Wednesday, August 26, 2015

 According to the Identity Theft Resource Center (ITRC) today, there has been 519 data breaches -- a record number -- reported thus far in 2015.  Businesses and the healthcare industry account for nearly 75% of the reported breaches, with banking accounting for another 9%, and education and government breaches accounting for the balance of 16%. 
  Of course, these are just the reported breaches.  Some entities choose not to report them, or they haven't been discovered yet.  Historically, many months go by before breaches are discovered.
  Without trying to sound like a salesman, it is no longer a valid option to ignore identity theft, hoping it won't happen.  All of us have had our information compromised.  It is just a matter of whether our information will be used in a fraud.  If you do not have a strong identity theft protection service, get one. I recommend IDShield from LegalShield.  Take a look at it at my website  Don't wait until you find out the hard way that you are victimized.
#IDtheft #identitytheft

Monday, August 10, 2015

American Airlines, United Airlines, and Sabre Reservations Hit by China-Tied Hackers

It was just announced that United Airlines, Sabre Corp, and likely American Airlines, may have been hacked some time ago, probably at or near the same time that Anthem HealthCare and the OPM were hacked, according to folks knowledgeable of the cybersecurity probes.  Quite possibly, the hackers moved through the Sabre system into the American Airlines system, since they share some infrastructure.  The digital "fingerprints" of the hackers, while not identical in each of the systems, are close enough to say they were from the same group.  For example, hacker IP addresses in the American Airlines breach were the same as those in the government's Office of Personnel Management (OPM) hack.

Information stolen from Sabre included the reservation records on more than a billion travelers per year across the globe and may be combined with the United and American Airlines flight manifests and passenger info and the OPM breach data to blackmail executives and government officials or be used to determine behavior patterns or to detect military or intelligence operations.

Of course, the Chinese government disavows any knowledge or responsibility of the hacking, yet those in the cybersecurity industry say there is little doubt who is behind the recent massive data breaches.  Tony Lawrence, chief executive officer of VOR Technology, a Columbia, Maryland-based cybersecurity firm that works with U.S. defense agencies, calls them the bullies of cyberspace. "Everybody knows what they’re doing, but nobody can stop them."

Writer comment:  Readers, many years ago, when I first started in the identity theft arena, I predicted that it would soon be as necessary to have identity theft coverage as it is to have medical insurance.  Many chuckled at my prediction, but the breaches over the last year have confirmed that prediction, I truly believe.  If you do not have coverage, look at what LegalShield provides.  See my website for more information or to enroll.  If you have coverage by someone else, examine it closely -- what is really covered, and what will that company do to detect an exposure, and what will it do to restore your identity.  Nearly all but LegalShield only help you restore your identity (you do the work), whereas LegalShield says, "We will fix it", and backs that up with a $5million guarantee.

Links to some articles on the subjects in my article:
American Airlines, Sabre Said to Be Hit in China-Tied Hacks
United Airlines Breach Linked to Chinese-Origin Hackers Behind OPM Cyber Attack

Saturday, August 8, 2015

The OPM Breach Is A Major Security Exposure & Risk

In April, 2015, it was discovered -- almost by accident -- that 4.2 million current and former government employees had been stolen.  Bad as that was, in June, it was revealed that the real number was over 21 million, which included people who had applied for government jobs or had background checks and their families.  Stolen information included Social Security numbers, birthdays, home addresses, user names and passwords, background information, and even fingerprints.
Although the original 4.2 million victims have been notified if they were affected, so far, no one has been notified from the larger group.
The forensics suggest that the Chinese were behind the breach, but no one is officially pursuing the Chinese for this.
Along with the risk of financial misuse, victims whose background information was stolen could potentially be blackmailed, since looking for compromising situations were why they were having the background checks in the first place.
So if you were -- or think you were -- a victim of this breach, what should you do?  GET SIGNED UP FOR GOOD PROTECTION NOW!  This is bigger than anything you can deal with yourself.  Make sure you also have access to quality legal help, since this breach could result in criminal charges against you (someone using your identity might commit a crime in your name).  Obviously, I recommend a legal and identity theft plan from LegalShield.  For under $40/month for an entire family (less for a single person) you can be protected with detailed monitoring backed up with knowledgeable lawyers and guaranteed restoration if needed.
Here are some articles that provide more details on the subject:

Thursday, August 6, 2015

The Current State Of Things

Well, I haven't died.  Just lost track of time, I suppose.  Got focused on other outlets for my thoughts. But now I need to dust off the blog and start communicating again on this topic.

Identity theft is much worse than when I last took keyboard in hand and made a posting here in 2012. Much worse. Just in 2014, one of the largest breaches in history occurred when Anthem Blue Cross was hacked.  Over 80 million records were stolen -- that is 1 in every 4 Americans -- with critical pieces of personal information compromised, such as Social Security Number, birthday, and medical card, to mention a few. Late last year also was the announcement that the IRS was compromised, with  tax information stolen from over 200,000 individuals. Most recently, the government's Office of Personnel Management was hacked, exposing the personal information of over 14 million people. (I'll say more about this breach an another blog post.)

The severity of the breaches is staggering.  Gone are the days of having your credit card and bank account stolen.  OK, those are still happening, but they dwarf in comparison to the extent of today's breaches.  Now, these thieves are stealing enough personal information to duplicate full identities and manufacture synthetic identities (made by combining pieces of data from several people).  Given the scope of each breach, there is essentially an unlimited combination of synthetic identities that can be created.  There may be multiple whole versions of you and me, or thousands of folks with our "arms" and "legs" and "noses" living lives, buying houses, getting jobs, or committing crimes.

