Intruder Accesses University Server, Unknown if Data Compromised

The information of some 176,000 past and present employees and students of Virginia Commonwealth University is potentially at risk after routine server maintenance of the university computers revealed unauthorized activity. Unauthorized accounts were created on the server and were taken online, so the IT department is unsure of whether or not the files on the server had been opened, copied, or distributed.

While the university is unsure of what exactly occurred with the file and the intruder’s actions, they are still concerned because of the sensitivity of the information stored in the files. The files on this server included names, Social Security numbers, date of birth, and other contact information that can be used for identity theft. Though the risk is low, it is still present.

Virginia Commonwealth University has notified all of those who may have been affected both by email and through first-class mail. They suggest considering credit monitoring services and identity theft protection, as well as being diligent and monitoring personal financial accounts to ensure personal information is not at risk.

Financial Information of Hospital Bill-Pay Patients Left Publicly Available Online

Lawrence Memorial Hospital in Lawrence, Kansas is currently working with Mid Continent Credit Services to offer one free year of credit monitoring services to their online bill-pay customers after finding out that information such as patient’s names, credit card data, checking account information, and other financially identifiable information was found publicly available online for approximately one month.

For any of their patients that make their hospital payments through the online bill-pay system by Mid Continent Credit Services, credit monitoring services are being offered to protect them from the possibilities of identity theft. However, it is recommended that individuals also closely monitor their credit card and bank statements for any unusual or suspicious activity that could be caused due to this incident.

Bankrupt Company Leaves Personal Documents at Facility

Indalex, Inc., a company that went out of business due to bankruptcy in 2009, left their nine-acre facility in Modesto, California vacant. While looters came to get metal scraps and anything of worth, it wasn’t until recently it was discovered that there were thousands of personal files that included names, birth dates, addresses, and Social Security numbers that spilled and started spreading through neighborhoods by wind.

The jail alternative work program from Stanislaus County organized work crews to go through the abandoned complex to find and recover as many files and paperwork as they could in order to reduce the risk for identity theft for previous employees and customers. The sheriffs and work crews are appalled at the negligence of personal information, as it should have been properly shredded and disposed of instead of being left inside the abandoned facility for the taking.

For anyone who has worked or dealt with the company Indalex Inc. in Modesto, California, it is strongly recommended that credit monitoring services be considered in order to protect their identities.

Employee Theft Leads to Use of Orthopedic Patient Information for Fraudulent Tax Returns

Thirty-two patients from Emory Healthcare orthopedic offices in Atlanta, Georgia were notified that their information was used to file fraudulent tax returns. This led investigators to determine the source of the problem–an employee that was fired for inappropriately handling patient files at the office.

The home of Annette Ford, 47, was investigated and boxes, folders, and binders of personal information of other individuals were found. This included a binder with almost 6,000 names with corresponding birth dates and Social Security numbers. There were also mortgage and bankruptcy paperwork, bank statements, tax returns, and other files that were or could be used for identity theft.

Incidences like this happen more often than we think, which is why it is essential to protect our identities and credit reports. Emory Healthcare is notifying over 7,000 individuals that may also be at risk because of this incident, and in the meantime, are recommending ways for their patients to protect their identity, with services such as credit report monitoring.

Website Hacked by Protesters of 99% Movement

In October of 2011, the websites of various law enforcement agencies were hacked, and the websites were defaced. Additionally, personal information such as Social Security numbers, names, addresses, and other employment information of police officers were posted publicly online with a notice that the attack was a support effort of the 99% movement, or the “Occupy Wall Street” protests, by the Anonymous and Antisec factions. Agencies affected include International Association of Chiefs of Police, Boston Police Patrolmen’s Association, and the Baldwin County Sheriff’s office in Alabama.

Anyone who has any affiliation with these associations or law enforcement agencies should be well aware of their risk for identity theft due to the actions of the hackers. Credit monitoring protection services are recommended to ensure that no financial accounts are accessed and used inappropriately due to the leak of personal information from this incident.

Wells Fargo Bank Customers Sent Wrong Bank Statements

Wells Fargo recently discovered that due to a printer error, monthly bank statements were sent to the wrong customers. It appears that there are approximately 30,000 incorrect statements that were sent to the wrong individuals. If this information ends up in the wrong hands, identity theft is a huge consequence.

Wells Fargo bank statements include the full bank account number, and with the right information, identity thieves can wreak havoc on other bank accounts and financial records. This, in turn, could cost Wells Fargo thousands of dollars if they end up footing the bill for fixing the credit of all those affected.

Though there have not been any reports of misuse due to this incident, it is highly recommended that Wells Fargo customers look over their statements regularly in order to ensure there are no errors or unusual charges on their bank accounts. This may be a sign of fraudulent use, and needs to be reported to the bank immediately. In the meantime, signing up for identity theft protection services is a great way to ensure protection of your financial accounts and history to ensure your good standing on your credit report.

Rent-to-Own Store Computer Stolen, Thousands of Customers at Risk for Identity Theft

Aaron’s Inc. rent-to-own store in Fresno, California was burglarized on September 26, 2011. During this time, numerous electronic devices were stolen, in addition to a computer that was used for the franchisee store operation. This particular computer stored customer data, including names, addresses, and Social Security numbers of those who have previously used the store’s services.

Although it is believed that the burglary was done in order to obtain high-ticket items such as electronics and not necessarily stealing the computer for the data stored, Aaron’s Inc. is still offering their customers one year of free credit monitoring services to help protect their customers from the possibility of identity theft.

Businesses Need to Take Note of Identity Theft

Businesses need to take note on the subject of identity theft. Not only can they lose money due to the crime itself, but they can also be subject to a lawsuit. For example, one is taking place in the Harris County District Court in Texas. Hestining Hasan is suing the owners of BMW of Houston North for negligence. The dealer allegedly allowed a thief to purchase a vehicle using her credit information and a forged signature. Hasan attests that said sale has damaged her credit rating and her reputation and is seeking court costs and further damages.

While people think about how identity theft can affect them personally, fewer stop to consider the effect it can have on business owners. If the owners don’t use due diligence verifying the identity of persons who make purchases, especially large ones, they could be headed for bankruptcy. For example, imagine what could happen if that dealer is unable to recover the BMW, which was financed using fraudulent information. The dealer will be out tens of thousands of dollars. On top of that, if Hasan wins the case, that could add up to thousands more in debt.

This brings me to my point. Although it may be annoying to have to prove that you are who you say you are, you should expect to do so if you’re spending a considerable amount of money. In fact, if you’re not asked to, you probably shouldn’t make the purchase. It seems that the company doesn’t value security all that much. It can save both you and the business a lot of headaches in the future. Keep in mind that before you provide the information, you should be sure that the business is legitimate. A major car dealer is a pretty safe bet. For smaller operations, you may want to confirm with the chamber of commerce or the better business bureau. This is particularly important if the only presence the business has is over the Internet.