Search Realtime IT Compliance
Entries from Realtime Community | IT Compliance tagged with 'identity theft'
Stolen Print Documents With PII Found On Crook; Otherwise UCM Would Not Have Known The Reports Were Stolen
Late last week one of my alma maters, the University of Central Missouri, reported that two printed computer reports containing 7000 students' names, social security numbers, phone numbers, addresses, and birthdates were stolen from somewhere on the campus....
Rights for Privacy Breach Victims
I received a provacative question on Twitter last week from idExperts, "If you had a wish list of rights for identity theft victims, what would that be?" Sounds like a great blog topic! :) Here are my thoughts......
Memorial Day & ID Theft Using Info Of Deceased
Every year since probably my first year on this world I've visited cemetaries on the Sunday right before Memorial Day. My parents' reasoning was that we could get the graves and headstones decorated (Memorial Day is also known as Decoration...
Red Flags Rule Enforcement Delayed to August 1, 2009; FTC Providing a Compliance "Template"
The FTC has once more announced a delayed enforcement of the Red Flags Rule to August 1, 2009......
Many Motivators For Identity Theft
I've heard far too many business leaders in lesser-regulated industries, of organizations of all sizes, say something to the effect of, "Oh, we don't have any information that hackers would find of any value."...
Employee Suing Starbucks For Poor Security & Laptop Theft
Here's an interesting progression in how to address the growing data breaches that occur largely from ignored, overlooked, and/or inadequate security practices......
Another HIPAA Felony Conviction; 8 To Date
Yesterday a lawyer asked me if there had been any more HIPAA sanctions or convictions from the list I posted a few months ago in August. I hadn't seen any, but I thought I'd do a bit of checking since...
Business Info Fact Of The Day: Smart Business Leaders Encrypt PII
If you are a business leader you must know and understand that encrypting personally identifiable information (PII) protects that PII from being used for identity theft and other crimes should it fall into the hands of a crook. Business leaders...
FTC Publishes Report On SSNs and Identity Theft
Today the U.S. Federal Trade Commission (FTC) released a new report about social security numbers (SSNs), identity theft, and recommended 5 ways to help prevend having SSNs being used for identity theft......
Cybercriminals Threaten To Post Millions Of PII Records For Express Scripts Customers
Just last month I blogged about the new Identity Theft Enforcement and Restitution Act of 2008. It covers extortion. I'm interested to see if it gets used for the latest extortion attempt......
The Insider Threat For Identity Theft: Watchout For Dead-Beat Parents
Here's a story that points to how vulnerable people are to identity theft and other types of crimes and frauds from slimy family...and ex-family...members......
Federal Reserve Releases Examination Procedures For Red Flags Rule Compliance
If you must comply with the Red Flags Rule, which is a rule that falls under the umbrella of the Fair and Accurate Credit Transactions Act (FACTA), which most organizations in the U.S. who process payments from their customers must...
Identity Theft Enforcement and Restitution Act of 2008
I just read about a new law signed at the end of September, 2008, by U.S. President Bush, H.R. 5983; the "Identity Theft Enforcement and Restitution Act of 2008" which is under Title II....
Insider Threat Examples & 7th HIPAA Criminal Conviction
Yesterday I read about the 7th criminal conviction and sentencing that has been given under HIPAA, "Woman gets 14 months in ID theft case."...
3rd HIPAA Criminal Indictment; Another Insider Job
On February 15, Leslie A. Howell, from Oklahoma City, OK, was indicted for violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996 as part of an identity theft scheme....
Have You Looked In Your Trash Bins Lately?
It shouldn't still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some...
Identity Theft #1 Consumer Fraud Complaint To FTC in 2007
This week the FTC released the list of the top 20 consumer fraud complaints they received in 2007. Not surprisingly, identity theft topped their list, accounting for 32% of all the complaints....
