NewsAlerts

Privacy Concerns Plague Non-Facebook Users Too

Thu, 17 May 2012 00:00:00 -0700

These days, the privacy of consumers who don't use social media is sometimes threatened as much as those who do.

A group of German researchers recently found that even people who don't have Facebook profiles of their own have a large amount of accurate data about themselves on the site, according to a report from PC Magazine. The researchers were able to determine with "astonishing" accuracy whether two Facebook non-users knew each other based on information posted by friends.

This can happen even without people posting pictures of friends, because most users remain unaware of exactly how much of the personal data they post on Facebook is publically available and being shared, the report said. In fact, this study might even lead some to believe that those who join Facebook have greater privacy because they can at least control the information that's shared about them.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the ways in which consumers can protect their personal information online.

Utah's New IT Chief Already Questioned

Thu, 17 May 2012 00:00:00 -0700

Less than a day after being installed to his new position, the new head of Utah's Department of Technology Services is facing some heat from the state's lawmakers.

Mark VanOrden answered questions from Utah officials about the massive Medicaid data breach that exposed the information for more than 780,000 state residents, less than 24 hours after being installed as the state's chief information officer, according to a report from the Salt Lake Tribune. His predecessor was asked to step down from the post after it was determined his department failed to uphold basic data protection standards.

"We're having staff go through all the servers and databases to identify those that contain personal information and determine if it's encrypted … Most of the data is not encrypted," he told lawmakers, according to the report. "We're evaluating the cost to encrypt all this data and asking whether that makes sense."

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the ways in which consumers can protect themselves and their information in the wake of a data breach.

Privacy Issues Continue to Plague Facebook

Wed, 16 May 2012 00:00:00 -0700

The world's most popular social network has been in the news a lot recently because of the privacy issues it may pose for its users, and it seems that these are now affecting the company's perception for consumers.

A recent poll found that about half of Americans now consider Facebook to be a fad, even though more than 40 percent of American adults use the site at least once a week, according to a report from the Associated Press. Part of this is likely the company's approach to privacy, which about many of the two-thirds of those polled who do not have a good impression of CEO Mark Zuckerberg cited as a major problem.

In all, about 60 percent say they have little to no faith in the company to protect their personal data, and only 13 percent actually trust it to do so, the report said. Another 12 percent say they'd feel safe making a purchase through Facebook.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the ways in which consumers can increase the protection of their personal data on social networks.

Microsoft to Launch Controversial New Ads

Wed, 16 May 2012 00:00:00 -0700

In the near future, Microsoft will release a new type of television ad that watches consumers while they watch it.

These advertisements, known as NUads, are designed to stop people from fast-forwarding through the ads on their DVR by using the Kinect camera for their Xbox 360, or webcam on their computer, to make ads interactive, according to a report from CNET. But experts say that this could be problematic as far as consumers' privacy goes.

For instance, if users can interact with the ads, what is to prevent advertisers from counting the number of people in the room watching it, or use the Kinect camera's microphone to record what's being said about the ad, the report said.

"The privacy issues here could be anything from fairly minor to pretty significant," Lyn Watts, a Microsoft manager, said at a recent conference, according to the site. "What if the company decided it was going to keep track of your face, so you couldn't in the future grab $20 out of your purse, walk into Whole Foods, and walk out and not be tracked?"

Eduard Goodman, chief privacy officer for Identity Theft 911, writes about consumer privacy issues regularly.

FTC Changes Online Privacy Protection Tactics

Tue, 15 May 2012 00:00:00 -0700

The Federal Trade Commission recently announced that it would change the way it views the protection of consumers' online privacy in a major way.

Now, the FTC will focus on shielding any data that can "reasonably be connected to a device or person," according to a report from the political news site The Hill. A recent report from the agency caused the latest shift, which moves enforcement away from securing personally identifiable information like consumers' names, Social Security numbers or addresses. The change represents the FTC taking a wider view of what constitutes private information, and puts the onus on companies to do what they can to protect this data.

"As a government agency, we aren't the ones who have our fingers on the pulse of technology," Maneesha Mithal, the associate director of the FTC's privacy division, said during an recent event, according to the site.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the ways consumers can protect their sensitive data online.

County Waits Nine Months for Notification

Tue, 15 May 2012 00:00:00 -0700

York County, South Carolina, is now alerting those who applied for a job within its government or are registered as official vendors with the county that their information may have been compromised in a data breach.

An unauthorized person gained access to a York County web application server nine months ago, and while officials say they have no reason to believe any of personal data was accessed by that hacker, it is possible, according to a report from the Charlotte Observer. The breach, which affects 16,981 potential victims, was first observed on August 29, 2011, and exposed applicants' names, Social Security numbers, and other details.

"[G]iven the nature of the intrusion, it didn’t appear to anybody that there was a likelihood that anyone had used any of the data in the files," county manager Jim Baker told the newspaper.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the ways a data breach can affect consumers, and what they can do to mitigate the associated risks.

North Carolina College Suffered Lengthy Breaches

Mon, 14 May 2012 00:00:00 -0700

Officials at the University of North Carolina at Charlotte recently revealed that they learned about a pair of online security breaches that lasted for quite some time.

Both breaches were the result of security vulnerabilities that left information exposed online, according to a report from Charlotte television station WBTV. The first affected general university systems over a course of three months, and the other exposed data for UNCC's College of Engineering for more than a decade.

In all, about 350,000 people had their names, addresses, financial accounts and Social Security numbers exposed in the breaches, which the school discovered in January, the report said. However, officials failed to begin notifying staff and students about the incidents until mid-February. The school also created a website on which it will post information about the incidents, and set up a toll-free hotline those who may have been affected can call for more details.

