Many records posted online
By Bill Brubaker
The Washington Post
WASHINGTON -- Colin Powell's Social Security number is out there. So is Troy Aikman's. And that of Maryland Democratic Attorney General Douglas Gansler, among many others.
In an era when government officials from President Bush to local sheriffs warn of the growing dangers of identity theft, the full Social Security numbers of untold numbers of Americans can be found in file rooms and on Web sites run by, well, governments.
"This is very dangerous," Gansler said after learning that his number had been posted on a Maryland government-record site. "You know, a Social Security number is really the fingerprint to somebody's identification."
The Federal Trade Commission has estimated that 8.3 million Americans were victims of identity theft in 2005, the most recent for which data are available. But the crown jewel in identity theft -- the Social Security number -- can be mined easily in the government's own records, creating a measure of social insecurity for millions, according to identity experts.
Social Security numbers are readily available in many courthouses -- in land records and criminal and civil case files -- and also on many government Web sites that serve up public documents with a few clicks of the mouse. From state to state, and even within states, there is little uniformity in how access to the private information in these records is controlled.
A recent spot check found the nine-digit numbers -- introduced in 1936 to track employee earnings and benefits -- on hundreds of land deeds, death certificates, traffic tickets, creditors' filings and other documents related to civil and criminal court cases.
Old records spill secrets
Federal courts have banned the use of Social Security numbers from public documents since 2001. And in recent years, many jurisdictions have enacted laws or made rules barring various types of personal information from being filed with courts or government agencies. Most court Web sites in the Washington region list partial Social Security numbers or none at all.
However, millions of paper records were filed across the United States before the laws and rules took effect. Generally, such records are not covered by the prohibitions. And court clerks said it would be virtually impossible to redact all of the Social Security numbers.
"That's just plain nutty," said Wendy Jones, former acting clerk of Prince William County Circuit Court in Virginia. "I mean, we're talking about hundreds and hundreds of thousands of files in our court alone."
In Virginia's Loudoun County General District Court, Social Security numbers were found on documents filed in 38 of the 48 criminal cases heard by a judge on a recent day. The numbers were typed or written on summonses, arrest warrants, criminal complaints, and jail commitment and release orders, among other documents.
"I don't like it. I don't like it at all," said the court's clerk, Judith Waddell. "Would you like your Social Security number being disclosed to the public? I know I wouldn't."
A one-hour search of Maryland's land-record Web site found the Social Security numbers and signatures of two dozen property owners.
"It's alarming, because the government should be setting the example in really trying to protect people's private information," said state Sen. Jamie Raskin, D-Montgomery. "Look, there's a whole criminal underground now that thrives on stealing people's credit cards and usurping their identity for as long as they can."
4 numbers in 15 minutes
A 15-minute search on the Maryland Department of Assessments and Taxation Web site found Social Security numbers on statements filed by creditors who had financed purchases by four consumers in Waldorf, Cambridge, Bowie and Landover in 2003 and 2004.
A dozen more numbers, including former Secretary of State Powell's, turned up on a Fairfax County, Va., site that requires a $25 monthly subscription fee.
A Texas land-record site had the Social Security number of Aikman, the former Dallas Cowboys quarterback and now a Fox Sports analyst.
Identity fraud has been around for centuries. But widespread use of credit cards and the growth of the Internet have led to a plague that costs businesses and individuals billions of dollars a year. And the problem took a giant leap in the public consciousness after the Sept. 11, 2001, terrorist attacks, when it was revealed that several hijackers had used fraudulently obtained IDs to open bank accounts, rent apartments and board planes.
The federal government responded with a 2004 law that mandated prison sentences for people who use identity theft to commit other crimes and prohibited Social Security numbers from being displayed on newly issued driver's licenses.
Last spring a presidential task force called on federal agencies to "reduce the unnecessary use" of Social Security numbers, which it called "the most valuable commodity for an identity thief."
