If you live in the area of Kingston, Washington, you need to pay attention.  This is especially true if you use a company to take care of your taxes.  The company that is having the most difficulty at the moment is Kingston Tax Services.  They reported earlier today that one of their computers was stolen and the hard drive contained sensitive information on its clients, including names, birth dates, addresses, and social security numbers.  This information also contained this same sensitive information for any dependents that would have been listed on tax records and forms over the last eight years. In all, the company is saying that a huge pool of people have just been opened up to the whims of identity thieves and that immediate action must be taken.

The owner of the company, Tim Winsor, is advising all customers to take immediate action and contact a variety of bureaus to put fraud alerts on their accounts.  These bureaus include the Social Security Administration and the Credit Bureau Fraud Departments.  People are advised to put fraud alerts on their credit cards and also notify banks and credit card companies of the breach and the likelihood that they have been impacted by it.  One option open to people is to subscribe in an ID theft service, like Lifelock.  This company monitors all three credit bureaus and holds any credit card or loan applications until they can verify if they were submitted by the person whose name appears on them.  By creating this slight delay, Lifelock can prevent identity theft before it happens.

In cases like this, time is a critical factor.  The quicker that thieves can move the information before people have put alerts on their accounts, the better off they are at making off with the money of other people.  Despite Winsor’s plea that people start alerting bureaus “RIGHT NOW!” there is no telling how many people have already been affected.  One client said that with the recognition that time was of the essence, it should not have taken six days between the theft and when people started to receive their letters alerting them to the break in.  There is only limited talk at the moment about possible class action lawsuits against Kingston Tax Services and the shoddy care they gave the security systems of their computers.

The theft that resulted in this problem involved a laptop from the office which is under construction.  The information was password protected, but it was not complex.  There was also no encryption on the computers.  Winsor believes that his stolen laptop was for sale on Craiglist within two days of the theft, although he was not able to determine this with 100% certainty because the serial numbers were blurred out on the images available on the website.  Even more troubling is that the breach has resulted in the filing dates for a number of individuals being missed.  This will result in fines from the IRS which Winsor has not said if he will cover them or not.  This will be an ongoing story for some time.

Corporate responsibility.  That is what everyone on the business channels seems to trumpet right now.  And in some cases this is exactly the response that tarnished companies are taking. However, as a consumer it might be better if the companies took proactive approaches and stopped damage from taking place to their customers and company image.  For Dominion Enterprises and their InterActive Financial Marketing Group, this all comes as good ideas a little too late.  It was announced today that a data breach took place at the company on one of its secure servers between November 2007 and February 2008.  There has been no word released yet on why it took so long for the company to alert the public or when they first discovered that the breach had taken place.

Roughly 92,000 people have been affected by the hacking of the server.  While the number of individuals is troubling, what is more problematic is the information that was taken from the server.  This material included names, dates of birth, addresses, social security numbers, and credit card numbers.  In a world where personal data sells for $15-$20 in internet chat rooms, this is a gold mine for identity thieves.  There has been no word yet on how the hackers were able to infiltrate the security measures that were supposed to be in place on the server.  In response to the breach, Dominion has brought in industry leading security experts to review all the company’s network policies and to provide a complete overhaul to the system so that the financial transactions of the company are not at risk in the future.

In letters that are being sent out to all affected people, the company is apologizing profusely.  It is also providing a year’s worth of free credit monitoring.  This type of monitoring comes from companies like Lifelock.  This company maintains contacts with all three major credit bureaus, Equifax, Trans Union, and Experian.  Whenever a new application for a credit card or loan is submitted, Lifelock holds the application from being processed until it can check with its client about the validity of the claim.  If the name of the person on the paperwork did not file it, then it is clearly a case of identity theft and it is prevented from being processed.  With this whole procedure ID thieves are thwarted before they can ruin the lives of innocent people.

Dominion has stated that it has already contacted local and federal law enforcement officials.  They plan to conduct a thorough investigation of the breach to see whether or not the hackers had any inside help that would have allowed them to get through the security features which had been in place.  No more details about the investigation were available since the case is ongoing.  Dominion wants to assure the public that it is safe to invest with the InterActive Financial Marketing Group in the future because a breach of this nature will never happen again.  Time will tell how this plea to the public works out.

