What does Louisiana need right now?  Well, it could use an end to hurricanes.  It could also use some more financial and physical help with the reconstruction of houses in the New Orleans area.  But what has become increasingly important this week is protection for those realtors who would be trying to sell those houses.  It appears that a glitch took place sometime during last week that caused personal data to spill out of a server at the Louisiana Real Estate Commission.  This organizational body is responsible for licensing all realtors and brokers in the state, which is a total of around 13,000 people.

The information was first made available on a Friday and was accessible for two days before it was taken down by a concerned employee.  Thankfully the short nature of the exposure is potentially limiting to the threat of any identity theft, but this is not to say that the regulating agency is completely clear.  In the current world, there are bots that troll the internet looking for sensitive information that might be used for sale on illegal black market chat rooms in dark corners of the internet.  The information from the Commission’s site was just that type of material: names, social security numbers, birth dates, and addresses.  All of this is prime fodder for identity thieves.

A full scale investigation has been launched, but the state government has advised people to be patient.  In light of the recent damage caused by Hurricane Gustav, many government agencies are diverting all of their energies to making sure that the problems from the storm remain minor.  All the same, at least two different law enforcement agencies have been contacted to investigate the breach.  At this point, no one is thinking that there was any malice on the part of the person who uploaded the information.  This person has yet to be determined, but that is part of the investigation process.  An outside consulting firm has been called in to review all the electronic security measures of the company and to see what recommendations they can make to prevent future occurrences of this nature.  One possible consideration is to install a filter on the server that strains out personal information before it is sent out to the internet.

At this point, many realtors are scared, but know that there is little they can do to change the past.  One option that they have to help them continue well into the future is to enroll into an ID theft subscription service, such as Lifelock.  For a minimal monthly fee, customers are protected from major efforts of identity theft, such as fraudulent credit card and loan applications.  Lifelock provides this protection by maintaining contacts at all three major credit bureaus, Trans Union, Equifax, and Experian.  Whenever these applications are sent in for processing, they are temporarily held until a Lifelock representative can contact the person whose name appears on the documents.  If they verify that they are responsible for the submission, it continues through processing.  However, if they have no idea of what is going on, the documentation is discarded as fraudulent and this significantly limits the possibilities of identity theft.

The Republic of South Korea has the United States to thank for helping them see a serious data breach taking place on government websites.  While conducting the annual Ulchi Freedom Guardian mission, an analyst with the government saw that information about members of the Education, Science, and Technology Ministries was still available online.  Despite thinking that they had taken care of this problem, the South Korean officials contacted quickly removed the additional information and alerted search engines that they needed to remove the data from their crawling.  At this point, there is still only limited information about the extent of the exposure.

All in all, around 8,000 employees of the government have been affected.  Within the material that was lost were names, birth dates, social security numbers, cellular phone numbers, and IDs to access secure government servers and files.  This last piece of information not only has the potential for identity theft, but for much larger implications toward the security of some important government material.  Some of the details also show that students at Seoul University might have been exposed, although this is still part of an ongoing investigation and there has not been a definitive word if this is the case or not.

It appears that someone within the Education Ministry discovered the breach a few weeks back and had deleted the source code which led to most of the material.  It was only after the American consultant said that there was still more available from Google and other search engines, did technicians within the government go back to clear more paths and remove the files from public access.  This left a window of two weeks when the data was still online after security experts thought that everything was protected.  What can be said at this point is that the government has launched a full investigation to find out what is responsible for the problem and to seek any legal actions against people who intended to create this breach.

A security expert familiar with the case said that it most likely took place because the government servers at these ministries do not have a filter that limits the spread of personal information.  Upon further question, a spokesman for the government said that budget concerns last year had delayed the purchase of such a filter until the next fiscal year.  In the mean time, they did recognize that their servers were more vulnerable to data breaches.

At this point, those who have been affected are advised to look into ID theft subscription services, such as Lifelock.  This company monitors all three credit bureaus to keep an eye and a limit on identity theft.  Whenever paperwork comes through that involves one of its customers, Lifelock halts the information and consults the person named on the documents to make sure they are legitimate.  Fraudulent claims are deleted and not processed.

