Thursday, June 3, 2010

THE DEPARTMENT OF JUSTICE’S EFFORTS TO COMBAT IDENTITY THEFT (or NOT!)

The Office of the Inspector General conducted an audit on DOJ's efforts to combat identity theft.   The report was released in March of this year. Not a glowing report by any means.


From the report:
Results in Brief
Overall we found that DOJ components responsible for combating identity theft have undertaken various efforts to fight this widespread crime. Several of the initiatives were in response to recommendations made by the President’s Task Force, while others were undertaken by the components before the Task Force was established. Although some of these efforts have had success, in other instances the components did not address the recommendations of the President’s Task Force. We also found that to some degree identity theft initiatives have faded as priorities.
In addition, we found that DOJ has not developed a coordinated plan to combat identity theft separate from the recommendations of the President’s Task Force. Representatives from every DOJ component involved in this review told us that they have not received guidance from DOJ’s leadership since the Task Force concluded its work. Further, DOJ did not assign any person or office with the responsibility to coordinate DOJ’s efforts to combat identity theft and to ensure that DOJ components further implement the recommendations of the President’s Task Force where appropriate. We believe the DOJ needs to ensure that its efforts to combat identity theft are coordinated and are given sufficient priority.

In our report, we make 14 recommendations to improve DOJ’s efforts to combat identity theft. The remaining sections of this Executive Summary provide a further description of our audit findings....

...Executive Office for United States Attorneys and United States Attorneys’ Offices
According to the President’s Task Force, one of the shortcomings in the federal government’s ability to understand and respond effectively to identity theft was the lack of comprehensive statistical data on law enforcement’s efforts to combat it....

Number of Defendants Charged and Convicted Pursuant to the Federal Identity Theft and Aggravated Identity Theft Statutes in 2009
Charged - 769
Convicted - 432


Attorney Work Years Charged to Federal Identity Theft and Aggravated Identity Theft Prosecutions
45.62 work years
(According to EOUSA, the term “work year” is used when defining the productive efforts of one individual for one year. One work year for a federal employee is typically equal to 2080 hours)
To read or download the whole 65 page audit click here!

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft". Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration). Educate yourself and call me at (909) 208-3728 or send a blank email for more info to joerecommends (at)aweber.com! Shameless plug the Best Identity Theft Protection available dot com

Tuesday, June 1, 2010

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule

Well, as expected, the FTC delays enforcement  of the Red Flags Rule again. For about the 5th time. Surprisingly after the an audit by the Justice Department's Office of the Inspector General revealed that while the FBI and Justice Department have made "various efforts" to fight identity theft crimes in recent years, these initiatives have "faded as priorities" mainly because the agencies have failed to develop a coordinated plan to deal with what's become an epidemic of cybercrimes.(Watch for this upcoming blog entry)

Anyway, here is the press release:

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule

At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags” Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.

“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift,” FTC Chairman Jon Leibowitz said. “As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.”

The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.

The Rule became effective on January 1, 2008, with full compliance for all covered entities originally required by November 1, 2008. The Commission has issued several Enforcement Policies delaying enforcement of the Rule. Most recently, the Commission announced in October 2009 that at the request of certain Members of Congress, it was delaying enforcement of the Rule until June 1, 2010, to allow Congress time to finalize legislation that would limit the scope of business covered by the Rule. Since then, the Commission has received another request from Members of Congress for another delay in enforcement of the Rule beyond June 1, 2010.

The Commission urges Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays. If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.

In the interim, FTC staff has continued to provide guidance, both through materials posted on www.ftc.gov/redflagsrule, and in speeches and participation in seminars, conferences and other training events to numerous groups. The FTC also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form (www.ftc.gov/bcp/edu/microsites/redflagsrule/get-started.shtm). The FTC staff also has published numerous general and industry-specific articles, released a video explaining the Rule, and continues to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members.

As was the case previously, this enforcement delay is limited to the Red Flags Rule and does not extend to the rule regarding address discrepancies applicable to users of consumer reports (16 C.F.R.§641), or to the rule regarding changes of address applicable to card issuers (16 C.F.R.§681.2).


For questions regarding this Enforcement Policy, please contact Naomi Lefkovitz or Pavneet Singh, Bureau of Consumer Protection, 202-326-2252.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.  To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357).  The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad.  The FTC’s Web site provides free information on a variety of consumer topics.

MEDIA CONTACT:
Office of Public Affairs 202-326-2180
(Red Flags May 2010)

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration). Educate yourself and call me at (909) 208-3728 or send a blank email for more info to joerecommends (at)aweber.com! Shameless plug the Best Identity Theft Protection available dot com

Tuesday, May 18, 2010

I'm Back! and Are Copy Machines a Security Risk?

First, I want to apologize since it's been 4 months since I last posted. Where does the time go.  Just got caught up in life, business, moving etc and had limited time. But now I'm back to keep everyone educated in the wicked wide world of Identity Theft and how to protect yourself.


Secondly, the following is from a CBS news story on copy machine security risks. Since the creation of digital copiers in about 2002, most people do not know that everything copied, printed, emailed or faxed is retained on a hard drive. PROBLEM: Most companies either lease or just sell off old machines leaving the hard drive intact. An identity thief's drooling payday.

Watch the video below. It actually starts after the brief commercial.







Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration). Educate yourself and call me at (909) 208-3728 or send a blank email for more info to joerecommends (at)aweber.com! Shameless plug the Best Identity Theft Protection available dot com

Thursday, January 14, 2010

What is 222,477,043?

That is the number of records compromised in 498 data breaches in 2009! Was your personal information one of those records. If so, I hope you have some type of identity theft protection. If not, don't be like an ostrich with your head stuck in the sand thinking the lion won't bite you because you don't see him.  Get protected now! It is better to be proactive not reactive when it comes to identity theft.