Man Pleads Guilty To Loading Keylogger Software On Public Computers Worldwide To Collect PII and Commit Fraud
Here's another good example of an actual cybercrime that was allowed to occur because poor of safeguards on computers provided for public use. On January 9, 2008, Mario Simbaqueba Bonilla plead guilty to installing keylogger software on hotel business center...
Responding To Customers Asking About Your Company's Use of SSNs
For the past 10 years I have been driving the same, reliable, non-troublesome car. It still looks good enough (I don't really worry about driving an "it" kind of car). However, it is getting a bit rattly, and my friends...
Be Aware: Court Ruling Allows Circumstantial Evidence In Court Case Against Company That Experienced Privacy Breach
So many times...actually almost every time...a privacy breach occurs the company that experienced the breach makes a public statement similar to, "We have no evidence that the personal information has been used fraudulently" or "We do not believe the information...
Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction
Here's another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an...
5-Point Checklist for Info Sec and Privacy Pros to Use for Data Protection and Privacy Law Compliance
One of the basic privacy principles is to limit the collection of personally identifiable information (PII) to only that which is necessary for the business purpose for which it is being collected. These privacy principles, built largely around the OECD...
APEC Privacy Framework: Viewpoints from the FTC, TRUSTe & Marty Abrams
One of the sessions I attended at the IAPP Privacy Academy this past week was "APEC Update - Self Regulatory Approaches to Cross Border Transfers of Personal Data." The presenters were: Pamela Jones Harbour, Commissioner, Federal Trade Commission (FTC), Marty...
Many Kinds of Identity Theft Cause Many Types of Long Lasting Negative Impacts
I want to revisit the blog posting I made a few days ago, "Average Cost of ID Theft Per Victim is $31,356" Some folks gave me some feedback, saying that they thought this cost was way too high based upon...
Average Cost of ID Theft Per Victim is $31,356
Finally, a report that looks much more accurate with regard to how much identity theft costs the VICTIMS of a privacy breach. Most reported victim costs that I have seen in the past seemed much too low considering all the...
New FTC Report Provides Organizations Good Guidance For Protecting PII
Today the U.S. Federal Trade Commission (FTC) released a report, "Combating Identity Theft: Implementing a Coordinated Plan."...
Would You Be More Inclined To Work For A Company That Gave You Identity Theft Insurance As A Benefit?
Last year I had a couple of different identity theft insurance vendors contact me wanting me to endorse their products as they were trying to sell the packages to employers to offer to their employees as part of their total...
PCI DSS and Identity Theft
Over the past month or so I've been discussing the Payment Card Industry (PCI) Data Security Standards (DSS) with some of my information assurance practitioner friends and colleagues and what they've been doing to meet the requirements and accompanying challenges....
Medical Identity Theft and Bill Requiring Criminal Background Checks In LTC Facilities
I have had relatives very close to me who, because of degenerative diseases and medical problems, have had to go to long term care (LTC) facilities. I always worried about the care they were receiving when I was not around....
Two U.S. Federal Data Protection Bills Approved: One May Actually Make It Through
It looks like we make actually get a federal data protection law, that includes breach notice requirements, this year. Such a law is long overdue; not only to protect personally identifiable information (PII), but also to help businesses to resolve...
Keyloggers + Social Engineering = Identity Theft: Fraudsters Exploit Human Frailties with Seductive Messages
Fraudsters and cybercriminals continue to find creative ways to exploit technology and human weakness to facilitate their crimes. Another new exploit they are using is hijacking popular Google search terms, typically targeting bank sites, and then inserting HTML into the...
SMBs, Identity Theft & Insider Threat: Bad SMB Security Impacts Organizations of All Sizes
There are many articles written about the insider threat, several have been done, and often the focus is on large organizations where those employees with malicious intent are often either in positions of trust way down in the org chart,...
Identity Theft Example: It's Not All About Going On Spending Sprees; And A Really Bad Texas Bill
In January I blogged about how at least 220 illegal immigrants working for Swift and Company were charged with identity theft. As a follow-up to that story, last Friday the first of the convictions was handed down....
How Good are the Security Practices for "America's Most Admired Companies 2007"?
