ScamSafe

The Network Advertising Initiative Opt-Out Tool was developed for the express purpose of allowing consumers to "opt out" of the behavioral advertising delivered by NAI member companies.

The companies that provide advertising for Websites typically gather data about consumers who view their ads. Often, that data is anonymous - linked only to a numbered "cookie" on a user's computer (a cookie is a small file of data that is stored by websites on your computer through your web browser). Advertising networks collect and analyze this data to make a variety of inferences about each consumer's interests and preferences. The result is a profile that attempts to predict the individual consumer's tastes, needs, and purchasing habits. That profile enables the advertising companies' computers to make split-second decisions about how to deliver ads directly targeted to the consumer's specific interests. The Network Advertising Initiative (NAI) refers to this practice as "Online Behavioral Advertising" or "OBA."

These third-party advertising companies employ cookie and 1x1 pixel.gif (web beacon) technology to measure and improve the effectiveness of ads for their clients. To do so, these companies may use anonymous information about your visits to many websites. This information can include: date/time of banner ad shown, their cookie, and IP address among the data that is collected. This information can also be used for online preference marketing purposes. Information about your visits to such Web sites may be used to provide ads about goods and services of interest to you (or that they think are of interest to you based on your past web browsing).

Using the Opt-Out Tool, you can examine your computer to identify those member companies that have placed an advertising cookie file on your computer. To opt out of an NAI member's behavioral advertising program, simply check the box that corresponds to the company from which you wish to opt out. Alternatively, you can check the box labeled "Select All" and each member's opt-out box will be checked for you. Next click the "Submit" button. The Tool will automatically replace the specified advertising cookie(s) and verify your opt-out status.

Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your Web preferences and usage patterns.

The opt-outs are specific to every browser so you must run the tool for every browser you use. The opt-outs will only remain in effect as long as the opt-out cookies it places into your browser's storage still exist. So if you get a new computer, uninstall your browser or delete all the browser cookies, you will have to run the Opt-Out Tool again.

Network Advertising Initiative Opt-Out Tool |  FAQ

The new preview version of AOL Instant Messenger raised privacy concerns for us when it was first introduced, first because it started storing more logs of communications and second, because it apparently scanned all private IMs for URLs and pre-fetched any URLs found in them. We met with AOL to discuss how these features work and why the company should take greater care with your data, and we’re happy to say that AOL is promising to make some important changes as a result, especially in response to our second concern.

However, we still recommend that AIM users do not switch to the new version, as it introduces important privacy-unfriendly features. Unfortunately, AOL's moves are in keeping with a general trend toward more pervasive cloud-based services in which your personal chat data is centrally stored in plain text and an easy target for law enforcement and criminals. This shift toward central logging is troubling in many situations, including in chat.  

Conclusion

We appreciate AOL's willingness to discuss these changes with us and we're extremely pleased to see AOL taking some steps to safeguard their users' privacy and give better notice, which only becomes more important as the company moves toward providing more cloud-based services. Nevertheless, we think there’s more AOL should do to respect its customers' privacy and to fully inform them about, and get opt-in agreement to, these significant changes.

Bottom line: Because signing onto the new version of AIM permanently changes your account settings to log all conversations to AOL’s servers by default, we recommend that existing AIM users do not upgrade. As always, we recommend users stay safer online by using chat clients that are compatible with OTR.

More at eff.org

Better Business Bureau investigates thousands of scams every year, from the latest gimmicks to schemes as old as the hills. Our new Scam Source (www.bbb.org/scam) is a comprehensive resource on scam investigations from BBBs around the country, with tips from BBB, law enforcement and others. You can sign up to receive our Scam Alerts by email, and you can also be a scam detective yourself by reporting scams you’ve discovered. We’ve divided scams up into nine major categories and picked the top scam in each, plus our Scam of the Year. 

Top Job Scam 
BBB sees lots of secret shopper schemes, work-from-home scams, and other phony job offers, but the worst job-related scam can dash your hopes and steal your identity. Emails, websites and online applications all look very professional, and the candidate is even interviewed for the job (usually over the phone) and then receives an offer. In order to start the job, however, the candidate has to fill out a “credit report” or provide bank information for direct deposit of their “paychecks.” The online forms are nothing more than a way to capture sensitive personal data – Social Security number, bank accounts, etc. – that can easily be used for identity theft. And, of course, there is no job, either. 

Top Sweepstakes and Lottery Scam 
Sweepstakes and lottery scams come in all shapes and sizes, but the bottom line is almost always this: You’ve won a whole lot of money, and in order to claim it you have to send us a smaller amount of money. Oh, and keep this confidential until we’re ready to announce your big winnings. This year’s top sweepstakes scam was undoubtedly the email claiming to be from Facebook founder Mark Zuckerberg announcing that the recipient was the winner of $1 million from the popular social networking site. These kinds of scams often use celebrities or other famous names to make their offer seem more genuine. If you aren’t sure, don’t click on the link but instead go directly to the homepage of the company mentioned. If they are really giving away $1 million, there will be some kind of announcement on their website. But don’t waste too much time looking. 

Top Social Media/Online Dating Scam 
On the Internet, it’s easy to pretend to be someone you are not. Are you really friends with all of your “Friends” on Facebook? Do you have a lot of personal information on a dating site? With so much information about us online, a scammer can sound like they know you. There are tons of ways to use social media for scams, but one this year really stands out because it appeals to our natural curiosity…and it sounds like it’s coming from a friend. Viral videos claiming to show everything from grisly footage of Osama bin Laden’s death to the latest celebrity hijinks have shown up on social media sites, often looking as if they have been shared by a friend. When you click on the link, you are prompted to “upgrade your Flash player,” but the file you end up downloading contains a worm that logs into your social media account, sends similar messages to your friends, and searches for your personal data. The next time you see a sensational headline for the latest viral video, resist the urge to peek. 

