How many permissions do you have on your social networks?


I read a great blog post the other day about social network sharing permissions.  It made me think about how many third-party apps we allow permissions on our different networks like Facebook and Twitter.

Connecting accounts this way is convenient.  Think about how often you will use the ‘Login With Your Facebook/Twitter Account’, or accept requests for all the different apps your friends use.  How many games are you playing on Facebook?  Every time you start playing a new game you have to allow that app permission to access your account.

Maybe it’s time to take a look and clean out your permissions.  The more you share permissions, the more you put yourself at risk of identity theft.  To read more on this visit the T3KD blog.

So are we safer on Facebook? Time will tell


Facebook has reached a settlement with the Federal Trade Commission over its privacy policies.  That means we can all breathe a sigh of relief, right?  Well time will tell.

I would like to think that means my information will be protected just as Facebook says it is, but I can’t help but consider the fact that several of the points brought up in the settlement was the fact that the Facebook Privacy statement said one thing, and the reality was that Facebook was doing things totally differently.

While I can hope that things will be done correctly from now on, there is no guarantee.  Only as we move forward and see the independent third party evaluation can we hope to see if Facebook is following the terms of the settlement.  I hope that they do, but I will not take it as gospel.  I will continue to be aware of the fact that advertisers and third party application developers may very well have access to my personal information and act accordingly.

If it happens that things remain the same, I can take comfort in the fact that I have a LegalShield Membership and that I can depend on  Identity Theft Shield to fix it.

 

Your kids are targets too!


The family computer poses a risk not just to you, but to your kids too.  Identity theft, scams and God forbid, pedophiles are all risks that our children face every time they log on to a computer so it is important that we teach our kids online safety.

The Federal Trade Commission has been on the front lines of this fight with the Online-Onguard program for years now but it really wasn’t targeted toward kids safety.  There is a new program that the FTC has implemented in conjunction with Online-Onguard called NetCetera which focuses on educating our kids on online safety.

NetCetera is targeted toward adults to help them talk to the kids around them about Privacy, etiquette and safety  in an online world, not just computers but Cellphones.  It gives tips on explaining to kids what the risks are, how to identify them, how to avoid them and steps for kids to take when they think that they may be subjected to them.
Some of the topics covered:
Sexting
Cyberbullying
Privacy
Scams
NetCetera is available in a 56 page book including a glossary of internet terms and a listing of Resources to help parents teach kids about online safety.  If you are a parent or educator this is a must have tool in teaching our kids how to stay safe.  You can order NetCetera materials for free from the Federal Trade Commission.
But risks to our children are the same as risks to ourselves.  We can teach them to lower their risk but the risk never goes away.

Why you will NEVER be safe from identity theft!


Unfortunately many people still believe that they can eliminate the risk of becoming a victim of identity theft.  They think that they can totally erase the risk.  They believe it when some company says that they can prevent you becoming a victim.  If you hear that from anyone, don’t you believe it!

None of us can totally eliminate our risk.  That is because our personal information (very detailed and intrusive information) is readily available to anyone.  It’s called public records and you might be surprised exactly what information someone can get their hands on through public records searches.  You have much less privacy than you think.

Many companies have popped up that gather information on individuals and offer that information for sale to anyone with a credit card.  just type background checks online into Google.  I just did this as I am posting and got back 11 million hits.  11 million places you can go online to buy a back ground check on someone.

What information is available on you?

Personal Records:

Alias/Maiden Name Check
Address History
Phone Number(s)
Social Web Search
Date of Birth
*List of Relatives
Email Addresses
*Spouse/Roommates Locator

Criminal History:

State Criminal Records Check
Nationwide Criminal Records Check
Arrests and Warrants
Misdemeanors and Felonies
Convictions and Incarcerations
DUIs and Criminal Driving Violations

Court Records:

Civil Filings
Civil Actions
Bankruptcies
Liens and Judgments

Property Records:

Primary owner on title
Property Information
Phone Numbers and Details
Mortgage Records
House Purchase and Current Value
*Possible Neighbors

 

With all of this information available to anyone online with a credit card, how can any one of us possibly be safe?  And it is not just you that is at risk.  Someone pulling up a background check on you can easily find what he or she needs to pull the records of your family, friends and neighbors.  Just notice the items with an asterisk.

This is why we all need to have something in place to help us fix it when it happens.  No one can stop it, but LegalShield can help fix it.

 

Ladies and gentlemen we have a SNAFU!


If you are active duty military or a veteran you should recognize the acronym SNAFU.  For those who don’t it stands for Situation Normal, All F*cked Up. You learn to live with a lot of that in the military, it is just as common as ‘hurry up and wait’.  Unfortunately SNAFU carries over into our life as Veteran’s too.