No one wants to hear those words, but sadly, this might be what the British government has to resort to if any incidents of identity theft take place as the result of the loss of a memory stick by a government consultant.  It appears that PA Consulting had to confess to the Home Office that the stick was missing and that they had no idea where it had wandered to.  This is just the latest in a growing number of security failures by the British government which is leading some citizens to lose faith in those running the country.

In this particular case, the most troubling factor is that the memory stick had information on 10,000 repeat criminals – those who have committed at least six crimes in the last year, as well as information about all 84,000 individuals who are locked up in the federal detention system in Wales and England.  The detail about these people includes names, addresses, birth dates, medical information, and in some cases, release dates that have been kept secret for safety reasons.  Now all of this information has been spread somewhere into the ether or the internet for who knows what purposes.

The Home Office has launched a large scale internal investigation and is working closely with PA Consulting to figure out how this data breach happened.  The Information Commission has also been notified, as have local police agencies.  All told, there are over seven organizations working to resolve this matter and get the black eye the government has suffered out of the light of day.  Security measures will be reviewed to make sure that this type of breach does not happen in the future.  The information on the stick was not password protected or encrypted, which is a violation of government policy.  As a result, all work with the contracting firm has been suspended until the investigation concludes and they can be cleared of any intentional wrongdoings.

Once this news reached the public, there was a substantial outcry about the whole situation.  While there is some irony that a few of the repeat criminals are identity thieves who may soon be preyed upon, there are more serious criminals, such as murderers and rapists whose information was contained on the stick.  If they become the victims of identity theft, the government and ultimately the British taxpayers will have to pay for it.  This is not sitting well with people who see the government failures as piling up and the prospect of having to compensate the leeches of society to be an absolutely appalling and demoralizing prospect.

While in this case few are pushing for those who had their information stolen, since they are multiple felony criminals, still there is some need to alert people to what options they have available in this situation.  ID theft subscription services, like Lifelock, exist to help people tie up all the loose ends surrounding this type of incident.  Rather than being overwhelmed with everything, enrolling in Lifelock takes care of all the guess work.  Two of the most frequent ways that people become victims is through fraudulent credit card or loan applications.  Since Lifelock monitors all three credit bureaus, these applications are processed only once they have been filtered through the company.  If they verify with the person whose name appears on the documentation and finds that it is not them filing the paperwork, the company stops the applications before any damage can take place.

The last fiscal year has not been kind to the United Kingdom’s Ministry of Justice and the Department for Works and Pensions.  It seems that a string of thefts have resulted in the potential jeopardy of around 63,000 individuals who have had some connection to these government agencies.  Unfortunately, while details are still limited at this point, some facts have become clear.  One of the most troubling was the delay which the government took before admitting that these breaches were so rampant.  Indeed, they never actually contacted the people who were potential victims of identity theft and left it up to the news agencies to report the incidents.

It appears that the largest singular incident involved the Ministry of Justice and some contractors who were working on a variety of projects for the institution.  Part of the project required the contractor to have personal data about people within the ministry on discs.  Although the ministry was supposed to get these discs right back once the job was complete, it seems that no one remembered until about six months after the completion of the work.  At that point, the contractor was contacted and he returned the discs.  It is this window of six months which is having some security experts worried.  The discs contained names, addresses, birth dates, and some bank account information.  This is the type of material that an identity thief could use to steal the financial benefits of an individual.

Another incident involved a laptop that was lost from the main offices of the ministry.  No police reports were filed about the lose, so the possibility of theft was ruled out in the beginning, although no spokesman for the organization has come forward to explain why this was the decision.  The laptop contained information on over 14,000 people who had defaulted on payments that they received as part of their sentences.  As a result of the loss of this laptop, the defaulters have not been charged the last few months and the ministry is working quickly to make sure that no one is loosed from their legal responsibilities of paying for their crimes.

The ministry also reported that it has had at least two times in the last year where it has lost paperwork which contained sensitive data.  Efforts are being made to tighten up regulations so that such loses do not happen in the future.  Other possibilities to prevent further accidents involves switching to a paperless system and making sure that anyone with access to sensitive material does not download the material onto discs or flash sticks.

In all of this, while the breaches are not necessarily considered severe, it is easy to see why so many people are investing in ID theft subscription services, such as Lifelock.  With these subscriptions, costing only a minimal amount of money every month, customers can get a piece of mind involving their personal information.  Lifelock works by having monitors at all three major credit bureaus.  Whenever a new credit card or loan application is filed, it has to go through a bureau.  Once the paperwork is received, the company puts a temporary hold on the processing until it can verify that the information is legitimate and not a fraudulent attempt.  If this proves to be a case, the application is canceled and identity theft is prevented.

