What does Louisiana need right now?  Well, it could use an end to hurricanes.  It could also use some more financial and physical help with the reconstruction of houses in the New Orleans area.  But what has become increasingly important this week is protection for those realtors who would be trying to sell those houses.  It appears that a glitch took place sometime during last week that caused personal data to spill out of a server at the Louisiana Real Estate Commission.  This organizational body is responsible for licensing all realtors and brokers in the state, which is a total of around 13,000 people.

The information was first made available on a Friday and was accessible for two days before it was taken down by a concerned employee.  Thankfully the short nature of the exposure is potentially limiting to the threat of any identity theft, but this is not to say that the regulating agency is completely clear.  In the current world, there are bots that troll the internet looking for sensitive information that might be used for sale on illegal black market chat rooms in dark corners of the internet.  The information from the Commission’s site was just that type of material: names, social security numbers, birth dates, and addresses.  All of this is prime fodder for identity thieves.

A full scale investigation has been launched, but the state government has advised people to be patient.  In light of the recent damage caused by Hurricane Gustav, many government agencies are diverting all of their energies to making sure that the problems from the storm remain minor.  All the same, at least two different law enforcement agencies have been contacted to investigate the breach.  At this point, no one is thinking that there was any malice on the part of the person who uploaded the information.  This person has yet to be determined, but that is part of the investigation process.  An outside consulting firm has been called in to review all the electronic security measures of the company and to see what recommendations they can make to prevent future occurrences of this nature.  One possible consideration is to install a filter on the server that strains out personal information before it is sent out to the internet.

At this point, many realtors are scared, but know that there is little they can do to change the past.  One option that they have to help them continue well into the future is to enroll into an ID theft subscription service, such as Lifelock.  For a minimal monthly fee, customers are protected from major efforts of identity theft, such as fraudulent credit card and loan applications.  Lifelock provides this protection by maintaining contacts at all three major credit bureaus, Trans Union, Equifax, and Experian.  Whenever these applications are sent in for processing, they are temporarily held until a Lifelock representative can contact the person whose name appears on the documents.  If they verify that they are responsible for the submission, it continues through processing.  However, if they have no idea of what is going on, the documentation is discarded as fraudulent and this significantly limits the possibilities of identity theft.

The company widely known for its educational books that help prepare the nations future for standardized tests might want to recheck its notes on internet security.  It appears that a sizeable breach on the company’s website has exposed personal information of over 100,000 students who had registered with the company.  Not only does the company provide booklets through major publishing firms, but it also runs classes to help people with the ACT, SAT, LSAT, GRE, and MCAT.  While those groupings are still running, people have decided that Princeton needs a failing grade, at least for the moment.

The New York Times reported this week that the company had a flaw on its website that had pulled the files and put them on display for anyone visiting the main website who decided to click on a link.  What is interesting about this incident is that it was reported to the Times by a company which identified itself as a competitor to the Princeton Review.  Most people are assuming this is the Kaplan company, although there has been no confirmation on this assumption.  It appears that whatever business submitted the information the Review, they were trying to take advantage of the negative publicity generated against Princeton to boost their own sales.

When the Times contacted the Princeton Review to report the breach, they immediately took the information off the website and closed the hole that was creating the initial problem.  However, at this point, no one knows for how long the information was up for how many people accessed it.  The Review has said that they are looking into these details in addition to launching an internal investigation to see who posted the information.  While there is no suspicion of an intent to defraud the company or commit identity theft at this point, the company wants to see if any security regulations were violated by any of its employees.  The Review has sworn that it will instituted a sweeping security policy to make sure that this type of incident does not happen in the future.  It will also start deleting the information of students after it is no longer needed, rather than storing it as it has currently been doing.

While it is unlikely that enough information has been taken in this case to perpetrate the stealing of someone’s personal identity, since young adults are involved, one cannot be too cautious.  A suggestion has been to enroll in an ID theft subscription service, such as Lifelock, although the Review has not yet agreed to pay for such services.  Lifelock monitors all three major credit bureaus for loan and credit card applications.  These applications are then verified with the person whose name appears on the documents to make sure they are not fraudulent.  This helps prevent ID theft before it takes place.