Top Home Improvement Scam 
Always near the top of BBB complaint data are home improvement contractors who often leave your home worse than they found it. They usually knock on your door with a story or a deal – the roofer who can spot some missing shingles on your roof, the paver with some leftover asphalt who can give you a great deal on driveway resealing. Itinerant contractors move around, keeping a step ahead of the law…and angry consumers. The worst are those who move in after a natural disaster, taking advantage of desperate homeowners who need immediate help and may not be as suspicious as they would be under normal circumstances. A large percentage of BBB’s Accredited Businesses are home contractors who want to make sure you know they are legitimate, trustworthy and dependable. Find one at www.bbb.org/search. 

Top Check Cashing Scam 
Two legitimate companies – Craig’s List and Western Union – are used for an inordinate amount of scamming these days, and especially check cashing scams. Here’s how it works: Someone contacts you via a Craig’s List posting, maybe for a legitimate reason like buying your old couch or perhaps through a scam like hiring you as a secret shopper. Either way, they send you a check for more than the amount they owe you, and they ask you to deposit it into your bank account and then send them the difference via Western Union. A deposited check takes a couple of days to clear, whereas wired money is gone instantly. When the original check bounces, you are out whatever money you wired…and you’re still stuck with the old couch. 

Top Phishing Scam 
“Phishing” is when you receive a suspicious phone call asking for personal information or an email that puts a virus on your computer to hunt for your data. It’s almost impossible to avoid them if you have a telephone or an email account. But the most pernicious phishing scam this year disguised itself as official communication from NACHA – the National Automated Clearing House Association – which facilitates the secure transfer of billions of electronic transactions every year. The email claims one of your transactions did not go through, and it hopes you react quickly and click on the link before thinking it through. It may take you to a fake banking site “verify” you account information, or it may download malware to infiltrate your computer. 

Top Identity Theft Scam 
There are a million ways to steal someone’s identity. This one has gotten so prevalent that many hotels are posting warnings in their lobby. Here’s how it works: You get a call in your hotel room in the middle of the night. It’s the front desk clerk, very apologetic, saying their computer has crashed and they need to get your credit card number again, or they must have gotten the number wrong because the transaction won’t go through, and could you please read the number back so they can fix the problem? Scammers are counting on you being too sleepy to catch on that the call isn’t from the hotel at all, but from someone outside who knows the direct-dial numbers for the guest rooms. By the time morning rolls around and you are clear-headed, your credit card has been on a major shopping spree. 

Top Financial Scam 
In challenging economic times, many people are looking for help getting out of debt or hanging on to their home, and almost as many scammers appear to take advantage of desperate situations. Because the federal government announced or expanded several mortgage relief programs this year, all kinds of sound-alike websites have popped up to try to fool consumers into parting with their money. Some sound like a government agency, or even part of BBB or other nonprofit consumer organization. Most ask for an upfront fee to help you deal with your mortgage company or the government (services you could easily do yourself for free), and almost all leave you in more debt than when you started. 

Top Sales Scam 
Sales scams are as old as humanity, but the Internet has introduced a whole new way to rip people off. Penny auctions are very popular because it seems like you can get something useful - cameras, computers, etc. – for way below retail. But you pay a small fee for each bid (usually 50₵ to $1.00) and if you aren’t the winner, you lose that bid money. Winners often are not even the top bidder, just the last bidder when time runs out. Although not all penny auction sites are scams, some are being investigated as online gambling. BBB recommends you treat them the same way you would legal gambling in a casino – know exactly how the bidding works, set a limit for yourself, and be prepared to walk away before you go over that limit. 

Scam of the Year 
Yep, it’s us – the BBB phishing scam. Hundreds of thousands, perhaps millions, of people have gotten emails that very much look like an official notice from BBB. The subject line says something like “Complaint Against Your Business,” and the instructions tell the recipient to either click on a link or open an attachment to get the details. If the recipient does either, a malicious virus is launched on their computer…a virus that can steal banking information, passwords and other critical pieces of information needed for cyber-theft. BBB is working with security consultants and federal law enforcement to track down the source of these emails, and has already shut down dozens of hijacked websites. Anyone who has opened an attachment or clicked on a link should run a complete system scan using reputable anti-virus software. If your computer is networked with others, all machines on the network should be scanned, as well

Hackers released another batch of data on Thursday pilfered from Stratfor Global Intelligence, a widely used research and analysis company whose website was attacked last weekend. The data purports to be the names and credit-card numbers of people who have purchased research from Stratfor plus hundreds of thousands of user names and e-mail addresses used to register with the website.

The hackers, believed to be part of the Anonymous movement, described the data on Pastebin, then provided several links to websites hosting the information. They noted that some 50,000 of the e-mail addresses released end in ".mil" or ".gov." The data comprises 75,000 names, credit card numbers and MD5 hashes, or cryptographic representations, of passwords for people who have paid Stratfor for research.

The group also said the data contains 860,000 user names, e-mail addresses and MD5 hashes for passwords for anyone who has registered on Stratfor's website.

From IDG News Service

The Privacy Rights Clearinghouse (PRC) is proud to announce the launch of an interactive online complaint center designed to serve as a clearinghouse for consumer privacy complaints.  This builds upon our 19-year history of troubleshooting consumers’ complaints and questions regarding a wide variety of information privacy issues, including background checks, debt collection, data breaches, financial information, and online data brokers. The PRC's staff will review and respond to every complaint, providing individuals with information and strategies to address their problem.

The impetus for the development of the online complaint center was the 2009 KnowPrivacy study, conducted by graduate students in the Masters program at the UC-Berkeley School of Information as well as the Law School at UC-Berkeley. The study found that consumers are concerned about data collection and want greater control over their personal information, but don't know whom to complain to. This presents a significant challenge given the important role that consumer complaints can play regarding the shaping of public policy.

The new online complaint center acts as a clearinghouse for privacy-related complaints by offering consumers a central point of contact. Complaints submitted to the PRC will be forwarded upon the consumer’s request to the appropriate governing body. Further, by acting as a magnet for privacy complaints, our goals are to:

1. Empower Consumers. There are many avenues for consumers to voice complaints, but few that actually respond with personalized information. The PRC's staff will review and respond to every complaint, providing individuals with information and strategies to address their problem. We also offer individuals the opportunity to escalate the complaint to the media, public authorities, and, if appropriate, attorneys.
   