If you live in Florida right now, Hurricane Fay, or most recently Tropical Storm Fay, has really been on the top of your mind.  So with the resulting fear and panic crippling the highways of the state, what better time to strike at the computer networks of a medical facility.  While this doesn’t strike you as the most sensible thing to do, that is what apparently happened at the Wuesthoff Medical Center in Brevard County Florida.  At this point, there are only limited details, although what is known is quite troubling for anyone who has used the pre-screening website that the Center uses to gain background medical information about potential patients.

The medical center was not even the company that discovered that personal information was floating around unsecured on the internet.  An insurance company in Arizona was running a profile for a potential client when they noticed all the information on the internet.  They in turn contacted the individual who contaced Wuesthoff.  In all, over 500 people have been affected by this breach.  Unfortunately, there is no time table for when these people had ties to the center, so potentially, anyone who has ever filled out the online form could be at risk right now.  The hospital said that it would provide full details about who the affected parties were later in the week.

These 500 people had their names, addresses, social security numbers, and personal medical information spread to the four winds of the internet.  This is not only prime picking for identity thieves and only nefarious criminals on the world wide web, but it is also a violation of HIPAA.  Although if the medical center’s computers were hacked, as someone who wished to remain anonymous suggested, then the government will most likely not crack down on the institution for its failure to secure the sensitive material.

A step that affected people can take is to subscribe to an ID theft service, like Lifelock.  This company, for a minimal monthly fee, monitors the credit report of a customer at all three major credit bureaus.  This includes Trans Union, Equifax, and Experian.  Whenever a new credit card application or loan paperwork is field, which are two of the most frequent ways that identity thieves use stolen names and social security numbers, Lifelocks holds the process up once it has reached the credit bureaus.  It then contacts its customer to make sure that the applications are legitimate.  If they are fraudulent, they are canceled and identity theft is prevented.

There is no word yet on whether or not the Wuesthoff Medical Center will provide free credit monitoring for the 500 affected patients.  If their system was hacked, they will have to go through and review all of their network security policies to make sure that future problems do not take place.  Because of the severity of the breach and the fact that the information lost contained medical files, it is likely that the Federal government will send in consultants to review the new security systems before they are fully implemented.

In a developing story, it has recently been reported that in the past few weeks over 200,000 people insured through Blue Cross in the state of Georgia have had their personal information compromised.  It appears that a mix up in the mailing system resulted in benefit letters being sent to the wrong people.  In some instances, people received multiple benefit letters from a number of people.  While this information is still only in its initial stages, certain people affected are already talking about pressing charges against Blue Cross while there are murmurings about the possible repercussions the company will receive for violating HIPAA regulations.

While the total number of affected individuals is over 200,000, the number of people who might have their identity stolen is a smaller figure.  Although no exact total has been given, only some of the letters contained the social security number of the patients.  However, the tradeoff is that every letter contained name, address, patient ID number, recent medical tests conducted, some diagnosis, and billing information.  This billing information can contain the full credit card or bank account number where previous transactions have taken place.

The mix up in the mailing system came about through a change in the computer system that was not adequately tested before it went into effect.  As a result, Blue Cross is working with its parent company, WellPoint, to make sure that adequate security measures are added to the computer systems so that future problems do not result.  A large concern for Blue Cross and many people is that the company represents many teacher unions and large companies throughout the state.  Blue Cross was unwilling to provide a list of these major businesses when they were contacted earlier in the day.  The company has assured the public though that they are working with investigators to limit the damage done to people’s lives.  They are compiling information about everyone affected and the names and addresses of everyone who received the information incorrectly.  The company has also set up a hotline that people can call in order to report that they have been a victim of identity theft or to report that they received a letter for someone else.  Blue Cross will then send out a postage paid envelope to get the return of that information.

