What to do with leftover customer data?

Posted by Caitlin on July 1st, 2009

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

Verified Identity Pass was a privately owned company that offered a service called Clear, which was designed to help air travelers get through airport security checks faster by vetting their identities and backgrounds in advance. On June 21, Verified Identity Pass announced that, for financial reasons, it would be ceasing operations. The abrupt closure has raised serious concerns about the customer data collected by the company. Stored information includes fingerprints, iris scans and digital images for roughly 260,000 customers. While this registered travel program was privately owned, it was authorized by the TSA, which required the service to record full legal names, home addresses, dates and places of birth, genders, heights, driver's license numbers, passport details and other information for all customers.

Bennie Thompson, the chairman of the House Committee on Homeland Security, has given the Transportation Security Administration until July 8 to explain how the agency plans to ensure the security of all this data. The TSA is in the process of putting together a response to this question, and in the meantime, claims that Clear is appropriately safeguarding the collected data. Verified Identity Pass assures customers that their information is being stored in conformance with the TSA's security and privacy requirements. But the data has yet to be deleted, leaving open the possibility that it could be sold or passed on to a third party, if the intention is to use it for another registered travel program.

As long as our personal information is out there, beyond our control, it is wise to invest in identity theft protection.

• T-Mobile denies data breach despite hacker claims
• Hackers gain access to sensitive data from 100,000 websites
• Is your state putting your identity at risk?
• Reports of TJ Maxx, Marshalls 15% discount related to massive data breach appear on the web
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers

Master hacker pleads guilty

Posted by kent on June 30th, 2009

Infamous hacker Max Ray Vision, a.k.a. "Iceman", a.k.a Max Butler pleaded guilty yesterday to wire fraud charges. Wired Magazine reports that he "stole nearly 2 million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges." Butler started out as a good guy, doing contract security work, but quickly picked up a nefarious sideline. Butler did more than just steal credit card numbers directly from credit card users. He actually stole credit card numbers from other hackers and identity thieves, proving once-and-for-all that there's no honor among thieves—or hackers.

How did he steal from them? He hacked the online forums that identity thieves use to buy and sell personal information.

You can help safeguard your own personal info by signing up for identity theft protection. Check out the best options with our identity theft protection service reviews.

• College football player commits identity theft against deceased woman
• New LifeLock features battle new and old identity theft techniques
• Experian says 55% of child identity thefts perpetrated by family members
• ID theft hits a little too close to home
• Data Breach Alert: Millions at risk for identity theft due to supermarket chain data breach

The dog ate my checkbook

Posted by kent on June 30th, 2009

We should never laugh at identity theft, but a recent case from Arlington, Washington does put a humorous spin on an old excuse. A woman allegedly started using her ex-husband's checks to pay for some of her expenses. When police went to question the woman, she initially told them that, "her dog got into her purse and ate all her personal checks." Without a checkbook, she needed some way to pay the bills, and it seems her ex-husband's checkbook was the next best thing to her own.

To protect your identity against much smarter criminals, check out our Identity theft protection reviews and comparison chart.

• Does TrustedID protect my children from identity theft and if so, how is it done?
• WalletLock takes the worry out of losing your wallet
• Data Breach Alert: Thousands of California students at risk for identity theft
• A lost purse or wallet could land you in jail
• Reader Question: What should I do if I think I have been a victim of identity theft?

Scammers use online dating services to target potential victims

Posted by Caitlin on June 29th, 2009

Last week, guest expert Robert Siciliano discussed scammers who use Craigslist classified ads to target potential victims. Apparently, the same types of scammers also use online dating services to seek out gullible marks. A few days ago, Consumerist received a story from a reader who was contacted by a scammer on Match.com. The message is written in the grammatically incoherent style that tends to characterize foreign scammers. The scammer does not propose any financial transactions in this first message, he simply attempts to initiate contact and establish a relationship. However, he also assumes the name Sgt. Mark Edwards, which is commonly used in Nigerian 411 scams.

If you use Match.com or another online dating service, Robert Siciliano's advice about Craigslist scammers also applies. And if you get any messages from Sgt. Mark Edwards, consider yourself warned.