   
2. Educate the Public Policy Process. As an education and advocacy organization, the PRC understands the important role consumer complaints play in fostering regulatory and legislative change. The online complaint center will enable us to identify trends and publish reports on key privacy-related issues that are of concern to individuals. By sharing this information with the Federal Trade Commission and other regulators at the state and federal level, public authorities can gain a richer understanding of the consumer privacy landscape. 

The online complaint center, available at www.privacyrights.org/complaint, simplifies the complaint process into four main sections:

1. Who are you? Consumers can choose to remain anonymous or provide their name and contact information. The only information we require is the consumer's email address and state so that we can properly respond to the complaint. Contact information will not be shared unless the individual chooses to share the complaint with government agencies, lawyers or the media.
   
   
2. Whom/what are you complaining about? We ask the consumer to identify whom/what the complaint is about: a company or organization, a government agency or a person. If the complaint is about a company or organization, the site has an interactive “smart” feature that can auto-fill company information.
   
   
3. What is your complaint? Consumers have the ability to describe their complaint in detail, attach supporting documents and add "tags" to categorize the complaint.
   
   
4. Review and submit your complaint. Before submitting the complaint, consumers have an opportunity to review the entire complaint and make any necessary changes. There is also an option to print or email a copy of the complaint.

The PRC staff review all complaints and email a personalized response to the consumer within one to two business days. If the individual chooses to share the complaint with government agencies, we forward the complaint to the appropriate governing body.

The online complaint center also offers a registration feature. Those users who wish to register can login at anytime to update contact information, access previously submitted complaints, see staff responses to each complaint, and add new information to a complaint. Registration is completely optional and can be pseudonymous.

We invite you to celebrate a new year for privacy by exploring the online complaint center and sharing the site with your friends and family.  Any feedback can be emailed to general@privacyrights.org.

A BofA employee apparently leaked confidential information about his and hundreds of other customers' accounts to scammers, resulting in more than $10 million in losses. A BofA employee apparently leaked confidential information about his and hundreds of other customers' accounts to scammers, resulting in more than $10 million in losses.

More from LATimes.com

A health insurance company that provides coverage to 6 million people nationwide said Monday it is missing data servers containing the health records, financial information and Social Security numbers for nearly 2 million current and past clients.

Health Net Inc. said Monday it cannot account for several hard drives from a data center in the Sacramento suburb of Rancho Cordova.

The Woodland Hills-based managed care company would not disclose how many people could be affected, but the California Department of Managed Health Care placed the number at 1.9 million. In a news release, the department said nine server drives are missing and that it is conducting its own investigation into the company's security practices.

via www.boston.com

(Update below)

ScamSafe appears to be the first to report a serious data breach at Cord Blood Registry (www.cordblood.com). No mention has been found of this breach in the news or the Data Loss database.

The author received a notification letter as a customer of CBR dated February 14 2011.

A CBR computer and data backup tapes were stolen from an employee's locked automobile. The stolen tapes contained customer names, Social Security numbers, driver's licenses and/or credit card numbers. This is the "mother load" of personal identifying information for identity thieves.

CBR said in their letter to those effected: "CBR hired computer security experts to investigate the incident and they determined that there is no indication that the person information has been accessed or misused." This is a typical PR spin statement that companies who have suffered a breach use to make their customers feel better. Unfortunately it is, at best, meaningless. How could they really know whether the information was used to commit identity fraud? If they have a method, we're all ears.

There is no mention of the stolen computer and data tapes on the company web site or blog.

Cord Blood Registry^® (CBR^®) is the world's largest stem cell bank. The company is entrusted with storing more than 350,000 cord blood collections for individuals and their families. Headquarters are in San Bruno, California, and laboratory and storage facility is located in Tucson, Arizona.

UPDATE 3/3/11: Read the police report. The theft happened on December 13 2010. The CBR employee had the computer and data tapes in a backpack in the trunk of his car. He left it unattended at 11:35pm and returned around 15 minutes later and it had been broken into. The location of the theft is actually a large data center at 365 Main St in San Francisco.

UPDATE #2 3/3/11: This breach appears to effect virtually EVERY CBR customer (over 300,000). You can read the breach notification letter. For help call CBR at (888) 578-4480.

UPDATE #3 3/7/11: Read more about the breach at Network World and on Databreaches.net

The Better Business Bureau is asking local residents to be more careful about placing their age, birthday or other information on Facebook. They warn that users of the popular social networking site could become victims of identity theft.

The Metro Atlanta Better Business Bureau says identity thieves can guess the social security numbers of Facebook users with very little information. Fred Elsberry is president and CEO of the organization.

"The first three digits of your social security number is the zip code of where you live, or a code that says this is your hometown, so if you put your hometown in there they're going to be able to identify the first three digits."

Elsberry says identity thieves can also guess the next two digits, because they are determined by where you applied for your social security number. He says the last four digits are supposed to be random, but they tend to be in sequential order. Elsberry says those born after 1989 are especially at risk.

"The pattern is much more predictable there."

Elsberry says the good news is starting this year social security numbers will be more random. But he says if you already have one, your only option is to protect the one you've been given.

via www.publicbroadcasting.net

Credit card con-artists can be extremely crafty, something you know first hand if you've found yourself entangled in one of their scams. It's not just people on the news; many Americans find themselves scammed each year.

On this site below, you can find four examples of some disturbingly compelling credit card fraud.

See www.savings.com

The Better Business Bureau is warning taxpayers to beware of tax scams during this return-filing season.

If you get an email that claims to be from the IRS, telling you that you need to submit information for your W-2, it is a scam, the BBB advised.

The email tells the taxpayer to click on a link to input the information as part of an identity theft scam.

There are several IRS scams that make their rounds at this time of the year. Sometimes the email comes from the "Treasury Department" stating a refund or tax inheritance is waiting and the taxpayer needs to provide personal information.

Here are tips from the BBB to help you recognize a tax scam:

- If the IRS needs information, it will send a letter. You will not be asked to send information through email.