Ondrej Krehel, the chief information security officer for Identity Theft 911, writes regularly on his official blog about what consumers can do when their personal information is exposed in a data breach.

California Disability Program Suffers Massive Breach

Mon, 14 May 2012 00:00:00 -0700

A California service that provides in-home care for residents with disabilities recently suffered a massive data breach that exposed the personal information for more than 700,000 people.

The California In-Home Supportive Services program was recently hit with the breach when Hewlett Packard, which handles its payroll information, lost some sensitive files in the mail, according to a report from the Los Angeles Times. The package the information was shipped in was reported as damaged while being delivered and some of the data it was supposed to contain was missing.

Among the information that was possibly compromised was information on some 375,000 workers employed by the program, including their names, Social Security numbers and wages, the report said. Another 326,000 recipients may have had their state ID numbers exposed. The state has opened an investigation into the incident and notified law enforcement, and will mail notices to those who were affected.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the dangers data breaches can pose for consumers and organizations alike.

California Legislature Favors Employees' Facebook Privacy

Fri, 11 May 2012 00:00:00 -0700

A recent controversy in which some employers across the country were asking employees and applicants to turn over the login details for their personal social networking accounts led to the California state Assembly to pass a law prohibiting the practice.

Assembly Bill 1844, sponsored by Assemblywoman Nora Campos, a San Jose Democrat, was recently passed by the legislative body without a dissenting vote, according to a report from the Los Angeles Times. This bill prohibits employers from asking for login details so they can view information listed as private by the worker or applicant, but anything that is publically available is still fair game. Eight other states across the country have introduced similar bills.

"We feel very strongly about this issue," San Francisco State Senator Leland Yee, a Democrat who introduced similar legislation in that house, told the newspaper. "What's private and personal should remain private and personal. Nobody should have to give up any of that information to get a job or to get admitted to a university."

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the ways in which consumers can increase the protection of their information on social networks.

Instances of Reported Internet Crime Rise

Fri, 11 May 2012 00:00:00 -0700

The number of crimes carried out by criminals online that were reported to the federal government increased 3.4 percent on a year-over-year basis in 2011.

The latest annual Internet Crime Report issued by the Internet Crime Complaint Center founds that instances of these incidents increased, and topped 300,000 for the third consecutive year, according to a report from the Federal Bureau of Investigation. In all, the federal government received 314,426 complaints - an average of about 26,000 per month - with a total dollar loss of $485.3 million suffered by victims.

"This report is a testament to the work we do every day at IC3, which is ensuring our system is used to alert authorities of suspected criminal and civil violations," said National White Collar Crime Center director Don Brackman. "Each year we work to provide information that can link individuals and groups to these crimes for better outcomes and prosecution of cases."

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog on the problems that can arise as a result of online crime caused by hackers and other criminals.

Tax Fraud Victims Turn to Lawmakers

Thu, 10 May 2012 00:00:00 -0700

In 2011 alone, the Internal Revenue Service dealt with about 1.34 million claims fraudulent tax returns being filed by scammers in other peoples' names, and that number seems to be growing.

Now, more consumers are turning to lawmakers at both the state and federal level for help when dealing with the fallout of identity theft related to someone else fraudulently filing for their tax return, according to a report from the Palm Beach Post. Complaints have been streaming in to both Senators and Representatives, who are doing all they can to help their victimized constituents.

"We are working with the sheriff's office and IRS taxpayer advocates to get those refunds sped along," Michael Mahaffey, spokesman for Rep. Tom Rooney, a Tequesta Republican, told the newspaper. "You have people who are struggling to pay their mortgage, to keep a roof over their head and pay their bills. They were counting on the money, and it's not there."

Adam Levin, the chairman of Identity Theft 911, writes regularly on his official blog about the challenges consumers face when dealing with tax return identity theft.

Feds Asking for More Privacy Laws

Thu, 10 May 2012 00:00:00 -0700

Earlier this week, representatives from the Obama administration and the Federal Trade Commission asked the U.S. Congress to enact more online privacy legislation in an effort to provide a more uniform Web browsing experience for Americans.

The officials urged lawmakers to write new laws that will help to standardize online privacy policies and give more control over these measures to the FTC, according to a report from the New York Times. The practical upshot of this, they said, is that it will allow for greater competition among companies that do not have their own privacy policies and those which do.

"Granting direct enforcement authority to the FTC would enable the commission to take action against outliers and bad actors even if their actions do not violate a published privacy policy," Cameron Kerry, general counsel for the U.S. Department of Commerce, said in prepared testimony, according to the newspaper.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the privacy concerns consumers face online and what they can do to increase protection of their personal data.

MySpace Settles Privacy Suit with FTC

Wed, 09 May 2012 00:00:00 -0700

The social network MySpace recently came to a settlement agreement with the U.S. Federal Trade Commission over allegations that it violated the privacy of its millions of users.

In particular, the FTC accused MySpace of sharing its users' personal information with advertisers, without disclosing that it was doing so, according to a report from Venture Beat. The company allegedly sold information - including users' ages, genders, full names, interests, hobbies and friends - to advertisers while promising that it would not share personally identifiable data.

As part of the settlement, MySpace has two months to alter its privacy policy so that it is no longer misleading, the report said. In addition, the company must set up and maintain a rigorous privacy program that will be reviewed by a "qualified, objective, independent third-party professional" every two years for the next 20.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the ways consumers can protect their personal data on social networks and other online forums.

