In a developing story, it has recently been reported that in the past few weeks over 200,000 people insured through Blue Cross in the state of Georgia have had their personal information compromised.  It appears that a mix up in the mailing system resulted in benefit letters being sent to the wrong people.  In some instances, people received multiple benefit letters from a number of people.  While this information is still only in its initial stages, certain people affected are already talking about pressing charges against Blue Cross while there are murmurings about the possible repercussions the company will receive for violating HIPAA regulations.

While the total number of affected individuals is over 200,000, the number of people who might have their identity stolen is a smaller figure.  Although no exact total has been given, only some of the letters contained the social security number of the patients.  However, the tradeoff is that every letter contained name, address, patient ID number, recent medical tests conducted, some diagnosis, and billing information.  This billing information can contain the full credit card or bank account number where previous transactions have taken place.

The mix up in the mailing system came about through a change in the computer system that was not adequately tested before it went into effect.  As a result, Blue Cross is working with its parent company, WellPoint, to make sure that adequate security measures are added to the computer systems so that future problems do not result.  A large concern for Blue Cross and many people is that the company represents many teacher unions and large companies throughout the state.  Blue Cross was unwilling to provide a list of these major businesses when they were contacted earlier in the day.  The company has assured the public though that they are working with investigators to limit the damage done to people’s lives.  They are compiling information about everyone affected and the names and addresses of everyone who received the information incorrectly.  The company has also set up a hotline that people can call in order to report that they have been a victim of identity theft or to report that they received a letter for someone else.  Blue Cross will then send out a postage paid envelope to get the return of that information.

Blue Cross has said that it will provide a years worth of free credit monitoring to those people whose social security numbers appeared on the letters.  This type of service is provided through ID theft services, such as Lifelock.  Lifelock and other companies maintain contacts with all three credit bureaus and alert their customer whenever a new application is filed, such as a credit card or loan.  It then verifies that the customer is the one submitting this information.  if it proves to be a fraudulent attempt, it is stopped before it goes through and prevents identity theft from happening.

The Justice Department of the United States of America announced today that they are opening a case against eleven people who are responsible for the theft, use, and selling of millions of credit card and debit card numbers which have resulted in millions of dollars of illegally purchased material.  Of the eleven individuals charged, three are from the United States, three are from Estonia, three reside in Ukraine, and two live in China.  There are other individuals whose identity remained obstructed at this time, although the Justice Department is working hard to track down these individuals.

The companies that were affected by these data breaches are numerous.  Many TJX Companies were targeted.  Businesses that fall into this sphere of influence include Marshall’s, T.J. Maxx, Office Max, Sports Authority, and Barnes and Noble.  Another major company that was targeted was the Dave & Busters Adult Restaurant Chain.  In each instance, the information about credit card and debit card numbers were obtained through sniffer programs.  These programs collected the sensitive information and then transmitted it to secure servers which were located in specified areas controlled by the three criminals operating in the United States.  These three would then encrypt the information and send it to servers located in Eastern Europe, most likely in the Ukraine and Estonia.

The information was distributed in a variety of ways.  Sometimes, the information was simply sold to buyers on the internet.  This is a frequent way of distributing credit and debit card numbers and it is difficult to track down the original source of the breach.  In other instances, the identity thieves used blank credit cards and implanted the stolen account numbers onto them.  Then they were able to go to an ATM machine and withdraw thousands of dollars at a single time.  It was this type of large scale withdrawals that first attracted the attention of the government.  They have been conducting this operation for 2.5 years and had someone working on the inside.

There is no word yet on what type of charges the individuals will be facing.  This is the largest effort made by the federal government and while no punishments have been suggested yet, industry experts are saying that those prosecuted in American courtrooms will face over 70 years in jail and those in other countries might suffer the death penalty.

Identity theft is a serious crime that has long term repercussions.  Not only does it immediately affect an individual, but the damage done to someone’s credit report can prevent them from getting a house, car, or sometimes even a job in a future.  For those who want to take a proactive stance, there are ID theft subscription services available.  These companies, such as Lifelock, provide credit monitoring at all three bureaus.  Whenever a credit card application is filed or a new loan application submitted, Lifelock contacts its customer.  It verifies the validity of the request and prevents it from being processed if it is fraudulent.