Blue Cross has said that it will provide a years worth of free credit monitoring to those people whose social security numbers appeared on the letters.  This type of service is provided through ID theft services, such as Lifelock.  Lifelock and other companies maintain contacts with all three credit bureaus and alert their customer whenever a new application is filed, such as a credit card or loan.  It then verifies that the customer is the one submitting this information.  if it proves to be a fraudulent attempt, it is stopped before it goes through and prevents identity theft from happening.

Government institutions have suffered a number of very public data breaches over the last couple of years. There was the large loss of VA data and there was the theft of personal information on patients at Walter Reed. In this case, tucked away in the state of Washington, is Fort Lewis. Housed at this base are a number of army units. While there are no numbers provided for the total amount of soldiers at the base, in this specific incidence anywhere from 800-900 active army personnel has been affected. As if these troops who serve overseas didn’t have enough to worry about, the threat of identity theft can now be added to the list.

The breach took place over the July 4th weekend. A civilian contractor who is working for the Army on a project which has not been announced had the personal data on an external hard drive and a laptop computer. He left this material in his truck on the evening of July 3 and reported the theft around 10 AM the next morning. In the statement that he gave to the police he admitted that he had left all the electronic material in plain sight on top of his passenger seat and that he had failed to lock his truck. Investigations are continuing into this theft, both by the military police and the Lacey Police Department.

While there has been no word about what all the private data consisted of, authorities are taking the matter very seriously. The contractor, whose name has been withheld by both Lacey and military police, said that the laptop and hard drive contained no secret or top secret information, although this is of little concern to those who might now be the victims of identity theft. As of the writing of this article, there have been no confirmed cases of misuse of the information, although this might change in the future. The Army and other government institutions have been focusing on increasing security to prevent this type of breach from happening. Standard regulations and policies exist to prevent the transfer of private data off-site. It appears that the contractor was within his rights, having received the approval of his supervisor to move the material on a portable external hard drive. There is no word on how the contractor will be reprimanded by the Army for his careless placement of the data once he was outside the base.

The individuals were impacted by this breach were contacted on the phone by Fort Lewis personnel to alert them of the theft. Everyone was supposed to be reached by last Wednesday. Although emails and phone calls have been the method at this point, letters will be sent in the mail providing follow up information. Those who are worried that they might be victims of identity theft can subscribe to Lifelock, an ID theft service that monitors all three credit bureaus. They keep an eye out for loan and credit card applications, two frequently employed methods of identity thieves, and contact the person whose name appears on the paperwork. Lifelock verifies that the applications are legitimate and if not, prevents them from going through the system.

At first it was only college students who were hit hard by a lack of security. Now it has sunk down all the way to second graders. The youth have been impacted and might have to deal with the threat of identity theft for the rest of their life while those who just took the ACT and are beginning their college careers are also affected. Williamson County school board officials recently announced that a former school board official illegally posted a breach of student social security numbers, names, and addresses on the internet.

The person responsible for posting the information on the internet is former Student Assessment Director Chris Nugent. It appears that, without consent, he copied the information to a jump drive and then was using the information for a college project he was working on. Although he had no intention of posting the private data online, it was inadvertently uploaded while he was working on his project. Unfortunately, this breach went unnoticed for over a year. It was only discovered after a student was searching for information about themselves on the internet that the news of the breach spread.

In all, around 5,000 student had their social security numbers released, while another 10,000 students had their names and ACT scores posted online. The school superintendent, Rebecca Sharber, found out about the breach on June 26, but waited until July 9 before alerting the wider school community. She has explained this delay in notifying the affected parties as a way of making sure that she had all the facts straight before addressing the litany of questions she knew she would face from parents. While she might have been better prepared for the questions, she has also drawn fire from parents who think she waited too long before announcing the breach.

Other school board members were also upset about the delay. One parent noted that there was such inconsistency with the information provided by everyone. At one point it was 15% of all students in the district, then it was 3rd-8th graders and then it was finally the correct information about second graders and those who took the ACT last year. Some parents have expressed their concern about this incident haunting the lives of their kids for years to come and are worried with all the paperwork that now needs to be filed to take care of everything. One way that people can avoid this type of paranoia is to subscribe to ID theft services, such as Lifelock. These companies contact all three credit bureaus and alert their customers whenever a new application, such as a credit card or loan, is filed. Lifelock verifies that these are being opened by the real person and are not an attempt at identity theft.