All Veterans fall under the US Veteran’s Adminstration.  They have all of our information.  Many of us veterans are receiving some form of benefit from the VA.  I happen to receive medical benefits as a service connected disabled veteran.  Others maybe receiving educational benefits through their GI Bill.  Or even housing benefits through VHA loans.  No matter what benefits you receive (or not) the VA has your information.

The VA also has a less than golden track record on protecting our information.  Until the Heartland Payment System dataloss a couple of years ago, the VA held the record for the largest ever security breach with over 25 million veterans’ personal information exposed.  Unfortunately the VA continues to experience datalosses so often that it doesn’t even shock us anymore.

 

If you are a veteran of the U.S. Armed Forces; taking the threat of identity theft seriously is not an option, it is a requirement.  Your information has already been lost.  LegalShield can help by providing you with the assistance you will need when you become a victim of identity theft.

The following information comes from the Privacy Rights Clearinghouse.  This information is just the security breaches for 2011 involving VA or Military agencies.  Keep in mind this is only for 2011:

September 16, 2011 Veterans Administration Medical Center (Biloxi)
Biloxi, Mississippi
GOV PHYS

1,814

The VA believes an employee’s office at the Veterans Administration Medical Center in Biloxi was inappropriately accessed without proper authorization on July 21.  A number of medical files with veteran names, Social Security numbers, dates of birth and other personal information like medical diagnoses were found spread on the office floor.  The breach could affect veterans, deceased veterans and VA employees in seven counties in southern Mississippi, four counties in southern Alabama, and seven counties in the Florida Panhandle.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 1,814


 

September 15, 2011 United States Army
Alexandria, Virginia
GOV PORT

25,000

A CD with sensitive Non-Appropriated Fund retiree information was lost in the mail between Alexandria, Virginia and San Antonio, Texas.  The CD never officially arrived after being sent during the last week of August.  It contained retiree records with names, Social Security numbers, retirement date, type of retirement, amount of life insurance carried, term data, dates of service, and other retirement data.

Information Source:
Databreaches.netrecords from this breach used in our total: 25,000


 

August 8, 2011 Department of Veterans Affairs
Fayetteville, North Carolina
GOV INSD

Unknown

A dishonest VA worker used his tax return preparation business to submit fraudulent tax returns.  VA patient personal information such as names, Social Security numbers and birth dates were used to create fake dependents on people’s tax returns.  The VA worker then collected fees from customers in exchange for fraudulently increasing the dollar amount of their tax returns. He was convicted in February and sentenced to 11 years in federal prison. The employee handled information from VA patients in North Carolina and Virginia.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 0


 

August 3, 2011 Department of Veterans Affairs
Washington, District Of Columbia
GOV INSD

Unknown

The inspector general at the VA found that IT contractors had accessed the VA’s electronic health record system without appropriate security clearances.  An tipster had left a message about the situation on a departmental hotline in the summer of 2010.  Contractor personnel were found to be improperly sharing user accounts when accessing VA networks and the Veterans Health Information System and Technology Architecture systems. Employees of the contracting company were unaware of proper IT security protocol.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 0


 

April 8, 2011 V.A. Medical Center
Aiken, South Carolina
GOV PHYS

2,600

Please call (706) 729-5893 for more information.

A V.A. employee may have thrown the personal information of over 2,600 veterans into the trash. The breach was originally discovered over a month before the official notification and reported by a news channel. The V.A. admitted that appointment records with Social Security numbers, dates of birth and other information were accidentally thrown into the trash instead of being shredded. The records were from January 2010 through January 2011.  All veterans from that period were contacted, but not all were affected.

Information Source:
Databreaches.netrecords from this breach used in our total: 2,600


 

March 21, 2011 Portland Veterans Affairs Medical Center
Portland, Oregon
GOV PHYS

50 (Between 50 and 75)

Between 50 and 75 patient ID cards were lost in January. Social Security numbers, dates of birth and other personal information were on the cards. The cards had previously been mailed to the wrong addresses and were being stored in the hospital’s enrollment office.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 50


 

January 29, 2011 Veteran’s Affairs Medical Center
White River Junction, Vermont
GOV DISC

114 (No full SSNs or financial information reported)

A client device owned by Dartmouth allowed an unknown amount of people to anonymously log on to a computer network. A document that contained Veteran and Dartmouth patient information could be viewed once people had logged on using the client device. The document contained a list of Dartmouth and Veteran patients. Last names, last four digits of Social Security number, clinical diagnosis and comments were exposed. At least one patient had their full name and date of birth exposed. The problem had existed for an unknown amount of time.

