A hint of "1984"
DMV wants to face identity theft head on
Heartland Data Breach: MasterCard, Visa Impose Hefty Fines(Full text at www.bankinfosecurity.com)Processor says it Has Already Spent $12.5 Million in Fees, PenaltiesMay 14, 2009 - Linda McGlasson, Managing EditorThe Heartland Payment Systems (HPY) data breach has already cost the card processor millions in fines from Visa and MasterCard.
This news was revealed by CEO Bob Carr in Heartland's recent earnings call, wherein Carr said the much-publicized breach has already cost the company $12.5 million.
Other than legal fees and some related charges to the breach, much of that amount went toward fines imposed by Visa and MasterCard against Heartland's acquiring banks, Carr says.A Visa source would not confirm the amount of the fine imposed, but Carr told investors that more than 50 percent of the $12.5 million relates to a fine that MasterCard assessed against its sponsor (acquiring) banks. "Ostensibly, because of an alleged failure by Heartland to take appropriate action upon having learned that its computer system may have been breached, and upon thereafter having discovered the intrusion," Carr states.
Heartland believes that it responded appropriately to all information that it learned regarding the possibility of a system breach and that, upon discovering the intrusion, it took immediate and extraordinary action to address the intrusion, Carr adds.
Heartland therefore considers the MasterCard fine to be in direct violation of both the MasterCard rules and applicable law, and the company "intends and is prepared to vigorously contest, and it has recommended to its sponsor banks that they vigorously contest through all means available, including litigation if necessary, any liability that may be asserted or imposed upon Heartland or its sponsor banks by reason of this fine," Carr says.
Hacker says he stole confidential medical data on 8 million Virginia residents
May 06, 2009 | Molly Merrill, Associate Editor and Chip Means, Web EditorRICHMOND, VA – A Virginia government Web site was replaced last week with a ransom note from a hacker claiming he stole 8.3 million patients' personal and prescription drug information. The hacker says he wants $10 million for the safe return of the information.
The Virginia Prescription Monitoring Program's site tracks prescription drug abuse and contains 35.5 million prescriptions in addition to enrollees' personal information, such as names, social security numbers and addresses.
According to Wikileaks.org, an online clearinghouse for leaked documents, on April 30 the secure site for the Virginia Prescription Monitoring Program was replaced with the following ransom demand:
"Attention Virginia! I have your [expletive]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :( For $10 million, I will gladly send along the password." (Click here to see full ransom note).
The hacker, who taunts the FBI and lists his own email address as "hackingforprofit@yahoo.com," claims the database of prescriptions has been bundled into an encrypted, password-protected file.
The Virginia Department of Health Professions Web site has been temporarily disabled and now features a notice saying the site is "experiencing technical difficulties which affect computer and email systems." According to the department's director, Sandra Whitley Ryals, the breach is under federal investigation.
Speculation has risen about whether or not the Virginia Department of Health Professions has back-ups of the patient database.
"It is possible that they do have back-up, but they fear the massive damage if patients data is used for identity theft," says Deborah C. Peel, MD, founder of Patient Privacy Rights.(Full text at www.healthcareitnews.com)
Supreme Court limits identity theft lawSo, if I understand this ruling correctly, we can eat a cheese sandwich and it is okay as long as we don't know that the cheese belonged to somebody else. It seems that "ignorance is no excuse for violating the law" was just thrown out.People who use false documents can be jailed, the court said. But they cannot be convicted of the more serious crime of "aggravated identity theft" without proof that they knew the identification number belonged to someone else, the court ruled unanimously.
The ruling on identity theft will probably boost the Obama administration's plan to target employers who knowingly hire illegal workers, rather than focusing on illegal workers.
Deportation is usually a slow process if the illegal immigrant does not have a serious felony on his record. But a conviction for aggravated identity theft would most likely lead to a speedy deportation.
Last year, the Bush administration announced roundups of illegal immigrants at several workplaces. Most of those arrested were charged with possessing false documents and aggravated identity theft. For example, 389 workers were detained at a meat-packing plant in Iowa; two-thirds of them were charged with felony identity theft.
The novel use of the law prompted the Supreme Court to take up the issue. Five years ago, Congress strengthened the penalties against thieves who stole identities and used the information to take money from people's bank accounts or charge expenses to them. It called for a mandatory two-year prison term for each offense....
