While the total number of affected individuals is over 200,000, the number of people who might have their identity stolen is a smaller figure.  Although no exact total has been given, only some of the letters contained the social security number of the patients.  However, the tradeoff is that every letter contained name, address, patient ID number, recent medical tests conducted, some diagnosis, and billing information.  This billing information can contain the full credit card or bank account number where previous transactions have taken place.

The mix up in the mailing system came about through a change in the computer system that was not adequately tested before it went into effect.  As a result, Blue Cross is working with its parent company, WellPoint, to make sure that adequate security measures are added to the computer systems so that future problems do not result.  A large concern for Blue Cross and many people is that the company represents many teacher unions and large companies throughout the state.  Blue Cross was unwilling to provide a list of these major businesses when they were contacted earlier in the day.  The company has assured the public though that they are working with investigators to limit the damage done to people’s lives.  They are compiling information about everyone affected and the names and addresses of everyone who received the information incorrectly.  The company has also set up a hotline that people can call in order to report that they have been a victim of identity theft or to report that they received a letter for someone else.  Blue Cross will then send out a postage paid envelope to get the return of that information.

Blue Cross has said that it will provide a years worth of free credit monitoring to those people whose social security numbers appeared on the letters.  This type of service is provided through ID theft services, such as Lifelock.  Lifelock and other companies maintain contacts with all three credit bureaus and alert their customer whenever a new application is filed, such as a credit card or loan.  It then verifies that the customer is the one submitting this information.  if it proves to be a fraudulent attempt, it is stopped before it goes through and prevents identity theft from happening.

The companies that were affected by these data breaches are numerous.  Many TJX Companies were targeted.  Businesses that fall into this sphere of influence include Marshall’s, T.J. Maxx, Office Max, Sports Authority, and Barnes and Noble.  Another major company that was targeted was the Dave & Busters Adult Restaurant Chain.  In each instance, the information about credit card and debit card numbers were obtained through sniffer programs.  These programs collected the sensitive information and then transmitted it to secure servers which were located in specified areas controlled by the three criminals operating in the United States.  These three would then encrypt the information and send it to servers located in Eastern Europe, most likely in the Ukraine and Estonia.

The information was distributed in a variety of ways.  Sometimes, the information was simply sold to buyers on the internet.  This is a frequent way of distributing credit and debit card numbers and it is difficult to track down the original source of the breach.  In other instances, the identity thieves used blank credit cards and implanted the stolen account numbers onto them.  Then they were able to go to an ATM machine and withdraw thousands of dollars at a single time.  It was this type of large scale withdrawals that first attracted the attention of the government.  They have been conducting this operation for 2.5 years and had someone working on the inside.

There is no word yet on what type of charges the individuals will be facing.  This is the largest effort made by the federal government and while no punishments have been suggested yet, industry experts are saying that those prosecuted in American courtrooms will face over 70 years in jail and those in other countries might suffer the death penalty.

Identity theft is a serious crime that has long term repercussions.  Not only does it immediately affect an individual, but the damage done to someone’s credit report can prevent them from getting a house, car, or sometimes even a job in a future.  For those who want to take a proactive stance, there are ID theft subscription services available.  These companies, such as Lifelock, provide credit monitoring at all three bureaus.  Whenever a credit card application is filed or a new loan application submitted, Lifelock contacts its customer.  It verifies the validity of the request and prevents it from being processed if it is fraudulent.

The breach took place over the July 4th weekend. A civilian contractor who is working for the Army on a project which has not been announced had the personal data on an external hard drive and a laptop computer. He left this material in his truck on the evening of July 3 and reported the theft around 10 AM the next morning. In the statement that he gave to the police he admitted that he had left all the electronic material in plain sight on top of his passenger seat and that he had failed to lock his truck. Investigations are continuing into this theft, both by the military police and the Lacey Police Department.