What can be done? In presentations I've made on the subject, I've said control what you can, and get help with what you can't.  By that I mean be diligent in shredding documents, using the computer carefully, being aware of scams, and so forth.  But understand that most of your critical and valuable personal information is not only in the hands of other businesses, it is very likely already in the hands of criminals through these breaches I've mentioned.  Your identity is being sought or has been compromised by professional thieves, and it takes professionals to monitor it and restore it.

There are many companies that offer identity theft protection, and all are better than having nothing.  But understand what you are paying for.  Some are better than others.  In 2012, the market leader LifeLock was fined by the FTC for over-promising yet under-delivering, and fined again this year for not fixing the problems.

I've been representing LegalShield since 2007, and they offer identity theft protection and restoration.  Their current product set called IDShield is the the absolute best in the industry, for coverage, value, and restoration.  LegalShield was examined in 2012 by the FTC like LifeLock, and given a clean bill of health.

If you don't have coverage, check out my site; you can look at the IDShield product and purchase it there.  If you have coverage with some other company, take a look at this offering.  Got any questions? Contact me at
#IDSolutions #IDTheft

Thursday, April 12, 2012

One Million Social Security Numbers Stolen in Utah

   Utah -- and therefore all of us -- has a problem.  In early April, it was announced that the Health Services department had been hacked, probably by someone in Eastern Europe, and nearly one million Social Security numbers and corresponding data were stolen -- that's one in six Utah residents.
An article:
   As bad as that sounds, the worse thing (to me) is that many of these are children -- Children's Health Insurance Plan (CHIP) recipientsA child's Social Security number can be used for many years before it is discovered.
   Why might this be bad for the rest of us?  The weakness in security that led to Utah's hack may be in other states' systems.  Certainly, the ease with which the thieves broke into Utah's computers will encourage them or other thieves to try to break into other systems.
   I'm just glad I've got LegalShield's Identity Theft Shield.  No plan protects 100%, but with the ID Theft Shield, I'm covered if it does happen.

Tuesday, March 6, 2012

Do you have a good password?

Password maintenance is a pain.  Anyone active on the network knows how difficult it is to keep track of passwords.  The temptation is to keep the same password for everything and keep it simple.  I've found that a service called is a way to manage passwords with one login.  It helps, but isn't perfect.

Did you know that the most common password is "Password1"?  (Oops -- did I just guess your password?)  Read this very interesting article on the topic of password complexity.

The site I mentioned above allows you to generate very complex passwords for your various sites, then it keeps track of those complex passwords for you.  Pretty handy, really, unless you need to manually enter those passwords.  An alternative I've used is to create a password that has something static and something that varies, but both are easy to remember yet hard to guess.  Let me explain.

Take a phrase that describes something about you, such as "I hate green beans".  Put the first letters of each word into a set of characters: "Ihgb".  This becomes your static part of your password.  Tack on the month and year, such as "Mar12" to create a very long and complex password "IhgbMar12" that is easy to remember but hard to guess.  Every first of the month, you change the month/year part and update your sites' passwords.  Periodically vary the static part (ex: "My dog has fleas" becomes "Mdhf").

OK, maybe changing your passwords every month seems overkill.  Make the variable part quarterly (ex: "Ihgb1Q12" for Jan-Mar 2012).

The key is to take the time to change your password regularly so it isn't so vulnerable to hacking.

Identity theft sweep brings attention to tax season security concerns

JSOnline, a Wisconsin "paper" included this article March 5, 2012.  I'm including the full article.
Tax time has a reputation for being almost universally stressful. As the looming April deadline closes in, Americans are concerned with getting their taxes done correctly and on time. As financial information starts to fly between individuals, tax preparers and the IRS, concerns about personal security are rising.
In late January, the federal government conducted a nationwide sweep to crack down on identity theft and tax fraud before the 2012 tax season. The timing of the effort was meant to stem the rising tide of fraudulent tax activity, which involves using stolen identities to file for tax refunds. In 2011, the IRS found as many as 260,000 identity theft fraud attempts, up from 49,000 in 2010.
While the IRS is taking action to help taxpayers avoid identity theft problems - ranging from cutting down on the use of Social Security numbers on IRS-generated notices to providing YouTube videos about fraud prevention - it's important for individuals to take steps to protect themselves.
To help cut back on your chances of identity theft during tax season - and year round - keep these tips in mind:
* Take digital precautions. Our increasingly digital world doesn't stop when it comes to taxes. With online filing opportunities and commonly used budgeting software, a lot of financial and sensitive identity information is on your computer. Make sure that you're using secure programs, anti-virus protection, firewalls and strong passwords - and be sure to change your passwords frequently.
* Keep an eye on your credit. Your credit report serves as snapshot of your financial profile, and it's one of the first places fraudulent activity will show up. Consider subscribing to a credit monitoring service.
* Be email savvy. Anyone who's looked at an IRS form knows that they are not a casual organization. In keeping with that, they don't send out emails asking for information. If the IRS wants more information from you, it'll be a formal request, so if an email shows up in your inbox, claiming to be from the IRS, don't click on anything - but be sure to report it to
* Understand tax fraud indicators. In addition to monitoring your credit, you need to be aware of the signs that identity theft tax fraud has occurred. Keep an eye out for IRS notices or letters saying that more than one tax return was filed for you or that IRS records show you've received wages from an employer you don't know. If you receive a notice from the IRS, respond as soon as possible and file an IRS Identity Theft Affidavit.
Happiness or frustration during tax time can go beyond whether you get a refund or have to pay in. Keep yourself protected against identity theft and you can be assured that your tax season will be simpler and safer.