But with a few keystrokes, anybody can view the deed to Jamie and Sarah Raskin's house in Takoma Park, Md.
Jamie Raskin, a state senator, said that when he refinanced the house in 1994, he gave no thought to the two Social Security numbers printed on his deed. But last March, he got a call from Betty "B.J." Ostergren, an activist from central Virginia who pushes lawmakers and government agencies to take sensitive personal data off state-run Web sites.
"She said, 'Do you know I was able to find your Social Security number and other private information about you and your wife online?' " Raskin said. "I was shocked, and I briefly flipped out, because, you know, these are days when everybody's privacy is under assault."
Helping criminals out
Ostergren's site, thevirginiawatchdog.com, offers dozens of examples of public figures whose Social Security numbers have appeared in public records in recent years. They include former CIA Director Porter Goss.
"The government loves to spoon-feed criminals by putting these dern records on their Web sites," Ostergren said.
Raskin said he plans to call for legislation that would give Maryland residents the right to request redaction of their Social Security numbers from public records.
"The public certainly has the right to know who owns a particular property," he said. "But I don't think the public has the right to know what that person's Social Security number is."
Contact The Howes Insurance Agency for protection against identity theft
Showing posts with label Identity theft. Show all posts
Showing posts with label Identity theft. Show all posts
Monday, January 7, 2008
Monday, December 31, 2007
Reports of data breaches reached new heights in 2007
By Mark Jewell, Associated Press (Courtesy of USA Today)
BOSTON — The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information.
And while companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late.
"More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself.
Foley's group lists more than 79 million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20 million records reported in all of 2006.
Another group, Attrition.org, estimates more than 162 million records compromised through Dec. 21 — both in the U.S. and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year.
"It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin. "I imagine the total records compromised will steadily climb."
But the biggest difference between the groups' record-loss counts is Attrition.org's estimate that 94 million records were exposed in a theft of credit card data at TJX Cos., the owner of discount stores including T.J. Maxx and Marshalls. The TJX breach accounts for more than half the total records reported lost this year on both groups' lists.
The Identity Theft Resource Center counts about 46 million — the number of records TJX acknowledged in March were potentially compromised. Attrition's figure is based on estimates from Visa and MasterCard officials who were deposed in a lawsuit banks filed against TJX.
The breach is believed to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami — an entry point that led the hackers to eventually break into TJX's central databases.
TJX has said that before the breach, which was revealed in January, it invested "millions of dollars on computer security, and believes our security was comparable to many major retailers."
With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability. Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information security professionals.
"Within a year or two, these folks are catching up," Tumas said.
The two non-profit groups' 2007 data also show rising numbers of incidents in which employees lose sensitive data, as opposed to cases of hacking.
Besides TJX's problem, major 2007 breaches include lost data disks with bank account numbers in Britain, a hacker attack of a U.S.-based online broker's database and a con that spilled resume contact information from a U.S. online jobs site.
"A lot of breaches are due to inadequate information handling, such as laptop computers with Social Security numbers on them that are lost," Foley said. "This is human error, and something that's completely avoidable, as opposed to a hacker breaking into your computer system."
Attrition.org and the Identity Theft Resource Center are the only groups, government included, maintaining databases on breaches and trends each year. They've been keeping track for only a handful of years, with varied and still-evolving methods of learning about breaches and estimating how many people were affected.
Despite those challenges, the two non-profits say it's clear 2007 will end up a record year for the amount of information compromised, because of greater data loss and increased reporting of breaches.
Both groups acknowledge many breaches may be missing from their lists, because they largely count incidents reported in news media that they consider credible. Media coverage has risen in part because of the growing number of states requiring businesses and institutions to publicly disclose data losses. Thirty-seven states, plus Washington D.C., now have such requirements.
Because of proliferation of such laws, "it may take a year or two before things stabilize and we can see what's really happening," Foley said. "If that's the case, then we'll know whether businesses are practicing better information-handling techniques."