While there has been no word about what all the private data consisted of, authorities are taking the matter very seriously. The contractor, whose name has been withheld by both Lacey and military police, said that the laptop and hard drive contained no secret or top secret information, although this is of little concern to those who might now be the victims of identity theft. As of the writing of this article, there have been no confirmed cases of misuse of the information, although this might change in the future. The Army and other government institutions have been focusing on increasing security to prevent this type of breach from happening. Standard regulations and policies exist to prevent the transfer of private data off-site. It appears that the contractor was within his rights, having received the approval of his supervisor to move the material on a portable external hard drive. There is no word on how the contractor will be reprimanded by the Army for his careless placement of the data once he was outside the base.

The individuals were impacted by this breach were contacted on the phone by Fort Lewis personnel to alert them of the theft. Everyone was supposed to be reached by last Wednesday. Although emails and phone calls have been the method at this point, letters will be sent in the mail providing follow up information. Those who are worried that they might be victims of identity theft can subscribe to Lifelock, an ID theft service that monitors all three credit bureaus. They keep an eye out for loan and credit card applications, two frequently employed methods of identity thieves, and contact the person whose name appears on the paperwork. Lifelock verifies that the applications are legitimate and if not, prevents them from going through the system.

The person responsible for posting the information on the internet is former Student Assessment Director Chris Nugent. It appears that, without consent, he copied the information to a jump drive and then was using the information for a college project he was working on. Although he had no intention of posting the private data online, it was inadvertently uploaded while he was working on his project. Unfortunately, this breach went unnoticed for over a year. It was only discovered after a student was searching for information about themselves on the internet that the news of the breach spread.

In all, around 5,000 student had their social security numbers released, while another 10,000 students had their names and ACT scores posted online. The school superintendent, Rebecca Sharber, found out about the breach on June 26, but waited until July 9 before alerting the wider school community. She has explained this delay in notifying the affected parties as a way of making sure that she had all the facts straight before addressing the litany of questions she knew she would face from parents. While she might have been better prepared for the questions, she has also drawn fire from parents who think she waited too long before announcing the breach.

Other school board members were also upset about the delay. One parent noted that there was such inconsistency with the information provided by everyone. At one point it was 15% of all students in the district, then it was 3rd-8th graders and then it was finally the correct information about second graders and those who took the ACT last year. Some parents have expressed their concern about this incident haunting the lives of their kids for years to come and are worried with all the paperwork that now needs to be filed to take care of everything. One way that people can avoid this type of paranoia is to subscribe to ID theft services, such as Lifelock. These companies contact all three credit bureaus and alert their customers whenever a new application, such as a credit card or loan, is filed. Lifelock verifies that these are being opened by the real person and are not an attempt at identity theft.

In this case, Google is really a victim as much as are the people whose information was stolen. Google uses Colt Express Outsourcing Services to take care of certain human resource functions. Therefore, when the office of Colt was broken into, it was Google information and that of other companies that was stolen. What is even worse about the May 26 break-in was that Colt does not encrypt its data, so whoever perpetrator the crime has nothing standing in between them and the personal information of Google employees. This information contains social security numbers, names, and addresses. This breach also affected CNET Networks.

As more details about this breach have come forward, it is clear that the stolen information does not contain any credit card numbers. However, a name, address, and social security number of an individual is more than enough for a criminal to open up a fake credit card account, although the charges end up being far too real for those affected by the crime. People, not only those impacted by the Colt burglary, have been turning toward subscriptions with ID theft services, such as Lifelock. Lifelock contacts all three credit bureaus, Trans Union, Equifax, and Experian and monitors credit reports for activity that includes credit card and loan applications. Whenever one of these is filed, Lifelock contacts its customer to make sure that the application is legitimate.

In the case of this specific breach at Colt, Google has said that it will pay for a year’s subscription with an identity theft service, both for its employees and the employees at CNET. Colt is not able to provide this same guarantee because it is going through financial difficulties. Those affected by this breach are those Google employees hired before December 31, 2005. Google only recently realized that its employees were at risk and has sent out letters alerting people of the danger to their private data. Google has also announced that it no longer has any association with Colt and that the company does not currently handle human resource material for the internet giant. Google has said that its separation from Colt took place long before the burglary was reported.