Visit my shameless plug below to get protected for as low as $9.95 per month for a couple. Add your children (up to 4) for an additional $1/month. This is the best protection on the planet and it comes with restoration services included.

For a copy of the above mentioned Breach report click here! or on the title above.

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

Saturday, December 26, 2009

Happy Holidays and some Catch Up

Once again, I have been remiss in my duties of posting, mostly due to the Holidays. However, here is some current id theft news.


Heartland Payment Systems will pay $3.6 million to American Express to settle charges relating to Heartland's landmark data breach. The payment, Heartland says in a press release announcing the settlement, resolves "all intrusion-related issues between the two parties" regarding the breach of an estimated 130 million credit and debit cards.

Credit card companies, including American Express, Visa and MasterCard, were forced to cancel and reissue credit cards because of the Heartland data breach. Banks and credit unions have also sued the payments processor to recoup the costs of reissuing cards and to cover the cost of fraud that resulted from the breach. 

Earlier this year, Heartland said it had put aside more than $12 million to cover the charges related to the breach. Heartland is expected to be fined by other brands, including Visa and MasterCard.
___________________________

So far this year, there has been 483 data security breaches with 222,305,800 exposed records. To see the full report click here. 
 ___________________________
Was Citibank the Victim of a Massive Breach?
Citigroup Denies News Report of Multi-Million Dollar Hack
December 23, 2009 - Linda McGlasson, Managing Editor

Was Citibank breached by hackers who siphoned tens of millions of dollars from the bank's customers?

The Wall Street Journal on Tuesday reported news of an FBI investigation into an alleged Citibank computer security breach by hackers linked to a Russian cyber gang.

Citigroup executives, however, categorically deny the breach and investigation at Citibank.
"We had no breach of the system and there were no losses, no customer losses, no bank losses," says Joe Petro, managing director of Citigroup's Security and Investigative services. "Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."

Few details were given about the alleged attack, which is reported to have involved two other entities, one of them a U.S. government agency. The Citibank attack was reportedly discovered in the summer, but may have actually happened months or even a year earlier. The breach is said to have been detected by law enforcement agents who saw activity on Internet addresses previously used by the Russian Business Network, a Russian-based gang. Two years ago, RBN went quiet, but it is suspected by observers the group has reformed into smaller sects.

Whether the breach did or did not occur, security experts agree on one point: Large banking institutions are under constant attack, and this report should remind them to stay on alert for suspicious activity.(Full story at www.bankinfosecurity.com)

To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

Friday, December 11, 2009

HR 2221 Passes Through the House - Now goes to Senate

H.R.2221 - Also known as the Data Accountability and Trust Act was passed by the House this week and now moves to the Senate.

The bill would create nationwide rules for notifying potential victims of identify theft when their personal information that’s stored electronically is improperly exposed.

The bill was introduced in April by Rep. Bobby Rush (D-Ill.)  Under this legislation, companies that hold people’s personal data would be required to notify the affected people who are U.S. citizens and residents and the Federal Trade Commission if people are put at risk by a security breach to a system that holds the electronic data.

If passed, H.R. 2221 would preempt related state information security laws. This federal mandate could simplify a complex patchwork of state laws that have been passed without a federal mandate.

Notification, to those individuals whose information is compromised in a breach, would have to happen within 60 days of the discovery unless notification would jeopardize a law enforcement investigation or National Security. The legislation would apply to entities under the jurisdiction of the Federal Trade Commission (FTC).

Exemption:  Companies would be exempt from the notification requirements if they determine that there is no “reasonable risk of identity theft, fraud, or other unlawful conduct.”  If electronic data is made unusable, unreadable or indecipherable by encryption, the presumption under the law would be that there was no reasonable risk after a security breach.

California was the first State to pass a Breach Notification law and all States should have one. However, a National Federal law adds more teeth to bite the criminal with, that is if they are caught.

For a copy of H.R. 2221 from the Government Printing Office click here!


To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug

Thursday, November 19, 2009

Health Net Loses Information on Almost 1/2 million Clients

Attorney General Richard Blumenthal investigating Health Net data breach.  (He sure has been busy this month with Blue Shield's breach as well)

Attorney General Richard Blumenthal said today his office is investigating a data breach by health insurer Health Net, which led to the loss of almost 450,000 Connecticut residents' health, personal and financial information.

Blumenthal said Health Net lost the information in May, but never informed consumers, the police or his office about the loss of information until today.

He said the six-month delay in giving notice to consumers and the state could be a violation of the law.

"I am outraged and appalled by Health Net's huge loss of personal, financial and medical information and its failure to swiftly inform authorities and consumers," Blumenthal said. "This information vanished six months ago, but Health Net is only now informing authorities and consumers, an inexcusable and inexplicable delay."

Blumenthal said the information was on a hard drive that disappeared from Health Net's Shelton office. The hard drive included all data on 446,000 Connecticut patients, including health information, as well as financial and personal data such as social security and bank account numbers. The data was compressed, but not encrypted, although a specialized computer program is required to read it.

...."My investigation will seek to establish what happened and why the company kept its customers and the state in the dark for so long," Blumenthal added. "The company's failure to safeguard such sensitive information and inform consumers of its loss -- leaving them naked to identity theft -- may have violated state and federal laws. I will vigorously and aggressively seek damages, penalties and other appropriate remedies, if warranted." (full text at www.hartfordbusiness.com)

Here is a link to Health Net's release http://healthnet.tekgroup.com/press_kits.cfm?presskit_id=13


To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

Child Identity Theft Does Happen

Identity Theft Shield Overview