...And the law suggested the criminal had to intend to steal a person's identity. It referred to someone who "knowingly" uses the identification of another person.
The court said the provision did not cover an illegal worker with a phony Social Security card who did not know whether its numbers were those of an actual person.
Justice Stephen G. Breyer cited some common examples. "If we say that someone knowingly ate a sandwich with cheese, we normally assume that the person knew both that he was eating a sandwich and that it contained cheese," he said. (Full text at www.latimes.com)
The Federal Trade Commission will delay enforcement of the new “Red Flags Rule” until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. For entities that have a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law. Today’s announcement does not affect other federal agencies’ enforcement of the original November 1, 2008 compliance deadline for institutions subject to their oversight.
“Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further,” FTC Chairman Jon Leibowitz said.
The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.
During outreach efforts last year, the FTC staff learned that some industries and
entities within the agency’s jurisdiction were uncertain about their coverage under the Red Flags Rule. During this time, FTC staff developed and published materials to help explain what types of entities are covered, and how they might develop their identity theft prevention programs. Among these materials were an alert on the Rule’s requirements, www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm, and a Web site with more resources to help covered entities design and implement identity theft prevention programs, www.ftc.gov/redflagsrule. The compliance template will be available on this Web site.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.
Lawmakers discuss identity theft prevention planBy RACHELLE GINES, Associated Press Writer
Tuesday, April 28, 2009
A Senate panel was urged Tuesday to support an Assembly-approved plan that would help prevent identity theft by making less credit card information available on printed receipts.AB389 would prohibit printing more than the last five digits of credit card numbers and expiration dates on copies of customer and business receipts, Senate Judiciary Committee members were told.
Assemblywoman Bonnie Parnell, D-Carson City, chief sponsor of AB389, displayed a receipt listing a complete credit card number and expiration date along with the cardholder's full name, saying the amount of information was "alarming."
"I thought this was frightening on a lot of levels," Parnell said. "As a consumer, I just might toss it in a trash can after dinner not realizing that it had all of that personal identification information on it, but what I found just as troubling was that businesses had access somewhere to that kind of information on multiple individuals."
The measure would impose a fine of $500 the first time businesses issued noncompliant receipts and an additional $1,000 each week that the situation isn't corrected.
"I think the important part of this is that we have to be firm. We can't just say we're going to fine you $100," Parnell said.
After the hearing, Parnell said that receipts that make such information readily available put large numbers of people at risk for identity theft. (Full text at www.sfgate.com)
Former Federal Reserve Bank IT worker charged with ID theftAngela Moscaritolo
Two brothers, one a former IT analyst at the Federal Reserve Bank of New York, have been charged with committing identity theft to obtain fraudulent loans.
Curtis Wiltshire, 34, of Staten Island, N.Y., previously worked as an IT analyst at the Federal Reserve Bank of New York, where he had access to employee personal information, including names, birth dates, Social Security numbers and photographs of bank employees.
Wiltshire allegedly used the identities of two individuals without permission to apply for two different student loans, totaling $73,000, the according to a Department of Justice news release and a criminal complaint.
A bank investigator found a removable storage device, connected to Wiltshire's computer, which contained the loan applications, the image of a student loan check for $36,000 payable to one of the victims, and a fraudulent Maryland state driver's license with a photo of a bank employee who is not the person identified on the license, prosecutors said.
Meanwhile, Kenneth Wiltshire, 40, of Brooklyn, N.Y., who is Curtis' brother, allegedly used stolen identities to apply for a loan to purchase a boat, prosecutors said. He used a driver's license and a fake income tax return in the name of another bank employee to apply for the loan, prosecutors said in a separate criminal complaint. (Full text at www.scmagazineus.com)
Va banker sentenced for fraud, ID theftApril 27, 2009 RICHMOND, Va. - A former bank credit card department manager has been sentenced to two years, three months in prison for bank fraud and identity theft.
U.S. Attorney Dana Boente (BEN'-tay) said Monday that 38-year-old Bernard James Brown Jr. of Saluda also was ordered to pay more than $65,000 in restitution to his former employer, Eastern Virginia Bankshares.
According to prosecutors, Brown used a stolen access device and identifying information to withdraw money from someone else's account. After the credit card account was closed, Brown reopened it under a new name and address and continued to tap the account for cash and purchases.