Information Source:
PHIPrivacy.netrecords from this breach used in our total: 0


 

January 13, 2011 New Mexico National Guard
Sante Fe, New Mexico
GOV STAT

650

A computer with the deployment records and Social Security information of soldiers throughout the state was stolen from the National Guard Headquarters in Sante Fe.  The theft occurred sometime between December 23 and 28.

Information Source:
Databreaches.netrecords from this breach used in our total: 650


 

 

Easier said than done


The arrest statistics for Identity theft are extremely low, somewhere around 5%. that means that 95% of identity thieves get away with it.  It’s a very low risk crime for the criminal.  Many people think the police should just arrest the thieves.  It’s a nice thought but much easier said than done.  After 12 year with a police department let me outline why these thieves can get away with theft.

Police departments do not have the resources to investigate every identity theft report they get.

In large metro areas the police force is already stretched thin responding to calls, patrolling their assigned areas, investigating crimes that occurred locally and doing traffic control.  They just don’t have the manpower to investigate each identity theft case that falls into their laps.

 Jurisdictional issues

You may live in Florida while the thefts can originate from anywhere.  The thief may be doing the stealing from California, but they are ordering from a company in Texas.  That creates a problem for law enforce since there is at least three different agencies involved and all limited to their own jurisdiction.  The Florida agency cannot do anything in California where the thief has an address and is committing the crime, the California agency can’t do anything about the fraud which occurred in Texas.  All they can try to do is coordinate thier investigations, but again we come down to the manpower issue.  The florida agency may know the address the thief is using, but that does not mean that the California Agency has anyone available to investigate it.  Now imaging this on a global scale. You are in the US and and your information is being used in Indonesia.

 The person using your information is not the one who stole it and there may be multiple people using your information.

People are being bought and traded in underground chat rooms like the newest hottest commodity.  It’s a black market version of Wall Street or E-bay.  Identity theft rings buy the information from the local thieves(who stole it from you or someone who has access to it).  The Identity theft rings “broker” the information to the “suppliers” and “consumers”.

Suppliers are usually criminal cartels providing false documentation to illegal immigrants that the cartels buy in bulk from identity theft rings.  US Immigrations and Customs Enforcement (ICE) are contantly busting up these rings.  You can visit their site at www.ice.gov Check out the news releases on Document Fraud and Workplace Enforcement.

Consumers are the individuals who purchase your information. They may wish to steal your credit, cover their own criminal past, hide their illegal immigrant status, get medical benefits or to use it for any of the same things you would use your information for like get a job.

Often when you get this deep into it, the information is crosing international borders.  The information that a waitress at Red Lobster stole from you while she was off somewhere processing your credit card was sold by her to a local ring.  That local ring then sold it to a clearing house in say Siberia. It now flows through that clearing house to chat rooms where it is auctioned off to the highest bidder who may be using it themselves or creating fraudulent driver’s licenses and social security cards..

When you do realize that you are a victim, the information may have travelled around the world and back; and it could be months or even years after the information was first stolen.  Identity theft is a complex and complicated crime the only thing we can do is to be aware, informed and prepared.  I am dedicated to making you aware and informed, Identity Theft Shield is a good way to be prepared

Opt out to protect your information


Junk Mail.   How much junk mail do you receive every day?  Probably a lot.  and junk mail is not the innocent little annoyance you think it is.  You probably just think it is something that you must live with, but in many cases it is not.  You can opt out of receiving quite a lot of junk mail.

Much of the junk mail you receive may come from businesses sharing your information with others.  You can stop much of this junk mail by opting out.  Some junk mail is easy to opt out of like pre-approved credit card offers.  Simply dial 1-888-567-8688 in the US.  This will keep credit bureaus from selling your information to lenders and insurers.

All financial institutions are required to provide you with a privacy policy that tells you how they share your information with others.   You may be able to opt out of much of this sharing process but not all of it.  There are instances which you cannot opt out of but you can opt out of some of it.

It is also never to late to opt out.  It will take a little effort on your part because you will need to contact each institution that holds an account in your name to find out what their procedure is for opting out.

Why should I opt out?

Allowing your information to be freely shared is a big identity theft risk.  The more businesses that have your information, the bigger the risk that your information will be lost.   The better control you have over who holds your information, the lower your risk of it being lost.

For more information on opting out, visit the Federal Trade Commission’s page on Privacy Choices you can download a PDF version of this publication that will help you understand what opting out is and how you can opt out.

For more information on Identity Theft please visit  LegalShield  learn how we can help with Identity theft issues.

