Todays Dose Of Data Theft: Spyware

America's fastest growing crime has moved a step closer to each of us. When will you speak up? This is no laughing matter.

Spyware researchers discover ID theft ring

Spyware researchers picking apart one of the more notorious spyware programs have stumbled upon what appears to be a massive identity theft ring hijacking confidential data from millions of infected computers.

"I'm not being dramatic. This is the most repulsive thing I've ever seen. It's very painful to see what's in these log files that are being uploaded in real time. We're seeing a lot of bank information and usernames and passwords to get in," Eckelberry said.

"There are lots of eBay account information and names and addresses of the people owning those accounts. Names, passwords, all matched up," Eckelberry added.

Another article gives us more insight:

International Identity theft ring discovered.

A spyware ring has infiltrated the IT systems of as many as 50 international banks and logged social security numbers, credit card and bank account numbers, passwords, eBay (Nasdaq: EBAY) and PayPal (Nasdaq: PYPL) account information and chat transcripts, according to the security firm Sunbelt Software.

Less than 20 days ago, I conducted a survey that showed 24% of American over 18 had been exposed to ID theft in the last 90 days.

I also want to note BizzyBlog, who also has been following this closely and is a proponent of "Credit Freezes" to help protect consumers.

I have maintained throughout my posts that we need to force the institutions that maintain consumer data to institute stronger measures of data security, namely data encryption. It now appears that Mark Durham, communications director, Identity Theft 911, agrees with me:

"Consumers don't know where their data is and they can't control how it's used. As long as that's true we need to push business and government and those that have that data to control it better." Durham said

This is not a partisan issue. Protecting the private data of consumers is a noble cause that everyone should support. I pointed out here 3 areas I believe the Identity Theft Protection Act fails consumers.

I have been saying this since February, and will continue to say it:

"I suspect someone will take interest in this when they receive a letter in the mail stating their identity has been stolen." - Trey Jackson

The Identity Theft Protection Act

The U.S. Senate Commerce Committee passed legislation Thursday on a voice vote that requires disclosure to consumers when sensitive personal data is breached or lost. The more I read this bill, the less impressed I am with it. It seems the data lobbyist were able to dodge three of the most worrisome and costly issues that confronted them:

1- Data Encryption

2- Private cause of action

3- Paying for credit monitoring programs for every consumer whose file they have breached.

Identity Theft Protection Act

The bottom line here is the information industry is no different than any other industry. Everything is about money. Encrypting data costs money. Defending lawsuits costs money. Paying for credit monitoring services costs money.

So why aren't any of these items mandated by the new bill?

Todays dose of Data Theft

As I have documented here, over 50 million American consumers have had their personal identity information compromised (lost or stolen) in the last 100 days. You can add another 27,000 to that number....

Exhibit 19 - St. Johns Regional Medical Center. Bad News. 7-23-05

St. John's Regional Medical Center has begun informing more than 27,000 patients of the theft of hospital records with personal information about them.

LaFerla said the information stored in the computers included the names, dates of birth, admission and discharge dates, medical record numbers, and account numbers of patients from those years. It did not include any other personal information such as medical records, health information or Social Security numbers, she said.

LaFerla said it is doubtful the information stolen could be used to accomplish any identity theft that might harm anyone affected.

Ms. LaFerla  is either ill-informed about how identity theft works or is trying to downplay a serious breach of consumer data. I'll let you decide the answer to that.

24% of Americans over 18 have been exposed to ID theft in the last 100 days.

Identities for the taking...

I have written about companies lack of securing consumers identity a few times on this site as it is an issue I feel strongly about. See here, here, and here. Every year, millions of identities are stolen and billions of dollars are lost in the financial and credit industries. Worse still, is the extreme nightmare a consumer goes through attempting to fix a problem they had no hand in creating. Over the last few days, what began as another post has turned into a study. Below I have documented every incident I could find in the last 100 days where a company has compromised sensitive consumer data. With the help of google, I have found that roughly 50 million consumers have had their personal identity breached in the last 100 days.

My study has yielded the following information thus far:

1 out of every 6 people in the U.S. have had their personal information breached in the last 100 days. US population = 296,689,763.

1 out of every 4 people over the age of 18 have been exposed to identity breaches in the last 100 days. US pop. over 18= 209,128,094 - That's 24%.

This is alarming. At this pace, every consumer record in our country will have been exposed/breached/stolen in less than two years.

Choicepoint: Round 3 w/Video

Jackson's Junction: Video Blogging- we provide (video), you decide!

Fox News Rebecca Gomez reports today that Congress is going to hold congressional hearings on Choicepoint's data breach that resulted in at least 145,000 consumer data records being compromised. Good.

More importantly, congress has stated they are going to ask the questions I raised here and here on February 17th and 21st, respectively.

Those questions are:

• Could this security breach jeopardize our national security interests?
• Could terrorist steal someone's identity and carry out illicit activity?

To make matters worse, it was also released this week that the two top executives of Choicepoint are going to be investigated by the SEC for $16m in stock sales before this information was made public.

This company has illegally disclosed 145,000 consumer data records to criminals, possibly jeopardized national security and maybe even profitted off of it by insider trading, all at the expense of innocent consumers and taxpayer dollars.

Please share your feelings and leave a comment after watching the video!

