Tuesday, October 7, 2008

Shell fingers IT contractor in theft of employee data

I want to remind everyone that believes a credit monitoring service will solve their identity theft issues that they are sadly misinformed. The net result of all of the identity theft TV and radio advertising is to completely confuse the public for the sake of a profit. Sound familiar? If someone misappropriates your bank account, and you report the crime within 30 days of your account statement being mailed to you, your bank will work with you and likely absorb any losses as theirs. When someone files false insurance claims in your name your Casualty and Loss database (CLUE) is altered and you may never get insurance or perhaps a job, again. Without professionals to help you with the real identity theft issues you are fighting a very difficult uphill battle filled with legal pitfalls and a complex network of red tape.

Oil company says outside IT worker used info from database to file fake unemployment claims
Robert McMillan Computerworld
October 6, 2008
(IDG News Service) Shell Oil Co. is warning its employees that an IT contractor used the personal data of four Shell workers as part of an unemployment insurance claims scam in Texas.
Shell Oil, the U.S. subsidiary of Royal Dutch Shell PLC, began notifying employees of the
data breach on Friday, via a written notice that was posted on the Houston-based company's Web site.
Shell spokeswoman
Robin Lebovitz said company officials noticed early last month that someone had used Shell employee data to file fake unemployment compensation claims with the Texas Workforce Commission (TWC). After investigating, Shell determined that an employee of a third-party contractor had misused information stored in a corporate database, Lebovitz said.
The database
includes records for a majority of current and former Shell employees in the U.S., according to Lebovitz. The notice about the breach indicated that the misused data included names, dates of birth, Social Security numbers and some financial information.
The suspected scammer filed four false claims, Lebovitz said, adding that Shell has yet to uncover any evidence that other information from the database was compromised as part of the alleged claims scheme.
Shell didn't identify the company that employed the suspect, saying only that it had been hired to work on a data indexing project involving the database. The notice to employees said that after the fraudulent claims were discovered, Shell escorted the suspect from its premises and terminated its contract with the IT company.
The alleged crime continues to be investigated by Shell, the Houston police and the TWC, Lebovitz said

Monday, October 6, 2008

New Federal Law Targets ID Theft, Cybercrime

By Brian Krebs October 1, 2008 Washington Post

"President Bush last week signed into law a bill that seeks to make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced to cough up ill-gotten gains.

The Identity Theft Enforcement and Restitution Act of 2008 lowers the bar prosecutors need to clear before bringing hacking and other cybercrime charges against an individual. Under current federal cybercrime laws, prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. The new law eliminates that requirement. "

Provided of course that the thief is caught and brought to justice. With less than 5% of identity thieves being nabbed this law will only help a small minority of the victims. It is a step in the right direction however.

Just as important as this new law is, actually another portion of the article really caught my eye.

"Some ID theft victims can spend thousands of dollars and months or years dealing with credit bureaus and debtors from accounts fraudulently opened in their names, but the law doesn't appear to take into account lost opportunities associated with identity theft. According to the Federal Trade Commission, some consumers victimized by identity theft may lose out on job opportunities or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.

It is just as important to understand that victims of identity theft are faced with the massive task of fighting nearly overwhelming obstacles in clearing up identity theft episodes. The banking system has certain measures in place to deal with fraud on bank and credit accounts. Once you leave the banking realm however, the bureaucracy of databases and information repositories can prevent a maze of challenges to clearing up false entries and records inaccuracies.