- Do not click on any links in unknown emails. It could infect your computer with viruses and spyware.

- Do not give out personal information, including Social Security number, home address and birth date to anyone who emails or calls you.

- If the email has a lot of punctuation and spelling errors, that's a "red flag" that it is probably not an official letter.

via www.courierpress.com

 The Federal Trade Commission, the nation’s consumer protection agency, has information for health care providers and insurers about how to help patients minimize the risk of medical identity theft and deal with the consequences if they become victims of it.  Here are the highlights of the FTC’s new publication, Medical Identity Theft FAQs for Health Care Providers and Health Plans: 

• How would people know if they’re victims of medical identity theft?  They could be billed for medical services they didn’t receive, contacted by a debt collector about a medical debt they don’t owe, see medical collection notices on their credit report that they don’t recognize, be told by their health plan that they’ve reached their limit on benefits, or be denied insurance because their medical records show a condition they don’t have.
• What should health care providers and insurers do if they learn that a patient may be the victim of medical identity theft?  They should conduct an investigation, understand their obligations under the Fair Credit Reporting Act, review their data security practices, and provide any necessary notifications that a data breach has occurred.
• What should health care providers and insurers tell a patient who is the victim of medical identity theft?  They should:
• advise victims to take advantage of their rights under the HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule.
•  encourage victims or potential victims to notify their health plans.
• tell victims to file a complaint with the FTC at www.ftccomplaintassistant.gov or by phone at 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261; and to check out the information at www.ftc.gov/idtheft. 
• encourage victims to file a report with local police, and send copies of the report to their health plan’s fraud department, their health care provider(s), and the three nationwide credit reporting companies – Equifax, Experian, and TransUnion.  Information on how to file a police report and reach the credit reporting companies is at www.ftc.gov/idtheft/consumers/defend.html.
• encourage patients to look for signs of other misuses of their personal information by reviewing their credit reports.  The law requires each of three major nationwide credit reporting companies to give people a free copy of their credit report each year if they ask for it at www.AnnualCreditReport.com or 1-877-322-8228.  If they find inaccurate or fraudulent information, they can visit www.ftc.gov/idtheft to learn how to get it corrected or removed.

via www.ftc.gov

Team 5 Investigates has learned that the personal information of as many as 1,300 current and former students at the Wentworth Institute of Technology was inadvertently put online.

School officials notified all affected students of the data breach, which was reported to WIT on Dec. 22.

The letter said that an "electronic file was accessible on the Institute's website that contained personal information for a group of current and former students, including full name, social security number, and date of birth. The file also included information such as allergies, medications, medical conditions and disabilities."

via www.thebostonchannel.com

The University of Iowa Hospitals has disclosed a potential data breach involving the EMRs of several University of Iowa football players. The University of Iowa Hospitals issued a statement on Jan. 28.

"Officials at University of Iowa [UI] Hospitals and Clinics in Iowa City [are] conducting an investigation after a proactive screening of the electronic medical records of 13 University of Iowa football players indicated that some of those records may have been accessed inappropriately,” according to the statement.

via www.cmio.net

The San Francisco Human Services Agency has notified approximately 2,400 MediCal beneficiaries and the federal government about a breach of protected health information, including Social Security numbers.

via www.healthdatamanagement.com

Mobile phones are the new frontier for cyber criminals, according to the latest research from McAfee. That may sound like a scary headline, but as phones have become more sophisticated, so this new development became inevitable.

Traditionally, cyber criminals have concentrated on the biggest targets, too: so for computers Microsoft has always attracted far more attention than Apple, and on mobile phones Nokia’s Symbian OS was hacked most often. Now as Android has finally begun to take Symbian’s place and the iPhone’s dominance is well established, that operating system too is being examined more closely.

via www.telegraph.co.uk

The latest consumer fraud trends suggest that financial institutions must provide increasing leadership in the fight against identity-related fraud.

According to new findings from Javelin Strategy & Research, consumers and law enforcement alike now turn to banks and credit unions for more sophisticated detection and prevention when it comes to the misuse of stolen identities to open new accounts.

In its annual Identity Fraud Survey report, Javelin finds that losses from new account fraud far exceed those associated with other types of ID fraud. Moreover, new account fraud is harder to detect.

"I think the weight of solving the problem will ultimately fall on the banks, because the criminals go where the money is. Criminals don't make money in identity fraud unless they turn it into cash," says James Van Dyke, president and founder of Javelin. "That's why it's important for banks to keep up-to-date on all of the types of fraud that are out there."

via www.bankinfosecurity.com

Don’t throw out that junk mail after your daily trip to the mailbox – a quick check could reveal an identity theft crime committed against you.

One way thieves can hit you is by using credit card confirmations with your card number – but somebody else’s name. ID criminals are counting on the fact that you won’t check your junk mail, which is exactly why you should take a closer look.

One Texas man almost learned that lesson the hard way. Don Sickel, a resident of Grayson County, Tex., told KTEN News recently that he was about to throw away his junk mail when he had second thoughts. Opening his mail, Sickel noticed that a credit card had been opened in another person’s name – but with his credit card number.

via www.credit.com

The Veterans Administration will go to extreme lengths to protect patient data, including dumpster diving, Chief Information Officer Roger Baker said in his regular press call on the VA data breach reports sent monthly with Congress

VA tracks patient food trays in its hospitals with meal tickets that include the name and last four digits of the patient's Social Security number, along with dietary information. Department policy calls for shredding the tickets when trays are returned to the kitchen, Baker said.

But the December 2010 data breach report showed that the Tuscaloosa, Ala., VA Medical Center did not follow this policy when its kitchen shredder broke down, Baker said.

via www.nextgov.com

Computer disks belonging to the state Division of Services for the Deaf and Hard of Hearing may have been accidentally discarded, and state officials are warning clients that the missing disks may include some of their personal information.

The state Department of Health and Human Services is sending letters to people who applied for services from the Equipment Distribution Service from January 2005 through December 2008.

