Purchasing LifeLock, Identity Guard or IdentityForce via links from our site earn us a commission and supports our efforts. Thank You!

Identity Theft Labs

Data Breaches

Ok, we don’t write about data breaches too much anymore…. quite frankly, we couldn’t keep up if we wanted to….. not when there are a couple hundred each year. Occasionally we talk about a large one or one that received media attention here. For a chronology of data breaches please see DataLossDB.

Please see our identity theft protection reviews to learn about the companies that can help protect you from identity theft even if your information was exposed in a data breach.

3.5 Million Identities Put at Risk in April

Identity theft becomes a concern for approximately 3.5 million Americans who had their personal and confidential information compromised in one of Aprils twenty-seven data breaches. This continues a monthly trend of data breaches over the last few years that routinely puts over 50 million Americans at risk each year and contributes heavily to the resulting 10 million yearly identity theft victims. Though the problem of identity theft has received quite a bit of exposure lately those who we entrust with our personal records have been slow to respond to the threat. Thankfully, individuals have been much quicker to act as word of mouth spreads the horrific experiences of identity theft victims.

Individuals have also reacted favorably to the power given to them by Congress to place a fraud alert on their credit file and in doing so have abandoned credit monitoring which only recently was our chosen method of identity protection. Identity theft protection companies like Lifelock and LoudSiren Debix have capitalized on the demand for fraud alerts by placing and renewing the alerts on behalf of consumers and bundling that offering with other services. These companies are growing fast and have begun to utilize main stream advertising giving more exposure to the problem and educating consumers about the options they now have to combat identity theft and the services they offer to protect their credit and good names. Individuals are doing their part to reduce the devastating impact this crime is having on our great county but as you can see from the list that follows our institutions and companies have a long way to go. This list is a brief sampling of Aprils breaches from attrition.org (now Datalossdb.org) where you can find the full list and links to the whole story.

  • University of Colorado at Boulder
    Names, addresses, and Social Security numbers of about 9,500 on compromised server.
  • CollegeInvest
    Lost hard drive exposes 200,000 customers during office relocation.
  • Boots Dental Plan
    Account details of 34,000 stolen from courier.
  • LendingTree
    Social Security numbers, names, addresses, and other personal information inappropriately accessed.
  • Central Collection Bureau
    Social Security numbers and names of 700,000 on stolen server.
  • University of Miami
    Stolen tapes containing names, addresses, and medical records of 2.1 million patients.
  • Connecticut State University System / Buffalo State / Northwest Missouri State University
    Stolen laptop contains names and Social Security numbers of 20,500 students.
  • University of Virginia
    Social Security numbers and names of over 7,000 on stolen laptop.
  • University of Toledo
    Name, address, and Social Security numbers for 6,488 exposed on internal server.
  • New York-Presbyterian Hospital/Weill Cornell Medical Center
    Names, phone numbers and some Social Security numbers of 40,000 stolen by employee.
  • Wellcare
    71,000 insurance records including Social Security numbers exposed on internet.
  • WellPoint
    Social Security numbers and medical information for about 128,000 exposed on internet.
  • Okemo Mountain Resort
    Computer network breach exposes tens of thousands of credit card transactions.

It is a good thing that individual Americans have taken identity theft seriously and have begun to protect themselves because the number and scale of data breaches does not seem to be going down. Individuals are taking a much bigger bite out of this crime then corporate America by protecting themselves and their families with fraud alerts. Hopefully corporate America will get on the ball and start protecting our information. Do they need a bigger reason than the estimated 50 billion dollars that identity theft is costing our economy each year. I don’t think so. Identity theft may always exist but lets not make it easy for the criminals.

Far to many personal records are lost each month needlessly and the time has come for corporate America to become the responsible citizens that they should be. This may not alleviate the need for individuals to have identity protection in place but it will give a strong boost to our economy and save millions of Americans from the pain, frustration, loss of time and financial loss that identity theft brings to their lives.