Britain is going through a tough period of news surrounding identity theft cases.  Not that they are alone in this problem, but they seem to be appearing on top of many sites proclaiming that businesses need to be held accountable for the practices which are resulting in the identity theft of British citizens.  At one point, identity theft was a tricky process that did not propagate itself as easily as in the modern day.  Now, people are able to go online and purchase and sell stolen credit card, bank account, and personal identification numbers and wipe their hands clean of the whole business while the victim is left to deal with the ramifications of all the actions.

Credit card companies have said that they are trying to help people protect their information and that they want to work with consumers to make the process easier.  Someone should remind the customers of Barclaycard that such a dialogue has taken place.  It would seem that Barclaycard has accidentally sent out all the information on 17,000 of its customers to other customers.  While printing out a monthly balance, something went awry between the account statement printer and the mail label printer, resulting in everything being off when it was supposedly sent to the right recipient.

The most damaging thing about this data breach is that the statements not only show the name of another customer, but also their address,, credit card number, limited password information, and previous billing habits.  Not only is this a violation of financial security, but the privacy of all of these people has been torn asunder.  Barclaycard has said that it will be sending out the correct account statements later this week and it will also be issuing a written apology to everyone affected by the incident.

Although there has been no confirmed word on the content of this apology, an insider who wished to remain anonymous, said that the apology will provide a guarantee that this type of mistake will not happen again.  While this is a great promise, it may be a difficult one to keep, although some security firms offer services that are supposed to prevent this exact type of incident.  Either way, steps will be taken to prevent any identity theft from resulting from this breach.  The Information Commissions Office has demanded to know what steps Barclaycard is taking for the future and has threatened to file a legal claim against the company.

Some of the card holders are actually American and have a Barclaycard as part of their business transactions.  While the extent of this connection is not yet known, it is advised that these individuals look into an ID theft subscription service.  Lifelock, one of the most popular companies that provides this service, has a record acknowledged for its success.  It maintains connections at the three major American credit bureaus and monitors member accounts for any new credit card or loan applications.  When these are found, they are verified with the named individual to make sure they are legitimate, at which point they are processed.  However, if they are fraudulent, they are stopped before identity theft takes place.

Sometimes it is the customers and sometimes it is the employees.  Only in rare cases is it both that get affected by data breaches that seem to keep happening at companies all across America.  The most recent breach took place in Greenville, South Carolina.  This community contains one of the major offices of Charter Communications who recently suffered a data breach that resulted in the theft of numerous laptop computers.  There has been no discussion about how the laptops disappeared or what type of security protection was on them.

One thing that is certain is that the information on the laptops contained personal information on over 9,000 Charter employees around the country.  These records were not only for current workers, but also those no longer employed by the company.  Unfortunately, there is no timeline for when the workers were with Charter, so at this point anyone who worked for the company might be at risk of identity theft.  The company was planning to send out a letter to affected employees, both former and current, although there has been no time table released for this information’s dissemination.  The laptop contained names, addresses, social security numbers, and some bank routing numbers from direct deposit accounts.

At this point, a spokesman for the company said that there is no indication that any of the private information has been used for fraudulent means.  However, experts suggest not taking any chances.  While Charter is providing up to a years worth of free credit monitoring services, some employees are reluctant to enroll in this service.  A former employee, who wished to remain anonymous, said that she did not trust the company to pay for the enrollment because that would involve giving them her personal information again, and Charter has already shown they are not capable of insuring the security of that type of data.

An option for disenchanted workers like this is subscribing themselves into an ID theft service program, such as the one offered by Lifelock.  For only a minimal monthly fee, the company works to provide potential victims of identity theft with some piece of mind.  By establishing contacts with the three major credit bureaus, Trans Union, Experian, and Equifax, Lifelock is ideally situated to stop identity theft before it starts.  One frequent effort by ID thieves is to open up new credit cards or take out loans using the social security number of a victim.  When this information goes to be processed through the credit bureaus, Lifelock temporarily halts it and contacts its customer.  If the customer verifies these applications as legitimate, then they are sent through to continue being reviewed by the bureaus.  However, if the customer says that it is fraudulent activity, Lifelock prevents the applications from going to the review process and consequently prevents identity theft from taking place.

Thank goodness for dumb criminals.  Unfortunately, in this case, they were not that dumb since they were able to operate a data breach that stole upwards of two million names and social security numbers before they were caught after two years of running the fraud.  The breach is said to be within the top five largest of all time and there are still so many details about the case that information is still sketchy at this point.  The insider at Countrywide was identified as Rene L. Rebollo Jr. and he was working with Wahid Siddiqi, who were both arrested.

