information, you are strongly encouraged to consider an identity theft protection service like LifeLock, TrustedID, or Identity Guard to name a few of the more popular options available online.

Red Flag Rules on Identity Theft

The Federal Trade Commission’s Red Flag Rules, which seems to be perpetually on the horizon since they were postponed several times with the lastest deadlines moved from November 1, 2009 to this past June 1 to December 31, 2010.

To comply with these rules, many businesses that deal with personal information have to write up identity theft prevention plans detailing how they will protect consumers from becoming victims of this crime. These businesses include banks, credit card companies, car dealerships, healthcare providers, utilities, brokerage firms and mortgage lenders. If any of these companies outsource to other organizations, these parties must be in compliance as well. The problem lies in the fact that some businesses, such as attorneys and veterinarians, fall into a gray area and do not want to have to comply. Hence the continued postponement while lawmakers make subtle changes to eligibility.

These prevention plans must have four parts to them: identification, detection, response and revision. The identification portion shows how the organization will recognize patterns that could lead to identity theft or appear to already be doing so. These are considered “red flags.” Examples of red flags can be:
*Warnings from the credit bureaus of other reporting agencies
*Suspicious identities, activities or documents related to an account
*Notices from law enforcement or other authorities regarding potential foul play

The detection portion describes how the organization will look for these patterns. The response portion refers to what the business will do once it sees red flags. The revision portion specifies how the organization will update its first three steps as the risks change over time. With the plan in place, it is then up to the company to train employees that handle sensitive information on how to comply with Red Flag Rules.

Some organizations may try to get around these rules or simply ignore them when they become law. This could be to their detriment. While the FTC will not be auditing each individual company, it will act on any reports of noncompliance. If a company is found to be ignoring the rules, the Justice Department may sue. The organization could then be forced to pay a fine of up to $3500 per violation and be subject to mandatory audits each year.

While companies are stepping up their games, whether they like it or not, this is a good time for you to do an audit of your personal red flags. Take some time to check your account statements for any suspicious charges or name or address changes you did not authorize.

Order a copy of your credit report through annualcreditreport.com and make sure all the information is right. Check up on your passwords for any online accounts you hold and make sure they are secure enough that no one can easily guess them.

If you want to get red flag alerts of your own, it may be time for an identity theft protection plan. These plans can keep watch over your credit and your personal information and inform you if anything suspicious occurs.

While you still need to check your credit report and your account statements yourself, the plan can help you in those times when you are not as vigilant as you should be. You won’t be fined for noncompliance, but you could end up paying thousands of dollars or losing a week or more of working time trying to fix an identity crisis. That’s why identity theft protection is so important.

Hotel Company Chain Responsible for Credit Card Hack of Some 3,400 Customers

If you visited a Marriott, Sheraton, Westin, or other hotel chain owned and operated by HEI Hospitality between March and April and used a debit or credit card to pay for your stay, you may be at risk for identity theft after a hacker intruded on the company’s point of sale system and accessed thousands of credit card and debit card numbers through the system. It is believed that the hackers accessed the payment card data via compromised POS systems between the dates of March 25, 2010 and April 17, 2010, and at this point, there have been no reports of misuse of this information from any of the guests.

Although HEI Hospitality has notified those by letter that may have been affected (expected to be some 3,400 customers), they are also offering a free year of credit monitoring services to those who may be at risk for identity theft after this unfortunate incident.

If you feel you may be at risk for identity theft after reading this report, it is highly recommended that you consider signing up for identity theft protection services to ensure your financial and personal information is not at risk. If you received a letter from HEI Hospitality, chances are you have been offered the free credit monitoring services that they are extending to those they know are affected.

Missouri Union Pension Fund Council Sends Mail to Union Members with Social Security Numbers Printed on the Outside of Envelopes

Members of the Carpenter’s District Council of Greater St. Louis and Vicinity have received a letter regarding a serious security and data breach that occurred after they sent out a mailing to their 24,000 beneficiaries of the pension fund that included the recipient’s Social Security number on the outside of the envelope.

Although this was done completely in error, the attorney general for Missouri states that the union has not yet reported the data breach as required my Missouri and Illinois law. Although not yet determined, it is typical for companies and departments that are involved in a data or security breach offer six to twelve months of credit monitoring services for those affected. With a breach this large (involving some 24,000 pension fund recipients), offering free identity theft protection services would cost the union thousands of dollars in funds.

Massachusetts Community Hospital Records Found in Dumpster

Pathology records from four Massachusetts hospitals were found in a recycling station, easily accessible by anyone who was interested in misusing the information. The records included information on patients that included names, birthdates, Social Security numbers, and medical information and insurance policy data.