Identity Theft Protection Necessary As Data Breaches Show No Signs of Slowing

Identity Theft continues to garner media attention, and rightfully so as new identity theft victims are added to the alarming totals daily, but little is actually done to stop a major root cause, the ineffective security of our confidential information. Citizens have heeded the call to protect themselves and have begun to shred documents, monitor their credit, protect their computers and enroll in identity theft protection services like LifeLock and TrustedID but the message from the media, law enforcement and Governments doesn’t seem to be getting through to those who are entrusted with the personal records of many. If the first quarter of 2008 is any indication then Americans should be prepared for the worst when it comes to identity theft because our personal and private records continue to be compromised at rates that will soon lead to the exposure of every single American. We have already documented many of the breaches from the first two months of the year so here is a quick summary from March which saw the exposure of 5.5 million Americans in 24 separate incidents.

  • A Hacker obtained personal information on 10,000 students and applicants at Harvard University. 6,600 Social Security numbers (SSN’s) were included in this breach.
  • Agilent Technologies lost the Social Security numbers, names, and financial information of 51,000 clients when a laptop was stolen.
  • SSN’s, names, academic records and payroll documents of 70,000 employees at Antioch University were lost when a computer system was hacked.
  • The Dental Network compromised the names, addresses, dates of birth and Social Security numbers of 75,000 members when they posted their details on a web site
  • Software placed on servers at Hannaford illegally captured the credit card and debit card numbers of 4.2 million customers
  • At Lasell College the names and Social Security numbers of 20,000 students, faculty, staff and alumni were accessed by a hacker
  • A high school student in Broward County School District in Florida hacked a computer and compromised the names, addresses, phone numbers and SSN’s of over 38,000 employees
  • A stolen laptop from University Health Care in Utah contained the names, Social Security numbers, and health information on 4,800 patients
  • The names and Social Security numbers of 5,000 MTV Networks employees were exposed via a computer
  • An employee stole a hard drive hard drive containing the records of 1,000,000 Compass Bank customers in Alabama. Though this incident happened in 2007 it was not reported till March 2008 as Alabama is one of 11 states that have not passed a law requiring the notification of citizens affected by a breach. According to Computer World the now convicted employee, with the help of his accomplice who was a teller, made 245 fake debit cards and proceeded to withdraw over $32,000 directly from bank accounts at ATM’s. Fortunately these in-experienced identity thieves failed to get money on 90% of their attempted withdrawals and drew the attention of an alert police officer resulting in their capture and conviction. The hard drive thief received a 42 month sentence while the teller who provided the hardware to encrypt the debit cards received an 18 month sentence that was later reduced to 1 month.
  • A missing laptop at Blue Cross Blue Shield of Western New York compromised the confidential records of an estimated 40,000 members.
  • A computer virus at Cascade Healthcare Community exposed names, addresses and credit card information of more than 11,500 Americans.
  • Lost backup tapes at BNY Mellon Shareowner Services compromised the names, Social Security numbers and possibly banking information of 3,500 clients.
  • A “missing laptop” at Kraft Foods contains the names and possibly Social Security numbers of 20,000 employees.

Identity theft protection is now a necessary task that every American should consider implementing immediately. Even though 37 states have passed laws requiring affected citizens to be informed of any breach of their information the rate of data breaches has not slowed. It has gotten to the point where you have to assume that your confidential information has been exposed and it is up to you to take steps to protect your identity, your credit and your finances from identity fraud. Identity Theft Labs highly recommends the placing of fraud alerts with all three credit bureaus in addition to other identity protection measures you may have initiated.

You can do this for free if you are willing to do some initial legwork and are responsible enough to renew the fraud alert every 90 days. You will be giving up the value added services and financial insurance or service guarantee that an identity theft protection company provides but at least you will be getting the protection you deserve at a price that can’t be beat. For those who want the additional benefits, or don’t want the aggravation of renewing those fraud alerts we highly recommend you visit LifeLock or TrustedID as we have identified them as the leaders in identity theft protection. Remember that the most important thing is not how you choose to protect yourself but that you do in fact take some action towards protecting yourself and your loved ones from this potentially devastating crime. Be smart, stay safe, take action now.