Hackers Cause Major Twitter Data Breach

Wed, 09 May 2012 00:00:00 -0700

The popular social network Twitter was recently attacked by hackers, who successfully made off with the account details for some 55,000 users, and then posted them on the filesharing site Pastebin.

Many of the accounts that were affected were those of spammers who sent bogus messages to Twitter users, but some legitimate users may have also been effected, according to a report from ZDNet. The company is looking into the breach, and advising those users who might have had the safety of their accounts compromised to change their passwords. Currently, it is unclear who caused the breach.

"We've discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked - that is, the password and username are not actually associated with each other," a Twitter spokesperson told the news site.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the dangers hackers pose to consumers using social networks and other websites.

Microsoft Dismisses Windows 8 Privacy Concerns

Tue, 08 May 2012 00:00:00 -0700

Microsoft recently hit back at experts who questioned a new feature of its Windows 8 operating system and the effects it may have on users' privacy.

A feature of Windows 8 allows users to automatically link many of their online accounts - including social networks, email services and other platforms - was recently questioned by privacy experts, but the company says these fears are overstated, according to a report from Network World. In particular, privacy advocates say the information used on sites like Facebook, Twitter, LinkedIn, Hotmail and Gmail created a cache of unencrypted contacts.

However, a Microsoft analyst also notes that this is not uncommon for any computer system, and does not endanger consumers, the report said. All operating systems cache data as a means of making the computer or other device run more quickly. Consequently, this data being stored on Windows 8 is no different from that being saved on other operating systems.

Eduard Goodman, chief privacy officer for Identity Theft 911, writes regularly about the ways consumers can increase the protections for their personal information on their computers or mobile devices and online.

Google Faces Fine for Privacy Problem

Tue, 08 May 2012 00:00:00 -0700

It was recently revealed that Google had been working to circumvent the privacy protections in Apple's Safari Web browser, and now it appears the company is in talks with the federal government over punishment for doing so.

Google was caught putting cookies in Safari users' systems that allowed it to track online activity and send them customized advertising, and now experts say that a sizable fine might be the most suitable type of censure the Web giant could receive, according to a report from Talking Points Memo. The company's use of these illegal practices was first discovered in November by a privacy researcher at Stanford University.

"I believe a fine would be appropriate," Jonathan Mayer, a researcher and graduate student at Stanford Law School, told the site in an email. "Google circumvented a privacy protection that is used by millions of Americans. It misled users about how they could prevent sharing their browsing history. It breached an agreement with the Federal Trade Commission. And, quite likely, it profited from this misconduct."

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the concerns consumers face when protecting their sensitive data online.

Facebook Users Still Don't Trust Timeline

Mon, 07 May 2012 00:00:00 -0700

The new, compulsory feature being rolled out by the world's largest social network remains a point of concern for a vast majority of its users.

A survey from the anti-virus and malware company Webroot found that least 88 percent of consumers say they're concerned about the privacy of their information on their Facebook profile as a result of their accounts being changed over to the new Timeline feature, according to a report from ZD Net. Those who said they were concerned about it said that their biggest issue with Timeline is that it was a mandatory switch.

However, close to half of those who expressed these concerns also did nothing to alter their profiles once they were automatically switched over, the report said. Another one-third changed their privacy settings to adjust who could see at least one of their activities, and another 17 percent manually deleted updates, images and other content.

Eduard Goodman, chief privacy officer for Identity Theft 911, writes regularly about the concerns social network users face when putting their personal information online.

Pentagon Hit with Data Breach Lawsuit

Mon, 07 May 2012 00:00:00 -0700

Last year, the government-controlled insurance program known as TRICARE suffered a massive data breach that exposed the personal and medical information for more than 4.7 million people across the country.

As a result of that incident, in which a contractor left 25 computer tapes in the back seat of a car that was broken into, the Pentagon has been hit with another lawsuit , according to a report from the Boston Globe. The suit, filed last week in federal court, is the third such case against the government, and also named the contractor, which receives about $20 billion in Pentagon contracts annually.

And while the U.S. Department of Defense points out that no financial information was exposed in the breach, experts say that doesn't preclude financial fallout as a result, the report said.

"It could be used as breeding information," Robert Siciliano, a consultant for software security giant McAfee, told the newspaper. "You could use the data to make a phone call and pose as that person to fool someone to allow access to a bank account.’"

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about data breach risks consumers face.

Trio Charged with Stealing Prisoners' IDs

Fri, 04 May 2012 00:00:00 -0700

According to The Associated Press, three residents of Pennsylvania have been charged with stealing the identities of prison inmates in the state, which led to the theft of $70,000 in tax refunds.

The news source reports the trio has been charged with money laundering, conspiracy and identity theft. In total, 185 prisoners' records were affected by the act.

"This was an intricate scheme that allegedly used stolen personal information, fabricated employment histories, bogus addresses and numerous debit card accounts and bank accounts to steal money from the taxpayers of Pennsylvania," said Attorney General Linda Kelly.

To steal the money from the inmates, the trio allegedly used tax preparation software and filed faulty returns on behalf of the prisoners. To do this, those charged allegedly fabricated job histories, addresses and debit card accounts, the source indicates.

Adam Levin, chairman for Identity Theft 911, has a blog about the concerns consumers face when they're hit with identity theft and offers advice for how best to deal with these crimes.

Global Payments Breach Likely More Widespread

Fri, 04 May 2012 00:00:00 -0700

While it was initially reported that about 1.5 million credit and debit card accounts were exposed to a data breach of Global Payments Inc., a new report claims even more accounts were hacked than initially believed.

According to the Wall Street Journal, it's estimated that roughly 7 million users' financial and personal information were exposed during a recent breach of the company.