Government institutions have suffered a number of very public data breaches over the last couple of years. There was the large loss of VA data and there was the theft of personal information on patients at Walter Reed. In this case, tucked away in the state of Washington, is Fort Lewis. Housed at this base are a number of army units. While there are no numbers provided for the total amount of soldiers at the base, in this specific incidence anywhere from 800-900 active army personnel has been affected. As if these troops who serve overseas didn’t have enough to worry about, the threat of identity theft can now be added to the list.

The breach took place over the July 4th weekend. A civilian contractor who is working for the Army on a project which has not been announced had the personal data on an external hard drive and a laptop computer. He left this material in his truck on the evening of July 3 and reported the theft around 10 AM the next morning. In the statement that he gave to the police he admitted that he had left all the electronic material in plain sight on top of his passenger seat and that he had failed to lock his truck. Investigations are continuing into this theft, both by the military police and the Lacey Police Department.

While there has been no word about what all the private data consisted of, authorities are taking the matter very seriously. The contractor, whose name has been withheld by both Lacey and military police, said that the laptop and hard drive contained no secret or top secret information, although this is of little concern to those who might now be the victims of identity theft. As of the writing of this article, there have been no confirmed cases of misuse of the information, although this might change in the future. The Army and other government institutions have been focusing on increasing security to prevent this type of breach from happening. Standard regulations and policies exist to prevent the transfer of private data off-site. It appears that the contractor was within his rights, having received the approval of his supervisor to move the material on a portable external hard drive. There is no word on how the contractor will be reprimanded by the Army for his careless placement of the data once he was outside the base.

The individuals were impacted by this breach were contacted on the phone by Fort Lewis personnel to alert them of the theft. Everyone was supposed to be reached by last Wednesday. Although emails and phone calls have been the method at this point, letters will be sent in the mail providing follow up information. Those who are worried that they might be victims of identity theft can subscribe to Lifelock, an ID theft service that monitors all three credit bureaus. They keep an eye out for loan and credit card applications, two frequently employed methods of identity thieves, and contact the person whose name appears on the paperwork. Lifelock verifies that the applications are legitimate and if not, prevents them from going through the system.

An employee for Wagner Research Group made a mistake. A very big and potentially devastating mistake. They opened up Limewire and decided to start sharing some files and grabbing some new songs. What they didn’t know was that while they were getting the latest hits, someone was hitting the company’s private records. It wasn’t even a hacker. It was someone who realized that the Wagner employee hadn’t specified which directories were available for people to search through which meant that the entire WRG’s database was at the disposal of anyone on Liewire. Herein lies one of the dangers of using peer-to-peer programs at work.

This story would have earned a lot of attention in its own right. The data breach exposed the personal information of around 2,000 of the firm’s clients. Most of these individuals are upper tier lawyers with big wallets and powerful friends. Yet, the media isn’t really focusing on them. It is focusing on Supreme Court Justice Stephen G. Bryer, whose personal information was also taken in the breach. An expert in the field has said that with such powerful people, “the individuals on this list are at a very high risk, almost imminent, of identity theft.”

As more details come to light about the breach, the information is damning. The breach went on for more than six months, complete unnoticed by the network and infrastructure groups of Wagner Research Group. In this period of time, there is no information about how many people accessed the data or how far it was spread. With a program like Limewire at the center of this breach, there is no telling how many people were able to download the identity data. What is known right now is that at least a dozen people, some residing in Sri Lanka, a hotbed for identity theft, and Colombia, now have the information.

Tiversa, an independent consulting firm was called in to help contain the breach. They are working with WRG to go over all their security policies to make sure nothing like this happens again. In the meantime, Warner Research Group has said that it will provide six months of free credit monitoring for everyone affected. These people should have received a letter in the mail recently. Unfortunately, this is too late for some people, including one lawyer he just was charged $9,000 by AT&T for a phone account that was illegally set up with his name and social security number, but someone else’s address. In the case of many data breaches, companies have not stepped up to offer such comprehensive credit monitoring. In those case, victims have turned to Lifelock, an identity theft service, that maintains contact with all three credit bureaus to make sure that fraudulent accounts are not taken out falsely under a client’s name.