The disks were likely taken to a landfill during a recent office renovation, state officials say.

via www.newsobserver.com

It is bad enough that many times consumers are illegal threatened and harassed by ruthless debt collectors. It appears that many debt collection companies do not perform criminal background checks on call center employees. Many of these employees have criminal records.

Even worse is the fact that many states do not require licensing or at the least background checks for debt collection employees. These collectors have open access to a consumers credit reports, bank account information and possibly other credit card information.

The state of Minnesota is one of the few states that do require criminal background checks on the collectors they employ. In the past they found that one in twelve collection employees had a criminal record, including: identity theft, rape, check forgery, and assault (source Star Tribune)

The state of Minnesota has put eight large collection companies on notice and is considering pulling their collection licenses because they have consistently failed to perform criminal background checks on employees.

The companies are Allied Interstate Inc, AllianceOne Receivables Management Inc, Bureau of Collection Recovery, I.C. System Inc, Financial Recovery Services Inc., NCO Financial Systems Inc, Receivables Management Solutions Inc, and Van Ru Credit Corp.

 

via www.statesboro.biz

The University of Iowa Hospitals has disclosed a potential data breach involving the EMRs of several University of Iowa football players. The University of Iowa Hospitals issued a statement on Jan. 28.

"Officials at University of Iowa [UI] Hospitals and Clinics in Iowa City [are] conducting an investigation after a proactive screening of the electronic medical records of 13 University of Iowa football players indicated that some of those records may have been accessed inappropriately,” according to the statement.

UI Hospitals and Clinics routinely screens for possible privacy violations to protect the confidentiality of all patients, including those with high public profiles, the statement read.

via www.cmio.net

NEW YORK -- Dozens of people have been charged in New York with forming an identity theft ring that used stolen credit card numbers to shop at Apple stores around the country.

A court document says the group used stolen account numbers to forge credit cards, then used the cards at Apple stores from New York to Wauwatosa, Wis. At least eight defendants were arraigned Tuesday.

via www.forbes.com

The attacks by spam, phishing and malware upon social-networking sites last year were twice the amount of attacks from 2009, as mentioned in the latest review on cyber threats.

The concerned report, the Sophos' Security Threat Report 2011 got released yesterday, and it has an explanation on about the swiftly rising number of social-networking sites, the most significant of which is, not surprisingly, Facebook, that have turned into the sitting targets of the cyber attackers.

When the users of the various social-networking sites were asked by Sophos if they had got any spam or phishing e-mails or any kind of malware attack in December last year, around 67% of the people complained of having received spam. This is a rise from the previous figure of 33.4% of April 2009.

Meanwhile 43% of the people reported phishing messages, which is a rise from the 21% of the previous year. And 40% of the people complained of having malware attacks which increased from 21.2% from the 2009.

Once a hacker breaks into someone's account, there's a whole treasury of personal information from friends to relation laid before him. Then he can use that personal information by selling it to advertisers or commit various criminal acts such as identity theft.

via topnews.net.nz

SPRINGFIELD, Mo. -- A crime that you may have thought was a big-city problem is now in the Ozarks.  The Springfield Police Department says it's been inundated with cases of identity theft involving wireless networks.  Police say there's a simple way to protect yourself.

Most cases of identity theft may involve someone overseas stealing your information but it's also happening right here -- possibly in your front yard. 

"The bad guys are getting to your information because it's not locked down," said Springfield Police Dept. spokesman Cpl. Matt Brown.

If you have wireless internet, you could be at risk.  Criminals just drive down the street looking for unsecured wireless hotspots -- that is, Wi-Fi network signals with no password protection. 

"They're able to quickly within seconds get into system and start doing whatever they want to do," said Brown.

In fact, within minutes, a reporter was able to find dozens of unprotected Wi-Fi networks in one neighborhood.

There have even been cases locally of innocent people getting arrested for crimes as serious as child pornography. 

"We're seeing a pretty good spike where innocent citizens are having computer systems taken over by offenders searching child porn or stealing their identities," said Brown.

Here's the problem.  In the case of internet crimes such as child pornography, police may follow an IP address to your computer, so it looks like you're the one who committed a crime.  It could be someone in front of your house, using your internet access, and stealing your identity. 

via www.ky3.com

A recent controversial decision by the Colorado Supreme Court has prompted newly elected state Rep. Mark Barker, R-Colorado Springs, to file HB11-1049, titled “Use of Personal Info to Defraud.” The bill was filed Jan. 12, and its intent is to clarify the statutory language involving identity theft following the recent high court decision involving Felix Montes-Rodriguez.

Montes-Rodriguez was convicted of criminal impersonation based on his use of a false social security number on an application for an automobile loan, and he admitted to using the false social security number. However, he contested the charge. He argued that he did not assume a false identity or capacity under the statute because he applied for the loan using his proper name, birth date, address, and other identifying information.

via www.statebillnews.com

Increase in complaints prompted service, says Bureau of Investigation

Identity theft and fraud victims in Colorado can get help from a new 24-hour hotline at the Colorado Bureau of Investigation.

The state has been among the top 10 in the nation for identity-theft complaints in the past several years, and Fort Collins residents have increasingly fallen victim to Internet-based fraud.

“We’re seeing a tremendous increase,” said Sgt. Don Whitson with Fort Collins Police Services. “Just about every day, we find a different thing people tell us about how they got ripped off.”

Finances for the CBI hotline, as well as a victim’s advocate for such crimes, are provided through federal grants to the Colorado Division of Criminal Justice. It serves English- and Spanish-speaking callers.

CBI agent Ralph Gagliardi said the hotline offers advice for people seeking to protect themselves as well as those who suspect they’ve been victimized.

He declined to comment on whether the statewide numbers appear to be increasing, but he said perpetrators’ locations “run the gamut” from within Colorado to across the country and planet.

“Right now, the big things are the scams over the phones or Internet that the bad guys solicit or fish for the person’s name, Social Security number or date of birth, representing themselves as a bank or as the Census Bureau,”Gagliardi said.

People might not know their information has been stolen until they go to apply for credit or receive a bill for services they didn’t receive, he said.