How long does it take to report the theft of a laptop?  Well, if you’re a Comptroller and Auditor General at the Department of Social and Family Affairs office in Dublin, it takes you over a year to make such a report.  And this happens only because other people are snooping around and you decide to make it known before the media gets a hold of it.  Too late for that it seems.  Contained on the missing laptop was personal information of around 380,000 welfare recipients.  Around 100,000 of these records contained details about the financial accounts of the people and have the potential for large amounts of identity theft to take place now.

The Minister for the Department of Social and Family Affairs, Mary Hanafin, has expressed her disappointment in the Comptroller and stated that she will investigate the matter further to see what types of problems this delay in information has caused.  Over the next two weeks, the department will be contacting the 100,000 recipients whose files on the laptop contained financial information.  This contact will take place by telephone.  The other 280,000 affected individuals will receive a letter from the department informing them of steps they should take to ensure that their private information has not been used for fraudulent means.

The information on the laptop was password protected, but not encrypted.  As a result of this revelation, the department is taking steps to ensure that all laptops and desktop computers have encrypted and password protected files from here on out.  Data Protection Commissioner Billy Hawkes said that all regulations regarding the electronic storage of files will be reviewed and efforts will be made to make sure that personal information is not stored on portable devices.  He also said that this is a serious breach and that he would continue to meet with the Comptroller, John Buckley, to further discuss his actions and what steps his office can take to prevent this type of problem in the future.

In a surprising revelation, it is being reported that since 1999, the Office of Comptroller and Auditor General has had sixteen laptops stolen.  This frequency is far and away higher than any other department in the government and an investigation is ongoing about these incidents.  For people who feel that their financial records have been fraudulent used, they can contact the Bank of Ireland and also use the hotline that was set up by the Department of Social and Family Affairs.

Ireland is not alone to this type of breach.  Such occurrences are frequent in the United States, which is why people are enrolling in ID theft subscription services.  One good company to consider is Lifelock.  This company has contacts with Trans Union, Equifax, and Experian where it monitors the credit activity of its customers.  Whenever a new loan or credit card application is submitted, Lifelock contacts its customer to determine the legitimacy of the forms.  If they are fraudulent, they are prevented from being processed.

Houston, you have a problem, again.  This issue does not involve people halfway to the moon, but something much closer.  This situation involves you and people who have gone to the Harris County Hospital District for medical attention.  This is especially true if you happen to suffer from HIV, AIDS, or any other of a long list of medical conditions.  It seems that an administrator at the hospital downloaded complete and very private records onto two flash drives and then lost them.  No one has any idea where the drives went, but everyone is unanimous in saying how terrible of a situation this has become for the upwards of 1,200 people affected.

Very few details about this incident have been released at this point.  The name of the employee has not been released, although an insider said that she is not available for contact and has left the area pending the investigation.  A spokesman for the hospital said that a letter was being sent out to the affected individuals.  Within the letter was a request that affected people enroll in an ID theft subscription service, like Lifelock, at the hospital’s cost.  These services provide monitoring of the three major credit bureaus.  By keeping tabs on all three bureaus, they are able to contact their customer whenever a new credit card or loan application is filed.  If the customer says that this information is legitimate, then there is nothing done.  However, if the application is fraudulent, Lifelock prevents it from being processed any further and significantly limits the possibility of credit damage and identity theft.

The reason the hospital is recommending that people subscribe to Lifelock and other services is that the information on the flash drive contained, names, addresses, social security numbers, the social security numbers of spouses, and full medical records and treatments.  Even worse is that there was no password protection or encryption on the drive.  This means that whoever finds this drive can plug it into their computer, open the files, and have instant access to all the personal data of the 1,200 people.  This blatant violation of both hospital and government policies is the reason that HIPAA may be getting involved.  Set up by the United States government, HIPAA was established to provide security for patients’ medical records.  The nameless employee in this case could be facing a $25,000 fine for her carelessness.

