Everyone hates paying for long distance calling. In recent years, people have gotten away from calling cards and expensive programs on their landlines. For many, the better option was using their cellular phones which offered a cheaper plan for long distance calls. Yet, there is now an even more cost effective way to make calls – through the internet. Better known as VoIP, voice over IP, the system has been increasing in popularity. However, recent development have shown that there is an elevated chance of data breaches occurring with the system. Some companies have responded to the new concern with increased levels of security.

The company leading the charge to raise awareness about the need for security is Newport Networks. Based in the United States, the company is spreading the word about potential data breaches and the vulnerability of individual accounts. According to the vice president of the company, David Gladwin, the market for the logins and passwords is growing. When compared to credit cards, which have been illegally sold on the internet for years, logins and passwords for VoIP have a higher price. On average, they cost around $17, about five dollars higher than credit card numbers. While most people are unaware of the trafficking of stolen information on the internet, there has been an increase in the number of new subscribers to ID theft services, such as Lifelock.

In talking with Mr. Gladwin, he mentions that the threat of losing personal information is not as big of a concern for large companies that use VoIP. Their information is safely guarded in encrypted serves. The people who are really at risk are individual users, who use their home wireless networks to complete the calls. Gladwin said that when calls are completed, the login and password are sent along with the call in a form that is “easily captured and unobscured.” He goes on to explain that over 90% of the VoIP providers do not provide secure networks for calls. The software provided by Newport Networks provides encryption that protects the information of the user and only costs around $5 more a month.

However, there is not a consensus in the field about the prevalence of the crime. One VoIP provider, Skpe, says that it provides a service that includes encryption from end-to-end on all of its calls. Yet, it realizes that it is in the minority of companies that provides such high levels of security for its individual customers. Other analysts, such as Ian Fogg of the company Jupiter, state that this is a problem which has been blown out of proportion. Because the field is relatively new, it has not received the same amount of criminal attention as more established sections, such as the trafficking of credit card numbers. Nevertheless, one should stay cautious and carefully monitor all bills and records which show the calls made on their VoIP account.

Drugs, under age drinking, failing classes, and now identity theft? Most of these are problems that parents of college students have had to worry about for some time. But now, with more and more personal data involved with the education process being placed online, a new risk has emerged. Recently, at the University of Missouri, an information system that contained private information about students and researchers was hacked. In all, over 22,000 individuals were put at risk.

While details are still developing about the incident, it appears that the perpetrator was working from computers in China and Australia. No one has officially been charged with the crime. Apparently the hacker was able to access the information through an internet query page that was used to generate reports about computer trouble on campus. Perhaps the hacker had a sense of humor when conducting his illegal activities. The files were compiled on the site because the university was taking an account of the number of internal computer issues affecting students and staff. Even though at the time of the data breach the report had already been printed, it had not been removed from the site. This is an unfortunate example of a data breach that was easily preventable.

Incidences like this only further show the susceptibility of current sites of personal data. Ever since the attack was reported, university officials have taken steps to increase the security of their network. While information is still coming in about the event, officials have said they will contact the affected individuals. In the mean time, staff and students should monitor their credit reports, bank accounts, and consider purchasing an ID theft security system, such as Lifelock. The university hopes to alert everyone in a timely fashion as they get more details about the data breach.

While the University of Missouri works to fix this most recent attack on their system, some members of the wider-university community have expressed skepticism about the safety of the network. This most recent incident comes only four months after another part of the university’s private data system was infiltrated. In that separate attack, the social security numbers of 1,220 university researchers were stolen, as were the passwords of over 2,500 grant applicants.

There has been no mention of individually contacting the individuals involved in the January attack. As a result, members of the university’s research community, as well as those people who applied for grants recently, need to pay extra attention to their personal accounts. The two failings of security measures the university has in place in such a short period of time has some worried about the wide-spread implications of these attacks and the possibility of future problems. It also raises the importance of having different passwords for different accounts, be they email, database, or individual files.

It looks like the housing market is in trouble, yet again. If lending institutions were not already receiving enough negative attention in the media, the online mortgage firm LendingTree announced that it has suffered a data breach. The company has figured out the cause of this breach. Former employees illegally entered the system and granted other mortgage lenders access to customers’ personal data.

The extent of the breach is not fully known at this point. What is clear is that the information gathered by the other lending companies includes personal information, such as social security number, address, maiden name, and yearly income. All of this material is enough to allow someone to effectively steal the identity of one of LendingTree’s customers. It is advised that those who have taken out a mortgage with the firm consider purchasing an ID theft system, such as Lifelock. It is too early to tell how many people have been affected by this breach because LendingTree has been reluctant to provide full disclosure.