The four hospitals include Carney Hospital, Holyoke Medical Center, Milford Regional Medical Center and Milton Hospital, all community hospitals in the area.

The breach is said to include an estimated 20,000 patient files, and since notification of these patients is not something that is feasible, they have posted public notices on their websites letting patients know of the impending risk of their information. Since the dumping of these documents is considered a legal matter, owners of the billing company that handled the documents were not willing to speak to authorities.

The hospital websites where the public notices are published online include caritaschristi.org, holyokehealth.com, and miltonhospital.com, and it is strongly encouraged that if you were a patient at any of these locations that you consider credit protection services to monitor your financials for suspicious activities.

Portland, Oregon College Paying for One Year of Credit Protection Services for 2,900 Individuals after Data Breach OccursPortland, Oregon College Paying for One Year of Credit Protection Services for 2,900 Individuals after Data Breach Occurs

An employee of the Portland Community College had a portable data storage device stolen from his car, which included the names and Social Security numbers of participants in the Oregon Food Stamp Employment Transition Program, or “OFSET.”

It is understood that there were an estimated 2,900 individual participants whose information is at risk due to this theft. It is unknown if the data storage device was password-protected, but so far there have been no reports of information misuse at this time.

Due to this incident, the Portland Community College in Portland, Oregon (Multnomah County) has sent letters advising those who may have been affected by this incident. They have also been offering one year of credit protection through Debix Credit Protection in order to properly protect those whose information is at risk due to this particular incident off-campus.

Sara Palin Identity Theft

Sarah Palin is in the news again, but this time it’s not because she’s running for office or promoting a book. Instead, her name is in headlines due to the resolution of an identity theft case that has been in the courts since 2008. At that time, when Palin was still the nominee for vice president of the United States, then 20 year old David C. Kernell hacked her email account by guessing her password. He then changed the password on the account and posted it online for the world to see.

A few months ago, the jury in Kernell’s case was asked to make a decision as to whether he was guilty of identity theft for his actions. They came up with a verdict on every charge except for this one. It’s reported that some jurors are confused as to whether this case meets the legal definition for the crime. The other charges were destruction of records to hamper a federal investigation, wire fraud, and illegally obtaining information for a protected computer.

No matter what the jury eventually decides, it’s a good time to reiterate an important point. Be very careful what you use as your password. If you use your last name, your dog’s name, your birthplace or “password,” chances are a thief can guess it in minutes. And another thing, it’s likely you use the same passwords for multiple accounts. It makes sense, since it can be hard to remember them otherwise. This is a very dangerous thing to do, though, since once a thief gets access to one of your accounts, he or she has an open pass to using the others as well.

While it’s unlikely an identity thief will publish your password in a public forum, it’s fairly commonplace for them to post account information on underground websites to trade it with another thief for a little bit of cash. That’s right; your entire online life is only worth a couple of dollars. Since you are not in the public eye as much as Palin is, it’s doubtful you’ll realize as quickly that your accounts have been hacked either. You may find out after a thief uses your information to email all your friends as you requesting money, or worse, changed information in your online bank account so that he or she can open a loan.

If you don’t pay close attention, you’d best find someone that will, in the form of an identity theft protection plan. I wonder if Palin opened one for herself in the wake of this fiasco. She obviously needs some help in choosing more secure passwords.

Six Florida Community Colleges Notifying Over 126,000 Students of Security Breach

Six Florida community colleges are in the process of notifying some 126,000 students about a breach of personal information. A glitch that happened during a software upgrade caused personal information, such as drivers’ license numbers and Social Security numbers, to be accessible online on the college websites. The incident was reported by a student that found their information on the website by using Google to search their own name online. It appeared that the information was available and accessible online for almost one month before it was noticed.

This comes about one month after another data breach incident that occurred at Florida International University, which left 19,000 students with their names, personal information, and Social Security numbers at risk.

It is highly recommended that if you were one of the students who received a letter regarding this security breach that you consider using a credit monitoring service or identity theft protection service to safeguard your personal and financial information.

University of North Carolina at Greensboro Notifying 2,500 Individuals of Medical Information Breach

North Carolina’s University at Greensboro is mailing letters to over 2,500 after two of their clinics had personal information posted and exposed for public access on their websites. This happened due to a malware infection on their university’s computers.

Although they are unsure as to whether any of the information was used inappropriately or accessed, they are still taking all the necessary precautions to contact and inform anyone who was a part of the university’s Speech and Hearing Center and Psychology Clinics.

The University of North Carolina at Greensboro strongly advises that those who may have been affected visit the Federal Trade Commission’s identity theft website at ftc.gov/idtheft and that they place fraud alerts and credit holds on their personal credit files, or to enroll in a credit protection services or identity theft protection services to ensure the safety and protection of their personal and financial information.

Next Page »