Phoenix Personal Injury Lawyer - Identity Theft

Presidential Candidate Romney Victim of Laptop Theft

Staff Writer — Tue, 11 Sep 2007 09:00:00 GMT

Those who do not learn the lessons of history are bound to repeat them. Republican presidential candidate Mitt Romney has apparently learned some of the lessons from recent high profile laptop thefts involving government agencies such as the Veterans Administration and private business such as Stevens Hospital in Washington.

Over the weekend, burglars broke into Candidate Romney's campaign headquarters and stole several laptop computers and other electronic equipment. According to a Romney campaign spokesman, the laptop computers were password protected and encrypted and

"The only thing they're good for is parts," campaign spokesman Eric Fehrnstrom told the Associated Press.

Password protection and disk drive encryption provide essential security tools to protect against data and identity theft. The Romney campaign apparently did things correctly. The only possible problem would have been if campaign staff members placed passwords on or nearby the stolen laptop computers. According to the Privacy Rights Clearinghouse, since 2005, over 165,000,000 personal confidential records have been compromised exposing personal information to risks of identity theft. In today's world, laptop password protection and data encryption are no longer an option. Keep that in mind the next time you decide to go to work for a presidential candidate.

Originally posted at InjuryBoard by Staff Writer

Major Data Breach at Monster.com Exposes 1.3 Million Personal Records

Staff Writer — Sun, 02 Sep 2007 12:00:44 GMT

This past week, Monster.com disclosed that thieves hacked into and stole confidential information about several hundred thousand job seekers posted in 1.3 million records.

According to a Fox news report,

The information, which included first and last names, e-mail and home addresses and phone numbers, was then used to send "phishing" e-mails to members, apparently from Monster.com, encouraging them to download a tool known as "Monster Job Seeker."
The tool was in fact a malicious program known as a "Trojan," as in Trojan horse, which encrypted files on the victims' machines, making them inaccessible to the computer owner.

Rather than immediately notifying affected consumers about the data breach, it appears that Monster.com waited almost one week before disclosing the intrusion. Yesterday, Monster.com indicated that it would heighten its security and surveillance measures to minimize the risk of such a major data intrusion.

Internet security vendor Symantec corporation described the data intrusion and risks of further criminal activity. Interestingly, according to Symantec, thieves have attempted to extort victims by locking down and encrypting personal files located on their personal computers demanding money to return accessibility to various personal files.

This data breach should serve as a reminder that because data thieves are increasing the type and sophistication of computer attacks, corporations and individuals should take Internet security seriously. Also, when a person or business discovers a data breach, shouldn't disclosure to potential victims occur promptly? I have not seen any explanation about why Monster.com waited close to a week before publicly explaining what happened. During this time period, hundreds of thousands of consumers could have become unwary victims of identity theft or extortion. The delay may have been appropriate to learn more detail about what happened but I cannot find any company explanation. Do you think the company acted appropriately? Will this recent data intrusion affect your interest in doing business with Monster.com or any other electronic commerce vendor? Will it heighten awareness of data security needs? Do you think electronic commerce and computer security will improve in the days and months ahead? I'd like to hear your thoughts.

Originally posted at InjuryBoard by Staff Writer

Automobile Theft Can Lead to Identity Theft

Staff Writer — Sun, 22 Jul 2007 08:00:16 GMT

Arizona leads the nation in reported cases of identity theft. According to the Arizona Republic, metropolitan Phoenix also ranks fourth in the nation in reported cases of automobile theft as well. Considering these statistics together raises some concerns for drivers in Phoenix who leave various personal documents inside their cars. The Republic cautions that based on identity and auto theft risks,

Phoenix police are seeing more crimes in which thieves break into a car to take documents, sometimes snagging a remote garage-door opener to pillage the vehicle owner's home.

Unfortunately, it may no longer be appropriate to leave personal information inside your unattended vehicle. For example, leaving title inside your vehicle allows criminals to attempt to steal your car and obtain a fraudulent title transfer. Also, insurance cards containing your address may lead criminals directly to your doorstep while you are away. You may need to take these identifying documents with you when you leave your vehicle unattended. Other documents containing personal information can expose you to identity theft. In short, according to the Phoenix Police Department,

Cars can be a great place for thieves to get crucial information about you. Phoenix police and the Arizona Automobile Theft Authority offer the following tips:
â€¢ Take your vehicle registration, insurance cards or any other identifying information with you.
â€¢ Remove garage-door openers.
â€¢ Do not leave your purse or wallet in the glove box or under the seat.
â€¢ Routinely clean out your car to remove identifying papers and other items.
â€¢ As a backup, set up a P.O. box to receive mail on vehicles, insurance and other important documents; it safeguards your address.