Of course, identity theft protection and Internet security software are excellent lines of defense against the cybercriminals who prey on users of Match.com, Craigslist, or any other online community.

• Vonage begins testing exciting new contact management and calling features
• How to set up automated online hard drive backups with Mozy
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Fake Facebook profile page victim awarded $43,000 in damages
• Facebook phishing scams increase risk of identity theft on the popular social network

ATMs fall victim to malware

Posted by kent on June 23rd, 2009

Robert Siciliano's blog piece on ATM card skimming probably had a lot of people checking their ATMs for tiny cameras above the keypads and card-skimmers attached to the card slot. This month, New Scientist is reporting on a method for skimming card data that is completely invisible to users of cash machines. In fact, it's nearly-undetectable to systems administrators who deal with the machines on a regular basis. Hackers have found a way to insert malware (aka malicious software) into the ATM's Windows operating system that reads all the customer's data just the way the machine does. What's even more bizarre is that the criminals harvest the data using the ATM's own receipt printer to print out the data. The malware is installed by direct access to the ATM's CPU (essentially it's brain), which means the hacker has to go behind the scenes for the initialization. That's actually the good news, because it means there's a certain physical barrier to the installation. You can read the whole article here.

So far, it's not very widespread, but the fear is that eventually the malware could spread over ATM networks. It's a good reminder to check your bank activity regularly. Using a credit monitoring service, such as the ones listed in our Credit report monitoring services chart will help maintain your overall financial security.

• Reader Question: What is the best way to monitor my FICO score
• Data Breach Alert: Harvard hack exposed more data than initially thought
• NextAdvisor reviews Identity Truth
• How does your state credit score rate?
• Why Monitoring Your Credit Score Is More Important Than Ever During The Credit Crisis

A week of false claims

Posted by kent on June 19th, 2009

Yesterday, we reported on Thomas Parkins who dressed as his deceased mother in order to claim her Social Security checks. But this was not the only fraud this week that left us scratching our heads:

Rebecca Beshausen abused the kindness of online strangers by telling the story of her pregnancy with a child she knew would be born with a severe, life-threatening disability. Yet, it turns out that the story was fabricated. In the end, a picture of the fake baby gave her away. Beshausen claims she received no money, but did receive a few gifts.

In another curious case, Fidel Castro's son, Antonio, was tricked into a false online relationship with a 46-year-old man. Antonio thought that Luis Dominguez was a brunette bombshell named Claudia. Dominguez didn't get money from Antonio, but the sham relationship yielded some private info from the Cuban dictator's son, and exposed a lifestyle that's above and beyond what the average Cuban lives.

The moral of the story is that not all impersonation is done for money. While we offer reviews of top-of-the-line identity theft protection services to help safeguard finances, no service can stop the oldest method of the con: the need for human contact.

• Entrepreneur Magazine calls Carbonite an "essential" for any new business
• Economic stimulus and your 2007 tax return
• IRS says early filers prefer e-file
• First online girl's school set to launch in 2010
• Attend a MIT physics class in your pajamas

Identity theft of the dead

Posted by kent on June 18th, 2009

Not all victims of identity theft are among the living. The AP has reported that a New York man is charged with grand larceny and criminal impersonation after it was revealed that he was dressing as his long-deceased mother. For six years, since her death, Thomas Parkin has been donning wig and glasses to collect Social Security checks and rent subsidies, netting him well over $100,000. He started the scam by providing a false Social Security number to the undertaker, so his mother's death would not be reported. A lawsuit, DMV security tape, and tombstone ultimately caught up with him.

While we don't review any services that would have helped in this case, we have plenty of identity theft services for the living in our Compare identity theft protection services category.

