Identity Theft Awareness

As I mentioned in a previous post, I've found that most people equate ID theft only with their finances -- their bank and credit accounts.  They don't see a need for paid protection services, relying instead on bank- or card- or insurance-provided free services.  Or they put fraud alerts on their credit report every three months. While useful, these free services rarely look beyond the finances or offer much in the way of restoration.  I advise people to get all of the reliable free coverage they can, but recognize their limitations, and understand that real identity theft is much more than their finances. Take for example something called criminal identity theft.  This is where someone pretends to be someone else, hiding their own identity, when caught in the act of a crime, such as illicit drug dealing or breaking and entering.  Often this is pulled off by first obtaining driver's license info either through direct theft or through a breach and then modifying it with

The latest word from the Identity Theft Resource Center (ITRC) is that the reported data breach number is about 14% lower so far this year than last year's record number of breaches.  As of February 16, that there have been 124 data breaches reported, with  nearly 3 million records exposed since the beginning of the year.  This is certainly good and welcome news, but "the barn door has already been left open." Our personal information has been exposed multiple times over in recent years, most notably in the Equifax breach last year. Still, I'll take the good news; better than 14% higher. Looking at the ITRC numbers just reported, the business sector continues to lead the breach count with 40% of the breaches (and 74% of the records exposed), but medical breaches have risen to nearly 1/3 of the breaches.  I'm very worried about the medical numbers, because so much critical data, including medical insurance data and medical conditions are stolen. This inform

Staybridge Suites in Lexington, KY, has announced a data breach that exposed some customer data, such as names and credit card data.  This brief article --  http://www.wkyt.com/content/news/Lexington-hotel-says-customer-credit-card-numbers-exposed-in-data-breach-474199803.html  -- doesn't go into a lot of detail, but it sounds like some kind of credit card skimmer device.  If I find out any more on this, I will add a comment to this post.

On May 25, 2018, t he European Union is implementing some privacy laws that may help to improve the security of US businesses. The new laws require any US company doing business in the EU to comply. Some US companies are complying completely, while others are building two compliances, one for the EU and another for the US. Still, the effect is likely to improve privacy protection overall, as the EU laws seem to be being adopted worldwide.  These laws include tightening up the breach notification window to 72 hours of being discovered, giving users the right to request to see the data being held and have their data removed, and require the companies to have a data protection officer who will not be part of the operations and responsible for the compliance to the privacy laws.  I’m sure there will be kinks that need to be worked out, but on the surface this looks hopeful. It is going to be difficult to get similar laws passed in the US, because of the structure of federal and sta

Last September, the credit bureau Equifax announced that their database of consumer information had been breached, exposing about 145 million records, including names, birthdays, Social Security numbers, and some drivers licenses. Most of this information doesn’t change, meaning that the data will stay valid for years, so the thieves can take their time selling off the information to the highest bidder.  As bad as this was, Equifax has just announced that the breach was broader in scope than originally disclosed. While the number of stolen records has not changed, Equifax now reveals that the data points include  tax identification numbers, email addresses, phone numbers, the expiration dates for credit cards, and issuing states for driver's licenses. (Tax Identification numbers, or TINs, are used by non-US residents to report income from earning accounts.) This announcement reveals the extent of information held by the credit bureaus that, at least to me, seems unnecessa

Article says it best: https://t.co/5UH5WMfIyi #idtheft #identitytheft

As an identity theft risk management specialist, I speak to various groups about identity theft awareness and prevention. My biggest challenge is to get people to realize that true identity theft is much more than financial theft.  Always at some point in the Q&A time of the presentation, someone will mention that they have had their credit card stolen or that they have had bogus charges show up on their credit card statement.  Does that mean, they ask, that their identity has been stolen? The accurate but not-very-helpful answer is "not necessarily".  Credit card fraud by itself is not defined as identity theft by the Federal Trade Commission (FTC).  It can be an indicator of identity theft, but more often than not, it is just a case where a criminal has obtained a credit card number through a data breach or pickpocketed the card, either physically or by using RFID technology. That may be as far as the theft goes. Sometimes the issuing credit card company will sp