People in the world look at Google and see a behemoth. They see a company that has surpassed Microsoft in terms of power and influence. And they might very well be right. However, Google isn’t going to take over the United States and eventually the world. In fact, it takes hits just like every other company out there. In this case, it failed to secure some of the personal details of its employees and it the most recent company to note that it has suffered a data breach.

In this case, Google is really a victim as much as are the people whose information was stolen. Google uses Colt Express Outsourcing Services to take care of certain human resource functions. Therefore, when the office of Colt was broken into, it was Google information and that of other companies that was stolen. What is even worse about the May 26 break-in was that Colt does not encrypt its data, so whoever perpetrator the crime has nothing standing in between them and the personal information of Google employees. This information contains social security numbers, names, and addresses. This breach also affected CNET Networks.

As more details about this breach have come forward, it is clear that the stolen information does not contain any credit card numbers. However, a name, address, and social security number of an individual is more than enough for a criminal to open up a fake credit card account, although the charges end up being far too real for those affected by the crime. People, not only those impacted by the Colt burglary, have been turning toward subscriptions with ID theft services, such as Lifelock. Lifelock contacts all three credit bureaus, Trans Union, Equifax, and Experian and monitors credit reports for activity that includes credit card and loan applications. Whenever one of these is filed, Lifelock contacts its customer to make sure that the application is legitimate.

In the case of this specific breach at Colt, Google has said that it will pay for a year’s subscription with an identity theft service, both for its employees and the employees at CNET. Colt is not able to provide this same guarantee because it is going through financial difficulties. Those affected by this breach are those Google employees hired before December 31, 2005. Google only recently realized that its employees were at risk and has sent out letters alerting people of the danger to their private data. Google has also announced that it no longer has any association with Colt and that the company does not currently handle human resource material for the internet giant. Google has said that its separation from Colt took place long before the burglary was reported.

The world of online trading can be very profitable. It can also be dangerous. And not just in terms of having a stock fail after you’ve sunk a lot of your money into it. On a more basic note, it is dangerous if your account becomes compromised because that means that someone not only gets your personal data, they also gain the ability to control your money and invest it in a variety of stocks, with no profit coming back to you. This bizarre scenario seems to be even more likely if you work with LPL Financial because it reported yesterday that it was hacked for the second time in one year.

In this particular instance, the hack involved cracking the passwords of fourteen financial advisors and their assistances. In all, this exposed the personal data of over 10,000 clients. While it isn’t clear at this point if the hackers illegally used any of the data, it is clear that their intention was to run “pump and dump” schemes which involve penny stocks. Thankfully, despite not catching the breach with any sort of quickness, LPL was able to prevent these schemes from costing any of their customers’ money.

What was available to the hackers was not only names of investors, but also home addresses, social security numbers, some bank routing numbers, and the personal information of anyone set up as a non-client trustee on an account. This expands the number to beyond the original 10,000, but no word yet on how much wider this makes the pool of potential victims of identity theft. At a more basic level, LPL is unable to tell whether or not hackers actually even accessed the data, let alone took it and used it for other identity crimes.

While the breach began last July, it was not reported to the public until now. Internal memos released by the company show that they knew about the problem and were trying to fix in back in March. No word, yet, on why they waited so long to notify all the affected people in writing. With this being the second breach in less than twelve months, LPL has taken steps to increase all of its security measures. In created a new position, a chief security/privacy officer. Time will tell whether or not any new features implemented under this position will prove to be effective.

In the meantime, despite LPL Financial bringing in over $3 billion last year, they have not said anything about providing identity theft service subscription to its clients. These services, such as that provided by Lifelock, contact all three credit bureaus and monitor activity, such as credit card applications and the filing of loans. Lifelock then contacts the person to make sure that they are really involved and that someone else isn’t illegally using their name and social security number to try to defraud them while committing identity theft.