The latest available data from the Federal Trade Commission indicates there were 4,775 complaints of identity theft in Colorado in 2009, with the ninth-highest rate in the country at 95 per 100,000 people.

Florida ranked No. 1, with 22,664 complaints at a rate of 122.3 per 100,000 people, according to the FTC website.

The CBI investigates and assists with investigations of large-ring operations and those crossing state lines, but ID theft and fraud cases typically are investigated by local agencies.

Whitson said such crimes are “under-reported, under-investigated and certainly under-prosecuted,” and the only way to decrease the frequency of such offenses is to increase punishment.

The effects of the crime are long term, Whitson said.

“You get punched in the head and it hurts and you go on,” he said, adding that having one’s “retirement liquidated” creates a lasting impact.

Fort Collins police have three detectives, a civilian and a sergeant handling financial crimes, and another detective is to be added in the next couple years through a tax initiative, Whitson said.

“We have all our resources maxed out, currently,” he said.

Whitson said even websites that appear legitimate — complete with the secure site icon on the user’s browser — can be fraudulent.

“You should never send anything over the Internet that you’re not willing to give up to some criminal,” he said. “There are a lot of g

via www.coloradoan.com

COLUMBIA, MO -- Hundreds of participants of University of Missouri’s health insurance program are being told to be on the look-out for insurance fraud after several hundred insurance communications were mailed to the wrong person. Health benefit statements, health services letters and new ID cards were among the correspondence mailed to incorrect addresses between January 6th and 10th of this year. The mailings included personal information, including, names, member numbers and birth dates. However, the University said social security numbers were not included in the mailings. The University tells KRCG the error affected about 750 employees with about an equal number of pieces of mail. University of Missouri system officials blames the problem on Coventry Health Care, which administers the university’s insurance plans. Coventry said a computer malfunction aligned names with the wrong addresses. The incorrect mailings could put those affected in danger of medical identity theft, when a person uses another person’s insurance card to receive medical services. The World Privacy Forum says it has been trying to raise awareness about medical ID theft for years now.   The organization says there is no national standard for dealing with medical identity theft and that it is hard to fix once the damage is done. One concerning outcome of the crime is the altering of one’s medical history. "There are people we've talked with who, their imposter went in and had a hospital stay and put down that they were allergic to one drug, and then the real person is not allergic to that drug, but they're allergic to other drugs,” said Pat Dixon, the executive director of the World Privacy Forum in an interview with NPR. Kelly Stuck, who oversees faculty and staff benefits with MU, tell KRCG she believes the threat of medical identity theft is diminished because the incorrect mailings were only sent to other MU employees. University of Missouri said it immediately contacted Coventry on Jan. 14th after an employee alerted officials to getting correspondence intended for someone else. The university reports that it wasn’t until Jan. 20th that Coventry provided them with an explanation of what went wrong. Coventry said it implemented new safeguards to prevent a similar type of error from happening in the future. On Jan. 21st, MU mailed out its own letters to employees affected by the mailing error. The letter tells those affected to ask their health providers to confirm the identity of anyone trying to get medical services using their insurance cards. The letter also instructs to carefully review their Coventry correspondence to look out for any unauthorized insurance claims. At this point, Coventry is not reissuing ID numbers to those affected by the error because the Coventry ID number is a variation of the university-issued identification number, according to Stuck, who said that the University will closely monitor those ID numbers. In a press release, MU said that it has asked Coventry to take steps to recover the misdirected mail. 

via www.connectmidmissouri.com

It's the flip-side of enjoying instant communication with your friends.

Facebook has courted a fresh privacy row after allowing developers of apps access to sensitive information including telephone numbers and addresses.

The social networking site announced the change on its blog last Friday, saying: 'We are now making a user's address and mobile phone number accessible.'

Internet security analysts and privacy experts immediately advised people to remove their phone numbers and addresses from the site.

via www.dailymail.co.uk

With tax season roughly three months away, the IRS is stepping up its awareness campaign in order to highlight common tax scams that occur during the season.

This week, IRS officials warned taxpayers to look out for con artists that use the agency's name in order to steal from others.

The government tax collection agency says these schemes are quite common in the months before tax day, and that anyone who receives unsolicited e-mails or phone calls on tax issues should ignore them, The Montrose Daily Press reports. These scams often target the financial and personal information of individuals, only to turn around and use this information to commit identity theft and other crimes.

The agency told consumers it does not use e-mails to communicate with taxpayers, and that those who receive emails from the IRS or the Treasury Department threatening action should disregard the messages, the news source says. In addition, taxpayers should be weary of following any links, as they could lead to websites that contain malware, which could potentially harm their computer.

The IRS says if any taxpayers experience a suspicious e-mail or phone call, they should call the Federal Trade Commission and report the scam.

via www.taxlawhome.com

INDIANAPOLIS -- A security breach at St. Vincent Indianapolis Hospital may have put the records of 1,800 patients at risk.Hospital officials said they learned in November that certain associate e-mail accounts were breached, which may have allowed patient names, dates of service and certain clinical information to be accessed.Those patients were sent a letter from hospital officials informing them of actions by a third party to inappropriately obtain e-mail log-ins.

via www.theindychannel.com

Identity theft crimes increased 33 percent in the United States from 2009 to 2010, according to the Identity Theft Resource Center (ITRC).

According to the Federal Trade Commission, its Red Flags Rule that requires companies to have a written identity theft prevention policy should make it easier to detect those types of crimes.

via www.bizjournals.com

Members of a credit union that serves active-duty military personnel and others connected to the Pentagon are at risk for identity theft after a laptop was hacked, exposing the personal and financial records of an undisclosed number of troops and their families.

The Pentagon Federal Credit Union, or PenFed, the Alexandria-based institution that serves the military and other government agencies, mailed a letter to customers in early January alerting them to the security breach, which was discovered Dec. 12. PenFed would not comment on how many customers were notified.

The attorney general's office in New Hampshire, however, disclosed that the names, addresses, Social Security numbers and credit and debit card numbers of 514 credit union customers were improperly accessed. New Hampshire is one of the few states that require companies to notify the attorney general of security breaches that affect its residents, and it makes the information public.

via www.washingtonpost.com

Identity theft happens year round, but January is prime time for the bad guys. That's because so many year-end financial forms are in the mail as companies send out tax documents.