The newspaper states that the newly revealed information about the broader data breach means hackers likely had access to accountholders' records since spring 2011.

Global Payments has yet to divulge how the data breach occurred, but investigators continue to look into the matter, the paper reports. Visa and MasterCard, which work with Global Payments, stated they believe the breach began in June of last year.

A Nilson report notes more than $120 billion in transactions of Visa and MasterCard products were handled by Global Payments in 2011.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the issues consumers face when their personal or medical data is exposed in a breach.

Hackers Continue to Rely on 'Typosquatting'

Thu, 03 May 2012 00:00:00 -0700

A well-known but often unreported trend among scammers is that they buy domain names which closely resemble those of established and popular companies.

By purchasing the domains for popular companies ranging from popular retailers to financial institutions and even government sites, hackers can set up sites that look legitimate or which load accidental browsers' computers with malicious programs, according to a report from Philadelphia, Pennsylvania, television station WPVI. Often, this "typosquatting" is done by buying a domain with two letters from a popular website transposed - vsia.com instead ofvisa.com, for instance.

"When you log into what looks like a legitimate merchant site - but it's not and you enter in your user name, your password, or any sort of payment information," Rob D'Ovidio of Drexel University told the news station.

Ondrej Krehel, the chief information security officer for Identity Theft 911, has a blog about the ways consumers can be affected by a scam website, and what they can do to prevent these incidents from happening.

Consumer Reports Criticizes Facebook's Privacy Policy

Thu, 03 May 2012 00:00:00 -0700

Consumer Reports, the well-known and highly-regarded advocacy group, recently issued a statement about the way in which the world's most popular social network allows its users to control their data.

About 13 million of Facebook's 150 million users in the U.S. haven't touched their data privacy controls, potentially indicating that they simply don't know how to do so, or possibly aren't even aware of them, according to Consumer Reports. Further, 4.8 million people have posted where they plan to go on certain days, which some warn could serve as a tip-off to thieves.

More concerning, though, is that another 4.7 million have "Liked" the pages of medical conditions they may have or treatments they may have received, volunteering sensitive information about themselves that can be viewed by insurers or others, the report said.

Eduard Goodman, chief privacy officer of Identity Theft 911, writes regularly about the privacy concerns consumers face when entering their personal sensitive data on social networking sites, and how they can increase their control over that information.

Facebook Organ Donor Status Drawing Criticism

Wed, 02 May 2012 00:00:00 -0700

Earlier this week, the world's most popular social network began allowing its users to list whether they participate in organ donor programs.

Facebook now allows consumers to list the point at which they became organ donors as a "life event," giving them the ability to provide details of where, when, why and how they began participating, according to a report from the Detroit Free Press. By doing so, users can also join their state's organ donor registries and change their status with them.

But privacy experts say this may constitute considerable concerns for user data and may even be illegal, the report said. While medical information listed on Facebook and other social networks isn't required by federal law to be confidential, it can still constitute a significant privacy risk for those who list these details on their profiles.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the dangers of listing too much sensitive personal information online and what social networking users should avoid revealing when their privacy settings aren't as high as they should be.

Teen Sues Classmates over Facebook Cyberbullying

Wed, 02 May 2012 00:00:00 -0700

A 14-year-old and her parents are filing suit against two of the child's classmates and their parents who created a fake Facebook page using her name and a photo of her they distorted.

The bogus account was used to portray the victim as a racist, imply a number of other untrue details and make rude comments on friends' Facebook pages, according to a report from Wired. Though the teen reported these problems both to her school and local authorities, she was repeatedly told there was nothing that could be done. There is no cyberbullying law on the books in Georgia, where these events took place.

The suit accuses the girl's classmates of defamation and intentionally inflicting emotional distress, and names the alleged bullies' parents because they pay for the Internet access their children use, as well as for failing to supervise activity, the report said.

Matt Cullina, chief executive officer for Identity Theft 911, has a blog about the problems children can face online and what they and their parents can do to protect themselves.

Few Respond After Massive Data Breach

Tue, 01 May 2012 00:00:00 -0700

A recent data breach in Utah that exposed the private personal information for hundreds of thousands of consumers has led to very few responses.

The Utah Department of Health recently revealed that only 15,000 of the more than 280,000 people affected by a recent data breach have responded to the state's offer for free credit monitoring despite the fact that their Social Security numbers were exposed in the incident, according to a report from Salt Lake City television station KSTU. Overall, the breach affected more than 800,000 Medicaid recipients in the state.

"A lot of the calls that they're getting are this fear that it is a scam - it's not a scam," Utah Health Policy Project executive director Judi Hilman told the news station. "Fearing that this is a scam, so then yes, when hotline people say, 'Plug in your social security number,' people say, 'Are they kidding, is this a joke?'"

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the dangers consumers face when they're affected by a data breach.

Blockbuster to Settle Customers' Privacy Suit

Tue, 01 May 2012 00:00:00 -0700

The once-popular video rental company Blockbuster recently announced it would settle a class action lawsuit brought against it by customers as a result of it keeping track of the products subscribers rented from the chain.

The suit alleged that the company kept tabs on a large amount of data for millions of customers, including not only their billing and contact information and credit card numbers, but also their renting histories and preferences, according to a report from Online Media Daily. This was in violation of the Video Privacy Protection Act of 1988, which stated that rental services could not disclose information on the movies people watched without their consent.

The terms of the settlement agreement have yet to be finalized but both sides of the suit say that shold be done by June, the report said.