An equally troubling issue in this whole case is that an insider at the hospital has supplied the media with a private memo that was distributed to the company.  Apparently, three more flash drives are missing and all of them were last seen on the desk of the work guilty of the above noted data breach.  The hospital is asking for the immediate location and return of these drives, specifying that one drive contains information “very important to the district and needs to be found as soon as possible.”  There has been no word yet on whether or not these drives have been located or what information is contained on them.  Either way, hospital administrators have said that they will review and upgrade all security policies to make sure that nothing of this nature happens again in the future.

In three separate incidents to report on, some patients throughout England are wondering how hospitals get their clearance from the government to continue their operation.  Two incidents took place at the Stepping Hill Hospital in Hazel Groove, Stockport while one breach happened to patients at the Trinity Medical Centre in Littleborough, Rochdale.  In the most recent incident at Stepping Hill Hospital, information on 1,581 patients was stolen in a burglary.  Although it appears that the laptop was not the specific target of the break in, it was taken, along with a projector and other office supplies.  The perpetrator was caught on security cameras, although an image has not been released to the media yet.

A spokesman for the hospital said that they are working with the Manchester police and think that the individual will be caught shortly.  The laptop had names, addresses, information about billing records, and limited information about medical data of the patients.  The people whose data was on the computer were sent a letter alerting them to the breach.  They are advised that there is little chance that the information could be used for negative means because it contained a triple and complex password system that would be very difficult to break.  As a result of the break in, the hospital is upgrading its network security measures to make sure that all computers contain similar or higher levels of encryption and password protection.

On a physical note, the hospital has stepped up its efforts to monitor the building.  Since the burglar gained entry through a window, new security detectors have been placed on all windows.  Additionally, new cameras have been stationed around the premise with more expected to be added in the coming days and weeks.  All windows will now be checked to make sure that they are locked, although a police spokesman said that the burglar broke a window through a window rather than finding an open one.

Last month Stepping Hill Hospital a worker lost a memory stick containing information about patients while she was walking to her auto.  The data included, names, birth dates, addresses, medical conditions, NHS and Trust numbers.  In this specific instance, the breach was not reported to the public and was only uncovered through an investigation launched by the Manchester Evening News.  At Trinity Medical Centre, another burglary, unrelated to the one at Stepping Hill, resulted in the theft of 3,500 patients medical information.

With data breaches rising at this rate, there is good reason why so many people are subscribing to ID theft services, such as Lifelock.  This company monitors all three credit bureaus for new applications to arrive.  Whenever these credit card or loan apps are filed, Lifelock contacts it customer to make sure that they are submitting the forms.  If the applications are illegitimate, they are prevented from being processed.

Over the years many things have happened at McDonalds restaurants.  Billions of people have been served.  New techniques and policies for getting food to the consumer quickly have been produced.  Ronald McDonald and company have entertained millions of children while Grimace has caused a few to freak out a bit.  This, however, is the first time that sitting at McDonalds having a bit to eat has caused a data breach.  The interesting thing is that the breach did not even impact McDonalds, but rather Delphi.  An employee had a flash drive stolen out of her laptop while she was eating lunch at the restaurant.

The theft took place in Lebanon and impacted 2,600 former employees who had worked for Delphi in the Columbus, Ohio area.  The flash drive contained names, addresses, telephone numbers, but most alarmingly, social security numbers.  This is the exact type of information that an identity thief needs in order to create financial havoc on an unsuspecting victim.  Delphi acted quickly, according to spokeswoman Helen Jones-Kelley, in alerting the affected employees.  Letters were sent out to the individuals letting them know what had happened and that their private data had left the security of the company.

The media was not provided with a copy of a letter.  It was interesting that Jones-Kelley did not mention any credit monitoring that would be provided free by the company.  In many instances when a company loses the personal data of current or former employees they provide a year of monitoring services.  Since Delphi does not appear to be doing that in this case, an option that the 2,600 people might want to consider is enrolling in an ID theft subscription service.  One of the best companies that provides this service is Lifelock.  This company has connections with all three major credit bureaus, Trans Union, Equifax, and Experian, and monitors whenever a new application comes through.  This application is commonly a new credit card or loan form.  Lifelock contacts its customer to see whether or not the application is legitimate.  If it is a fraudulent claim, it is stopped from processing which effectively limits the possibility of identity theft.