Data Breaches in January Close with a Bang!

Horizon Blue Cross Blue Shield and Davidson Companies Expose over half a Million in Final Days.

After a record number of data breaches in 2007 one would think tighter security would become a priority in 2008 but the first month showed no signs of this. Though, on average, there was a breach every day in January many seemed small in nature until the end of the month which closed with a bang led by large breaches at Horizon Blue Cross Blue Shield and Davidson Companies. A hacker tapped in to Davidson Companies database and stole the personal information of 226,000 clients of the financial services company. The personal information included names, addresses, SSN’s, bank account numbers and balances. Horizon Blue Cross Blue Shield also reported at the end of the month that a stolen laptop contained private information including social security numbers on over 300,000 clients.

Large breaches earlier in the month occurred when online store Geeks.com was hacked (unknown number), GE Money lost the records of 150,000 on a backup tape, and the Wisconsin Department of Health and Family Services used a vendor who printed the SSN’s of 260,000 people on the outside of an envelope they mailed. Universities continued their poor streak with 10 reporting breaches in January the largest coming from Georgetown University in Washington, DC who had a hard drive, containing the SSN’s of 38,000 students, alumni and employees, stolen. If January is any indication it looks like 2008 is going to be another bad year for data breaches.

Another breach of note occurred at OmniAmerican Bank who was hacked by an international gang of hackers who stole account numbers, created new PIN’s and debit cards and then withdrew cash from ATM’s all over the world including New York. The Bank was on to these criminals quickly and mitigated the loss to about 100 clients by shutting everyone’s bank account down. This is of particular interest however because it showed the vast network of these criminal gangs and the speed at which they can work. Withdraws were done all over Eastern Europe, Russia, Ukraine, Canada, Britain as well as in New York.

We at Identity Theft Labs have been saying for awhile now that there are large professional gangs both inside and outside the US who are targeting Americans and this was just another example of what we already knew. It is unfortunate but apparent that our personal information can not be held securely and that it is being used against us. This is why it has become essential to take the necessary steps to protect yourself from identity theft and to include some form of insurance in your identity protection plan.

The reason Lifelock, Loudsiren and TrustedID are growing so quickly is that many Americans have realized this, though it is far from mainstream. This is why identity theft education is so important. Far too many Americans are sitting back thinking that identity theft won’t happen to them, thinking that they never had to purchase identity insurance before so why should they do it now. Quite simply its a different world than what we grew up in and insurance no matter whether its life, fire, car or whatever always feels like a waste of money until it happens to you. The fact of the matter is that we can’t afford to not protect ourselves.

So get out there and buy a cross cut shredder, place those fraud alerts at the three credit bureaus, remove yourself from pre-approved credit card offers, order your free credit reports and buy some identity insurance. It simply needs to be done. If your not going to do this yourself then look in to the identity protection services from LifeLock, LoudSiren or anyone else and have them take all these steps on your behalf. In three minutes you can have the peace of mind that their insurance or service guarantee provides, and the most effective identity protection plan on the market today. Trust me its worth it.

Don’t be Fooled, Your Identity Is Not Safe – Part 4 Policies and Procedures

Part 4
2007 Data Breaches Due to Lack of Proper Policies and Procedures

Data Breaches in part one (Hackers), part two (Stolen Laptops) and part three (Storage Devices) were mostly caused by identity theft criminals who were seeking the personal information of Americans.

There is another disturbing contributor to the emerging Identity Theft epidemic and that is the lack of proper procedure and policies to secure our personal information. Governments, institutions, and companies are exposing our records foolishly and this makes the job of an identity thief all too easy.

Here are some examples of personal data that was compromised due to this negligence.

