Thursday, December 3, 2009

Two Important Stories

These two stories although seemingly unrelated, point out two aspects of identity theft that are very much related. In January of this year the Kaiser Permanente Group headquarters in Oakland Ca. experienced a breach of employee personal information from its’ Human Resources offices. The person charged with the theft was a temporary worker in that office.

We see in these stories the relationship between the current economic climate, a crime of opportunity that will generate cash for the thief, temporary workers who have no real sense of responsibility the employer, and the irrefutable fact that while we can be diligent with our personal information, it is mostly in the hands of businesses and governments, and out of our control.

Business owners and Privacy specialists need to take stock of company risk by assessing their internal systems, and putting in place policy guidelines for employees to deal with sensitive information, and procedures for handling breaches when they occur.

All individuals need to be reminded that their ultimate information security policy should include tools to deal with these corporate breaches that result in identity theft. One cannot correct their own insurance or SSA files, their DMV records, and other databases once corrupted by identity theft fallout. We need that help of professionals in the business of restoring identities of fraud victims.

Medical ID Theft on the Rise
The recession has contributed to a rise in medical identity theft, and as health records move online, the problem is expected to worsen, reports the Wall Street Journal. "Medical identity theft is the fastest-growing form of identity theft," says Jim Quiggle of the Coalition Against Insurance Fraud. Most of the fraud occurs at the hands of healthcare workers who are paid to sell patients' information, the report states. Incidents of medical identity fraud are highest in states with large retiree populations. Experts advise consumers to monitor their medical and credit records, keep insurance cards private and avoid providing personal information over the phone.

Full Story

Temporary Workers Come with Risk
'Tis the season to keep an eye on temporary workers, according to the general manager of the Payment Card Industry Security Standards Council. "Vigilance is key," Bob Russo told Computerworld, adding that it's a good time of year for managers to "hover over" workers. Russo says that temps, especially, can pose a data security risk to businesses. He recommends that organizations conduct background checks and training, and says they should take care to get their access controls in place. Other tips include monitoring the use of handheld scanners, reviewing log data daily and implementing "hard" firewall policies
Full Story

Monday, November 30, 2009

Data breached Records Skyrockets

Forbes reports on the numbers of data breaches during the first 11 months of 2009. According to the Identity Theft Resource Center, government agencies and businesses reported 435 breaches as of November 17, the report states. But that number, which would indicate a 50 percent reduction from last year's statistics, is deceiving, says Forbes. "In fact, the number of personal records that were exposed...has skyrocketed to 220 million records...compared with 35 million in 2008." The report highlights two of this year's major breaches--Heartland Payment Systems and the National Archive and Records Administration.

If anyone is still of the impression that data breach is a fading issue needs to understand this.
The people that are actively seeking to steal and sell sensitive personal information are getting better at it. This is large-scale international crime and the profits are tremendous.
Often times the persons responsible for the collection of these data are not the identity thieves. The lists and files are sold as many times as is feasible to anyone who can pay. Organizations from al Qaeda, to international underground immigration rings have been linked to the use of stolen identifiable information to further their operations.

In the speaking engagements I do I always advocate the use of common sense when it comes to safeguarding your personal information, but also that most all identity theft is the result of large scale data theft and therefore cannot be protected by us as individuals.
If there is any one lesson I hope everyone gets from this is to understand the scope of data theft and identity theft. To understand it is to be able to secure ourselves much as we do for our health, by having a mitigating protection such as we do with healthcare insurance. But keep in mind that identity theft "insurance" per se cannot replace money lost to identity theft, only out of pocket expenses incurred by you the victim in pursuit of clearing up an identity theft episode. Only a restoration service can clear up records and reinstate the victim to pre-theft status.