Going to the hospital is supposed to make you feel better. Not make you sick to your stomach. Sadly, as more and more personal data gets stored on smaller and smaller mediums, the potential for ill feelings rises. With so much material on tiny electronics, it is very easy for the data to grow legs and walk away. That is the situation at the Yan Chai Hospital in Hong Kong. One of the busiest hospitals in the area, hundreds of thousands of patients pass through its doors on an annual basis. In this specific case, it isn’t current visitors who are in jeopardy, but those who came for medical attention between January 2005 and January 2006.

The data breach took place during the routine process of creating encrypted backups of files which contained the personal information of patients. The disks which contained the material went missing during the process and although the hospital staff conducted a thorough investigation of the facility, they were unable to locate the missing materials. In a letter released to the public, the hospital noted that it learned of the problem on June 20, although it did not say when the breach actually occurred and how long the material was missing before it was noticed.

In an effort to reassure the public, the hospital has stressed that there is no medical information contained on the disks. This assurance has eased the mind of some people. Much like in the United States, Hong Kong is going through a period of discontentment with plans by many hospitals to shift all medical records to online databases for this exact reason. No word yet on how this breach will affected that ongoing debate. At the same time that they announced the missing disks, the hospital also said that 23 hard copy receipts were missing. These pieces of paper contained names, addresses, identity card numbers, and some medical information about patients. An investigation to find these was also unsuccessful.

While the hospital has exhausted its resources in searching for all this missing data material, it has turned the investigation over to the police and alerted the Office of the Privacy Commissioner for Personal Data. These entities will continue the investigation into the foreseeable future. At the same time, the hospital is reviewing all of its own security and data encryption policies in an effort to prevent any future breaches from happening. Experts expect this review to take some time.

While not yet available in Hong Kong, the ID theft subscription company is attempting to expand its recognition around the world. For a minimal fee, these company maintains contact with all three credit bureaus and alerts customers whenever a new loan application or credit card is filed. It verifies that this information is valid and that no efforts at identity theft are taking place. Lifelock then either lets the bureaus approve or deny the loan, depending on if it actually being initiated by the person whose personal data is being used.

Everyone hates jury duty. For a few hundred people living in Clark County, Nevada, there is a whole new reason to dislike the process. It was reported today that a data breach has occurred with the potential jurors list. It seems that an outside contractor that handles the information illegally sent this sensitive information to the private email address of one of its employs. There is no reason that this information should have left the secure server of the company and this fact launched an investigation into the incident. The investigation is still in progress, although some details have been released to the media.

The court sent out letters to the 380 affected individuals. Unfortunately, these letters did not specify whether or not the investigation suspected that the transfer of the sensitive material was an accident or if it was deliberate. At the same time, there was no discussion of when the breach occurred and how long it took the court to act on the information. In many of the recent data breaches, there has been considerable delay before notifying the affected parties, which has caused considerable amounts of stress to people once they learn of the crime.

It was originally feared that the information contained in the private email listed names, addresses, social security numbers, and birth dates. As the investigation has continued, this fear has decreased, as many of the accounts had personal data included, although it was incomplete and thus not nearly as large of a problem in terms of identity theft. However, this only applies to some of the affected people, although there are no further details about what percentage of the 380 falls into this category. The court did try to assure the public with the knowledge that there are a total of 1.7 million people on the juror list and that this breach is, fortunately, of a small nature.

While the court continues its investigation, it has announced that it is changing some of its policies. It will no longer list any private data on the forms that are supposed to be printed out about potential jurors. No word yet on how they plan to secure their system so that no future incidences occur, with sensitive material being sent to an inappropriate location. Authorities will determine what measures need to take place, since the court is a central component of the state government and needs to meet certain informational security criteria.

For those affected, officials are suggesting they contact the credit bureaus and place a free initial alert on their account. Knowing these alerts are only free at the beginning, more and more people are looking into ID theft subscription services, such as Lifelock. This company monitors all three credit bureaus for a minimal monthly fee and alerts its customers whenever a new credit card or loan application is opened. It then verifies that this is a legitimate application before allowing it to be approved.