Eduard Goodman, the chief privacy officer for Identity Theft 911, writes a blog about the ways consumers can protect their sensitive private information, and how organizations may be inadvertently putting them at risk.

Malicious Attacks Increased Considerably Last Year

Mon, 30 Apr 2012 00:00:00 -0700

The number of malicious attacks being carried out online every day has increased considerably in the last year.

In all, software from the online security developer Symantec successfully blocked more than 5.5 billion malicious attacks in 2011 alone, an increase of 81 percent over 2010's total, according the company. The company also found that the number of targeted attacks increased to a total of 82 per day. More than 50 percent of hacking attacks were targeted at organizations with fewer than 2,500 employees, and almost 18 percent tried to affect those with 250 or fewer.

However, even as these attacks increased considerably, the amount of spam and new vulnerabilities to computer systems fell, the report said.

"We've also seen a large increase in attacks on mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data," said Stephen Trilling, chief technology officer for Symantec. "Organizations of all sizes need to be vigilant about protecting their information."

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the concerns consumers and organizations alike face as a result of hacking attacks.

Google Allegedly Knew it Collected Wi-Fi Data

Mon, 30 Apr 2012 00:00:00 -0700

Google recently posted a report by the Federal Communications Commission about its practice of logging information from consumers' Wi-Fi networks when mapping for its Street View program, and the details show that the company may have known more about the practice than it let on.

The FCC alleges that the Google engineer who was ultimately responsible for the possibly-illegal data collection often spoke with his colleagues about doing so, according to a report from Gizmodo. In fact, the engineer even alerted a senior manager that the program would collect the personal information of Wi-Fi hotspot owners in 2007 and 2008.

This practice went on for three years until the FCC discovered Google collected all this data, which included consumers' text messages and emails, in 2010, the report said. A Google spokesman told the London Guardian that the company wanted to make the document available for everyone to view, though it omitted the names of the people involved.

Adam Levin, the chairman for Identity Theft 911, has a blog about the threats consumers face when their personal information is exposed.

Massachusetts Residents Plagued by Breaches

Fri, 27 Apr 2012 00:00:00 -0700

Millions of consumers in Massachusetts have been affected by data breaches since 2007.

Between October 31, 2007 and September 30, 2011, 3.16 million Bay Staters had their personal or financial information exposed by data breaches, according to new data from the Massachusetts Office of Consumer Affairs and Business Regulation. In all, there have been more than 1,800 breaches affecting state residents in that time.

The healthcare industry actually experienced very few breaches during this time, at only 214, but the number of people exposed in these incidents was more than any other field, the report said. In all, more than 980,000 people had their information exposed as a result of medical data breaches, though much of that was the result of one such incident in 2010.

Ondrej Krehel, the chief information security officer for Identity Theft 911, has a blog about how data breaches can affect both consumers and the organizations that suffer them, and what can be done by both parties to increase their protection from these incidents in the future.

Authorities Seize Stolen Card Marketplace Websites

Fri, 27 Apr 2012 00:00:00 -0700

The U.S. Department of Justice recently announced that federal authorities had successfully seized three dozen websites that illegally sold stolen credit card numbers to fraudsters.

These sites worked much like a normal shopping site: shoppers could buy any number of cards, searching by card type, the account's country of origin and the like, then adding them to the cart and then paying for them as they would any other online sale, according to a report from Dow Jones Newswires. The seizures were part of what's been called an international effort on behalf of the Federal Bureau of Investigation and the UK's Serious Organised Crime Agency, as well as several other overseas organizations.

Investigators were able to obtain stolen credit card numbers for accounts issued by Bank of America, SunTrust Banks, Capital One Financial and other similar institutions, the report said.

Adam Levin, the chairman for Identity Theft 911, has a blog about the dangers consumers face from this type of identity theft and what they can do to both spot and mitigate the problems it can cause.

Obama Now May Not Veto CISPA

Thu, 26 Apr 2012 00:00:00 -0700

The controversial piece of legislation that has privacy advocates abuzz may not face a presidential veto if it passes both houses of the U.S. Congress after all.

CISPA - the Cyber Intelligence Sharing and Protection Act - introduced as bipartisan legislation that would create a new framework by which companies would share information on prospective hacking attacks with federal and local authorities may not face the axe on President Barack Obama's desk, according to a report from PC Magazine. Originally, it was believed Obama would veto the bill, but now many experts are expressing concern this may not be the case.

The Obama White House had stated its opposition to similar bills ostensibly related to national security in the past, then backed off plans to veto once the legislation passed Congress, the report said. Some are especially concerned because Obama has himself expressed support for some kind of cybersecurity legislation in the past.

Ondrej Krehel, chief information security officer for Identity Theft 911, maintains a blog about the threats hackers pose to governments, organizations and consumers alike.

Many Hospitals Suffer Numerous Breaches Annually

Thu, 26 Apr 2012 00:00:00 -0700

The number of healthcare facitilies that suffered multiple data breaches in the past 12 months has expanded considerably in the last two years.

New data from the HIMSS Analytics report from Kroll Advisory Solutions shows that the majority of healthcare centers suffered more than one data breach last year, and the amount that did so grew from 2010's totals, according to a report from iHealth Beat. In all, 31 percent of hospitals who said they suffered at least a single data breach said that was the only one they suffered, down from 43 percent two years ago.

Meanwhile, the proportion of hospitals that said they suffered two breaches remained the same at 28 percent, and the rate at which others suffered between three and nine breaches exploded to 35 percent from 15 percent, the report said. Meanwhile, those suffering 10 or more breaches fell from 15 percent to just 6 percent.