At this point, there has been no information released about how the data was protected on the flash drive.  The fact that Jones-Kelley did not mention any password protection or data encryption is a discouraging sign.  She did note that the employee had violated company policy by walking away from the laptop and not making sure that it was secure before she left.  The unnamed employee faces a litany of punishments which might conclude with her termination from the company.  The data breach should cause the company to reconsider its computer policies and determine whether or not people should be allowed to take personal information outside of the main office where the likelihood of data breaches rises significantly.

Medical records keep getting compromised.  It does not seem to matter where people live, although the vast majority of breaches have been taking place in the northwestern part of the United States.  Even in remote Alaska, people are realizing that their identity is not secure.  The most recent incident took place at the Providence Alaska Medical Center where a laptop with information on over 250 patients has gone missing.  At this point, a spokeswoman for the center said that the laptop was not stolen, although it has not been seen since May 31.  She gave no indication of why she believes that the laptop was not stolen despite its long absence without anyone having seen it.

The laptop contained information on 250 oncology patients.  For most of these individuals, only medical data was lost, although this is still a violation of HIPAA laws and the federal government will investigate the incident to determine whether or not the medical center should suffer any penalty in federal funding.  However, despite the limited information on most patients, some files contained social security numbers, addresses, and dates of birth.  This is more than enough information for an identity thief to ruin the life of an individual.  At this point there is no word on how the laptop was secured, although if it had been password protected or encrypted, it is likely that the spokeswoman would have mentioned this so that peoples’ fears would have been lessened.

The patients information contained on the laptop had all visited the medical center between August 2005 and May 2007.  All the other files at the center are secure.  However, there will be a continuing investigation to see if more safety measures need to be added to the electronic network to prevent this type of thing from happening in the future.  At this time, there is no word as to whether or not outside consultants will be brought in to address this matter.

Letters have been sent out to the 250 affected people.  Within the letter the medical center said that it will provide a year’s worth of free credit monitoring.  One way that monitoring gets done is to enroll people into ID theft subscription services, such as Lifelock.  This company maintains connections with Trans Union, Equifax, and Experian to deal with credit card and loan applications that get filed.  Whenever this paperwork appears, Lifelock stops the process momentarily to contact its customer.  If the customer verifies that the paperwork is legitimate, it is allowed to go through, otherwise it is stopped from going through.  Since this is one of the most common ways that ID thieves use fraudulently gained information, Lifelock helps prevent ID theft before it starts.

In a developing story, it has recently been reported that in the past few weeks over 200,000 people insured through Blue Cross in the state of Georgia have had their personal information compromised.  It appears that a mix up in the mailing system resulted in benefit letters being sent to the wrong people.  In some instances, people received multiple benefit letters from a number of people.  While this information is still only in its initial stages, certain people affected are already talking about pressing charges against Blue Cross while there are murmurings about the possible repercussions the company will receive for violating HIPAA regulations.

While the total number of affected individuals is over 200,000, the number of people who might have their identity stolen is a smaller figure.  Although no exact total has been given, only some of the letters contained the social security number of the patients.  However, the tradeoff is that every letter contained name, address, patient ID number, recent medical tests conducted, some diagnosis, and billing information.  This billing information can contain the full credit card or bank account number where previous transactions have taken place.

The mix up in the mailing system came about through a change in the computer system that was not adequately tested before it went into effect.  As a result, Blue Cross is working with its parent company, WellPoint, to make sure that adequate security measures are added to the computer systems so that future problems do not result.  A large concern for Blue Cross and many people is that the company represents many teacher unions and large companies throughout the state.  Blue Cross was unwilling to provide a list of these major businesses when they were contacted earlier in the day.  The company has assured the public though that they are working with investigators to limit the damage done to people’s lives.  They are compiling information about everyone affected and the names and addresses of everyone who received the information incorrectly.  The company has also set up a hotline that people can call in order to report that they have been a victim of identity theft or to report that they received a letter for someone else.  Blue Cross will then send out a postage paid envelope to get the return of that information.

Blue Cross has said that it will provide a years worth of free credit monitoring to those people whose social security numbers appeared on the letters.  This type of service is provided through ID theft services, such as Lifelock.  Lifelock and other companies maintain contacts with all three credit bureaus and alert their customer whenever a new application is filed, such as a credit card or loan.  It then verifies that the customer is the one submitting this information.  if it proves to be a fraudulent attempt, it is stopped before it goes through and prevents identity theft from happening.