For some teachers, summer vacation can’t come quickly enough.  For over 800 educators in Texas, this might be a summer they wish they could forget.  After an issue with insurance companies in the state and their policies of destroying confidential records, and the theft of personal information from one of the largest gas station chains in the state, now those who teach our children have to worry even more about their personal identity because they were following state laws.

It was reported yesterday that a lockbox containing the personal data was stolen from an office located inside a home in the community of Wichita Falls.  The name of the company is L-1 Identity Solutions.  It seems that the company will need to find its own solutions to prevent any future breaches from taking place at its offices.  According to a spokesman for the company, letters have been sent out in the mail to notify the people affected by the theft.  Unfortunately, those connected to this case have had their names, addresses, social security numbers, and license numbers stolen.  This is more than enough information for someone to assume the identity of another person.

A representative from the Association of Texas Professional Educators, Doug Rogers, noted that there have been concerns with the state’s policy about conducting background checks on teachers.  While there is no debate that parents should be confident in the safety of the instructor teaching their children, the methods used to conduct the checks need to be modified.  Thefts of this nature are what educators feared.  It appears that L-1 shared this concern and has laid out measures for future finger print screenings that do not require that material to be accompanied by mounds of private data.  No word has been issued on whether or not their proposal has been accepted.

In the letter that the company sent out to affected parties, they have promised to provide a year of identity theft insurance and credit report monitoring.  In other data breaches, the affected business has not been so upfront about the danger and has not provided similar guarantees.  In those cases, people turn toward companies, such as Lifelock, that provide ID theft subscriptions.  Lifelock and others provide monitoring services with all three credit bureaus.  Unlike some companies, Equifax, Trans Union, and Experian all are in touch with members of Lifelock’s staff.  These staff members alert their customers whenever a new credit card application or loan is filed in their name, actions frequently undertaken by criminals involved in identity theft.

As time goes on, more details about this case hope to be made available to the public.  L-1 will continue to look for new measures to insure the safety of their office locations, in addition to the material contained within.  As data breaches of this type become more common, state agencies will have to reevaluate their policies regarding background checks to ensure that those in compliance with the law are not inadvertently punished with the exposure of their private data.

Employees of the California Department of Consumer Affairs aren’t very happy today.  But things could be a lot worse.  Over 5,000 contractors and workers of the organization have become the victims of identity theft.  While the file that was misplaced contained titles and salaries, which are all public record, the real concern is that it also lists the social security numbers of everyone.  Russ Heimerich, a spokesman for the DCA, has said that the organization is taking all necessary steps to prevent anyone from using the information for fraudulent purposes.

The breach occurred on June 6 when a word document was incorrectly sent outside of the network.  No word has been given on why the file was not encrypted or how it was able to leave the system’s mainframe.  There are supposed to be security features enabled to prevent this type of breach from occurring.  According to Heimerich, officials at the DCA acted quickly to contain the breach. They sent out letters and emails to the affected contractors and workers to let them know of the data loss and to alert everyone to keep an eye out for identity theft.

This breach has struck some individuals as ironic, because the DCA is in charge of protecting consumers in the state of California.  Up through 2007, it was also responsible for educating people in the state about how to avoid fraudulent activity and deal with credit theft and misuse of personal information.  With the breach being made public, Heimerich was able to reassure people that there isn’t much to worry about.  The recipient of the email with the word attachment hasn’t even opened the file yet.

Heimerich has also assured those affected that the DCA will provide a year of credit monitoring services.  One of these services, Lifelock, locks your credit reports with all three credit bureaus.  The DCA has also said that it will pay for up to $25,000 worth of fraudulent activity that might take place on someone’s credit.  While the Lifelock services will alert consumers about new credit card and loan applications, it is good that the state is being so proactive in their efforts to fix any problems before they start.

In total, of the 5,000 affected individuals, only 2,800 of the people are still currently employed with the DCA.  The other 2,200 people are old contract workers, consultants, and people who are serving in only part time functions.  Other individuals are employed by various agencies throughout the state of California.  Members of the Office of Private Protection are not included in this alert, because their files are no longer stored in the same database as other agencies.  Experts note that the DCA has been very quick in taking all necessary precautions and that if anyone notices fraudulent activity, they should contact the DCA directly.

