Cybercriminals love to do high-tech crime using very low-tech methods, such as digging personally identifiable information (PII) from your trash, and the trash of businesses. They get all sorts of confidential information from papers, statements, and also diskettes, USB drives, computers, cell phones and any other type of item that can be used to store information. The FTC and other studies show that stealing PII from the trash is the number one way that criminals get the PII they use to commit cybercrime, identity theft, fraud, and assorted other bad things.

Almost every morning when I check the news I find reports about PII being thrown into trash bins and other places, not only by people at their homes, but also by businesses. This morning was no exception. Here are just a couple of reports I found...

* From Detroit Channel 20, a report, "ID Theft Targets Kids"

* Police reports are always interesting, and point to disposal problems. Here are some excerpts from the Frisco, Texas, Police Department:

"Known subject took two trash bags containing documents to be shredded from victim's open garage at 12000 block of Verona Court."

And here are some other examples, all from the same little town, of people using others' credit cards, checks, debit cards, etc., which could be related to them using information found in trash...

"Unknown person(s) obtained a copy of victim's checks and forged signature at 16000 block of Buffalo Creek Drive." "Unknown person(s) removed a box of checks without consent at 11000 block of Sonterra Lane." "Victim stated that unknown person used his credit card number without permission at 3000 block of Preston Road." "Unknown person used victim's debit card to make purchases without consent at 8000 block of Stonebrook Parkway." "Unknown subject(s) used victim's credit card to make purchases without consent at 10000 block of Preston Vineyard Drive." "Unknown actor used victim's identifying information to open an account with a phone company at 8000 block of Brookview Drive." "Unknown subject(s) obtained the victim's credit card number and purchased several items without consent at 9000 block of Legacy Drive." "Unknown person(s) used victim's personal information without permission at 7000 block of Preston Road." "Known person made unauthorized charges on victim's credit card at 8000 block of Main Street." "Known person made unauthorized charges on a credit card at 8000 block of Preston Road." "Known person made unauthorized charges on a credit card at 9000 block of Dogwood Street." "Known subject used credit card to make an unauthorized purchase at 3000 block of Preston Road." "Unknown suspect used victim's credit card online to make five purchases totaling $1,174.45 at 11000 block of Dorchester Lane."

Here's just one of the articles I've written about securely disposing of information: "Don't Throw Away Privacy!"

If your business handles your customer information, and you are located in the U.S., chances are you must follow the FACTA Disposal Rule.

Here's some good information from the FTC about the FACTA Disposal Rule.

Here are a couple more good sources of information about information disposal:

* A TechTarget article from a few years ago still has good advice, "Talking trash: Secure information disposal"

* A very interesting and informative article about information disposal, "Getting Rid of the Evidence: Information Disposal"

Are you disposing of your personal information securely?

Is your business?

How about the businesses with whom you share your PII? Be sure to ask them! It would be interesting to hear what they say, wouldn't it?

BTW, for those of you who have asked me...no I did not get my dumpster diving research activity done with my sons this summer due to multiple unplanned events (floods, tornadoes, other unfortunate incidents). However, this is something I *DO* still plan to do! Perhaps this would be a good school project for my sons as well.