An employee for Wagner Research Group made a mistake. A very big and potentially devastating mistake. They opened up Limewire and decided to start sharing some files and grabbing some new songs. What they didn’t know was that while they were getting the latest hits, someone was hitting the company’s private records. It wasn’t even a hacker. It was someone who realized that the Wagner employee hadn’t specified which directories were available for people to search through which meant that the entire WRG’s database was at the disposal of anyone on Liewire. Herein lies one of the dangers of using peer-to-peer programs at work.

This story would have earned a lot of attention in its own right. The data breach exposed the personal information of around 2,000 of the firm’s clients. Most of these individuals are upper tier lawyers with big wallets and powerful friends. Yet, the media isn’t really focusing on them. It is focusing on Supreme Court Justice Stephen G. Bryer, whose personal information was also taken in the breach. An expert in the field has said that with such powerful people, “the individuals on this list are at a very high risk, almost imminent, of identity theft.”

As more details come to light about the breach, the information is damning. The breach went on for more than six months, complete unnoticed by the network and infrastructure groups of Wagner Research Group. In this period of time, there is no information about how many people accessed the data or how far it was spread. With a program like Limewire at the center of this breach, there is no telling how many people were able to download the identity data. What is known right now is that at least a dozen people, some residing in Sri Lanka, a hotbed for identity theft, and Colombia, now have the information.

Tiversa, an independent consulting firm was called in to help contain the breach. They are working with WRG to go over all their security policies to make sure nothing like this happens again. In the meantime, Warner Research Group has said that it will provide six months of free credit monitoring for everyone affected. These people should have received a letter in the mail recently. Unfortunately, this is too late for some people, including one lawyer he just was charged $9,000 by AT&T for a phone account that was illegally set up with his name and social security number, but someone else’s address. In the case of many data breaches, companies have not stepped up to offer such comprehensive credit monitoring. In those case, victims have turned to Lifelock, an identity theft service, that maintains contact with all three credit bureaus to make sure that fraudulent accounts are not taken out falsely under a client’s name.

Going to the hospital is supposed to make you feel better. Not make you sick to your stomach. Sadly, as more and more personal data gets stored on smaller and smaller mediums, the potential for ill feelings rises. With so much material on tiny electronics, it is very easy for the data to grow legs and walk away. That is the situation at the Yan Chai Hospital in Hong Kong. One of the busiest hospitals in the area, hundreds of thousands of patients pass through its doors on an annual basis. In this specific case, it isn’t current visitors who are in jeopardy, but those who came for medical attention between January 2005 and January 2006.

The data breach took place during the routine process of creating encrypted backups of files which contained the personal information of patients. The disks which contained the material went missing during the process and although the hospital staff conducted a thorough investigation of the facility, they were unable to locate the missing materials. In a letter released to the public, the hospital noted that it learned of the problem on June 20, although it did not say when the breach actually occurred and how long the material was missing before it was noticed.

In an effort to reassure the public, the hospital has stressed that there is no medical information contained on the disks. This assurance has eased the mind of some people. Much like in the United States, Hong Kong is going through a period of discontentment with plans by many hospitals to shift all medical records to online databases for this exact reason. No word yet on how this breach will affected that ongoing debate. At the same time that they announced the missing disks, the hospital also said that 23 hard copy receipts were missing. These pieces of paper contained names, addresses, identity card numbers, and some medical information about patients. An investigation to find these was also unsuccessful.

While the hospital has exhausted its resources in searching for all this missing data material, it has turned the investigation over to the police and alerted the Office of the Privacy Commissioner for Personal Data. These entities will continue the investigation into the foreseeable future. At the same time, the hospital is reviewing all of its own security and data encryption policies in an effort to prevent any future breaches from happening. Experts expect this review to take some time.

While not yet available in Hong Kong, the ID theft subscription company is attempting to expand its recognition around the world. For a minimal fee, these company maintains contact with all three credit bureaus and alerts customers whenever a new loan application or credit card is filed. It verifies that this information is valid and that no efforts at identity theft are taking place. Lifelock then either lets the bureaus approve or deny the loan, depending on if it actually being initiated by the person whose personal data is being used.