External Hard Drive Missing, Over 8,000 University of Arizona Students’ Identities at Risk

The University of Arizona is currently sending out letters informing students of possible identity theft after an external hard drive goes missing during the “records room” relocation in October. The external hard drive contained records of student withdrawals, disciplinary actions, and in some cases, Social Security numbers.

An investigation is underway, and the campus is notifying students by letter of the possible data and security breach, as well as identity theft protection tips such as signing up for credit monitoring services or placing fraud alerts on accounts to avoid the possibility of changes or unusual activities on financial records.

In the meantime, there has been no suspicion of the information on the drive being accessed or utilized in a harmful way; however, the concern for identity theft is great.

Thousands of Houston Students and Employees’ Information at Risk After Computer Hack

Back in October of 2010, it was suspected that a Houston school district’s computer system had been hacked, either on campus or through remote network access. The FBI has been involved, as it appears as though the hacker had access to years of grades, Social Security numbers, personal data, and even employee bank accounts by accessing the files.

The investigation with the FBI is still underway, but the Houston Independent School District is taking all steps possible to improve and boost their computer networks’ security and accessibility, planning on spending roughly $10 million to do so.

In the meantime, anyone who works for or has attended school in the Houston Independent School District should closely monitor their credit reports for unusual or suspicious activity, and it is strongly encouraged that they place fraud alerts on their credit reports and possibly sign up for identity theft protection service to ensure their personal information is not at risk for identity theft or unauthorized changes.

Online Identity Theft Via FaceBook Screen Scraping

You’ve heard of phishing, you’ve heard of hacking, but have you heard of screen scraping. This is just another in a series of buzz words related to online identity theft. Screen scraping refers to the act of using a social networking site, such as MySpace or Facebook, as a way to pretend to be somebody else, while accessing that person’s bank accounts. Thieves find out the information they need to commit their crimes simply by scrolling through people’s publicly viewable profiles.

A lot of times all they have to do is figure out the victim’s pet’s name, the person’s birth date, his or her favorite color, where he or she went to school, or something similar to that. These are super common things to use as passwords. You may even be nodding as you read this.

Another common screen scraping technique is to use such information to log into a victim’s account in order to victimize that person’s friends. The thief can pose as the person and either post a status update stating that something has happened and he or she needs money right away or simply message friends and ask leading questions that can get them to give up their personal information. After all, this is someone they know, right? If you notice your account has been hacked, be sure to let your friends know ASAP to help them out.

The obvious thing to glean from this is to not share personal information on social networking sites. Sure you can use your real name. But that should really be as far as it goes. People that haven’t seen you in 20 years – or ever – don’t need to know your address, the address and phone number of your workplace or what movie theater you will be at on Tuesday night at 6:45. If your friends do need to know this information, there is always email or the telephone.

It can be difficult to tell how safe your information is on social networking sites on any given day. While representatives of the most popular sites say that they are doing what they can to prevent identity theft and fraud, it can be exceedingly difficult to police the activities of over 500 million users in dozens and dozens of countries around the globe.

You need to take responsibility for yourself and what you post. Certainly don’t give out any of your personably identifiable information. An identity theft protection plan is good backup to have too. It can help protect your information if you slip up, without your even having to think about it. Identity theft protection plan or no, though, it’s not a good idea to post where you’re going to be on a social networking site. This is not just an identity theft issue, it is a personal safety issue as well, so be careful.

8,000 University of Tennessee Medical Center Patient Being Notified of Privacy Breach

The University of Tennessee Medical Center is sending out letters regarding a recent security breach involving some 8,000 patients of their hospital. This letter, being sent as a way to notify others of what has occurred, includes information as to how to receive a free credit report and suggesting other ways of protecting financial information, such as credit report monitoring and identity theft protection services.

Apparently it was discovered that a daily administrative report was printing within the building, and was being filed with others that were maintained for 45 days back. This filing system was set up to have the oldest report discarded as the newest report was added, keeping a strict 45 day historical record at all times. This administrative report included names and Social Security numbers. What happened was the office found that the old reports were not being shredded and were just being thrown into the standard waste receptacles within the office.

Although this appears to be a minor incident, it is major in the fact that a number of people may have been affected, and that it is unknown as to how long this has been going on and if the information had been accessed by a third party.

The company is looking into how their disposal techniques are being followed through, and to work on keeping a similar situation from happening in the future.

A different kind of medical identity theft

It’s enough hassle having to worry about identity theft when you give your doctor your medical information. Imagine being a doctor and learning that because of your job your personal information may have been released for the whole world to see. This is the reality for approximately 800,000 doctors who conducted business with the Blue Cross and Blue Shield insurance company. Yes, you read that number right: 800 K.

These doctors could now have both their personal information in the hands of identity thieves because a Blue Cross employee in Chicago left a laptop in the car and a thief reached in and grabbed it. Before you start giving the insurance company a lot of grief, know that this was not a company laptop but a personal one – on which the employee copied sensitive information, such as Social Security numbers. There is no proof that the person who stole the laptop did so in order to get that information. However, if he or she happens upon it accidentally, it could seem to him or her to be just one extra windfall.

Luckily the laptop didn’t contain any information regarding patients, or that 800,000 could have easily ballooned to several million. While this is not comforting to the doctors, it is surely a relief to Blue Cross and Blue Shield.

While this theft occurred in August last year, many doctors who may have been affected only learnt about it two months or more later. The Chicago chapter of the American Medical Association sent out alerts and offered free credit monitoring services to the affected doctors. Too bad they didn’t have this service at their disposal back in August when it would have been of the greatest help, since they could have signed up for an identity theft protection plan right when they really needed one.