Ondrej Krehel, chief information security officer for Identity Theft 911, writes about data breaches and what consumers can do to mitigate their risk when victimized by this type of incident.

Healthcare Data Breaches Causing Employee Concern

Wed, 25 Apr 2012 00:00:00 -0700

In the past month alone, two major data breaches involving federal healthcare recipients have taken place, and in both cases, it seems that employees were at least partly to blame for the incidents taking place.

Breaches for the South Carolina Department of Health and Human Services and the Utah Department of Technology Services exposed the personal information for nearly 1 million Medicare and Medicaid recipients, according to a report from InformationWeek. In the former case, an employee emailed the personal information for 228,435 people to himself, and in the latter, about 780,000 people were exposed in a hacking attack made possible by less-than-stringent security.

"Standard Web browsers contain critical security gaps that create significant risks to organizations' confidential data, and online resources like webmail and social networking sites can be open windows for data leakage," Morrow, a security expert and CEO of Quarri Technologies, told the site. "A careless or malicious employee can easily steal company trade secrets, intellectual property, or leak sensitive customer information."

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the ways data breaches can affect consumers and what they can do to protect themselves from these pitfalls.

Privacy Experts Worry About Mobile Payments

Wed, 25 Apr 2012 00:00:00 -0700

While many experts are pushing new payment systems that allow consumers to use their smartphones to make purchases on their debit and credit card accounts, some privacy experts worry about what impact this might have.

Consumer advocates say that mobile payment systems might pose a significant privacy concern for shoppers who want to avoid having details about their financial transactions broadcast to a number of different companies, according to a report from the Center for Democracy and Technology. These services might expose purchase data not only to the vendor selling an item or service, but also the credit card processor, the smartphone manufacturer and the mobile payment provider.

In particular, mobile payment services may be able to provide third-party advertisers with everything from purchase data to consumers' phone numbers, email addresses and even shopping history, the report said. This concern can also expose borrowers to unwanted spam.

Eduard Goodman, the chief privacy officer for Identity Theft 911, has a blog about the concerns consumers may face when sharing their privacy information in any way.

Hospital Identity Thief Sought by Police

Tue, 24 Apr 2012 00:00:00 -0700

Law enforcement officials in the Houston, Texas, area are on the lookout for a woman accused of stealing identifying data from dozens of hospitals with a clever technique.

The woman, 23-year-old Robin Pamela Carmouche, allegedly enters hospitals and healthcare clinics throughout the greater Houston area dressed in nurse's scrubs, and looks around, undetected, for unmanned purses, wallets, and other pieces of personal information, according to a report from the Houston Chronicle. In committing these crimes, Carmouche is believed to have stolen the wallets of dozens of doctors, nurses and other hospital workers.

"She's just walking into these hospitals uncontested, like she's meant to be there," Lt. Jeff Stauber of the Harris County Sheriff's Office told the newspaper, adding, "If [workers] see someone in their hospital that is in an area that they don't belong, call security or at least challenge their reasons for being there."

Adam Levin, chairman for Identity Theft 911, has a blog about the concerns consumers face when they're hit with identity theft and offers advice for how best to deal with these crimes.

Privacy Policies Found To Be Confusing

Tue, 24 Apr 2012 00:00:00 -0700

Many experts have criticized online companies' privacy policies as being too complicated in the past, and now a new study shows just how hard a time consumers have deciphering the language in these documents.

The privacy policies maintained by Facebook and Google are often more difficult for consumers to understand than notices from the government and the legalese in their credit card bills, according to a new study from the branding firm Siegel and Gale. On a scale of 0 to 100, users' comprehension of Facebook's policy was rated a 39, slightly ahead of Google's 36.

Meanwhile, the same readers' comprehension of government notices scored a 70, and credit card bills garnered a rating of 68, the report said. Only 33 percent of those polled said they said they felt comfortable using Facebook after reading through the privacy policies.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the ways consumers can better protect their private personal information online, particularly when using popular social networks.

Which Facebook Apps Are Most Secure?

Mon, 23 Apr 2012 00:00:00 -0700

These days, millions of consumers use programs on their favorite social networking platform known as Apps, but as with similar programs on smartphones, experts have expressed concerns over how secure these apps may be.

The research firm PrivacyChoice recently conducted a study of the most popular Facebook apps to determine how secure user data was when using them, and found that millions of people may be putting themselves at some amount of risk when doing so, according to a report from USA Today. In all, the company looked at the 200 most popular apps, and found that among the best-known, the game Angry Birds was least secure, with a score of 65 out of 100. Anything below 70 was considered "least protective."

"This certainly is going to be a useful tool for consumers, but it may actually be even more useful in pushing application developers, who don't like getting poor grades, to look more closely at their own privacy practices," says Jules Polonetsky, director of the Future of Privacy Forum, told the newspaper.

Eduard Goodman, chief privacy officer for Identity Theft 911, writes regularly about the privacy concerns consumers face online.

Massive Data Breach Hits Atlanta Hospital

Mon, 23 Apr 2012 00:00:00 -0700

Emory Healthcare in Atlanta, Georgia, recently announced that it had been hit by a massive data breach as a result of 10 disks it misplaced.

The incident was announced on April 18, and potentially exposed the personal information for more than 315,000 people who received surgical care at the hospital between September 1990 and April 2007, according to a report from eWeek. Of the 315,000 files exposed, 228,000 or so included patients' Social Security numbers, and other data included patients' names, dates of surgeries, diagnoses and procedure codes.

The disks, which were unencrypted, were kept in an unlocked cabinet and contained data for outdated software that the company no longer used, the report said. They disappeared sometime between February 7 and 20, but the company did not begin alerting patients until April 17.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the dangers consumers face in the wake of data breaches involving their personal information, and what they can do to protect that information.