Brown pleaded guilty in January.Nurse indicted in federal identity-theft case
CHRIS DUMOND MEDIA GENERAL NEWS SERVICE
Published: April 27, 2009LYNCHBURG -- A nurse who worked at two assisted-living homes for seniors has been indicted on 32 charges related to identity theft of patients there.
Karen Jones, 48, was indicted last week by a federal grand jury. The indictment charges that she used information stolen from nine people to take more than $9,000. (Full text at www.timesdispatch.com)
In addition to the financial toll, identity theft can result in other serious repercussions-including family problems and missed time at work. It is a crime where the victim is generally presumed guilty until proven innocent.
On the positive side, the poll found nine out of 10 people are taking at least one action to protect themselves. This includes regular checks of bank and other financial statements, shredding of important documents, limiting the number of credit cards used, and credit report monitoring.The huge problem with medical id theft is if the thief has your records altered. What if the thief has a different blood type than you or has a positive aids test done in your name? This could be deadly and also make you uninsurable until you can prove it wasn't you,
Lauderdale Lakes woman stole ID to pay for tummy tuck, feds say |South Florida Sun Sentinel
FORT LAUDERDALE - A Lauderdale Lakes resident stole another woman's identity to pay $5,000 for a tummy tuck operation, federal authorities say.
Patrice Thomas, 33, used a stranger's personal information to apply online for a credit card, which she used to help pay for the plastic surgery at a Weston clinic, according to criminal charges filed this month in Fort Lauderdale federal court.
Thomas, who was arrested April 9, is charged with credit card fraud, social security fraud and aggravated identity theft.
Defense lawyer Christopher Grillo could not be reached for comment. If convicted on all counts, Thomas could face more than four years in prison.... (Full text at www.sun-sentinel.com)
What about the id theft victims now? The 1330 people who were having their social security numbers being used illegally. I guess only time will tell.Larimer Judge throws out Operation Number GamesSharon Dunn
A second judge has ruled that a search of a Greeley tax preparer’s records last October was illegal, taking the heat off more than 1,000 suspected illegal immigrants caught up in Operation Number Games.
Larimer District Court Judge James Hiatt put a stop to the identity theft investigation Monday, saying deputies from the Weld County Sheriff’s Office wrongly seized federal income tax records to pursue suspected illegal immigrants in the investigation. Hiatt ordered Weld District Attorney Ken Buck and Weld Sheriff John Cooke to return or destroy in the next seven days all evidence seized in the case.
“This is an important ruling for all of America,” said Reid Neureiter, an attorney with Jacobs, Chase, Frick, Kleinkopf and Kelly of Denver. He is working on behalf of the American Civil Liberties Union, which filed for a preliminary injunction against Buck and Cooke.
“Tax records should be private, and just because you have a suspicion that someone filing taxes with a Hispanic tax preparer might be doing something wrong doesn’t give you license to seize 5,000 tax records and look for the needle in a haystack,” Neureiter said.
Buck and sheriff’s investigators based their search of Amalia’s Tax and Translation Service on one defendant who had been investigated for identity theft and said illegal immigrants throughout the community knew to file their taxes there. Deputies searched through 5,000 records and found evidence of roughly 1,330 suspected illegal immigrants filing returns with false or stolen Social Security numbers. The Internal Revenue Service requires everyone to file tax returns, regardless of citizenship. In cases where filers do not have a valid Social Security number, the IRS issues individual taxpayer identification numbers.
..The case has divided many in the community on the issue of illegal immigration and the rights of the victims of identity theft. The IRS’ policy of issuing special identification numbers to illegal immigrants points to the problems, Buck said.
“The federal government has turned a blind eye to illegal activity in this country, with its failure to enforce the law at the border, with its failure to enforce tax laws, and Social Security laws within this country,” Buck said...
Identity thieves got data on 3,400 employees, Irving school district says
Irving school officials now say that identity thieves obtained the names and Social Security numbers of 3,400 teachers and other employees contained in an old benefits report and then used the information to make thousands of dollars in purchases.
District security director Pat Lamb said a woman charged in the case said the information came from a list of names pulled out of a trash bin.
"We still do not know how our records were compromised," said Lamb, who mentioned that his own name was on the list. "We don't know if somebody was supposed to shred that information, but it ended up in a Dumpster."