Following these suggestions will not completely eliminate risks of identity or auto theft. However, these steps may reduce risks and make identity theft more difficult for criminals looking for crimes of opportunity.

Originally posted at InjuryBoard by Staff Writer

Former Employee Steals Personal Data on 2.3 Million

Staff Writer — Tue, 10 Jul 2007 10:00:00 GMT

A company providing check authorization services became the most recent target of data theft. An apparently "rogue and dishonest employee" recently stole personal and confidential information about approximately 2.3 million customers and then sold this data to various direct marketing companies leaving behind millions of possible identity theft victims. Although, other than for marketing purposes, this theft has apparently not yet led to the improper use of personal information. However, it did lead to the sale of customer data. This most recent data theft presents yet another internal data security concern and highlights why data protection and security must be prioritized.

Originally posted at InjuryBoard by Staff Writer

Maricopa County Recorders Office Redacting Personal Information from Public Records

Staff Writer — Tue, 29 May 2007 17:55:11 GMT

A few months ago, I shared a concern that, despite warnings about unnecessary risks of exposing social security numbers and other personal information to identity theft, the Maricopa County Recorder's Office continued to allow unfettered access to private confidential information on its web site. Thankfully, it appears that the County has been working toward a resolution of this problem. According to the Arizona Republic, in an effort to minimize identity theft risks, the County has been picking up the pace of its efforts to remove social security numbers and other personal confidential information from records it maintains on the Maricopa County Recorder's Office web site.

The county hired a company to review all records maintained in the Maricopa County Recorder's web site and black out all references to social security numbers. According to a county spokesperson, almost all records have been redacted and the redaction project will finish in July. I still believe that rather than allowing unlimited access to records maintained in its database, in response to a public records request, the County should have limited access to records for a day or two until it could review and redact confidential information. Hopefully these past few months have not proven to be a windfall for identity thieves looking for new victims and easy access to confidential information.

Originally posted at InjuryBoard by Staff Writer

Transportation Security Administration Loses Sensitive Computer Hard Drive

Staff Writer — Tue, 08 May 2007 17:00:00 GMT

The Transportation Security Administration has apparently lost a computer hard drive containing personal information concerning over 100,000 employees this week possibly exposing them to risk of identity theft. According to the TSA, the hard drive was discovered missing from a controlled area and officials have called in the FBI and Secret Service to assist in the investigation to determine the extent of harm to employee identities.

Just this past month, the Internal Revenue Service acknowledged losing 490 laptop computers and exposing taxpayers to possible identity theft. Now the TSA acknowledges losing a computer hard drive. Looks like the government still has lessons to learn from last year's incident involving theft of a laptop computer from the Department of Veterans Affairs which could have exposed over 26.5 million veterans to the risk of identity theft.

Originally posted at InjuryBoard by Staff Writer

Remembering Crime Victims

Staff Writer — Mon, 23 Apr 2007 17:00:15 GMT

Today marks the start of the National Crime Victims Rights Week highlighting the rights of crime victims to be treated fairly with dignity and compassion. This morning, Governor Napolitano delivered a speech kicking off a week of activities designed to highlight the needs of crime victims. In the past, crime victims did not receive sufficient information about the status of a criminal case. Prosecutors and public officials simply did not inform crime victims about criminal arrests, bail hearings, plea offers, and other important information about pending criminal cases. However, the rights of victims to be treated fairly and with dignity and respect has since changed with the passage of the Arizona Victim Rights Legislation. I have in the past discussed the prospect of finding civil remedies for crime victims. This morning's kickoff event should serve as a reminder to all people in the criminal and civil justice system to treat crime victims fairly and assist in their efforts to find justice whether through criminal or civil proceedings.

Unfortunately, the start of the twenty-seventh annual Crime Victim Rights Week comes on the heels of one of the most sobering traumatic high-profile tragic crimes on a college university campus in our nation's history. Governor Napolitano, representatives from the Arizona Supreme Court, the Arizona legislature and local governments spoke forcefully today about providing important resources to meet the needs of crime victims. In her news release, Governor Napolitano indicated that all state and local agencies must act to ensure that:

every individual who is victimized by a crime receives the rights, services and respect they deserve.

Our civil justice system can also act as an additional resource to provide for the unmet needs of crime victims. This week, let us pay our respects to crime victims who suffered harm or who lost a loved one, and let us hope that in times of need, no matter the forum, our society provides a helping hand.

Originally posted at InjuryBoard by Staff Writer

Ohio State Database Exposes Confidential Information

Staff Writer — Fri, 20 Apr 2007 11:37:34 GMT

According to the on-line edition of Computerworld, a database containing social security numbers of approximately 14,000 current and former employees at Ohio State University has been the most recent source of possible identity theft. This situation apparently involved foreign thieves from three different countries hacking into an Ohio State University database containing sensitive employee information. The data breach occurred over a two day time period and was shut down the day after university employees discovered the breach.