Information on South Carolina Medicaid Patients Leaked

Fri, 20 Apr 2012 00:00:00 -0700

Personal records of more than 200,000 Medicaid patients in South Carolina were exposed recently in a major data breach, according to The Associated Press, as an employee with Medicaid had been stealing the information for months.

The news agency reports Christopher Lykes Jr. was arrested this month after it was discovered by authorities he had accumulated data on roughly 228,00 patients in the Medicaid system.

Police told the AP they are still unsure of Lykes Jr.'s intentions for using the data to profit. At least 22,600 of the records stolen by Lykes Jr. contained private information, including medical ID numbers and Social Security numbers. Other files stolen contained names, addresses, phone numbers and dates of birth.

"I've woken up every morning for the past week praying somehow I could find a reason or the individual who committed the act would tell us this is just a big mistake," South Carolina Health and Human Services Director Anthony Keck told the news source.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the potential fallout a data breach can have for consumers and organizations, and what can be done to reduce those risks.

Busted Fraud Ring Leaders Receive Sentences

Thu, 19 Apr 2012 00:00:00 -0700

Two people connected to a fraud ring that used bogus Social Security Cards recently pleaded guilty to charges of conspiracy to a number of charges, and were recently sentenced to significant amounts of jail time.

Dong-Won Kim of Flushing, New York, and Jung-Bong Lee of Palisades Park, New Jersey, were each sentenced for four and a half years in federal prison, according to a report from the Bergen Record. This followed their guilty pleas - to charges of conspiracy to unlawfully produce identification and false identification documents, and aggravated identity theft - in November.

In addition, Kim was ordered to pay $775,699 in restitution, and Lee another $450,000 to more than a dozen banks and credit card lenders for the losses their crimes caused, the report said. Kim and Lee were involved in a 53-person ring, broken up in September, which obtained, negotiated for and sold bogus identity documents to Chinese citizens working in American territories.

Adam Levin, chairman of Identity Theft 911, has a blog about the dangers consumers face when their personal information is compromised and used for fraudulent purposes.

Privacy Policies Too Lengthy for Most

Thu, 19 Apr 2012 00:00:00 -0700

While millions of consumers sign up for various online services without reading the privacy policies associated with them, new evidence suggests there's a pretty good reason why.

A pair of researchers recently found that the average person would have to take 250 hours - the equivalent of roughly 30 full work days - to read the various privacy policies of the websites and online services they visit and use in a given year, according to a report from the Associated Press. The total cost of the man-hours lost to these efforts would cost consumers about $781 billion every year.

"If people were to actually stop and read all of them for every website that they visited, they could spend on the order of 200 to 250 hours a year - about a month of time at work each year that you could spend reading privacy policies," Lorrie Faith Cranor, one of the researchers who conducted the study, told the news agency. "It's insane."

Eduard Goodman, chief privacy expert for Identity Theft 911, has a blog about the ways consumers can protect the security of their sensitive personal information online.

Knowledge of Child Identity Theft Helps

Wed, 18 Apr 2012 00:00:00 -0700

Identity theft committed against children is one of the most popular types of fraud carried out by criminals these days because of the large amount of time it typically takes victims or their families to realize the crime has taken place.

But experts caution that the best way for consumers to prevent these incidents is simply to be aware of the problem, according to a report from the credit monitoring bureau Equifax published in the Atlanta Journal-Constitution. If parents are aware of the risks their child faces, they will be more likely to closely monitor the situation and, hopefully, ensure that their kids aren't victimized.

"Education is especially important," said Trey Loughran, president of the personal information solutions unit for Equifax. "As the gap between perception and reality narrows, more parents will become diligent about reducing the chances of a breach and monitoring the identities of the whole family."

Matt Cullina, the chief executive officer for Identity Theft 911, has a blog about the ways kids can be affected by identity theft.

Hawaii Breach Settlement Approved by Judge

Wed, 18 Apr 2012 00:00:00 -0700

A judge recently approved the settlement in a class action lawsuit brought against the University of Hawaii as a result of data breaches that plagued the school for the last two years.

The university has suffered five data breaches since 2010, and exposed the personal information of more than 90,000 faculty members, students, alumni and guests, according to a report from Honolulu television station KITV. As a result of the settlement, victims will be given two years of credit monitoring service and fraud restoration free of charge.

However, those affected by the breach will have to sign up for these services by May 1, 2012 to receive them, the report said. University officials say they hope as many victims as possible sign up for coverage, and note that they can contact the school for more information.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the potential fallout a data breach can have for consumers and organizations, and what can be done to reduce those risks.

Florida Healthcare Company Suffers Data Breach

Tue, 17 Apr 2012 00:00:00 -0700

A healthcare company in Hollywood, Florida, recently began notifying some of its patients that it had suffered a sizable data breach exposing the personal information for thousands of people.

Memorial Healthcare System first learned of the data breach on January 27, when officials there learned that an employee may have improperly accessed the information for its patients, and another may have done so with the intent of creating fraudulent tax returns, according to a report from CMIO. The company has fired both workers, and is cooperating with law enforcement in the investigation.

Information exposed in the breach included nearly 9,500 patients' names, dates of birth and Social Security numbers, and those affected were members of the company between 2011 and early 2012, the report said. However, the company also notes that no medical records were compromised.

Ondrej Krehel, chief information security officer for Identity Theft 911, writes regularly on his blog about the threats consumers face when their personal or medical details are exposed in a data breach.