According to initial reports, the breach occurred over the course of 1.5 years, from late 2006 to early 2008. How the illegal activities of the former employees was discovered has not yet been released. LendingTree also remains silent on when the breach was first discovered and how long it took for them to alert the media. Although their discussions about the incident with the public have been limited, they have assured the media that they are fully cooperating with the authorities investigating the matter. The company also announced that it has taken legal action against the former employees and is suing them for damages. LendingTree, since the initial reports, has increased its security and has vowed to remain vigilant to prevent any future breaches from happening.

While some mortgage companies have praised LendingTree for its prompt handling of the situation, others have speculated that they did not act quickly enough. Their reluctance to share when the breach was discovered or the number of affected individuals is disconcerting to many. Equally troubling is the company’s claim that they believe no cases of fraud or identify theft took place. Unfortunately, this type of data breach is usually the cause of both activities. LendingTree’s claim does not seem to match up with their inability to share the full details about this case. Until LendingTree is able to alert its customers impacted by this breach, consumers need to remain vigilant. Purchasing Lifelock, or another ID theft service, is one step to take. Keeping track of individual credit card bills is also important. Consumers who have recently received an increased number of mortgage materials from other lenders will also want to check for illegal activity in their bank accounts.

I spend a lot of time reporting the bad news about ID theft so today I thought I’d take a break from that and just hit the good news–the people who are getting busted.

Today’s first story takes us to Dallas, Texas where a gang of 30 identity thieves (I think safe to consider this a ID Theft Ring) were all busted. Once the pawns started to get picked off, the ringleader wasn’t far behind: 48 year old Essie Evans was finally brought to justice on May 20th. According to the article, “It was a very organized scheme that they had. They’d get up in the morning and go watch a Star Bucks [sic], a grocery store. Even a day care,” said Dallas Police Sr. Cpl. Kevin Janse. “Once they started making those arrests, suspects would start talking.”

Our next story is out of New Jersey where 18 year old Jenna Richardson was busted after she spend over $1500 off stolen credit cards. You’re probably asking yourself “What would an 18 year old spend money on?” Well, the answer is exactly what you think: amongst the purchases were Olive Garden, American Eagle, Footlocker and PacSun. Well duh. I could have told you that part. She got away with about 15 different cards and was arraigned on 12 counts of forgery and a handful of other related charges.

This next one is especially disturbing because it was an inside job. In this particular case, over $161,000 was illegally transfered from accounts when a banker was found to have been selling personal account information to an illegal Liberian immigrant in Houston. Both men were 34 years old and charged with aggravated identity theft. Both men also plead guilty to fraud.

Finally, out of wholesome Nebraska, another identity theft ring was foiled after a woman’s stolen purse lead directly to the arrest of five men within the ring. Like with most crime rings, once the outer bands start to get caught they immediately rat out the people above them until the whole unit is having unpleasant meetings with police. Unlike the first ring busted in Dallas, this one turned violent and the ringleader was shot (not fatally) inside of a hotel room when the police moved in on a tip. This ring would quickly cash out the credit cards and liquidate the ill-gotten property to buy drugs.

Ready to get Lifelock now?

If there were an “oops” or “oh sh*t” category, this entry would certainly fall into it. Duke University accidentally left the personal information of 273 former New York University students available to general internet traffic. Oops. Now, if there’s any good news here, it’s that a) Duke found the mistake–it wasn’t uncovered when there was a problem and they correct did all of the notifications themselves; b) it was a very, very small “breach” (I don’t think you can even call it that)–we’ve been writing about entries where there’s been five-digits worth of people affected so 273, while not a small number if you’re one of those 273, is reasonably small; c) the means of access wasn’t done with malicious intent–the data was simply accessible by search and it wasn’t hacked nor deliberately made available in a way that it was commonly seen and used. Again, this is small consolation to the 273 people whose information it was and undoubtedly they’re wishing they had Lifelock right now.

The former New York University students were members in a class taught by a current member of Duke’s faculty during the professor’s previous employment at NYU in 1997. The personal data included the student names and SSN’s. Apparently the records were part of his personal records that he brought over with them. Duke University’s assessors determined that the information could have been reached only if someone were searching by exact student names AND already had a search code for the Social Security numbers.