There are documents from your employer, bank or credit union, brokerage firm and mortgage lender, just to name a few.

"All of these documents have extremely sensitive personal identifying information on them including your Social Security number," says Adam Levin, with Identify Theft 911.

"Thieves know this. And they wait. And as stuff accumulates in a mailbox with this kind of precious information, it is a virtual cornucopia for identity thieves."

Here's how to protect yourself: Make a list of all the financial forms you expect to get and check them off as they arrive.

If you plan to go away, have your mail held at the Post Office or ask a trusted friend or neighbor pick up your mail every day.

And see if you can make the switch from paper to electronic delivery.

"And if you have the opportunity to opt for it, do it," says Levin.

If you don't have a locking mailbox, maybe it's time you get one.

via www.kpic.com

Connecticut Attorney General George Jepsen is investigating a recent security data breach affecting University of Connecticut Co-op consumers.

Jepsen wants specific information by Thursday on the number of customers affected, what information was taken or lost, and what the Co-op is going to identify the hacker, according to a news release from Jepsen’s office.

The attorney general and Asst. Attorney General Matthew Fitzsimmons also want to know what the Co-op, and its third-party vendor, are doing to prevent such a breach in the future.

 “The situation calls into question the effectiveness of the Co-op’s measures to protect the confidentiality and security of private information received from its customers,” Jepsen said in a news release on Jan. 13. “It is imperative that breaches of this sort do not reoccur and that affected individuals are provided sufficient protections to safeguard their information from misuse.”

A Co-op vender’s database containing customer’s names, addresses, telephone numbers, e-mail addresses and credit card numbers with expiration dates and security codes of HuskyDirect customers was hacked in December, according to a press release from the university.

The release stated that 18,000 customer accounts were accessed. Tuesday, Susan Kinsman, director of communication for the attorney general's office, said, "we know anecdotally that there have been several complaints about personal data compromised in the breach being misused."

A UConn Co-op news release said bookstore employees became aware of the data breach on Dec. 26, 2010, when they were notified by a third-party vendor that the encryption on their administrative password had been tampered with.

via mansfield.patch.com

Business marketing and Digital persona managers such as Michael Fertik deal with privacy rights and information all the time. Here's some of the highlights for the 2011 health industry. A panel of healthcare experts representing privacy, trends, technology, regulatory, data breach and governance have identified the top seven trends in healthcare information privacy for 2011.

The experts suggest that as health information exchanges take form, millions of patient records – soon to be available as digital files – will lead to potential unauthorized access, violation of new data breach laws and exposure to the threat of medical and financial identity theft.

"Endemic failure to keep pace with best practices and advancing technology has resulted in antiquated data security, governance, policy plaguing in the healthcare industry," said Larry Ponemon, chairman and founder, Ponemon Institute.

"Millions of patients are at risk for medical and financial identity fraud due to inadequate information security," he said. "Information security in the healthcare industry is at the fulcrum of economic, technological, and regulatory influence and, to date, it has not demonstrated an ability to adapt to meet the resulting challenges – but it must. The reputation and well-being of those organizations upon which we rely to practice the healing arts depends on it," he said.

via www.healthcareitnews.com

Military and government agencies mistakenly exposed the personal data of thousands of citizens in at least 104 incidents in 2010, up from 90 such data breaches the previous year, according to a new study. Yet, far fewer personal records were released as a result -- 1.2 million in 2010, well under the 79.4 million exposed in 2009.

The study by the nonprofit Identify Theft Resource Center found that there were 662 breaches reported nationwide in 2010. The center defines a breach as an event in which an individual's name and other identifying information, such as a Social Security or driver's license number, banking or medical data, are put at risk in electronic or paper format.

Of the 622 total breaches reported in 2010, 15.7 percent involved data handled by state and federal agencies and the military. Sixty-two percent of all breaches resulted in the exposure of Social Security numbers. One of the biggest breaches involved the exposure of 207,000 records of Army Reservists in Colorado.

Businesses accounted for the largest percentage of data breaches -- 42.1 percent. Medical and health care facilities accounted for 24.2 percent, followed by educational institutions at 9.8 percent and the banking industry at 8.2 percent.

Because there is no centralized reporting system for the unintended exposure of personal records, the actual scope of the problem is likely much greater. "Other then breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events," ITRC said in a news release. "It is clear without a mandatory national reporting requirement that many data breaches will continue to be unreported, or underreported."

K. Selcuk Candan, a professor of computer science and engineering at Arizona State University in Tempe, said such a repository would help security analysts observe data breach patterns. "A site would . . . help identify hot spots in data breaches and help countermeasure development efforts that today have to proceed on a more or less case-by-case basis," he said in an e-mail to Nexgov in response to questions.

via www.nextgov.com

An Olympia man arrested Thursday may have planned to steal the identities of 1,000 people, said Thurston County Sheriff John Snaza.

Anthony Vaughn is held on 50 counts of identity theft at the Thurston County Jail. A veteran detective said Vaughn was likely part of the largest identity theft ring in county history.

According to court documents, Vaughn admitted to detectives he stole the items to support a drug habit.

Detectives seized 40 boxes of evidence from Vaughn's Olympia home.

Police said Vaughn had the names and social security numbers of hundreds of employees with the State's Employment Security Division.

Those names were apparently on paperwork stolen from a car parked on the state Capitol campus last year.

via www.nwcn.com

A Tulane University-owned laptop was stolen last year that had a file containing private information of each person employed at the university in the past year, according to school officials.

The computer had W-2 information, names, Social Security numbers, address and salary for every employee, including student and part-time employees and anyone who will receive a 2010 W-2.

School officials say the laptop, used to process 2010 tax records during the university's winter break, was not encrypted and was in a briefcase in the locked automobile of an employee who was out of town. It was stolen Dec. 29, and school officials were notified the following day.