For protection against Identy Theft, contact The Howes Insurance Agency
BOSTON — The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information.
And while companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late.
"More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself.
Foley's group lists more than 79 million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20 million records reported in all of 2006.
Another group, Attrition.org, estimates more than 162 million records compromised through Dec. 21 — both in the U.S. and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year.
"It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin. "I imagine the total records compromised will steadily climb."
But the biggest difference between the groups' record-loss counts is Attrition.org's estimate that 94 million records were exposed in a theft of credit card data at TJX Cos., the owner of discount stores including T.J. Maxx and Marshalls. The TJX breach accounts for more than half the total records reported lost this year on both groups' lists.
The Identity Theft Resource Center counts about 46 million — the number of records TJX acknowledged in March were potentially compromised. Attrition's figure is based on estimates from Visa and MasterCard officials who were deposed in a lawsuit banks filed against TJX.
The breach is believed to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami — an entry point that led the hackers to eventually break into TJX's central databases.
TJX has said that before the breach, which was revealed in January, it invested "millions of dollars on computer security, and believes our security was comparable to many major retailers."
With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability. Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information security professionals.
"Within a year or two, these folks are catching up," Tumas said.
The two non-profit groups' 2007 data also show rising numbers of incidents in which employees lose sensitive data, as opposed to cases of hacking.
Besides TJX's problem, major 2007 breaches include lost data disks with bank account numbers in Britain, a hacker attack of a U.S.-based online broker's database and a con that spilled resume contact information from a U.S. online jobs site.
"A lot of breaches are due to inadequate information handling, such as laptop computers with Social Security numbers on them that are lost," Foley said. "This is human error, and something that's completely avoidable, as opposed to a hacker breaking into your computer system."
Attrition.org and the Identity Theft Resource Center are the only groups, government included, maintaining databases on breaches and trends each year. They've been keeping track for only a handful of years, with varied and still-evolving methods of learning about breaches and estimating how many people were affected.
Despite those challenges, the two non-profits say it's clear 2007 will end up a record year for the amount of information compromised, because of greater data loss and increased reporting of breaches.
Both groups acknowledge many breaches may be missing from their lists, because they largely count incidents reported in news media that they consider credible. Media coverage has risen in part because of the growing number of states requiring businesses and institutions to publicly disclose data losses. Thirty-seven states, plus Washington D.C., now have such requirements.
Because of proliferation of such laws, "it may take a year or two before things stabilize and we can see what's really happening," Foley said. "If that's the case, then we'll know whether businesses are practicing better information-handling techniques."
For protection against Identy Theft, contact The Howes Insurance Agency
Thursday, December 6, 2007
Pa. pair held anew in identity scam case
The Associated Press
PHILADELPHIA -- A young couple accused of financing a lavish lifestyle through a large-scale identity theft scheme surrendered Wednesday to face additional theft and burglary charges, police said.
Jocelyn Kirsch, 22, and boyfriend Edward Anderton, who turned 25 Wednesday, used the scam to live affluently in Philadelphia and take international vacations, authorities said.
They were initially arrested Friday and charged with identity theft, forgery, unlawful use of a computer and related offenses. They posted bail and were freed but turned themselves in Wednesday to face the additional charges.
Police said that during a weekend search of the couple's upscale apartment, they found $17,500 in cash, dozens of credit cards, fake driver's licenses, keys to unlock many of the apartments and mailboxes in their building, and an industrial machine that makes ID cards.
Kirsch "can't believe that she got herself into this," said her lawyer, Ronald Greenblatt. "It's not like she's blaming anybody else but herself."
It was unclear whether Anderton had a lawyer. A preliminary hearing for the two is set for Thursday.
Anderton is a University of Pennsylvania graduate who was recently fired from a job as a financial analyst. Kirsch is a student at Drexel University.
Contact The Howes Insurance Agency for protection against identity theft.
Subscribe to:
Posts (Atom)