Personal Information Sold at Goodwill

Have you ever donated old clothes, books, furniture or other items to a Salvation Army or Goodwill store?  Well, one donator to Goodwill in central Indiana donated a bit more than he intended.  If his donations were checked before being put up for sale, this may not be an issue.  Unfortunately, a box containing 39 pounds of one family’s personal information was sold to a woman for $27.69.

Emily Watson opened a box that she bought from a Goodwill outlet store in the Indianapolis area and found someone else’s sensitive records.  If items can’t be sold at the retail stores for any reason, they are put in bins and sent to Goodwill outlet stores.  These are closed boxes sold by the pound to anyone who wants to take a chance that there is something valuable inside.  Ms. Watson bought one such box and when she opened it found personal information all belonging to one family.  The box contained Social Security cards, tax returns, pay stubs, banking information, dental and other medical records, divorce papers and insurance documents.  There were also family photos and addresses of family members.

This had happened to Ms. Watson before.  At another time, she purchased a box containing personal information, so she opened the box in the store before buying it.  When she saw what it contained, she pulled out all the items to show a store employee, who referred her to the manager.  When the manager looked through the paperwork, she said, “It doesn’t look harmful to me.  It’s OK.”  Ms. Watson then made the purchase because she was afraid that it would get into the hands of someone not as honest as she.  She was afraid for the people the information belonged to. 

After purchasing the box, Ms. Watson tipped off WTHR Channel 13 as to her find.  WTHR 13 Investigates then opened an investigation as to the allegations made of Goodwill selling personal information.  The station sent undercover “shoppers” to three Indianapolis area Goodwill outlets and found that at every outlet location they visited, they were able to purchase someone’s personal information.  This didn’t just happen once; out of 28 visits in 2 months, personal information was purchased 24 times.   WTHR employees were able to purchase valid debit and credit cards, leases, automobile titles, medical histories, immigration papers, bills, employee drug test results, college transcripts, IRA and 401K statements and all other kinds of legal documents containing personal information. 

 

The personal information donated to Goodwill, then sold by them, contained thousands of pages, filling three boxes.  Some Social Security numbers found belonged to police officers stationed at the Indianapolis Metro Police Department.  When WTHR spoke with Sgt. Eric Eads, who is an identity theft expert in the department, he said, “Let me put it to you this way:  this is a police nightmare here.  If someone got ahold of this stuff.  It’s just shocking the amount of Social Security numbers and tax records you found.”

Another person whose tax records were found by WTHR employees is Elesabeth Leclercq.   She is quoted as saying, “It’s terrible.  I don’t even know what to say.  I’m still stunned and in a state of shock.”  Julie and Brett Snyder also found out that their information had been sold along with information on their children.  Mrs. Snyder said, “This isn’t anything we would throw away.  I mean, we wouldn’t have just handed this over to Goodwill.  It’s shocking.  We are completely shocked.”

The person whose information started it all when Emily Watson purchased it is named Rose.  She refused to give her last name, but she did give a statement.  “It’s pretty devastating and I’ve had nightmares about it” she said. 

Make Sure Your Password is Secure

Just about every day, there’s an article in the newspaper or a story on the news that talks about cyber-crime, usually in the form of identity theft.  Most Internet users feel that they are safe because they are “cautious”; they never download from strange websites, nor do they open an e-mail unless they know who sent it.  The problem is that these “cautious” people forget one of the most important aspects to keeping their privacy safe:  the password.  Maybe laziness or forgetfulness is the reasoning, but in this World Wide Web full of hackers, many thousands of people are still using the same password for everything they do online.  Some may argue that each password is “different”; however, having variations of the password “ABCD1234” doesn’t count as being different.   If you or someone you know is guilty of this way of thinking, you should really read on.

  

One of the first lines of our privacy defense is the password.  Whenever you sign up to become a member of a website, you need to enter a log-in name and a password.  Most sites will not accept passwords shorter than 8 characters and many require them to be alpha-numeric and case sensitive.  If you choose the password “platypus1”, you will not be granted access into that site if you mistakenly type in “Platypus1” on your next visit.  The password must be an exact match.  So, if you are a registered user on 10 different sites, you need 10 unique passwords.  “Platypus1”, “Platypus2”, “Platypus3”, etc. just won’t cut it. 

In order to try to make each password unique, many people will use different names combined with birthdates.  It’s not uncommon for a man to have “Pamela823” (his wife and her birth date, August 23) for one site, then choose “Henry312” (his son and his birth date, March 12) for another site.  A problem could arise, however, if that man signs on to Facebook using a public hotspot and is hacked.   Once the hacker knows the Facebook password, he could look to see the names and birthdates of the spouse and children.  So, if the Facebook password is “Pamela823”, this hacker will try that same password for an email account.  If that doesn’t work, he’ll look to see the son’s name and try “Henry312”.  Hackers are very good at what they do, so before you know it, this cyber-crook is going through your bank account.