  • In California Secretary of State Debra Bowen’s office had the Social Security numbers, addresses and signatures of more than 650,000 Californians available for sale on a website for $6 each.
  • The University of Idaho posted the names, birth dates and Social Security numbers of 2700 University employees on their web site.
  • The Census Bureau posted personal information from 302 households on a public Internet site.
  • RadioShack in Portland, Texas threw thousands of unshredded records containing customer names, addresses, telephone numbers and other data in an alley dumpster.
  • CVS Pharmacy store in Texas dumped 1000’s of unshredded customer records in an alley trash can.
  • An identity theft activist in Virginia provides the links to government websites that have the SSN’s of numerous congressman, judges, and district attorneys posted for all to see.
  • The Federal Emergency Management Agency (FEMA) printed 100’s of Social Security numbers of employees on the outside address labels of reappointment letters.
  • Concord Hospital announced 9,000 patient’s personal information was exposed on the Internet for more than a month.
  • The state of Massachusetts warned 150,000 members of its Prescription Advantage insurance program that their personal information may have been snatched by an identity thief. No means of loss were disclosed as their is an ongoing criminal investigation. One suspect is in
    custody.
  • Social Security Numbers and private information of over 300 employees of American Airlines were exposed on the company Web site.
  • 200,000 customers of Blockbuster in Florida had their private information exposed when they threw out unshredded membership applications in to the trash.
  • Georgia Tech announced a brief internet exposure of 23,000 current and former students.
  • The credit card and checking account information of 1,200 parents who enrolled their children in youth recreation programs in Encinitas, California were posted on the city’s website.
  • Milwaukee PC exposed 65,000 credit card numbers.
  • Louisiana Board of Regents exposed the Social Security numbers, names, and addresses of students and staff on the web for up to two years.
  • SAIC, a military contractor, announced they compromised the personal records of 580,000 military personnel when they failed to encrypt transmitted data.
  • 5,000 customers of ABM Amro Mortgage Group had their Social Security Numbers and other personal details accidentally leaked over a file sharing network by a former employee.
  • A Commerce Bancorp Inc. employee gave out personal information on an unspecified number of its customers.
  • 1,800 Pfizer employees and their families were informed of a data breach at Wheels Inc. who rents them cars.
  • In a study by The Washington Post personal information including the SSN of Colin Powell and Troy Aikmen were found in public government records on the internet. This information was readily available from land deeds. Think of how many people in Washington own a house.

Identity theft is a major problem costing our economy an estimated 57 Billion dollars each year. Part of the problem is that we make it all too easy for perpetrators of identity theft to acquire our information. Often they do not even have to commit a crime to obtain this information.

Governments are reluctant to clean up their mess due to costs associated with blacking out SSN’s and manpower required to pull records and change the in place systems.

This has got to change, they need to be setting an example for the rest of the Country to follow.

Identity theft is one situation where lawyers might actually be the cure by holding accountable those responsible for exposing our records. Its hard to admit that, but government action has been inadequate and their is an unwillingness to fix the problem in many areas. We will have more on that later.

As we have been saying throughout this 4 part series, your identity is not safe. Already in 2008 over 1.3 Million Americans have had their private information compromised. The trend continues and we hope you decide to protect yourself from the ongoing threat of identity theft. It does not matter if you use an identity protection company or do it yourself. What does matter is that you realize the inherent dangers and take action to protect yourself and your loved ones.

Credit Card Data Lost by GE Money Affects 650,000

The associated press has reported that GE Money, part of General Electric Capital Corp. has mailed letters to 650,000 customers informing them of a Data Breach. GE Money processes payments for over 100 retailers including J.C. Penney. GE Money was informed in October of the missing backup tape from Iron Mountain Inc, a data storage company, and spent two months reconstructing the missing information. Personal information as well as Credit Card and Social Insurance Numbers were included on the tape. GE Money estimates about 150,000 customers had both SSN’s and credit card information compromised. Consumers should be aware that the mailings are being sent by GE Money and may appear to be a pre-approved credit offer since most people have their credit card thru the retailer and may not know that GE Money processes the payments.

GE Money has not yet stated retailers were affected though it is known that J.C. Penney was one of them. Identity Theft Labs advises all consumers affected by this breach to ensure they have an identity theft protection plan in place and to insist that they receive a new credit card number from the retailer. Consumers who are informed that their Social Security Number was also exposed should place fraud alerts immediately, consider identity insurance and continue to monitor their credit.