The personal information was removed from Duke’s public drives within 30 minutes of the school becoming aware of the problem on April 30. Within hours, all major search engines had cleared their caches and indexes of the student information. I’m really curious to know how they were able to do that (clear the caches). I once wrote about a girl from college and she found it and got pretty upset–it took over a month before the engines finally disassociated my site from her name. I would suspect that a major site like Duke’s would be spidered more frequently though so maybe it’s as simple as that.

As always I would encourage those affected to sign up with Lifelock’s services. It’s always better to be safe than sorry and for $9/month I think it’s a very cost-effective investment.

Looking at the traffic terms for this site, I’ve seen a lot of people coming here with the phrase value of Lifelock. Rather than droning on about the latest data breach or identity theft I’m going to use today’s entry to expound upon the value of Lifelock.

The value of Lifelock is two-fold. The first branch of being a Lifelock subscriber is the peace of mind. It’s been reported time and time again that the largest threats to your identity don’t come from malicious hackers or server data breaches–although the online cases are much more publicized in the media, the fact of the matter is most identity theft occurs the old-fashioned way: someone flat out stealing your information. It was reported in a NY Post editorial that Mastercard issued a credit card (TWICE) after the application of the writer had been shredded, taped back together, and sent in. If that doesn’t make you (at least) scratch your head (if not be very, very concerned) I don’t know what will. It was a pretty interesting article but worrisome nonetheless. I think within the next week or so I’ll write up a nice little PDF file with a list of things you absolutely need to do whether you’re a Lifelock client or not. Anyway, since most id thefts occur offline, it’s much harder to control your personal data than it is online–there’s no https to look for (indicating a secure site), no phishing filters, etc. Lifelock fills in that gap; they can’t stop someone from crawling through your dumpster but they can ensure that there’s nothing they can do with information they collect–except get caught by the police.

That leads me to the next branch of their services–the actual action. By placing fraud alerts on your accounts it makes it practically impossible to do any action without your personal approval. This is no problem if you’re you but if you’re NOT you then you’ve essentially hit up against an impenetrable wall. Not only have you hit that wall but with the fraud alerts set you’re busted–it’s just a matter of time before the police are throwing cuffs on you and bringing you to jail for fraud. It’s that kind of peace of mind AND action that’s the real value of Lifelock and the services they provide.

If Lifelock were to ever consider giving a senior discount, this would be a good time to do it. Why? In today’s news it was reported that police are looking for a third suspect in the identity of theft of a…(wait for it)…96 year old man. The victim, John Oatman might have thought he’d seen it all while serving in World War II but little did he know there was more to come; he was taken advantage of by his housekeeper and her daughter for over $40,000 that they used to pay bills from his personal credit and debit cards. The police are currently trying to track down a third accomplice who they believe had purchased three cars in his name. Call me frugal, but personally I don’t have enough money accessible in my credit and debit cards to even be able to pay for $40,000 AND three cars.

The company that employed the thieves was Girling Health Care has already fired the two suspects in custody and has “assured” (some assurance) those involved that they perform “a thorough credit check on all employees and found nothing in the women’s criminal records that sounded the alarms.” While that may or may not be true, does it even matter? While of course these women should be put in jail for a long time, I think the company is at least partially to blame for enabling this to happen by putting them to work in his home. I’m not one for the enlargement of lawsuits most of the time but in this particular case I think Girling Health Care needs to should a lot of the blame. So what’s the moral of the story? That you’re never too old for Lifelock.

According the article, the lesson to be learned from the story is that you never need to share any financial information with your health care provider or caregiver. I suspect when you’re in a vulnerable position though that’s easier said than done. I think a better plan is just to sign up with Lifelock (for only $9/m) and let the criminals do their best. That might be more along the lines of a devil-may-care attitude but that’s what Lifelock’s service is for–the peace of mind backed up by real protection against people who want to steal your identity (and money).

Across the Sooner State, students, faculty, and staff at the Oklahoma State University can rest a little easier after a server breach that hit over 70,000 individuals. Although the company IdentityTruth beat Lifelock to the punch on this one, it’s always reassuring to know that for-profit companies are willing to step in every now and then and help clean up the mess when it affects innocent people.

This particular breach affected people at OSU who had purchased parking and transit permits over the past six years. The data specifically included social security numbers, addresses, and names; fortunately the credit card records were kept protected. A stolen laptop, the start of all of this, exposed the records and personal data of 37,000 students, faculty and staff, and the university responded by transitioning most of its services to random 8-digit identifying numbers for students instead of using SSNs. However, the server used for the parking and transit services had not been updated and for that reason it was hit.