....The victims include Cynthia Will, a former teacher who worked at the Union Bower Center teaching students with disabilities for five years. More than $25,000 in credit card charges were made in her name, including a $4,000 diamond ring from Zales.
"It was stunning the damage that was done in just seven days," she said in an emotional appeal to the Irving school board Monday night.....(Full text at www.dallasnews.com)
Job hunters must guard against identity theftWith unemployment soaring, identity thieves are increasingly preying on unsuspecting job seekers by stealing personal information and trying to cash in on it.
The scams run the gamut from fake help-wanted ads and job-search services to bogus resume-posting Web sites, part of a new arsenal of weapons targeting millions of recently unemployed people.
Job-search fraud is one of the fastest-growing segments of identity theft in Florida, generating thousands of complaints a year, according to the Federal Trade Commission. It fielded more than 2,400 such complaints from Florida in 2008, up nearly 40 percent from 2007.
Overall, Florida posted the highest number of identity-theft complaints on record in 2008 (24,400), up nearly 44 percent in the past three years. The state ranked third in the nation, behind only California and Texas....Most job-search fraud appears to come through bogus help-wanted ads, which have spiked nearly fourfold in the past three years, according to the Identity Theft Resource Center,.. (Full text at www.sun-sentinel.com)
ID Theft Victims Get Help To Avoid Wrongful Arrest
Cards Issued To ID Theft Victims
INDIANAPOLIS -- Victims of identity theft now have a new option to avoid being wrongfully arrested within Indianapolis.
The Indianapolis Metropolitan Police Department has started issuing ID cards with the finger print, picture and case number of the person whose identity has been compromised, 6News' Jack Rinehart reported.
The department doesn't keep statistics concerning the number of people who wind up arrested when someone else fraudulently uses their identity, but officials said it's on the rise. (Full text at www.theindychannel.com)
Medicine slams FTC over forcing physicians to police identity theftTo any non-compliant Doctors out there:
Physicians object to the broad application of the "red flag" rules and say they were not forewarned properly. Enforcement begins May 1.By Amy Lynn Sorrel, AMNews staff. Posted April 6, 2009.
Organized medicine and the Federal Trade Commission continue to joust over the application to physicians of new identity theft prevention rules. With a May 1 compliance date just around the corner, neither party shows signs of capitulation.
The FTC regulations require a variety of business entities -- mainly financial and banking institutions -- to implement a written program for preventing identity theft as well as detecting and responding to warning signs of such incidents. The commission maintains that when physicians defer payment for services, they become creditors -- entities that regularly extend, renew or continue credit -- under the "red flag" rules.
...The commission "did not give physicians an appropriate opportunity for notice and comment on the ruling that the red flags would be applied to them," said AMA Secretary Ardis D. Hoven, MD. "The AMA is calling on FTC to re-publish its rule so that we can make the case that physicians should be excluded."...
...The FTC has no plans to extend the deadline again, said Naomi Lefkovitz, an attorney with the FTC's Division of Privacy and Identity Protection. "That said, we continue to take a view that we're looking for reasonable efforts" by doctors to comply...(Full text at www.ama-assn.org)
Rule requires veterinarians to have identity theft prevention programsTo any vets reading this article, this is what we do for you at no direct cost to you.Veterinarians are not exempt from a new federal rule to prevent identity theft. The Red Flags Rule, which the Federal Trade Commission will begin enforcing May 1, requires creditors to develop programs to prevent, detect, and mitigate identity theft.
The FTC proposed the Red Flags Rule in late 2007, and it took effect in 2008. The commission delayed enforcement until this year because many organizations did not consider themselves to be creditors—not in the same sense as financial institutions, which also fall under the rule. Nevertheless, the rule applies to most organizations that make arrangements to defer payment of debts, including almost all health care providers. Health care providers are creditors under the rule, for example, if they bill clients after completing medical services.
...Each organization must write, implement, and administer an ongoing program to detect warning signs and respond appropriately to prevent or mitigate identity theft after finding a red flag. Responses to warning signs could include monitoring accounts or changing account numbers.
Finally, organizations should update their programs periodically to reflect changes in identity theft risks.
The intent behind the Red Flags Rule is good, said Dr. Patricia Wohlferth-Bethke, an assistant director in the AVMA Membership and Field Services Division...(Full text at www.avma.org)
Posts
All Comments