There is a corporation in Virginia called Siber Systems, Inc., that realized how difficult it is for many people to come up with unique passwords.  With this in mind, in 1999 they developed RoboForm, their first product with consumers in mind.  It now has worldwide users numbering in the millions.  Demand was so great that RoboForm is now available in 30 languages.

RoboForm takes your information and each time you register for a site, it comes up with a unique username and password.  You don’t have to do a thing.  The only password you need to remember is the master password from when you first used it.  So, you log on to your computer, enter your master password into RoboForm and RoboForm goes to work for you after that.  It not only generates unique passwords, it remembers them for you.  Another plus is that each password is encrypted, making it almost impossible to be hacked.

Due to the success of the original RoboForm, in 2004, Siber Systems expanded its product line with RoboForm2Go.  This portable version of RoboForm is on a USB flash drive that you plug into your computer.  No matter where you travel, you will have RoboForm2Go with you.  Not only that, it will work in your native language.

RoboForm is the perfect solution for creating unique passwords and then remembering what they are for each site that you visit.  It is a great tool for keeping you safe when you surf the Net.

To add even more protection to your Internet surfing, you should use a proxy server from a reputable company.  Please take the time to visit Privacy Partners and take advantage of the FREE trial offer.  You will be glad you did once you see how safe you feel knowing that you can surf the Internet from anywhere knowing that every time you connect, your information is encrypted.

So, You Think You Can’t Be Hacked?

I’m a Customer Service Representative at Private Proxy.  Every day, I speak with people about Internet privacy issues.  Most of the people I speak with feel that they cannot be hacked because they are careful.  They know all about identity theft, but are sure that it won’t happen to them.  That’s when I ask them if they ever use the free, public WiFi in hotspots like Starbucks and Panera.  I then tell them how they can be jeopardizing their Internet privacy by giving them this example:

You are in a store making a small purchase and your credit card is denied.  You don’t think anything of it, and swipe another card.  That one, too, is denied.  Now you start to wonder what’s up, so you call the credit card companies.   When you speak to Customer Service, you are told that your cards are maxed out.  These cards aren’t used that much and you always pay your bills in full as soon as they’re due, so how could you be maxed out?  You ask for copies of your transaction reports so you can see where the problem is.

You get your reports and, sure enough, not only are the cards maxed out, they are each over the credit limit!  Big problem!  As you look at the transactions, you see purchases made in stores you never heard of.  These purchases include gaming systems, computers and flat-screen TVs.  There was even a vacation at a Tahitian resort on there.  None of these purchases were made by you, so you call the card companies again and cancel those two cards.  Just to be on the safe side, you also cancel your other credit cards and bank card.

For the life of you, you can’t understand how this could be happening.  After wracking your brain trying to think of when you last used these credit cards, you remember that a couple of weeks before, you used both cards shopping on-line while you were taking your lunch hour at Panera.  Since this is a free public hotspot, everyone can use it.  Because it’s for the public to use, the data stream isn’t encrypted, so anyone with computer knowledge and the right software can intercept your data stream and get hold of your username, password and credit card information.   Mystery solved, but how do you stop it from happening again?

Well, for starters, you should download our Internet Privacy Guide.  When you read this, you will learn how your identity can and will be stolen.  When you learn of all that could go wrong, it would help you tremendously to take part in our FREE trial of Private Proxy.  It’s very easy to understand how the product works and it’s also easy to use.  You will have a choice of many servers, all using encryption to keep your data safe from cyber-crooks.

Protect Your Internet Identity!

Fighting Cyber Crime the Better Way

As the use of mobile devices becomes more popular, the number of cyber crimes also increases. The internet can now be accessed by almost anyone who has a smartphone or other digital device. This worsening scene has made law enforcers look for more inventive ways of combating these criminals. The usual strategies alone cannot be effective against cyber crime. It needs a good deal of initiative, coupled with technology, in order to take a good stand against cyber criminals.

In California, a new special eCrime Unit is now catching and prosecuting internet crooks. This is a team created by the State’s Attorney General and, is comprised of 20 attorneys and investigators. It uses modern techniques to target criminal activities like email scams, piracy, child pornography, online fraud, and others. Many people have been, and are still being victimized by cyber crime, or e-crime, both online and off.

The unit has already solved one case and put a man in jail who was found guilty of hacking email and Facebook accounts. What he usually did was to break into an account, and he would then intimidate its owner by threatening to expose embarrassing pictures. Another case involved a criminal group whose main activity was using card scanners and hidden cameras at ATM machines to steal passwords and other sensitive account information.

Knowing that the internet is very important to the economy, to individuals, and to businesses, these criminals are not lacking in victims. From offline, their operations shifted online to steal very important information from individuals and groups. The year 2012 is seen to be a year of battling against online criminal activities. The past year proved to be problematic in terms of scams; this year will give rise to other types of online crimes.

More systematized and focused internet crime fighting activities will be delivered by the new eCrime Unit. According to the Attorney General, California would like to set a new trend in going after cyber criminals and prosecuting offenders. They will make sure that internet technology is useful not only to online criminals but more so to law enforcement agencies.