School children need to perk up their ears and listen to their teachers. Some school boards need to follow a similar path. Yet again, a data breach has struck the educators of America. This time around, the guilty party resides somewhere in Dickson, Tennessee. Unfortunately, while the crime took place there, the ease of spreading personal information on the internet means that private material may already be spread around the globe.

Laptop computers do not just grow legs and walk away. With that said, theft is the only way to account for the disappearance of a Dickson County school official’s personal computer. In fact, the laptop was taken from the office of Johnny Chandler, the superintendent of the district. It contained the personal data of all employees of the school district between 2006 and 2007. In total, this breach puts around 850 people at risk. The material on the laptop contained addresses, license numbers, maiden names, and social security numbers. It also has tax information in addition to yearly wage data.

While police are still investigating the threat, there are some details of the case that are clear. Chandler just recently became superintendent of the district. The laptop was last accounted for on Friday. Authorities cannot find any signs of forced entry and are investigating the possibility that this was an inside job. Over the weekend, numerous people were in the building, including a cleaning crew, school staff members, and some students who were attending a retirement party. There is no motive to the crime at this point.

Chandler advises that everyone who was employed by the district keep an eye on their personal information. While a letter went out to inform people of the problem, some are not confident that their personal finances will remain unharmed. Some of these people are investing in an ID theft services. Subscriptions to such companies, such as Lifelock, allow members to have a peace of mind, knowing that their credit reports are being constantly monitored at all three bureaus. Unlike other companies, Lifelock recognized the importance of keeping an eye on credit at Equifax, TransUnion, and Experian, since some companies do not report to all three.

Chandler has vowed that a similar problem will never take place. New security procedures are being instituted for the district, including the policy that no personal information can be stored on laptops. Additionally, new security measures are in place at the district’s office, although specifics could not be obtained. The superintendent assured the media that the stolen laptop is covered by multiple encryption and security features. While there is optimism that the security will prevent any illegal access on the computer, people are advised to be vigilant. From now on, at the school district all laptops are to be locked up in a secure vault when they are not in use.

Texans beware.  Like most people in the United States, the fine citizens of this state submit insurance claims to their companies all the time.  Whenever any of us do this, we assume that what we’re handing over will be treated with care, quickness, and most importantly, confidence.  None of us want our private information to be floating around in the world without our knowledge.  Yet, this is the exact situation that people in Richardson, Texas are waking up to.

Late last week, authorities were called to investigate the scene at a dumpster outside of the Texas Insurance Claims Services building.  Within the container were hundreds of files that contained private information.  These are the types of data breaches that people fear more and more on a daily basis.  The worst part is that the files in the trash bin contained personal addresses, phone numbers, maiden names, social security numbers, and insurance claim numbers.  All of this material would easily allow someone to steal the identity of anyone who filed a policy with the company.  Early reports said that the files related to claims that had been resolved, but this has not been verified.  Regardless of the status of the files, the personal information is still valid and dangerous to leave exposed.

The man responsible for finding the files and reporting them to the police was Mike McCarty.  Rather than finding them on his own, he noticed a man taking pictures of the trash.  Once he pulled his car over, McCarty saw that it was a cache of private data, just waiting for some data thief to exploit the breach.  The man who was taking pictures of the files claimed he was searching for moving boxes.  That does not explain why he decided to photograph the event.  Police have not questioned him and do not assume him to be a suspect of any wrongful deeds at this point.

In an effort to track down more information about this data breach, reporters contacted Texas Insurance Claims Services.  Although a spokesman would not provide his name, he did let the media know that legally, the company is only required to hold on to claim files for five years.  All the information that ended up in the dumpster fell within this time period.  While the company is responsible for the private data of its customers, the representative said that this is common practice and that shredding services are used only on occasion.  However, he did admit that this negative publicity would make his company reconsider their practices.

With such breaches becoming more common, many individuals are investing in ID theft services.  One of the most popular choices is Lifelock.  The company is widely known and provides protection from identity theft.  It monitors all three credit bureaus and lets people know when a loan or new credit card is opened under their name.  This allows people to stay informed without having to constantly check with the bureaus and paying costly processing fees.