In a developing story, it has recently been reported that in the past few weeks over 200,000 people insured through Blue Cross in the state of Georgia have had their personal information compromised.  It appears that a mix up in the mailing system resulted in benefit letters being sent to the wrong people.  In some instances, people received multiple benefit letters from a number of people.  While this information is still only in its initial stages, certain people affected are already talking about pressing charges against Blue Cross while there are murmurings about the possible repercussions the company will receive for violating HIPAA regulations.

While the total number of affected individuals is over 200,000, the number of people who might have their identity stolen is a smaller figure.  Although no exact total has been given, only some of the letters contained the social security number of the patients.  However, the tradeoff is that every letter contained name, address, patient ID number, recent medical tests conducted, some diagnosis, and billing information.  This billing information can contain the full credit card or bank account number where previous transactions have taken place.

The mix up in the mailing system came about through a change in the computer system that was not adequately tested before it went into effect.  As a result, Blue Cross is working with its parent company, WellPoint, to make sure that adequate security measures are added to the computer systems so that future problems do not result.  A large concern for Blue Cross and many people is that the company represents many teacher unions and large companies throughout the state.  Blue Cross was unwilling to provide a list of these major businesses when they were contacted earlier in the day.  The company has assured the public though that they are working with investigators to limit the damage done to people’s lives.  They are compiling information about everyone affected and the names and addresses of everyone who received the information incorrectly.  The company has also set up a hotline that people can call in order to report that they have been a victim of identity theft or to report that they received a letter for someone else.  Blue Cross will then send out a postage paid envelope to get the return of that information.

Blue Cross has said that it will provide a years worth of free credit monitoring to those people whose social security numbers appeared on the letters.  This type of service is provided through ID theft services, such as Lifelock.  Lifelock and other companies maintain contacts with all three credit bureaus and alert their customer whenever a new application is filed, such as a credit card or loan.  It then verifies that the customer is the one submitting this information.  if it proves to be a fraudulent attempt, it is stopped before it goes through and prevents identity theft from happening.

The Justice Department of the United States of America announced today that they are opening a case against eleven people who are responsible for the theft, use, and selling of millions of credit card and debit card numbers which have resulted in millions of dollars of illegally purchased material.  Of the eleven individuals charged, three are from the United States, three are from Estonia, three reside in Ukraine, and two live in China.  There are other individuals whose identity remained obstructed at this time, although the Justice Department is working hard to track down these individuals.

The companies that were affected by these data breaches are numerous.  Many TJX Companies were targeted.  Businesses that fall into this sphere of influence include Marshall’s, T.J. Maxx, Office Max, Sports Authority, and Barnes and Noble.  Another major company that was targeted was the Dave & Busters Adult Restaurant Chain.  In each instance, the information about credit card and debit card numbers were obtained through sniffer programs.  These programs collected the sensitive information and then transmitted it to secure servers which were located in specified areas controlled by the three criminals operating in the United States.  These three would then encrypt the information and send it to servers located in Eastern Europe, most likely in the Ukraine and Estonia.

The information was distributed in a variety of ways.  Sometimes, the information was simply sold to buyers on the internet.  This is a frequent way of distributing credit and debit card numbers and it is difficult to track down the original source of the breach.  In other instances, the identity thieves used blank credit cards and implanted the stolen account numbers onto them.  Then they were able to go to an ATM machine and withdraw thousands of dollars at a single time.  It was this type of large scale withdrawals that first attracted the attention of the government.  They have been conducting this operation for 2.5 years and had someone working on the inside.

There is no word yet on what type of charges the individuals will be facing.  This is the largest effort made by the federal government and while no punishments have been suggested yet, industry experts are saying that those prosecuted in American courtrooms will face over 70 years in jail and those in other countries might suffer the death penalty.

Identity theft is a serious crime that has long term repercussions.  Not only does it immediately affect an individual, but the damage done to someone’s credit report can prevent them from getting a house, car, or sometimes even a job in a future.  For those who want to take a proactive stance, there are ID theft subscription services available.  These companies, such as Lifelock, provide credit monitoring at all three bureaus.  Whenever a credit card application is filed or a new loan application submitted, Lifelock contacts its customer.  It verifies the validity of the request and prevents it from being processed if it is fraudulent.