It appears that what was going on was that Rebollo was taking the names and social security numbers of people and downloading them 20,000 at a time.  In a statement to the FBI he said that every Sunday night he would go to a computer terminal that did not have the required security settings and download the information onto a flash drive.  He would then take this information and sell it to Siddiqi for next to nothing.  Customer profiles were sold for around 2.5 cents, well below the black market value of this information.  Siddiqi would then sell this information in bundles for around $4,500.  In all, if the two thieves had done their homework they could have made considerably larger amounts of money, since social security numbers alone sell in the $3-4 range.

At this point, it is uncertain if Rebollo and Siddiqi were selling the files to other mortgage lenders or if they were selling the information online.  Selling to other lenders is big business because it can lead to contacting customers who were denied by the larger firms and are in desperate straights.  This has become even more true with the housing market going through free fall at this point.  These other lending companies reap huge amounts of money by acting as the go betweens and are able to do this because of the files they receive from Countrywide or Lending Tree.

The case broke when the FBI bought data discs from Siddiqi.  They were able to arrest him then and learn who the insider at Countrywide was.  The FBI then moved in against Rebollo.  Rebollo was released on an $80,000 bond and is awaiting prosecution.  Siddiqi is still in custody and no bond has been set yet.  The government has stated that they are intending to bring significant charges against the pair that could result in life sentences because of the numbers of incidences.

While Countrywide has not yet begun to contact the two million individuals who are now potentially victims of identity theft, some people are not waiting around.  Knowing the severity of the issue and that tardiness can end up costing a person their financial security for the rest of their lives, people are subscribing to ID theft services.  One of the most widely used services is provided by Lifelock.  By maintaining contacts with all three major credit bureaus, Lifelock works to stop identity theft before it happens.  Whenever a new credit card or loan application is filed, Lifelock contacts its customer.  If the customer verifies they are submitting the information, it continues to be processed.  However, if the customer says that it is fraudulent activity, the application is stopped before any damage to the credit report can be done.

Over the years many things have happened at McDonalds restaurants.  Billions of people have been served.  New techniques and policies for getting food to the consumer quickly have been produced.  Ronald McDonald and company have entertained millions of children while Grimace has caused a few to freak out a bit.  This, however, is the first time that sitting at McDonalds having a bit to eat has caused a data breach.  The interesting thing is that the breach did not even impact McDonalds, but rather Delphi.  An employee had a flash drive stolen out of her laptop while she was eating lunch at the restaurant.

The theft took place in Lebanon and impacted 2,600 former employees who had worked for Delphi in the Columbus, Ohio area.  The flash drive contained names, addresses, telephone numbers, but most alarmingly, social security numbers.  This is the exact type of information that an identity thief needs in order to create financial havoc on an unsuspecting victim.  Delphi acted quickly, according to spokeswoman Helen Jones-Kelley, in alerting the affected employees.  Letters were sent out to the individuals letting them know what had happened and that their private data had left the security of the company.

The media was not provided with a copy of a letter.  It was interesting that Jones-Kelley did not mention any credit monitoring that would be provided free by the company.  In many instances when a company loses the personal data of current or former employees they provide a year of monitoring services.  Since Delphi does not appear to be doing that in this case, an option that the 2,600 people might want to consider is enrolling in an ID theft subscription service.  One of the best companies that provides this service is Lifelock.  This company has connections with all three major credit bureaus, Trans Union, Equifax, and Experian, and monitors whenever a new application comes through.  This application is commonly a new credit card or loan form.  Lifelock contacts its customer to see whether or not the application is legitimate.  If it is a fraudulent claim, it is stopped from processing which effectively limits the possibility of identity theft.

At this point, there has been no information released about how the data was protected on the flash drive.  The fact that Jones-Kelley did not mention any password protection or data encryption is a discouraging sign.  She did note that the employee had violated company policy by walking away from the laptop and not making sure that it was secure before she left.  The unnamed employee faces a litany of punishments which might conclude with her termination from the company.  The data breach should cause the company to reconsider its computer policies and determine whether or not people should be allowed to take personal information outside of the main office where the likelihood of data breaches rises significantly.