Although IdentityTruth jumped at this “opportunity”, I can’t help but wonder if those affected at Oklahoma State weren’t a little disappointed that the university didn’t come through with one of the larger, more experienced identity theft protection companies: Lifelock. Although IdentityTruth offers “$2 million dollars” in protective services, their actual services post-breach are substantially less impressive than Lifelock’s so although I’m sure it provides some sense of peace of mind for those left exposed, I’m not entirely convinced that provides a whole lot more than that.

From the Daily O’Collegian (the OSU student paper): “Even though personal data was exposed, there is no indication any of that information has been misused or any identity theft has occurred. OSU officials have removed the confidential information from the database.

“This breakdown in security is totally unacceptable,” said OSU President Burns Hargis. “We are conducting a full review and will take whatever steps are necessary to protect our network from unauthorized access. This is a serious matter and we will deal with it aggressively. We regret the circumstances and concern this situation has caused.” ”

Hopefully, IdentityTruth won’t have to work very hard for this one since it doesn’t appear that those affected are in a great deal of danger–and that’s good with their unproved services.

Even if you think you’re safe from online identity theft, and you very well might be, here’s an article that should really make you consider getting Lifelock anyway. According to the San Luis Obispo County’s website, you’re identity is more threatened offline than online. This article certainly surprised me because when I think of identity theft I think someone hacking into a website where I’ve made a purchase or skimming my credit card number through an insecure port on some company’s site. What I don’t think about are the many, many ways that the same end result can be duplicated–just offline.

In the story mentioned in the article, the woman whose card was stolen spent “countless” hours on the phone trying to get things straightened out after her purse was stolen and her credit and debit cards were used fraudulently–including paying for a maternity bill. Wow; that takes…bravery on the part of the thief. According the consulting firm, Javelin:

“We are not saying (online access and data breaches) are not significant factors,” said James Van Dyke, Javelin’s president and founder. “But the point is that it has really been overblown. I think it is to the detriment of consumers to focus exclusively on these electronic methods of communication. Criminals don’t have a (bias) toward technology. They will use any channel that works.”

I think I speak for most regular netizens when I say that I sometimes even forget that people live without the use of the internet. Odds are there is an extremely large amount of the criminal population that has no idea how to steal your personal information online and will ultimately settle for the “old fashioned” way–to simply (and physically) steal your credit card(s). According to the article, almost 4% of the US population was hit with identity theft last year. That number is absolutely ridiculous–consider that the US has a population of well over 300,000,000 and do the math yourself. Granted, your odds of being hit are still lesser than they are greater, but if you haven’t considered getting Lifelock’s services now might be a good time to look into it; especially considering there’s a Lifelock promotion code to bring the cost of protecting your identity almost down to nothing.

Security Focus has reported that retail slugger TJX has finally settled up with all of the credit card issuers whose clients were exposed during the massive data breach they experienced in 2007. TJX has agreed to reimburse all of their clients for the cost of the reissue of their Mastercards. A few months ago TJX settled a $41 million claim with Visa in a similar response for their clients who had to have their Visa cards reissued with new credit card numbers.

The TJX breach was absolutely enormous with over 100 million credit cards exposed and their respective liability in covering was equally massive. It was unofficially advised for all clients to seek some sort of identity theft protection–Lifelock, Debix–something. Fortunately Lifelock is able to offer very significant identity theft protection for users at risk and the millions of people affected in this particular breach were prime Lifelock candidates.

It hasn’t been a great period for TJX–in addition to breach itself they were also sued by a collective of New England bankers (Maine, Massachusetts, and Connecticut) covering over 300 different banks in an enormous class action lawsuit. Ultimately that was settled for an undisclosed sum but since the banks had to pay around $25 per credit card for cancellation and reissue you’d have to imagine that the settlement amount was an astronomical number since over 100 million cards were facing reissue.

TJX’s breach occurred between 2005 and 2007 and the original number of people affected was, as it was later revealed, “only” 46,000,000. Unlike a lot of news on identity theft, this case was a blatant crime–there was no misplaced laptop, misused password–this particular case was a run-of-the-mill network hijacking. To date, it’s still the largest data breach in US history, far surpassing the paltry 27 million people affected when CardSystems’ network was breached in 2003. Consider the size of the breach, the affected customers were very lucky to only have been on the line for $8 million dollars of merchandise purchased with the stolen credit cards. With 125,000,000 cards exposed, that’s only about six cents charged per card. That certainly doesn’t make it ok or fair or any positive at all but at the same time, six cents a card in the context of this breach isn’t really that bad. Protect your identity!