Image: chanpipat / FreeDigitalPhotos.net

Still on Health Record Breaches

The number of hospitals in the United States that are adopting electronic medical records is continuously growing, but according to a study from the Ponemon Institute, insufficient funding for security has also triggered a surge in patient data breaches. A recorded 32% increase in data breach incidents from 2010 to 2011 tends to support such a claim. Hospitals say that there should be enough funding from the agency concerned in order to ensure patient privacy.

Converted into cost, the health care industry lost an estimated $6.5 billion just last year alone. Nearly one-half of the health organizations that were surveyed said that the major cause of this was lost or stolen devices. The survey included 72 hospitals and health care providers, but the names of the organizations were kept private.

Observers see that the condition is getting worse, mainly because security seems to not be given any major importance. They also anticipate that it will not get better given the policy of providing incentives to doctors and hospitals that implement digital health records. More patient records will be exposed to theft with the compensation budget that reaches up to $27.4 billion. Health care organizations then rush to speed up health records, but there is no corresponding needed security.

Another study showed that more than 50 percent of the organizations surveyed blame insufficient funding as the reason for such breaches. There are existing data breach notification laws that order organizations to report to the Health and Human Services Department those breaches that involve more than 500 people. The agency then makes a list of those affected and posts these violations on its website.

There are laws on federal privacy that health care providers and employer-sponsored group health plans are obliged to comply with. These laws require periodic audits to be conducted by the Health and Human Services Department. This is to carry out security risk reviews and assess security and breach notification policies. This mechanism ensures that organizations have their privacy, security and breach notification policies in place.

Image: Salvatore Vuono / FreeDigitalPhotos.net

Anti-Hacking Laws Must be Updated

Lawmakers are busy looking into the 1986 anti-hacking law primarily because it no is no longer up to date with the current online “culture”. Without the needed changes, the law would punish even innocent web surfers. But those concerned with its updating are very careful because changing the penalties might not sink the law’s teeth in legitimate criminals. Revising the Computer Fraud and Abuse Act should not set aside the civil liberties of users while seeing to it that cyber-criminals are prosecuted.

One important revision that has to be made is in the power of government to penalize users who violate a website’s terms of service agreements. A law school professor openly said that the present state of the law is harsh. He added that it threatens the civil liberties of Americans who simply give false information on Facebook and other sites.

The professor gave some typical examples in his written testimony of how millions of users give fake information. He wrote that a user could be held criminally responsible for simply writing that he goes to the gym every day when in fact, he goes there only once a month. He added that the millions of users who supply false information about their height, weight or age could be considered criminals. He also mentioned a study that suggested 8 out of 10 users provide false information in their profiles. Incredible, but there are millions of Americans out there who are cyber-criminals!

One critic deemed it necessary for lawmakers to spell out what the law actually means, particularly with the phrase “exceeds authorized access”. This will set the limits of employers to penalize those employees who break terms of service agreements. The same critic also said that the revisions should make those federal employees who are handling confidential information answerable.

Such initial steps and suggestions would narrow down the prosecution threats to those breaches committed by government employees. A letter was co-signed by organizations that have been known to protect consumers and citizens. They laid down their common concern of defending people who break site service contracts by “accident”.

Online Job Hunting Scams

You should read about these phishing scams that you might run into, so you could have the understanding on how to handle them. If you want to find a job online, be cautious of those that encourage you to send personal information. There are many online criminals that hide behind legitimate job sites just so they can appear legitimate too. Some of them will use familiar-looking logos and convincing words that could attract your attention. The truth is that they will only lead you to fake websites that appear to be owned by legitimate companies.

Aside from asking for personal information, another method of operation is charging fees for services that they do not really provide. Many people have been victims of this kind of scam where they paid for services that are nonexistent. This idea of online fraud is so effective that more victims are coming forward to present their complaints. These criminals are not easy to catch because they “close down” their operations after a while and then leave without a trace.

If you are an online job seeker, it would help if you bear in mind these few tips that would help to protect you. Do not give any personal information unless it is related to work. Be alert when a prospective employer asks for your social security number, date of birth, home address, etc. It is strongly advised that you should not give out this kind of information over the phone, through email, or via fax.

It is said that your resume is one of your most valuable “assets” in job hunting. It carries with it such vital information about you that it has to be kept private. Never give away your resume unless you have a compelling reason. When posting your resume online, opt for a job site that has a clear privacy policy. Choose one that validates recruiters before permitting them to gain access to your records.

It is a good practice to verify a prospective employer or recruiter. Look for the company’s contact number and find out if it really exists. If you find it necessary, you can even visit the company yourself during regular work hours. Only after verifying the company’s legitimacy should you give consent to a background check if they ask for one.

Image: photostock / FreeDigitalPhotos.net

Fake E-Card Scam, Beware

Have you noticed that more users are becoming victims of phishing scams? New phishing scams crop up whenever there is an event that is getting the attention of a large number of people. It could be a natural disaster, an election, or even developments in the world financial system. It is best to make yourself aware of how scammers entice their victims to give in to their tricks.