-WATCH NOW-

Choicepoint - Round 2

Last week, in my post Choicepoint - What You are Not Hearing, I took time to point out my serious concerns regarding Choicepoints  security breach that resulted in 145,000 consumer records being illegally accessed. My first post laid out the argument that Choicepoint is not a company we want our government to contract for national security issues.

We now learn more. Choicepoint announced today that consumers in all 50 states, the District of Columbia and three U.S. territories have been affected by the breach in Choicepoints credentialing process.  You can read all about it here and here.

California authorities estimate the amount of compromised consumer data may be as much as 500,000. Choicepoint has denied this and maintained its estimate of 145,000.

I am not sure what is worse, a company that may have illegally given identity information on as many as 500,000 consumers to criminals, or the fact that we contract this company to work with Homeland Security and law enforcement.

If there is nothing to worry about here and no connection between Choicepoints "breakdown" in vetting out new customers and its law enforcement services, why did they hire Robert McConneell, 28 year veteran of the U.S. Secret Service, to serve as a liason to law enforcement?

I asked this last week and I'll ask again: How can we trust this company to protect our national security when they are unable to protect our personal identity? I suspect someone will take interest in this when they receive a letter in the mail stating their identity has been stolen, or worse, if we found out that one of these sham companies that have been accessing Choicepoints database is linked with a terrorist organization.

Choicepoint announced that it is going to begin re-screening about 17,000 small businesses that currently have access to their data. Wonder what this process will reveal?

Please leave your comments. I am eager to know how everyone feels about the prospect of either (a) having their identity stolen and/or (b) knowing this company is currently being paid with taxpayer dollars to compile and furnish data for homeland security and law enforcement agencies across this country.

Choicepoint - What you are not hearing

*This article updated since original posting.

By now, most of you should have heard about Choicepoint discovering that over 145,000 consumer data records have been compromised and obtained illegally. The original release of the information stated only 35,000 people were affected. Today, we learned it was much worse.

I have taken a particlar interest in this story for several reasons: (1) I am an executive in the credit/collection industry (2) I am an American citizen.

As a member of the industry, I do not find it at all shocking to learn that Choicepoint has failed to properly vet the companies they are selling consumer data to. I have always known that fraudulent companies were finding ways to obtain credit reports. How have I known this you may ask? Simple. One of the major bureaus issues a list of companies they have banned for improperly obtaining credit reports each month. This list is sent out to all resellers of credit reports letting us know not to do business with these companies.  This indicates that this practice has been going on for years. Everyone knows there are identity thieves out there, this is not new, but it alarms me as a consumer.

As an American citizen, why am I appalled at Choicepoint's lack of 'screening' of potential new buyers of consumer data? Well, for those who don't know, Choicepoint is a company the United States government contracts to compile and furnish data for Homeland Security and Here.

Choicepoint's website (Here for Homeland Security, Here for Governmental Contracts) state's it "recognizes our customers efforts to combat terrorism and provides a wide range of solutions to support them." Among those solutions are:

1. Identify links between individuals
2. Locate persons of interest
3. Find links between individuals and businesses
4. Screen vendors and employees for evidence of terrorist links

This should alarm every person reading this. The company we depend on to "find links between individuals and businesses" has just announced they are unable to do so properly. They have just announced they have been allowing criminals to access their data. We know this may have lead to the identity theft of up to 145,000 people. We do not know who else accessed that data and why.

1. Have terrorist accessed Choicepoint data to determine whether or not the government was aware of them?
2. Have terrorist used this data to elude or evade capture?
3. Have terrorist used this information to obtain fraudulent identities?
4. How can we trust a company to link terrorist to businesses that can't even determine if the businesses they sell these reports to are legitimate?

I think it is time for citizens to closely examine Choicepoint. Can we trust this company with protecting our national security interests if we cannot trust them with protecting our identities?

UPDATE: HERE for yesterdays post: Choicepoint - Round 2

Free Credit & Collection advice

Although I created this site to give myself an outlet from my everyday work, I feel it is only fair to offer my 'marginal' advice in my field of expertise to those who need it.

Before I go any further, it is important to point out: The views, opinions, debates, controversies, fun times and not so fun times DO NOT represent the views or opinions of my current employer, and further if they were asked, they most likely would disavow themselves with this project.

That being said, I am the Sr. Vice President for a Nationwide Credit and Collection Company.  At the age of 32, I am about to celebrate my 10 year anniversary with my company. Throughout the years, I have been blessed to work with some extremely intelligent people.  My education in this field has become invaluable to me and my life.

Now, here's what I propose by "Giving something back...". if you have a question in regards to credit or collections, and post your question in the comments field under collections, I will do my best to answer your question and provide a little help in working through the process. I am not asking for anything in return, except that you return the favor with a link to me on your site and a thank you.

Before you begin submitting questions, please be advised that nothing I say should be construed as legal advice and further should be verified on your own through outside resources.  Further, be aware, there is a very good chance that I may just suggest you' Pay the Bill'. You see, after 10 years in the industry, theres not much I haven't heard.

I will post this reminder from time to time, but if you visit the site and do not see an open thread on credit & collections, click on the Credit and Collections  category and post your question. I will do my best to respond to all inquiries within 48.

So, thank you for visiting and if I can provide you a C&C answer, or tell you to Pay your Bill, I will do so objectively.

If we see an interest in this topic we will create an ongoing thread to provide better response.

Best wishes and Good Luck. maybe I'll be able to help, maybe not, but you will get my best suggestion.

Note: Comments were closed on this post.