Yesterday CNN reported the results of the FORTUNE 2007 survey of business people for the companies, in any industry, they admired most. The rankings were based upon 8 key score areas:...
Exploring Identity Verification Solutions and Identity Theft Prevention
Earlier this week the FTC announced in a press release an identity theft prevention workshop they are hosting April 23 - 24....
Audit Reveals Poor Computer & Data Disposal Practices At Idaho National Laboratory
Yesterday Government Computer News reported bad computer disposal methods at the Idaho National Laboratory that leaves confidential and restricted data, including nuclear details, vulnerable....
Laptop Theft: Financial Company Given $1.9 Million Penalty Following Incident for Inadequate Security Program
For the first time, the United Kingdom financial regulators, the U.K. Financial Services Authority (FSA), gave a financial institution, the Nationwide Building Society, the U.K.'s largest "building society" (a member-owned mortgage lending and banking services institution) a penalty for poor...
Identity Theft: Fraudulent Use of the CVC
An interesting article pointing out the way crooks use that 3-digit code on the back of your credit card was published in the Newark Advocate Saturday....
Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices
Today the U.S. Department of Justice (DOJ) released the "The Federal Bureau of Investigation's Control Over Weapons and Laptop Computers Follow-Up Audit" report. As you can tell by my post title, this should be a very embarrassing report for the...
Privacy Breach: Johns Hopkins University Lost Personal Information on 135,000 Individuals
There now seem to be so many privacy breaches that it is hard to choose which one to discuss... Last Wednesday, 2/7, Johns Hopkins University reported personal information on 135,000 employees and patients on nine backup tapes were missing that...
FTC: Speech Highlights Need for All Organizations To Address Information Security and Privacy & Education On These Topics
The transcript of FTC Chairman Deborah Platt Majoras' keynote on February 6 at the RSA conference, "ID Theft and Cyber-crime: Where Thieves Victims, Industry and Government Intersect" is available on the FTC site. I've often stressed how the FTC Act...
Identity Theft: More Info On Fallout From The TJX Breach
The Akron Beacon Journal reported February 5 more impacts of the massive TJX breach that occurred late in 2006 that may have impacted over 40 million individuals according to the Wall Street Journal....
PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX
Let's look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:...
Routine Personal Information Posting in the U.S. State Government Agencies
NBC news ran a story about how many state government agencies post sensitive personally identifiable information (PII) on their websites. In this case an Ohio county court "routinely posted traffic tickets and other public records on its Web site."...
Privacy Incident: Ohio Board of Nursing Exposes Personal Information of 3,031 Individuals
The Columbus Dispatch reported today, "OHIO BOARD OF NURSING Error puts nurses’ personal data online." Reportedly over the past two months the "names and Social Security numbers of 3,031 newly licensed nurses were posted online twice."...
Identity Theft Examples: Used for Illegal Immigrants
In the past month around 1,300 employees of Swift & Company were detained during immigrations raids in Iowa, Nebraska, texas, Utah, Minnesota and Colorado. As many as 220 of those detained face identity theft charges....
Michigan Inacts New Identity Theft and Breach Notice Law
Yesterday (January 3) Michigan's governor, Jennifer M. Granholm, signed a new identity theft and breach notification law, SB 309. "Today's technology has taken commerce and communication to new heights, but it also puts citizens at additional risk of identity theft...
FTC Provides Claims Forms for Individuals Impacted by the 2004 Choicepoint Incident
On December 6, 2006, the U.S. Federal Trace Commission (FTC) made claims form available for anyone who believes they had identity theft occur as a result of the Choicepoint security incident late in 2004 involving at least 163,000 individuals. Since...
Consumers Want Identity Theft Protection Through Homeowner Insurance
An interesting article was released yesterday in the Insurance Journal, "J.D. Power: Homeowners Want Carriers to Offer Identity Theft." It indicates that the 2006 Homeowners Insurance Study, results of feedback from 9,045 homeowners insurance policy holders in the U.S., finds...