Beware of fake e-cards, especially during the holiday season. In reality, these e-cards may be a phishing scam, spam, a spyware installer, or a virus. E-cards are links that are sent to you, which you can click on to open the “greeting card”. Needless to say, once you click on the link, you are actually opening the “website” where your greeting card was created. This is where the danger of downloading something that could be very destructive is.

So how do you avoid fake e-cards? More often than not, scammers send fake e-cards using reputable companies in order to appear more convincing. On your end, you must be alert to recognize the sender of the e-card. If you do not know the sender, do not trust the e-card. If you are familiar with the company that sent it to you, it is obvious that you have your own way of telling that the email is not a fraud.

You must check the display name and the sender’s email address. When you are in doubt as to the sender or the intent of the email, never click on any links. Most importantly, do not download anything, even if the source seems legitimate. When it comes to a file attachments, do not open or download any attachment unless you are sure of its origin.

In case you happened to open a seemingly legitimate website that has an end-user agreement, take the time to read all of it. Of course, it will take a lot of time to read all that fine print, but it is a must. You might be agreeing to install something that you do not want, like spyware.

Here Comes the New Privacy Threat

A new security risk was discovered and has roused concerns among smart phone users. Security researcher Trevor Eckhart posted a 17-minute video which gave details of unknown software that is installed. It was shown that this software can log numerous details about what the user does with his or her mobile device. The software, particularly known as Carrier IQ, logs all text messages, Google searches and phone numbers entered in by the user. This data is then automatically reported to the mobile phone carrier. In addition to this, the software can log the URL of websites searched by the phone owner, even if he or she is using “https” URLs that encrypt data.

There are several mobile devices running on Android operating systems that come with the software installed by default. Eckhart said that it operates without being noticed or without the user’s knowledge. He added that even if the user does become aware of it, the software cannot be stopped. It is the kind of software that is often used in malware and Eckhart called it a “rootkit”.

When Eckhart was able to get hold of the training materials posted on the software’s website, he was able to discover more about Carrier IQ. Thinking that the company might take the files offline, he immediately copied these training materials. He was correct because the said files became unavailable shortly after he posted his analysis online.

A cease and desist letter was sent by the company to Eckhart, claiming that he infringed on copyrights by publishing its training manuals online. The company also claimed that his allegations about the software were vague and false. Furthermore, it demanded that the researcher turn over all the contact information of all those who obtained copies of the files.

In addition to this, Carrier IQ demanded that he replace his analysis with a statement renouncing his research. The company even drafted the statement for Eckhart and sent it to him so it could be posted. The company was bent on taking legal action against the researcher. However, Eckhart found support from the digital rights group Electronic Frontier Foundation, or EFF. The company then decided not to proceed with the actions.

Image: jscreationzs / FreeDigitalPhotos.net

Smart Phones for Financial Transactions

Internet technology has made financial transactions easier and more readily available. Businessmen have extensively used the internet in their dealings. They are no longer confined to their offices in order to communicate with clients. More importantly, they can complete their financial transactions even during business travels or vacations. They no longer have to make frequent visits to the bank or have face-to-face meetings with their associates.

In earlier days, most of these transactions were done using desktop computers. Later, laptops and notebooks became more popular and transactions were made even more convenient. They can effortlessly keep track of their financial records from almost anywhere. Today, smart phones are slowly gaining popularity among businessmen. It used to be that these gadgets were used mainly in social networking, more particularly Facebook and Twitter.

A recent survey showed that the number of people using their smart phones to transmit personal and financial information is increasing. These pieces of information are uploaded mostly for online banking, shopping or social networking. There are about 17% of smart phone owners who use their device for money matters. This fact has called the attention of online criminals who take advantage of these circumstances to make money at the expense of businessmen.

Observers have said that accessing the web with the use of a mobile device is both fun and time saving. Obviously, criminals are also on the lookout for every opportunity to see how they can fit their activities into the situation. That is why it is very important for businessmen to remain vigilant. There is a new modus operandi by online criminals that is hidden in the guise of “the good guy”.

The recent rise in demand for smart phones and mobile and web applications has given online criminals the right signal. They are now using malicious software, or malware, in order to take control of users’ accounts. Hiding behind online application stores, these crooks would entice smart phone users to download rouge apps. A user does not notice that he is also downloading a program that would allow the criminal to take control of his or her phone. The rouge app would allow the criminals to eventually gain access to all personal and payment data stored on the phone.

Smart phone users have to be very careful when deciding to use their devices for accessing the web. Moreover, they should be selective about applications that they are going to download. They should learn lessons from those who were surprised when they saw their monthly bills. There were some who were made to pay for premium calls that they did not make. After all, smart phone users are expected to be smarter than online criminals, right?

Image: jannoon028 / FreeDigitalPhotos.net

The Philippines and Cyber Crime

The Philippines should not waste any time in implementing its cyber crime laws that would successfully deter organized crime syndicates. A top Philippine National Police (PNP) official disclosed recently that the country appears to be a favorite refuge for these cyber criminals. The groups have been known for their involvement in cyber pornography, illegal online gambling, cyber sex dens, credit card fraud, and identity theft. The official added that criminals find it easy to be one step ahead of the “weak laws and poor technical know-how of law enforcers”.