The Privacy Rights Clearinghouse maintains a list of data intrusions which have occurred since 2005. As of April 12, 2007, the organization lists a total of 153,558,451 data breaches which have occurred. After so many data intrusions over the past year, I guess we have started becoming numb to the numerous reports of stolen identities and the theft of sensitive information. Lets hope that companies have not started becoming numb to the need to protect sensitive data on company computer systems.

Originally posted at InjuryBoard by Staff Writer

Internal Revenue Service Misplaces Over 500 Laptop Computers

Staff Writer — Thu, 05 Apr 2007 16:39:23 GMT

According to the United States Treasury Department Inspector General, the Internal Revenue Service has had some problems protecting sensitive taxpayer information. Apparently between 2003 and 2006, almost 500 laptop computers belonging to the Internal Revenue Service were lost or stolen which may have exposed personal information of approximately 6000 taxpayers to identity thieves.

Amazingly, the number of laptop computers lost or stolen has actually dropped since 2002! According to an article in the on-line publication Infoworld,

In Jan. 2002, the IRS admitted in a similar audit that it had lost or misplaced some 2,332 laptops, desktops and servers over the previous 36 months.

According to a report prepared by the Inspector General, problems with the Internal Revenue Service data and identity theft prevention programs are serious and need improvement:

Significant weaknesses in access controls and other information security controls continue to threaten the confidentiality, integrity, and availability of IRS's financial and tax processing systems and information. For example, IRS has not implemented effective access controls related to user identification and authentication, authorization, cryptography, audit and monitoring, physical security, and other information security controls. These weaknesses could impair IRS's ability to perform vital functions and increase the risk of unauthorized disclosure, modification, or destruction of financial and sensitive taxpayer information. Accordingly, GAO has reported a material weakness in IRS's internal controls over its financial and tax processing systems.

In light of the recent problems with the Veterans Administration data and other high profile data theft breaches, hopefully the Internal Revenue Service will take better care of its computer systems. With just a few weeks to go before tax returns must be filed, I'd like to know that my taxpayer data remains safe and confidential. Don't you?

Originally posted at InjuryBoard by Staff Writer

TJX Companies SEC Filing Details 47.5 Million Possible Identity Theft Victims

Staff Writer — Thu, 29 Mar 2007 09:20:33 GMT

TXJ Companies has finally come clean with some more details about the number of possible identity theft victims as a result of its failure to abide by credit card processing standards. Discussing this data security breach, in a regulatory filing with the Securities Exchange Commission, the TXJ Companies indicated,

Discovery of Computer Intrusion. On December 18, 2006, we learned of suspicious software on our computer systems. We immediately initiated an investigation, and the next day, General Dynamics Corporation and International Business Machines Corporation, leading computer security and incident response firms, were engaged to assist in the investigation. They determined on December 21, 2006 that there was strong reason to believe that our computer systems had been intruded upon and that an Intruder remained on our computer systems. With the assistance of our investigation team, we immediately began to design and implement a plan to monitor and contain the ongoing Computer Intrusion, protect customer data and strengthen the security of our computer systems against the ongoing Computer Intrusion and possible future attacks.

On December 22, 2006, we notified law enforcement officials of the suspected Computer Intrusion and later that day met with representatives of the U.S. Department of Justice, U.S. Secret Service and U.S. Attorney, Boston Office to brief them. At that meeting, the U.S. Secret Service advised us that disclosure of the suspected Computer Intrusion might impede their criminal investigation and requested that we maintain the confidentiality of the suspected Computer Intrusion until law enforcement determined that disclosure would no longer compromise the investigation.

TJX Companies did not inform the Securities and Exchange Commission about the precise number of identity theft victims resulting from its failure to properly secure or purge data. According to the Associated Press, however, this number is staggering:

At least 45.7 million credit and debit card numbers of TJX Cos. (TJX) customers were stolen from the discount retailer's computer system over several years, according to a regulatory filing by the company Wednesday.

Unfortunately, not only have credit and debit card numbers been stolen, but also criminals have been using the stolen data as evidenced by arrests just this past week of six people in Florida attempting to use stolen credit card numbers to buy goods totaling about $1 million dollars.

This recent SEC filing and TJX Company disclosure should serve as a reminder to consider placing fraud alerts or credit freezes on your credit record if you have ever shopped at TJMaxx or Marshalls stores in the past twenty-four months. I sincerely hope that companies use this case as a stark reminder to take internet security and credit-card processing protections and security standards seriously.

Originally posted at InjuryBoard by Staff Writer