In this particular instance, the hack involved cracking the passwords of fourteen financial advisors and their assistances. In all, this exposed the personal data of over 10,000 clients. While it isn’t clear at this point if the hackers illegally used any of the data, it is clear that their intention was to run “pump and dump” schemes which involve penny stocks. Thankfully, despite not catching the breach with any sort of quickness, LPL was able to prevent these schemes from costing any of their customers’ money.

What was available to the hackers was not only names of investors, but also home addresses, social security numbers, some bank routing numbers, and the personal information of anyone set up as a non-client trustee on an account. This expands the number to beyond the original 10,000, but no word yet on how much wider this makes the pool of potential victims of identity theft. At a more basic level, LPL is unable to tell whether or not hackers actually even accessed the data, let alone took it and used it for other identity crimes.

While the breach began last July, it was not reported to the public until now. Internal memos released by the company show that they knew about the problem and were trying to fix in back in March. No word, yet, on why they waited so long to notify all the affected people in writing. With this being the second breach in less than twelve months, LPL has taken steps to increase all of its security measures. In created a new position, a chief security/privacy officer. Time will tell whether or not any new features implemented under this position will prove to be effective.

In the meantime, despite LPL Financial bringing in over $3 billion last year, they have not said anything about providing identity theft service subscription to its clients. These services, such as that provided by Lifelock, contact all three credit bureaus and monitor activity, such as credit card applications and the filing of loans. Lifelock then contacts the person to make sure that they are really involved and that someone else isn’t illegally using their name and social security number to try to defraud them while committing identity theft.

This story would have earned a lot of attention in its own right. The data breach exposed the personal information of around 2,000 of the firm’s clients. Most of these individuals are upper tier lawyers with big wallets and powerful friends. Yet, the media isn’t really focusing on them. It is focusing on Supreme Court Justice Stephen G. Bryer, whose personal information was also taken in the breach. An expert in the field has said that with such powerful people, “the individuals on this list are at a very high risk, almost imminent, of identity theft.”

As more details come to light about the breach, the information is damning. The breach went on for more than six months, complete unnoticed by the network and infrastructure groups of Wagner Research Group. In this period of time, there is no information about how many people accessed the data or how far it was spread. With a program like Limewire at the center of this breach, there is no telling how many people were able to download the identity data. What is known right now is that at least a dozen people, some residing in Sri Lanka, a hotbed for identity theft, and Colombia, now have the information.

Tiversa, an independent consulting firm was called in to help contain the breach. They are working with WRG to go over all their security policies to make sure nothing like this happens again. In the meantime, Warner Research Group has said that it will provide six months of free credit monitoring for everyone affected. These people should have received a letter in the mail recently. Unfortunately, this is too late for some people, including one lawyer he just was charged $9,000 by AT&T for a phone account that was illegally set up with his name and social security number, but someone else’s address. In the case of many data breaches, companies have not stepped up to offer such comprehensive credit monitoring. In those case, victims have turned to Lifelock, an identity theft service, that maintains contact with all three credit bureaus to make sure that fraudulent accounts are not taken out falsely under a client’s name.

The data breach took place during the routine process of creating encrypted backups of files which contained the personal information of patients. The disks which contained the material went missing during the process and although the hospital staff conducted a thorough investigation of the facility, they were unable to locate the missing materials. In a letter released to the public, the hospital noted that it learned of the problem on June 20, although it did not say when the breach actually occurred and how long the material was missing before it was noticed.

In an effort to reassure the public, the hospital has stressed that there is no medical information contained on the disks. This assurance has eased the mind of some people. Much like in the United States, Hong Kong is going through a period of discontentment with plans by many hospitals to shift all medical records to online databases for this exact reason. No word yet on how this breach will affected that ongoing debate. At the same time that they announced the missing disks, the hospital also said that 23 hard copy receipts were missing. These pieces of paper contained names, addresses, identity card numbers, and some medical information about patients. An investigation to find these was also unsuccessful.