It was reported that cyber crime mafias, who are mostly foreigners, are increasingly making the Philippines their base of operations. The top official admitted that the PNP at present has no organizational and technical capability to battle cyber crimes. Syndicates use modern technology, while law enforcers lag behind in terms of training and equipment. To remedy the situation, he asked for support for urgent organizational and technical capability improvement where such is needed.

The detention of a foreign national hacker in the country uncovered the existing network of cyber crime. There are mafias working behind the scenes of illegitimate online gambling and credit card fraud operations in the country. The activities of these groups seem limitless as evidenced by the fast expansion of their circle of influence.

A 38-year old Korean national hacker was arrested by the Anti-Transnational and Cyber Crime Division of the Criminal Investigation and Detection Group (CIDG). His name is included in the file of those wanted by Interpol for large-scale internet fraud. His group has already hacked the servers of the Philippines’ top telecommunication companies. Further investigations exposed that the group has already invaded the accounts of some private corporations.

Although the CIDG made seven successful raids of the group’s illegal online casinos, the capability of the country to oppose cyber crime has not improved. The situation is aggravated by reports that Filipinos are being used as “e-mules” for transnational money laundering and credit card fraud operations. It seems that cyber criminals can avoid Philippine laws so effortlessly that they choose to build their safe haven there more than anywhere else.

Image: chanpipat / FreeDigitalPhotos.net

Safety Tips for the Holidays

The Christmas season is just around the corner and holiday shopping has already started. Retailers consider this part of the year as the best time to make profits. Identity thieves also find this season the most opportune time for them to make lots of money. Here are some tips to keep the thieves away and to see to it that they do not enjoy the holidays at your expense.

When making payments with the cashier, be alert of skimming. Open your eyes as the store clerk takes your card and swipes it through a device by the register. Be sure that that the machine is really the credit card reader and not something else. There is a device used that allows a thief to copy the information from the card’s magnetic strip and take away your information. Needless to say, purchases can then be charged against your card.

Compared with debit cards, credit cards are more secure and protected. When using a credit card, you can be safer if you use the same card for all of your holiday shopping. This will make tracking your every transaction as well as finding any suspicious activity easier. The best thing to do, of course, is to use cash because none of your personal information is associated it.

When using more than one credit card for your purchases, make sure that you regularly check each card’s activity. Check if all transactions that appear were made by you. If you find any discrepancy, do not waste a minute in contacting the card issuer so that you can file a dispute on the charge.

Thieves can also do some ATM tricks to carry out their actions. Follow the security and safety instructions that can be found posted on ATMs. Some thieves can manipulate a machine so that the card can be captured inside it. If this happens, be sure not to leave without reporting the matter to the bank or to any authorized ATM representative. The thief might just be watching, waiting for you to go, so he or she can get the card, stealing your PIN by using a small, previously hidden camera.

Look for secure websites when doing online transactions. One with the “https” in its URL address is secure. This assures you that your personal information is treated with care. Using special technology, your personal details cannot be stolen by computer hackers. It is best if you set limits to the amount of personal information that you provide online. The less personal information you upload, the less you become vulnerable to identity thieves.

You can enjoy your holiday shopping any way you want it, just always keep in mind that identity thieves are always “around the corner”. Do your best to stay safe and secure and get the best use of your money.

GPS Technology and Privacy

Many users need not worry about privacy risks if they know what to do. The new GPS technology enables people to find their way through unfamiliar places. It is a tool that assists people in finding a restaurant or an ATM in town. As a tracking tool, privacy issues regarding GPS use have been raised. This technology is now being integrated in most models of phones and cameras. Users enjoy its features, from simple photo taking to sharing of information on the internet.

The concerns center on the risks involved with anybody being able to locate a user by accessing his or her cell phone data. Nowadays, phones can store data on the whereabouts of a person, specifically location. The phone owner’s location data can be easily mapped – where he or she had been for a period of time - with the aid of Google maps.

EXIF data, which means Exchangeable Image File, is used to store photos in GPS-enabled phones or cameras. This new annotation is embedded in almost all present-day cameras. By using EXIF, information such as shutter speed, F number, exposure compensation, ISO number, date and time the image was taken, and other information, can be stored. These however, are just information about characteristics of the stored data and do not pose problems on privacy. It is the capability of some cameras using EXIF to store GPS information on the photo that raises the concern.

Apple and Google have made public their opinion on the privacy issue. According to them, users should not pass on the responsibility of protecting their privacy to others. Even if the technology is there, users still have the final decision of whether or not to use it. Users can simply disable or enable GPS features in their phones. Google also made clear that identification numbers of each phone signal cannot be traced to a specific handset. Google assigns a unique signal for each handset as part of each policy.

Taking this premise, some groups of users do not buy the idea of not using GPS features. They say that GPS is such a useful technology that a user can make good use of it. Also, the latest apps are mostly location enabled. Not using this technology may put a user in a more disadvantaged situation.