• 150,000 social security numbers exposed due to misplaced backup tape
• Napa, California named worst town for identity theft
• Facebook phishing scams increase risk of identity theft on the popular social network
• 8 tips to protect your children from identity theft
• Data Breach Alert: Blue-Cross notifies thousands of of identity theft concerns

T-Mobile denies data breach despite hacker claims

Posted by Joe on June 15th, 2009

A proprietary T-Mobile document that hackers claimed had been stolen from the company's servers appeared on an Internet security website earlier this month. The anonymous individual that provided the document also claimed that they would be selling the compromised T-Mobile data to the highest bidder. T-Mobile responded by stating that they had identified the document in question and that "possession of this alone is not enough to cause harm to our customers." Additionally, T-Mobile has stated that the access to this company information was not gained through any type of hack on its servers and no customer information is as risk. It is not clear at this point exactly how the third parties access the T-Mobile document.

Over 32 million people subscribe to T-Mobile service in the United States, so any activity that put the company's customers data at risk could potentially have repercussions for millions of Americans. We will continue to monitor developments in this situation and provide relevant updates as they are available.

It is important to note that there is no data to support any type of data breach that impacts T-Mobile customers at this point. But, there are enough open questions about the circumstances involved that we would warn T-Mobile customers to be extra aware of any unusual activity on their credit reports or bank statements that may be the early indicator of potential identity theft.

You can learn more about services that can help mitigate the risk of identity theft by reading our reviews and comparison of identity theft protection services.

• Hackers gain access to sensitive data from 100,000 websites
• How to steal Colin Powell's identity
• Reader Question: What service is best for protecting my identity and monitoring my credit?
• T-Mobile launches discount VoIP service with a few big downsides
• Texas company uses shredded checks as packing material

Family picture taken from social media site

Posted by Caitlin on June 12th, 2009

Danielle Smith, who lives in Missouri, posted a family portrait, featuring herself, her husband and their two children, on a few different social networking sites. Two weeks ago, a friend of Danielle's was driving though Prague when he spotted the Smiths' portrait in the window of a grocery store. The picture had been repurposed into an advertisement. The owner of the grocery store said that the picture was from the Internet, and that he'd assumed it was computer generated. When he learned that it was a real picture of a real family, he removed the billboard. The Smiths, as well as the photographer who took the portrait, hadn't authorized any use of the picture. Next time Smith posts a picture on the Internet, she says she'll lower the resolution or add an electronic watermark.

This curious incident serves as a reminder that once pictures or information have been posted to a social networking site, it is impossible to predict where they might end up or who might access them. If you are concerned about protecting your privacy when using social networking sites, you may be interested in our Facebook Identity Theft Protection Guide or our MySpace Identity Theft Protection Guide. Or, for information about services that can help safeguard your identity, see our identity theft protection reviews and comparison.

• Data Breach Alert: Boston museum patron's credit card numbers exposed on public website
• Facebook security flaw exposes personal information
• Facebook exposes personal information of up to 80 million members
• Help us help you protect yourself from identity theft
• Data Breach Alert: Over 10 million eBay Korea users impacted in massive hack

Data Breach Alert: More than 17,000 VCU students impacted

Posted by Caitlin on June 10th, 2009

Last week, Virginia Commonwealth University sent letters to 17,214 current and former students, notifying them that their names, Social Security numbers and test scores may have been exposed when a computer was stolen from the school library. VCU is offering the impacted individuals one year of identity theft insurance. Another 22,500 students have been notified that their names and test scores, but not their Social Security numbers, have also been compromised. VCU identified students by their Social Security numbers until January 2007, but now uses computer generated student identification numbers instead.

This breach draws attention to two areas of vulnerability in guarding one's own identity. When universities and other organizations rely on Social Security numbers for identification, those Social Security numbers are often recorded in databases that are not adequately secure. This places countless individuals at a greater risk for identity theft. Stolen computers are also a common source of data breaches and identity theft. Our NextAdvisor.com guide, How to deal with a lost or stolen laptop, details some of the ways you can prevent or mitigate the costs and risks associated with missing computers.

To learn about identity theft protection services, see our reviews and comparison chart.

• Data Breach Alert: Western Carolina University exposes hundreds of social security numbers
• Data Breach Alert: Stolen laptop leaves thousands of Connecticut State students exposed
• Data Breach Alert: Tens of thousands impacted in Antioch College data breach
• Data Breach Alert: 70,000 impacted in OSU server breach
• Data Breach Alert: College students receive social security numbers of classmates over email