Second data breach in less than three months has people wondering what is going on at the giant pharmaceutical company.  Whether or not the frequent data breaches are coming from interested hackers, sloppy security systems, or a mixture of the two has yet to been seen.  However, within months of a delayed alert to 17,000 employees that their personal information had been compromised, another 950 people have been affected in a different breach of the security features of the network.

Connecticut state Attorney General issued a public statement stating how disgusted he was with the way that Pfizer is handling personal information of its employees and clients.  At one point Richard Blumenthal notes that “this information should be treated like cash.”  Pfizer has noticed a drop in its stocks as of late as a result of all the negative attention that it has been receiving in the national media in recent months.  In this incident, it was a consulting firm that was working with Pfizer that actually lost the sensitive information.  Two laptops were stolen from a locked car in Boston at the end of May, but a letter was not sent to the Attorney General for another three weeks and it was only now received by him, which generated his public statement about the disarray of the security in the company.

The consulting firm was Axia Ltd. and they have not issued an apology to the public about the incident.  It would appear that the information was neither password protected or encrypted, which makes the likelihood that it will be used by identity thieves even higher.  Unsecured information is unacceptable in this day and age and Pfizer has vowed that it will completely overhaul its security procedures and is bringing in industry leading experts to make sure that nothing of this sort happens again.  Unfortunately, knowing their recent track record it is difficult to believe the sincerity behind Pfizer.  The information on the laptop contained the names, social security numbers, and addresses of health industry consultants who were working to distribute Pfizer products around the world.

At this point, Pfizer has not said if it will continue to work with Axia Ltd. or if it will provide monitoring services to the nearly 1,000 newly affected individuals.  With the size of the recent breaches, a source who wished to remain anonymous has said that certain employees are considering filing a class action suit against the incompetence of the company and the delayed response before alerting people of the breach.  In the mean time, people are being advised to protect themselves by enrolling in ID theft subscription services.  One of the most popular choices has been Lifelock.  A company mainly known for its commercials with display the social security number of the owner on the side of a truck in downtown New York City, people are turning to it because of its successful track record.  By maintaining ties with Equifax, Trans Union, and Experian, Lifelock helps prevent ID theft before it happens.  While it cannot do anything about personal information getting into the hands of crooks, it can stop them from filing fraudulent loan and credit card applications.  Whenever this type of information appears at a credit bureau fro review, the company contacts its customer to make sure it is valid.  If it is a fraudulent piece of work, then it is prevented from being processed which stops the ID thieves from getting the cash or line of credit they were hoping to establish.

One bad apple.  That is all it takes to ruin the whole bushel.  In the case of companies, the same thing can be said about one employee.  At the Legacy Clinic Mount Hood in Portland, Oregon, it was recently discovered that a employee was stealing sensitive information from patients and using the information to profit from their misfortune.  Despite this breach having just been discovered, the clinic has said that it no longer employees the individual and has not for some time.  No name has been given of the individual, but officials for the clinic say that they person is being investigated by law enforcement agencies and that they are closing in on the necessary information to arrest and prosecute them.

The breach took place between January 2006 and February 2007.  It appears that when people went to make their co-pays, the individual would pocket any cash given to them, but also steal social security numbers and credit card numbers.  They were then to get dates of birth and addresses out of the computer system.  With over $13,000 in cash missing over the years, the clinic has been slow to explain why the breach took so long before it was discovered.  An investigation into the incident is underway by both the local authorities and the federal government.  The government agents are checking to see whether or not there were any violations in HIPAA.

The clinic has sent out letters to all the affected individuals.  In all the current total is around 750, although this number might increase as the investigation continues.  A call center has been set up to deal with all the calls that have been coming in with questions about the investigation and what affected people should do.  The clinic has said that they will provide up to $25,000 in identity theft insurance and will also provide credit monitoring services.  These types of services include the ID theft subscription company Lifelock.  By signing up with Lifelock, someone knows that they will have monitoring of all three major credit bureaus.  Whenever a new loan or credit card application is filed, they contact their customer to make sure that they are the person really submitting the information.  If they are not, then the application is scrapped and the identity thief does not win.

Those patients who made the co-pay that was pocketed or had extra money taken from their credit card account have already been repaid.  No word yet on why it took so long for the breach to be reported to the public.  Security officials are also wondering what measures that Legacy Clinic Mount Hood is going to take so that this type of easy access is not given to employees in the future.  This is part of the ongoing debate about digitizing more and more of the medical information about patients that come into medical facilities.  Safeguards need to be put into place so that the system is not manipulated from either the inside or the outside.