Privacy Advocates Call for Google Scrutiny

Tue, 17 Apr 2012 00:00:00 -0700

A watchdog group well known for keeping tabs on the ways companies may infringe upon consumers' privacy is now asking the U.S. Attorney General's office to launch an investigation into Google's data collection practices.

The Electronic Privacy Information Center recently sent a letter to U.S. Attorney General Eric Holder asking his office to probe Google after a similar investigation from the Federal Communications Commission proved inadequate, according to a report from the Los Angeles Times. The FCC's original investigation was based on Google's collection of Wi-Fi hotspot information during its Street View project. The agency said it would fine Google $25,000 for obstructing its investigation, but EPIC says because Google had about $38 billion in revenue last year, such a fine is too small.

"Given the inadequacy of the FCC's investigation and the law enforcement responsibilities of the attorney general, EPIC urges you to investigate Google's collection of personal Wi-Fi data from residential networks," the group wrote.

Eduard Goodman, chief privacy officer for Identity Theft 911, has a blog about the privacy concerns consumers face online and in the real world.

Texas A&M Suffers Large Data Breach

Mon, 16 Apr 2012 00:00:00 -0700

A major university in Texas recently suffered a data breach that exposed the personal information for more than 4,000 alumni as a result of a file being mistakenly attached to an email.

The email attachment contained the names, addresses, telephone numbers and Social Security numbers for thousands of alums who graduated prior to 1985 but had since requested copies of their transcripts, according to a report from the Bryan-College Station Eagle. The person who received the attachment immediately notified the university about the mistake.

"Even though we believe this incident puts these former students at low risk of identity theft, we will notify those individuals affected, as required by university rules and state laws," said Pierce Cantrell, Texas A&M's vice president and associate provost for information technology, according to the newspaper. "We deeply regret this happened, and have taken immediate action to restrict access to this file."

Ondrej Krehel, chief information security officer of Identity Theft 911, writes regularly on his blog about the threats consumers face from data breaches, accidental and otherwise.

Mobile Technology Causing Healthcare Data Breaches?

Mon, 16 Apr 2012 00:00:00 -0700

The use of new technologies to store and transport data might actually be leading to more data breaches as a result of employees misplacing data or falling victim to security vulnerabilities.

The HIMSS Analytics Report entitled Security of Patient Data found that mobile devices in exam rooms and administrative areas increase the risk of data breaches either through accidents or attacks of some kind, according to a report from PC World. In all, 27 percent of all healthcare facilities have had at least one data breach in the last year, up from 19 percent in 2010, and 79 percent of those incidents were attributed to employees' actions.

And since 2010, the threat of breaches caused by mobile devices has doubled, the report said. Now, breaches where the source of data loss was a laptop or handheld device accounted for 22 percent of all incidents, up from 11 percent in 2010.

Ondrej Krehel, chief information security officer for Identity Theft 911, has a blog about the dangers caused by data breaches and what organizations and consumers alike can do to mitigate those concerns.

FTC Worried About Apps for Kids

Fri, 13 Apr 2012 00:00:00 -0700

The Federal Trade Commission recently issued a report that raised new concerns about the ways in which kids are using smartphone and tablet applications that collect their personal information.

The FTC reviewed the websites for about 400 apps aimed specifically at kids and discovered that only 2 percent of them revealed whether the programs they pushed would collect any data on the kids using them, according to a report from San Francisco, California, television station KGO. These apps can collect all types of personal data, including the user's location, phone number, contacts and call logs, and then share it with advertisers.

"Parents should be able to learn before they download apps what information will be used and how it's shared," wrote Patricia Poss, one of the FTC report authors, according to the news station.

Eduard Goodman, the chief privacy officer for Identity Theft 911, maintains a blog on which he posts regularly about the issues consumers face when downloading apps that cull their personal data for information that can be sold to marketers.

Maryland Passes Child Identity Theft Law

Fri, 13 Apr 2012 00:00:00 -0700

A new bill passed by lawmakers in the state of Maryland may have a significant impact on helping parents to protect their kids from the dangers of child identity theft.

The Maryland Child Identity Lock bill, which passed the state legislature and is now awaiting Gov. Martin O'Malley's signature, will allow parents to stop the use of their kids' personal information for the use of opening a credit account of any kind, according to a report from the Associated Press. Those who helped push the bill say it could be a model for other states, as it requires credit bureaus to put a security freeze on the file of anyone who requests the action, regardless of whether one currently exists.

"This just freezes the information to ensure that it's not used for ill purposes," Delegate Craig Zucker, a Democrat who sponsored the bill in the House of Delegates, told the news agency.

Matt Cullina, chief executive officer for Identity Theft 911, has a blog about the dangers kids face from child identity theft and what their parents can do to protect them.

Patients Sue Hospital Over Data Breach

Thu, 12 Apr 2012 00:00:00 -0700

A healthcare system in California was recently hit with a massive lawsuit over the way it handled a data breach it suffered some time ago.

St. Joseph Health System, which runs Napa's Queen of the Valley Medical Center, recently suffered a data breach that exposed the personal and medical information for more than 31,800 patients across the state online for almost a year without being detected, according to a report from the Napa Valley Register. It notified just 4,263 patients of the breach in February.

The suit, filed by two patients on behalf of the other victims, seeks damages of about $31.8 million, the equivalent of $1,000 per victim, the report said. Records exposed in the incident involved those who received care at the facility between February and August 2011.

Ondrej Krehel, the chief information security officer for Identity Theft 911, has a blog about the many risks consumers face when their personal details are exposed in a data breach, and the courses of action that may be available to them to mitigate those concerns.