This notification process is definitely not as effective as an identity theft protection service, which has kept many a consumer safe in similar circumstances. If any of these doctors had such a plan, they could have been notified in hours, not weeks, if a thief had tried to use their personal information. That’s because these plans set the wheels in motion before extensive charges are made and sometimes even before fraudulent accounts are created.

Some identity theft protection plans can:

*Search for a person’s personal information on illegal websites used for buying and trading personal information.

*Note suspicious account name and address changes and alert the account holder.

*Check credit reports on a daily basis to ensure there are no delinquent charges.

*Provide insurance to help a policy holder survive identity theft that is not of his or her doing.

It’s difficult to protect your personal information on your own when there are so many people out there that seemed determined to make this near impossible, such as those who can’t be bothered to take their laptops with them instead of leaving them to sit in the car. Just ask the more than 10 million Americans who became identity theft victims last year.

Sensitive Documents and Paperwork Thrown in Dumpster in Tacoma, Washington

Paperwork containing the names, birth dates, Social Security numbers, and even mothers’ maiden names of local citizens was found laying in a dumpster outside of the Rhodes Building in downtown Tacoma, Washington. This paperwork was said to be linked to the State Department of Labor and Industries, as well as the Washington State Employees Credit Union in the area, and the office manager of the labor department was shocked and stunned to see these documents so casually discarded in a public dumpster.

Although their company’s policy is that sensitive information is shredded and destroyed, this situation brings a number of concerned citizens out of the woodwork, demanding why their information was not properly disposed, and outraged at the risk that this kind of information puts them in.

The company is allegedly looking into their disposal practices at all locations, and are going to be investigating further into how the documents came to be outside the building in the dumpster for public access. In the meantime, anyone that is concerned of identity theft is strongly encouraged to place fraud alerts on their credit reports and perhaps sign up for credit monitoring services through a reliable company.

Federal Reserve Bank Computers Hacked and Personal Information Stolen For Malaysian Man

A Malaysian man was arrested at John F. Kennedy airport when he was trying to head to New York to meet with other hackers to share stolen credit card information with.

Lin Mun Poo was planning to exploit the stolen information that he received by hacking into the Federal Reserve Bank’s computers system, obtaining credit card information and personal data that could be used in performing identity theft.

During the investigation and interrogation, Lin Mun Poo admitted to a number of additional crimes, stating that he had hacked the Cleveland Federal Reserve Bank back in June of 2010, and that his intent in New York was to use some of the credit card numbers to obtain cash through New York ATM machines.

If you feel that your information may be at risk, it is recommended that you monitor your credit reports for suspicious or unusual activities, as well as sign up for an identity theft protection service to ensure your accounts are protected.

Vishing Scams to Commit Identity Theft

You’ve probably read dozens of articles on phishing scams, but you may not have heard of vishing scams, which are essentially the same as phishing but take place using the telephone. There are two ways that identity thieves perform these scams.

The first way is simply by calling your home or place of business and telling you that your account has been compromised, then telling you that you have to give out your account number or your password in order to confirm that you are the owner of the account. The caller will say that he or she is with a legitimate business to try to fool you into supplying the information.

The second way is to send you an email or a text message asking you to call a specific number. You initiate the call, but the scam is essentially the same, and your information still goes directly to the thief. You may not realize you’re being vished at times because the phone is answered by an automated service and you’re asked simply to type your information in. Not only is it possible, it is an ideal option since the thief doesn’t even have to “hire” a person to help answer the phone.

To prevent yourself from being a victim of vishing, you’ll want to hang up on any caller that requests your personal information. You don’t have to be rude about it; just say you will call back, and then do, using a legitimate number for that organization. Don’t initiate calls to numbers you receive in emails or unsolicited text messages. Also, never supply your personal information via text. This is not a very secure channel.

If you think you’ve already been a victim of vishing, contact all three credit bureaus and have a fraud alert put on your file and then monitor your credit. Also, call the company that the thief said he or she was with to report the information so you can help prevent others from falling for the same scam. It may be difficult for law enforcement to prosecute the thief, since many vishers work from outside the United States, but it still makes sense to contact the Federal Communication Commission to see if anything can be done.

As long as you keep checking your credit report, and register for identity theft protection, you should be able to escape without too much damage done. Just make a vow not to fall for something similar in the future – and advise your friends and family of about vishing and identity theft.

Wrong Information Mailed to AARP Policy Holders

In a recent mailing from AARP, American Association of Retired Persons, life insurance policy holders
found that they were receiving the wrong information—information of other policy holders.

Although Social Security numbers were not part of the released information, the concern comes into
play when a person could use the information in the letter to log onto the AARP website, request a
password change, then access payment information such as checking account numbers an credit card
information.

New York Life, the company that underwrites the AARP policy plans, wants to know the customers
that are receiving the improperly addressed letters, and request that you contact their customer service
center immediately upon discovering the error. In the meantime, it is highly recommended that you
place fraud alerts or sign up for identity theft protection if you are a member of AARP and are
concerned about your financial privacy.

Customer Database Hacked, Credit Card Data Accessed Without Authorization

Months before the intrusion was discovered, there was suspicious access to a customer client database
at ECS Learning Systems. Discovered mid-October but dating back to April of 2010, there was
unauthorized access to a credit card database on their site. This database, which was stored to allow
returning customers to make a new purchase without reentering their credit card information, contained
names, telephone numbers, addresses and credit card details.

No longer will ECS Learning Systems store this information in an accessible database; however, they
understand the extent of the problem and have sent letters to 1,300 customers notifying them of the
incident and giving them ways to protect their financial status, either by placing fraud alerts on their
credit reports or by signing up for credit protection services.

Next Page »