Nothing makes the government blush like getting caught with its hand in the cookie jar.  What is even worse is when they set up an organization to deal with identity theft and the head of it soon becomes the victim of a data breach.  Welcome to Norway, where few are happy with the way the government has been addressing the growing spread of ID theft that has started to grip the world.  Yet, this is the exact situation that Georg Apenes finds himself in now.

In a daring hack, over 60,000 Norwegians have been impacted by this most recent breach.  It is the largest to hit the country in a number of years and the more staggering figure is that the 60,000 affected represents over 1.3% of the national population.  The hack did not place on the national level, but came through the communications company Tele2.  The thieves were able to access the network systems to procure the personal identity numbers of people and also their addresses.  With this information, they are able to order goods online for people, access credit card information, and change addresses so that they can get in the mail any of the illegal goods that they are ordering in other peoples’ names.

At this time, no one has reported severe results because of the breach.  It is being speculated at this point by officials within the government’s ID theft prevention agency that Georg Apenes received something just to bring to everyone’s attention how lacking the security was at certain important companies in the country.  Indeed, Tele2 has been cited numerous times that its security and network systems needed to be upgraded to prevent this time of incident.  A spokesman for the company said that they have been working to improve their security measures, but now ill bring in outside consultants from the continent to help them get up to speed quickly.  They also have vowed that nothing of this sort will happen to their company again.

In the United States, stories of this nature have more and more people worrying about their own security.  As a result, individuals are taking matters into their own hands, rather than relying on the companies they interact with to provide ever continuing upgrades to their security systems.  One way that people are able to do this is to subscribe to ID theft services.  One of the most popular of these companies is Lifelock.  They maintain contacts with all three major credit bureaus, Trans Union, Experian, and Equifax.  Whenever a new loan or credit card application comes into be processed, it is temporarily held up.  Lifelock then calls its customer to see if they actually submitted the forms or if someone is attempting a fraudulent activity.  If fraud is determined, then the application is stopped and identity theft is prevented before it starts.  This is always a positive because there are countless examples of people who have been victims of ID theft and spend years trying to correct the matter with little positive result.

Corporate responsibility.  That is what everyone on the business channels seems to trumpet right now.  And in some cases this is exactly the response that tarnished companies are taking. However, as a consumer it might be better if the companies took proactive approaches and stopped damage from taking place to their customers and company image.  For Dominion Enterprises and their InterActive Financial Marketing Group, this all comes as good ideas a little too late.  It was announced today that a data breach took place at the company on one of its secure servers between November 2007 and February 2008.  There has been no word released yet on why it took so long for the company to alert the public or when they first discovered that the breach had taken place.

Roughly 92,000 people have been affected by the hacking of the server.  While the number of individuals is troubling, what is more problematic is the information that was taken from the server.  This material included names, dates of birth, addresses, social security numbers, and credit card numbers.  In a world where personal data sells for $15-$20 in internet chat rooms, this is a gold mine for identity thieves.  There has been no word yet on how the hackers were able to infiltrate the security measures that were supposed to be in place on the server.  In response to the breach, Dominion has brought in industry leading security experts to review all the company’s network policies and to provide a complete overhaul to the system so that the financial transactions of the company are not at risk in the future.

In letters that are being sent out to all affected people, the company is apologizing profusely.  It is also providing a year’s worth of free credit monitoring.  This type of monitoring comes from companies like Lifelock.  This company maintains contacts with all three major credit bureaus, Equifax, Trans Union, and Experian.  Whenever a new application for a credit card or loan is submitted, Lifelock holds the application from being processed until it can check with its client about the validity of the claim.  If the name of the person on the paperwork did not file it, then it is clearly a case of identity theft and it is prevented from being processed.  With this whole procedure ID thieves are thwarted before they can ruin the lives of innocent people.

Dominion has stated that it has already contacted local and federal law enforcement officials.  They plan to conduct a thorough investigation of the breach to see whether or not the hackers had any inside help that would have allowed them to get through the security features which had been in place.  No more details about the investigation were available since the case is ongoing.  Dominion wants to assure the public that it is safe to invest with the InterActive Financial Marketing Group in the future because a breach of this nature will never happen again.  Time will tell how this plea to the public works out.