The university has sent letters to the more than 10,000 affected individuals and have offered a full year of credit monitoring. If you have any questions, call (504) 865-5291 between 9 a.m. and 5 p.m., Monday through Friday.

via www.wwltv.com

Police have identified 380 victims of credit or debit card fraud at a Sierra Madre gas station with losses exceeding $109,000, Police Chief Marilyn Diaz said Monday.

Authorities were seeking more scam victims at EVG Quality Gas, which suddenly shut down after Christmas. Within days, hundreds of people found their credit or debit cards had been used without their authorization.

“The fraudulent charges arising from credit and debit cards used at the EVG station are showing up both as EVG charges and charges to other retail establishments, both in California and out of state," Diaz said. "Anyone who has used a credit or debit card at EVG in the past 12 months should report any fraudulent charges to Sierra Madre police.”

via latimesblogs.latimes.com

Not all potential security breaches at an airport can be captured on a cell phone and posted as a YouTube video.

One such danger lurks in the form of free wireless Internet access offered by many airports throughout the nation and in other public places.

Authorities warn travelers to beware of hackers setting up fake wireless fidelity -- or Wi-Fi -- connections to steal passwords, credit card and bank account numbers, and other personal information.

Experts say the threat of identity theft is not new, but it's not clear how prevalent it has become because tracking can be difficult.

"Ever since Wi-Fi became available, criminals have found a new way to exploit new victims," said Tom Osborne, a special agent who manages the cybercrime squad in Sacramento's FBI office.

Osborne said some airports and other public places reported Wi-Fi security issues a few years ago.

But "a lot of people don't report," said Sacramento County sheriff's Sgt. Bill Mannering of the Sacramento Valley Hi-Tech Crimes Task Force.

Victims may not even know their information has been compromised when they click onto a network or access point created by the hacker, officials said.

"All it takes is a person with a laptop two seats away from you," said Gary Almond, president of the Northeast California Better Business Bureau.

via www.therepublic.com

Lesson: make sure you use the best encryption possible on your Wifi router at home.

On Dec. 29, President Obama signed into law the Restore Online Shoppers' Confidence Act, which requires these marketers to obey a number of rules before they can start billing consumers' credit cards.

"Too many companies are trying to use phony monthly billing to rip off Americans and this bill will help strengthen our hand," Federal Trade Commission Chairman Jon Leibowitz said in a statement. "Consumers should be able to make informed decisions, so the terms and conditions of any offer must be disclosed clearly and conspicuously."

The Restore Online Shoppers' Confidence Act makes it illegal for a post-transaction third-party marketer to charge, or attempt to charge, a consumer for any good or service sold in an online transaction, unless:

• The marketer clearly discloses to the consumer all the material terms of the transaction.
• The marketer has obtained the consumer's consent before charging their credit card, bank account, or other financial account. They must also obtain the full account number to be charged directly from the consumer.

The new law also makes it unlawful for any online shopping site to transfer a consumer's financial account information to a third-party marketer -- the key practice that facilitated the entire scam.

 

Finally, the law makes it illegal for a marketer to charge, or attempt to charge, a consumer for any good or service with a negative-option feature in an online transaction, unless:

• The marketer clearly discloses to the consumer all the material terms of the transaction.
• The marketer has obtained the consumer's consent before charging their credit card, bank account, or other financial account.
• The marketer provides a simple way for the consumer to cancel.

 

This new consumer protection law was introduced by Sen. Jay Rockefeller, D-W.Va., who, as chairman of the Senate Commerce Committee, launched an investigation in 2009 into the practices of the three major post-transaction, negative-option marketing firms, Webloyalty, Vertrue and Affinion. The investigation also focused on the many shopping sites that partnered with them, such as Orbitz, Fandango and Priceline.

via www.walletpop.com

The worst economic crisis since the Great Depression has provided happy hunting grounds for legions of unscrupulous scammers looking to take advantage of financially strapped consumers.

Thanks to the collapse of the housing bubble, Wall Street's suicidal tendencies and unemployment rates nearing 10%, millions of consumers are desperate to dig themselves out of debt. Untold numbers of them have been victimized by fraudsters, and the Federal Trade Commission and states have been working overtime to put them out of business.

Here's our list of the five worst scams of 2010:

via www.walletpop.com

Cybercriminals hacked into the database of American Honda Motor Co., Inc. stealing the names, e-mail addresses and Vehicle Identification Numbers (VIN) of 2.2 million car owners.

The affected automobile owners received an e-mail from Honda last week notifying them of the breach, reported the Columbus Dispatch. It is not known when the database hack occurred.
The e-mail message explained that customers’ identifications were compromised by thieves who gained unauthorized access to an e-mail list initially set up to create a welcome e-mail for new Honda and Acura owners. The welcome e-mail list contained customers’ names and e-mails, as well as online login names and their 17-character VINs.

The hacked Honda list contained no financial information, Social Security numbers or phone numbers, according to Honda.

via www.msnbc.msn.com

Santander has admitted sending up to 35,000 customers' bank statements to the wrong addresses, MoneySavingExpert.com can reveal.

The Spanish giant, which has angered account holders all year with shocking service, now risks a multi million pound fine for disclosing highly sensitive personal information to third parties, in an apparent Data Protection Act breach (see the ID Fraud and Stay Safe Online guides).

One MoneySaver from Stockport, who wishes to remain anonymous, has reported receiving part of somebody else's Santander current account statement today, printed on the back of his.
He says he could see the person's name, bank details and recent transactions (see the Best Bank Accounts guide).

The Santander customer says he immediately alerted the Information Commissioner's Office (ICO), which regulates the handling of personal data, of the gaffe.

An ICO spokesperson says: "We have recently been informed of a data loss which involves Santander. We will be making enquiries into the apparent breach of the Data Protection Act before deciding what action, if any, needs to be taken.

"Under the Act, organisations that process personal information have an obligation to keep it secure. It is a matter of concern if information such as account details have been provided to the wrong recipient.
"Banks risk losing the confidence and trust of customers if they fail to safeguard personal information."
Santander today reported its embarrassing blunder to the City regulator, the Financial Services Authority (FSA).

via www.moneysavingexpert.com