Posts Tagged ‘identity theft’

Identity Theft #1 Consumer Fraud Complaint To FTC in 2007

Friday, February 15th, 2008

This week the FTC released the list of the top 20 consumer fraud complaints they received in 2007.
Not surprisingly, identity theft topped their list, accounting for 32% of all the complaints.

(more…)

Man Pleads Guilty To Loading Keylogger Software On Public Computers Worldwide To Collect PII and Commit Fraud

Monday, January 14th, 2008

Here’s another good example of an actual cybercrime that was allowed to occur because poor of safeguards on computers provided for public use.
On January 9, 2008, Mario Simbaqueba Bonilla plead guilty to installing keylogger software on hotel business center and Internet cafe computers located in hotels throughout the world that allowed him to access the bank and other financial accounts of over 600 individuals.

(more…)

Responding To Customers Asking About Your Company’s Use of SSNs

Wednesday, December 19th, 2007

For the past 10 years I have been driving the same, reliable, non-troublesome car. It still looks good enough (I don’t really worry about driving an “it” kind of car). However, it is getting a bit rattly, and my friends have been increasingly giving me a hard time about continuing to drive it past the 200,000 mile mark. I never really cared much until my starter went out a couple of months ago. I wondered, what if this had happened to me while I was in a neighboring state at a client site? Sure, I have AAA, but it would still be a hassle. So, I decided if I saw a car I really liked and that had all the features I wanted, I would splurge and get a new car.
Well…I just happened to find a car I absolutely loved after seeing and driving it. I was at the dealer paying for it yesterday, and the sales person asked for my Social Security Number (SSN).

(more…)

Be Aware: Court Ruling Allows Circumstantial Evidence In Court Case Against Company That Experienced Privacy Breach

Thursday, December 6th, 2007

So many times…actually almost every time…a privacy breach occurs the company that experienced the breach makes a public statement similar to, “We have no evidence that the personal information has been used fraudulently” or “We do not believe the information stolen will be used for identity theft.”
Why do companies so often make this statement? Because their lawyers know that it will be hard, if fraud and crime occurs using the compromised personally identifiable information (PII), to directly tie the breach to such fraud crimes.

(more…)

Be Aware: Court Ruling Allows Circumstantial Evidence In Court Case Against Company That Experienced Privacy Breach

Thursday, December 6th, 2007

So many times…actually almost every time…a privacy breach occurs the company that experienced the breach makes a public statement similar to, “We have no evidence that the personal information has been used fraudulently” or “We do not believe the information stolen will be used for identity theft.”
Why do companies so often make this statement? Because their lawyers know that it will be hard, if fraud and crime occurs using the compromised personally identifiable information (PII), to directly tie the breach to such fraud crimes.

(more…)

Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction

Monday, November 5th, 2007

Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.

(more…)

Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction

Monday, November 5th, 2007

Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.

(more…)

5-Point Checklist for Info Sec and Privacy Pros to Use for Data Protection and Privacy Law Compliance

Sunday, October 28th, 2007

One of the basic privacy principles is to limit the collection of personally identifiable information (PII) to only that which is necessary for the business purpose for which it is being collected. These privacy principles, built largely around the OECD privacy principles, are the basis for most data protection and privacy laws throughout the world.

(more…)

APEC Privacy Framework: Viewpoints from the FTC, TRUSTe & Marty Abrams

Saturday, October 27th, 2007

One of the sessions I attended at the IAPP Privacy Academy this past week was “APEC Update – Self Regulatory Approaches to Cross Border Transfers of Personal Data.” The presenters were: Pamela Jones Harbour, Commissioner, Federal Trade Commission (FTC), Marty Abrams, Executive Director, Center for Information Policy Leadership, and Fran Maier, Executive Director and President, TRUSTe.

(more…)

Many Kinds of Identity Theft Cause Many Types of Long Lasting Negative Impacts

Friday, October 26th, 2007

I want to revisit the blog posting I made a few days ago, “Average Cost of ID Theft Per Victim is $31,356
Some folks gave me some feedback, saying that they thought this cost was way too high based upon their own experiences when someone had used their credit cards and “it only took a matter of minutes to call the credit card company and report it, cancel the card/number, and get a new card, along with the $50” that they were responsible for.

(more…)