What users can do is pressure phone manufacturers and lawmakers to set limits on the use of GPS data. On the other hand, the government should move faster in order to catch up with the fast-changing technology. Meanwhile, users must be responsible enough to protect one’s own privacy.

They can do this by setting reasonable limits on the sharing of data online, especially with GPS enabled photos. One should use his or her intelligent discretion regarding when to share photos on any website, especially social networking sites. This will make one in better control over his or her privacy.

Image courtesy of :

Image: graur razvan ionut / FreeDigitalPhotos.net

Protect Yourself From Identity Theft

Identity theft has been plaguing the Internet. People are concerned about how they can protect themselves from this threat. While some technologically adept ones could by themselves find means to do so, many would still depend on experts for advice. Plain internet users are always in danger of losing their identity. This results to numerous possibilities of problems that could be avoided only if they knew how to protect themselves.

Darrell West, vice president and director of both Governance Studies and the Center for Technology Innovation in Washington, is an expert in this field. He has given advice to people about how they can protect themselves in the digital world. He has also written articles on subjects concerning political, policy and legal challenges raised by digital technology.

He has detailed some of the logical ways to maintain online protection. The best according to him is “choosing non-obvious passwords” and using different passwords for different accounts. One should not use his or her partner’s name, date of birth, hometown, and other obvious personal information. Clearly, these data are now online, contained in social networking or other public sites. Data miners could simply do some tricks and they could steal one’s identity.

As to the choice of websites, West recommends that one should read first the site’s online privacy policy. Try to discover whether or how that website will employ information. Be particular with how cookies will be used for tracking visitors and what the company does with information. Find out whether the company sells information to other vendors. One should see a very strong policy that protects consumer interests for the site to be trusted.

Consumers can also protect themselves against companies that gather information on users’ browsing history. Many sites track internet browsing history by the use of cookies. The best thing to do is not to accept cookies when prompted. Another way to do this is for the user to go into the tool history of his or her internet browser and delete cookie tracking. As much as possible, one should use the most recent version of an internet browser.

With regards to internet privacy laws, West recommends that legislators should update the rules which are no longer applicable or are outdated. Some laws were written before the advent of the internet, even before that of social media and other new digital platforms. It would be easier for law enforcement to police the digital world and guard people against identity theft with updated laws.

Image courtesy of:

Image: Salvatore Vuono / FreeDigitalPhotos.net

Facebook Should Drop Its Plan

With Facebook’s pronouncement of their plan last January, users are worried and threatened as to their online safety. The company has just made open that it plans to permit third-party developers to gain access to users’ information. It was made clear that Facebook would only limit their permission to home addresses and phone numbers of users. At first it would show that there is nothing to be bothered about “letting loose” of such information. Others would not even lift a finger over the issue.

Many groups and some individuals have raised fears, asking Facebook to discontinue its plan. Some even wrote private letters to CEO Mark Zuckerberg advising him to shelve it. The subject seems to be so critical that it has started a huge movement rejecting the plan. Even those users who know less about identity theft have also expressed their alarm. Behavioral tracking is becoming more and more widespread. Many data marketing companies have accumulated much money out of data that they have secretly gathered. However, with Facebook’s arrangement of “freely” giving out user data, these companies do not have to “hide” their covert activities. On the other side, users will be open and defenseless targets of people who could harm them.

It may be good information to recognize what could be done with a user’s phone number and home address. Anybody with ample knowledge on data mining techniques would know that these two hold more than that information. These would open to other user information such as date of birth, e-mail address, or even estimated income. An identity theft could mine practically all other data he would need for his or her hidden agenda. The thief could apply for a loan or credit card in the name of the unsuspicious Facebook user.

New technologies have enabled families and friends all over the world to be in contact. One after the other, growth of these technologies has also made it easier to share data and information. Alongside with these, people have become not careful in uploading their personal data without thinking of the consequences. Then technology that allowed third parties to secretly “steal” data over the internet became fully developed. This gave rise to a dilemma that users have to fight against, or just to live with – the problem of privacy.

So much personal information has been made available into the hands of big companies and third parties. Facebook holds tens of millions of this data. Pushing through with its plan would not only put in danger their direct clients. It would include their customers’ friends and families whose data are also “attached”. To prevent such disaster and to protect its users, Facebook should undo its plan.

Image courtesy of:

Image: ntwowe / FreeDigitalPhotos.net

Ohio Woman Sues County Clerk After Identity Stolen...

With recent blog posts about the Virginia Watchdog and PulaskiWatch, it was only a matter of time before someone had their identity stolen due to the negligence of county clerks posting sensitive information. Computerworld reported on a Ohio woman suing the county clerk after her identity was stolen. An image of a speeding ticket, containing her personal information, was posted on the county website.

Originally, the case had been dismissed and Cynthia Lambert was out of luck. Her identity had been stolen and there was nowhere else for her to turn. That is until last week, when she was told she could reinstate her legal claim. Greg Hartmann, Hamilton County clerk of courts, violated Ohio's Privacy Act by posting such sensitive information about Ms. Lambert on the county website.