 

Dude! Surf’s almost up!


Halloween is here,  Turkey Day will be here before you know it and then surf’s up!  The Holiday season is prime time for identity thieves to go surfing.  Mailbox Surfing that is.

Your mail can be a goldmine for identity thieves and the Holidays simply means bonus time!  Millions of items containing Personally Identifiable and Non-Public Information are placed in the mail each day.  Bank Statements, utility and credit card bills, applications and government issued correspondence arrive in mailboxes each day.  We write out checks and mail information ourselves and identity thieves know this.  That roadside mailbox is just waiting for them to come along and harvest what is in it.

During the Holidays they can make an even bigger haul from Christmas cards and gifts we mail out.  So what to do to lower your risk of identity theft by mail?

The safest way to protect your incoming mail is to rent a Post Office box.  Your mail remains secured in your PO Box until you retrieve it.  Many newer communities have turned to this option, having a bank of locked mailboxes in a central location as opposed to roadside mail boxes.

Protecting your outgoing mail is also pretty simple.   Treat that roadside mailbox like the threat that it is, don’t put anything into it.  Take your outgoing mail to the post office or one of those blue United States Postal Service mailboxes.

And a tip for protecting that holiday mail:

Send all valuables (including Checks, Money orders and Gift Cards) by Certified mail with a return receipt.  This way the mail is hand delivered to the address and someone at the address must sign for it.

Lets Give the Mailbox Surfers something that they don’t want this holiday season, a wipeout.

Training of employees is key to protecting information


We all assume that businesses holding our information will protect it, that is the law after all.   The Federal Trade Commission requires ‘reasonable measures’ in the disposal of sensitive and personally identifying information.  However datalosses and security breaches still occur on an (almost) daily basis.

Many business entities have implemented measures to protect this information.  They have established policies outlining how information should be disposed of, but something still happens.  Unfortunately for a Georgia attorney, recent events show that a system of policies and procedures can break down.

According to the news report; Ashley Bell was surprised to discover that his firm was the source of one of the most easily avoided types of dataloss-confidential documents  tossed in a dumpster.  After all there is an established procedure in place, confidential documents are to be shredded and recycled.  An internal investigation led to a college intern, who was perhaps a bit too eager to get the task done and dumped the files in an unsecured dumpster.  The procedure was there but it was not followed.

Shredding can be a tedious task, I know from experience.  I also know that the information you are shredding can be dangerous in the wrong hands so it is a vital step in any disposal procedure.  The key is that I know and understand this.  Employers need to make sure that employees are trained to understand that danger and the consequences if the information is exposed.  Was this intern trained?  The report does not tell us that, and even training an employee does not guarantee that they will follow procedures.  It can however greatly improve the chance that they will when they understand the consequences and the employer can show that they have taken steps to prevent a breach.

Many businesses are taking steps to implement these reasonable measures, They are acting in good faith to protect information such as in the case of Mr. Bell’s law office.   Unfortunately for every Ashley Bell there are business owners who will not take steps to protect information until after they have experienced a dataloss themselves.

Fido did what!


When it comes to identifying risks to your identity, you have to think out of the box.  After all criminals are geniuses at out of the box thinking.  They look at everyday items we consider ‘harmless’ and can figure out how to use them to commit crimes.  If you have seen the movie “Catch Me if You Can” you would see a perfect example of what I mean.

The movie was based on the exploits of Frank Abagnale Jr, a well known security expert.  Mr Abagnale in his youth was a very successful con artist who cashed over a million dollars worth of fraudulent checks.  And in the movie it was not just his ability to create a fake persona, but a very harmless item that factored in to his success.  Watch this clip from the movie starring Leonardo DiCaprio as Abagnale.

Did you spot the harmless item that enabled him to cash check after fraudulent check?  No, not that check numbering machine, it was something else.  For those who did spot it, congratulations!  For those who didn’t check the bathtub.  Dozens of model airplanes were soaking in the tub.  The model planes all had PanAm decals.  Decals that he  placed on forged checks to fool bank tellers into thinking that they were authentic, and that brings me to your lovable family pet.

Many pet owners chip their pets.  Don’t get me wrong, it does have a very good benefit that for many loving owners outweigh the risk.  That microchip means if Fido gets lost, he can be identified and returned home safely.  But there is a down side.  Fido’s chip not only identifies him, it identifies you.  If your pet is chipped, keep in mind that chip contains your information and can be a route for identity thieves to strike.

Your information is everywhere.  No matter how well you protect your information, you can only control what is in your possession.  You cannot control other places and every different place it has been stored is another avenue for a thief to strike.