While the hospital has exhausted its resources in searching for all this missing data material, it has turned the investigation over to the police and alerted the Office of the Privacy Commissioner for Personal Data. These entities will continue the investigation into the foreseeable future. At the same time, the hospital is reviewing all of its own security and data encryption policies in an effort to prevent any future breaches from happening. Experts expect this review to take some time.

While not yet available in Hong Kong, the ID theft subscription company is attempting to expand its recognition around the world. For a minimal fee, these company maintains contact with all three credit bureaus and alerts customers whenever a new loan application or credit card is filed. It verifies that this information is valid and that no efforts at identity theft are taking place. Lifelock then either lets the bureaus approve or deny the loan, depending on if it actually being initiated by the person whose personal data is being used.

It was reported today that there was a data breach at the Organ and Tissue Donor Registry, which is housed by The Agency for Health Care Administrations. It appears that up to 55,000 people might have had their private information, such as names, addresses, social security numbers, and drivers license numbers, stolen. There are still only limited details at this point, although it is clear that the state is taking the breach seriously.

Those who were affected by the breach should receive a letter in the mail in the next few days. The Agency for Health Care Administrations wants to make clear that it is only contacting people by mail and not phone or email. If anyone gets asked for their social security number of other private information over the phone or in an email, they should be weary of responding since this might be a phishing attempt to further extend identity theft. In the letter that was sent out to people, it explains that the breach took place on June 20 and was discovered the next day and corrected. There is no explanation given for how the issue was so quickly resolved or solutions to prevent this type of breach from taking place in the future.

At this point, according to a statement by AHCA Secretary Holly Benson, there is no indication that any of the information was illegally obtained. At the same time though, since the investigation is still ongoing and the story developing, people are advised to keep an eye on their credit reports and look out for any suspicious activity. One way to ensure that you are protected is to invest in an ID theft subscription service, such as Lifelock. The company, famous for its founder who lists his social security number of a drunk and drives it around downtown New York because he is confident in the protection his company gives, monitors all three credit bureaus. It keeps tabs and is notified whenever a new credit card or loan application is filed. It then contacts its customer to make sure this is a valid application. It then can stop or allow the file to continue. Since many victims of identity theft are subjected to long periods of trying to cleanup their credit records after the fact, taking a proactive step before any illegal activities occur is advised.

The court sent out letters to the 380 affected individuals. Unfortunately, these letters did not specify whether or not the investigation suspected that the transfer of the sensitive material was an accident or if it was deliberate. At the same time, there was no discussion of when the breach occurred and how long it took the court to act on the information. In many of the recent data breaches, there has been considerable delay before notifying the affected parties, which has caused considerable amounts of stress to people once they learn of the crime.

It was originally feared that the information contained in the private email listed names, addresses, social security numbers, and birth dates. As the investigation has continued, this fear has decreased, as many of the accounts had personal data included, although it was incomplete and thus not nearly as large of a problem in terms of identity theft. However, this only applies to some of the affected people, although there are no further details about what percentage of the 380 falls into this category. The court did try to assure the public with the knowledge that there are a total of 1.7 million people on the juror list and that this breach is, fortunately, of a small nature.

While the court continues its investigation, it has announced that it is changing some of its policies. It will no longer list any private data on the forms that are supposed to be printed out about potential jurors. No word yet on how they plan to secure their system so that no future incidences occur, with sensitive material being sent to an inappropriate location. Authorities will determine what measures need to take place, since the court is a central component of the state government and needs to meet certain informational security criteria.

For those affected, officials are suggesting they contact the credit bureaus and place a free initial alert on their account. Knowing these alerts are only free at the beginning, more and more people are looking into ID theft subscription services, such as Lifelock. This company monitors all three credit bureaus for a minimal monthly fee and alerts its customers whenever a new credit card or loan application is opened. It then verifies that this is a legitimate application before allowing it to be approved.