She received the ticket in September of 2003, and had her name, Social Security number, driver's license number, address, birth date, and signature. Having all that information easily accessible to anyone with an Internet connection definitely makes an Identity thief excited. With all that information, especially the Social Security number and signature, an identity thief can open up new lines of credit or take out loans with no risk to their own credit if he or she defaults--which usually happens.

Within a year at least two major purchases had been made in Ms. Lambert's name: $8,000 worth of electronics from Sam's Club and $12,000 in purchases from a Home Depot credit card opened in her name. Both of these purchases were made by showing a driver's license...more specifically Cynthia Lambert's driver's license. The kicker here is that the number on the driver's license used was one digit off from her actual license number. This was done in error by the officer who gave Ms. Lambert the ticket, and when the image of the ticket was posted it had the error as well. In addition, a woman caught for identity theft admitted to being part of a ring of thieves who use county websites to gain information used in the crimes.

The overturned ruling noted that while the county clerk did not act maliciously or break any laws by posting the speeding ticket, laws were broken because the Social Security number was kept in the image of the speeding ticket and published online.

This seems like a no-brainer to me. She has cited specific evidence to show her identity was stolen directly because of the county clerk's unwillingness to redact personal information. States such as California and Florida have made it illegal to post personal information and mandatory to redact data. While posting these records does make some sense, especially when a company needs to find information on a person for the purposes of opening a line of credit and such, there is no need to have Social Security numbers and signatures posted on a public forum. It is just as naive to assume the information is safe as the CEO of LifeLock putting his real Social Security number on TV and assuming no one would steal it. You are asking for trouble either way...

Arkansas Man Posts County E-mail Records

Computerworld reported that an upset Arkansas man has posted sensitive information on his website, PulaskiWatch. The information was found via public records and consisted of e-mails between nine government officials, including the county clerk. This privacy issue may seem a little familiar as the Virginia Watchdog (which, coincidentally, does not seem to be working) also posted sensitive information on government officials in Virginia.

Bill Phillips, the creator of PulaskiWatch, did this to prove a point to the county officials who had posted circuit court records containing Social Security numbers, bank account numbers, and images of voided checks. Phillips' retaliation consisted of searching thousands of e-mails, mostly with office-related communications, on the Internet and posting his findings. Some of the e-mails that Computerworld had access to discussed sensitive topics, such as: appropriate salaries for two recently demoted employees, and a woman who had quit because of safety concerns (there was a stranger roaming the parking lot). Phillips also posted every county clerk employee's name, date of hire, and salary. He focuses his retaliation on the county officials and does not seem to be posting the sensitive information. Having them on the Pulaski County site once is already bad enough. And by the way, students working on the elections will be making $7.50 an hour. Yes, I did find that in one of the e-mails.

While this may seem like an invasion of privacy, and limits a person's privacy rights, the important thing to notice is that both Pulaski Watch and Virginia Watchdog had found their information publicly. They did not have to buy records from a secretary or bribe a judge like in The Sopranos. All they had to do was search their local county government website and perhaps even Googling someone's name. Phillips has agreed to remove all the sensitive, yet legal and public, documents from his website on the condition that County Clerk Pat O'Brien removes the documents with sensitive information. It seems like a fair trade off to me. Your private e-mails will be removed once the residents all have their personal information removed, and hopefully identity theft won't be on the rise in Pulaski County.

The county has already faced this issue once, when it was forced to remove personal information from real estate records. O'Brien stated he won't remove the court records, and even if he wanted to only the Arkansas Supreme Court can give instructions on blocking out Social Security numbers. O'Brien said he would remove the records, but the software used for real estate records can't be used on court records. Too bad, so sad Pulaski County..

More Social Security Numbers on the Web...

Betty Ostergren, a privacy advocate that posts Social Security numbers she found on the Internet, has been given the thumbs up by a federal judge in Virginia. Computerworld reports that the state government can not stop her from posting the Social Security numbers on her website. At first glance, this privacy issue should enrage a lot of people. Knowing she has your personal information and is posting it all over the Internet would upset a lot of people; but how did she find this information in the first place? She got the information from the Internet and public records. The privacy advocate did this as a lesson, and to start a campaign to show people just how easy it is to find sensitive information about them.

She won the case and it was ruled that she should not have to remove the Social Security numbers from her site since she legally obtained them from public records. While the memorandum does not set a precedent, it is the first step in truly realizing how much we take our Internet privacy for granted. Ostergren's website, The Virginia Watchdog, presents privacy issues that arise from the government posting personal information on websites. Over the past few years she has repeatedly shown that Social Security numbers have been posted and little has been done to protect personal information.

I can agree with what she is doing. She did not seek out the information from private sources or use illegal methods, she used the Internet and the public sector. Everything she found was attained from government documents that did not conceal the ultra-sensitive information. With the already astonishing number of identity thefts every year, I don't see how the government posting such private information can help. How about a permanent marker and two seconds to hide the information? Problem solved... Ms. Ostergren also posts the information of high-profile officials, such as former Gov. Jeb Bush, former U.S. Secretary Colin Powell, and some local Virginia officials. I guess it really strikes a nerve and makes them care when their information is up there, and not just the information of the huddled masses.

Sarasota Students' Personal Information Posted on the Internet

Recently reported by the New York Times and the Herald Tribune (Sarasota's local newspaper), a little bit more than 88% of the 38,500 students in the Sarasota school district had personal information posted on the Internet for nearly two months.

The school district has a contract (for now) with Princeton Review to maintain a database of Sarasota County Planning Tools, to help teachers develop tests and keep track of students' grades. The information, which contained students' names and school ID numbers (which in some cases were Social Security numbers) from this database was accidentally posted on the Internet for two months before it was finally removed this past Monday. Along with names and ID numbers the information also included students': birth dates, sex, ethnicity, disabilities, and standardized test scores. The files were able to be found by using a search engine and Princeton Review claims the files were released when the company recently switched ISPs.

Sarasota students were not the only ones affected by this mistake, Fairfax, VA. students (nearly 74,000 of them) had their information posted on the Internet as well. The company was hired to measure student performance and nearly got 74,000 students' identities stolen. Hackers could have had a field day with this information--but if we recall correctly from a previous Identity Theft post, it usually takes the Identity Theft victim three months to realize something is wrong. In the case of a young student that has no need to check their credit ratings; it could be even longer.

The article hints around as to who is to blame here. Of course Princeton Review is at fault because the security of their system and website has been compromised and over 100,000 students had their personal information sitting on the Internet for two months. Not to mention that with the world wide web, nothing that has been posted can truly be deleted--some cached record may be sitting on a server with the information.

Is the school board to blame as well? Would they need to compile this massive database of personal information if standardized tests weren't stressed as the focal point of a student's education? While I am not trying to start a debate as to the validity of standardized tests, it is just an interesting subject to touch on. What happened to the days where teachers logged the information in their grade books? Is it necessary to have a massive database with every bit of information about a student? These are all questions that the school board will be answering when deciding whether or not to keep Princeton Review's contract.

In this case I would say protecting personal information trumps the ease of sticking everything on some site to analyze the students performance. It is great for parents, students and teachers to have access to this information so they can all keep track of performance and make sure nothing is wrong. Is the risk of having this happen again worth it? Do students even get and interim reports and report cards anymore? I remember that being a pretty good gauge as to what I needed work on.

Identity Theft Resources and Tools for Victims

While we write blogs and update our site with useful tools and information to protect your Internet privacy, 84 million people a year fall victim to identity theft. With fraud totals reaching $49.3 billion in 2007, it is very important to take the first step and proactively find ways to keep your information private. We provide blogs, articles, and products that protect you, but the 84 million people a year who have fallen victim to identity theft have little help or support.

Many victims find out within three months of the theft...that means the person who stole the identity has had a three month head start on spending your money and opening up false accounts. This fact, along with the fact that the average identity theft victim can spend 330 hours repairing their credit, shows that ID theft is a dangerous crime. 330 hours = roughly 13 full days. That means a person can spend 13 24-hour days (or 41 8-hour work days) trying to fix the damage from ID theft. The FTC has created a section of their website that contains tools and information for the victims of identity theft so they can begin the rebuilding process as quickly as possible.

If you are the victim of identity theft you should do these four steps immediately:

1. Review your credit reports and place a fraud alert (or extended fraud alert) with the credit bureaus.
2. Close the accounts that have been tampered with or opened fraudulently.
3. File a complaint with the FTC.
4. File a police report.

This is the shortened version of the list, but these are the steps you should follow to ensure the situation is dealt with asap. The following tools for victims of identity theft will be useful in conjunction with the four steps:

• You must always keep a log of your actions and findings when gathering information from an identity theft. The FTC has provided a "course of action chart" to help you keep detailed information for your reference.
• FTC ID Theft Complaint form. This form found on the FTC's Consumer Protection page can be combined with the police report to create an Identity Theft Report, helping victims get the ball rolling sooner and recover quicker. The report is used to block fraudulent information from appearing on your credit report, and prevent companies from collecting debts due to an identity theft.
• ID Theft Affidavit (pdf). This form is less detailed and does not offer as much protection as the Identity Theft Report, but is still a very useful tool to have. The eight page document must be filled out in order to absolve you of any debt incurred due to identity theft, or to gain access to the information a company has on the identity thief they dealt with.
  
• Victim's Statement of Rights. This statement details your rights under federal law (and also has a link to state resources).
• You will have to write many letters to credit card companies, banks, and other companies that have been used during your identity theft. The FTC provides a list of sample letters for various purposes that are useful and time saving tools (note: Word documents):
• Requesting fraudulent transactions or account information
• Requesting credit bureaus to block fraudulent information from appearing on your credit report
• Disputing charges on an existing account that has been tampered with
• Disputing charges on an account opened by the identity thief
• Law Enforcement(pdf) cover letter that should be attached with your FTC Identity Theft Complaint

These tools will help the identity theft victim reduce the number of hours and the amount of effort needed to resolve an identity theft. Of course always remember the best offense against an identity theft is a great defense!