I’ve been a LifeLock member for almost three years now. I’ve always been satisfied with their service and felt like I received effective identity theft protection at a reasonable price, and felt more secure for having it.

I upgraded my LifeLock membership to Command Center recently, and feel better than ever, especially because my Command Center membership provides me with a service I never expected to receive from an identity theft protection company: a list of sex offenders in my neighborhood.

No other crime frightens women as rape does. I doubt there is a woman in America who does not know a rape survivor, or someone who was molested as a child. An estimated 1 in 6 women has been raped, and another woman in America is raped every two minute. As parents, most of us believe we would kill to protect our children, yet an estimated 1 in 4 girls and 1 in 7 boys is molested.

Sex offender registries were established after 7-year-old Megan Kanka was kidnapped, raped and murdered by a repeat offender who had recently moved into a house across the street. Megan’s law was crafted specifically so people could periodically check the records to see who lives near them.

The sex offender registries are public record, and I could check them myself, just like I could order my own credit reports and remove my name from mailing lists for pre-approved credit offers. Instead, I’ve always paid LifeLock $9 a month to do these things for me, because before I enrolled in LifeLock, I never got these things done despite my best intentions.

Now LifeLock regularly sends me the list of sex offenders, and, because of that, I know a convicted child molester lives about 10 blocks from my son’s elementary school. I’ve studied his picture and I’ve driven by his house because I want to be able to recognize his car, and I want to know who else comes and goes in this man’s house—the man who raped and murdered Megan Kanka lived with two other men, both convicted child molesters.

What does all this have to do with identity theft? Criminals sometimes use stolen names and information when they’re arrested. They go to jail, they get booked, and they hire a bondsman and never show up for court—but the identity theft victim ends up with a criminal record and a bench warrant for failing to appear in court or worse. A man in England lost his marriage, children, reputation, his career and his home because he was misidentified as a child pornographer. It took him years to prove the man who used his credit cards to buy pornography online had stolen his identity.

In other instances, convicted sex offenders use a stolen address when they register after leaving prison so they can evade law enforcement agencies charged with checking up on them. Because I have LifeLock, I know nobody but me uses my address.

If the question is when will health care insurers begin protecting their customers’ identities, health information and financial information, in light of the most recent insurer data breach, the answer has to be “when pigs fly.”

AvMed began sending out notifications this week of a December 11, 2008 data breach that occurred when two laptops were stolen from a conference room in the Gainesville, Florida company headquarters. The data breach places 200,000 current and former subscribers at risk because their names, addresses and health information were all stored on the laptops.

Nearly one-third of the subscribers are at a particularly high risk of identity theft because their information was stored on a laptop without proper protect, according to a statement on the company’s website. Presumably, that means the laptop was not password protected, and/or the data was not encrypted.

The data breach also exposed extensive information on another 128,000 former subscribers dating as far back as 2003.

The company issued the boilerplate apology: We are very sorry … blah … blah. We are cooperating with law enforcement … blah … blah … blah … additional training … And we appreciate our members support … blah … blah. (One has to wonder why they believe they enjoy the support of 200,000 members whose most personal information was recently exposed in a data breach because of the company’s irresponsible and flagrant disregard for even the most elementary data security.)

You know those messages you hear when you call your insurer: “For training and quality assurance purposes, this call may be recorded” and “For security purposes, please enter your member ID or Social Security number”? More than 1.3 million of those audio files were recorded on 57 hard drives that went missing from closet at a Blue Cross Blue Shield call center in Chattanooga, Tennessee, in a data breach announced last month.

MassMutual announced yet another data breach in November that involved the sensitive information of an unknown number of employees. That data breach occurred when hackers accessed a database maintained by a contractor.

And the sky above remains clear of winged pigs.

It happens every tax season. W2s or 1099s are mailed out with Social Security numbers or tax ID numbers visible through the envelopes window. Or, they are printed on mailing labels and slapped on the outside of the envelopes along with names and addresses. In this data breach, they were mailed out to the wrong recipients, placing the intended recipients in grave danger of identity theft.

The Ozarks Area Community Action Corporation (OACAC) data breach occurred because of an error when they mailed out 1099 tax forms to area landlords. Only half of the roughly 500 landlords who provided subsidized housing to low-income residents received their 1099 forms last month. However, the other half of the landlords received two 1099 forms—their own and, as a bonus—a second form for one of the other landlords that work with the OACAC of Springfield, Missouri.

The landlords whose forms were mistakenly mailed to the wrong recipients are now at a very high risk of identity theft. A 1099 is a form required by the IRS for any non-employee contractors who receive more than $600 in compensation for their services or products. The form is printed with the payer’s name, address and tax number, the contractor’s name, resident address, rental property address, financial compensation, Social Security number or tax ID number. The data breach made it for easy for any of the recipients to commit identity theft.

The OACAC director, Carl Rosenkranz, explained that the data breach occurred because the agency printed two tax forms onto a single piece of paper. The forms were supposed to be separated and mailed to the respective landlords, but were not. Rosenkranz said they can identify the landlords who received two forms.

The agency sent letters to the landlords apologizing for the error, and asked that anyone who received someone else’s forms please return it to the agency.

One of the service providers said he’d be more comfortable if the recipient just burned his form rather than send it back to the agency that made such a serious mistake.

Tax time is the perfect time to clean out old files or set up a new file system. But where do you start? And what do you shred to prevent identity theft?

You should shred any unneeded documents or mail that has your personal information on it, and that doesn’t mean just documents that have your Social Security numbers on it. Even junk mail has your name and address on it, and that’s a good start for identity theft. You don’t have to shred the entire catalog or sales ad, just the page with your information on it.

If you still receive your bank statements by mail, shred them after you’ve reviewed them. For identity theft prevention, though, it’s safer to receive your bank statements via email or by viewing your transactions. There’s no reason at all to receive cancelled checks in the mail, either; they’re available online, too.

The same goes for credit card statements. Review them for errors or suspicious charges that may indicate you are already an identity theft victim. The better way to prevent identity theft, though, is to receive your statements online.

Shred your paycheck stubs after reviewing them with every pay period. Some employers still print pay stubs with employees’ complete information on them, including name, address and Social Security number. Incredibly, once their paychecks are in the bank, many people don’t stop to think about how easily they could become identity theft victims by leaving their pay stubs loose in their cars or desk drawers.

Shred all expired credit cards. If you own a shredded, but it doesn’t work on credit cards and CDs, it’s time for an upgrade.

Just cutting up your expired credit cards isn’t enough; they’re easily reconstructed, and with that card, an identity theft can go on an online shopping spree.

Insurance and medical records have enough information for medical identity theft. Shred them.

Expired college ID cards and report cards. Many universities still use students’ Social Security numbers as student IDs for registration, class grades and tuition records.

I’ve been a LifeLock member for just over two years, and have always been happy with their service. But I recently decided to add LifeLock Command Center™–their new tier of ID theft services—to my membership. I know enough about ID theft to know that no one is ever completely protected, but I felt pretty safe even before the upgrade.

Since upgrading I feel like I’m as well protected from ID theft as it’s possible to be. I’m still covered by LifeLock’s original eRecon™, WalletLock™ and TrueAddress™. And LifeLock submitted the requests so I actually get my annual credit report and I don’t receive pre-approved credit offers in the mail anymore—things I should have been doing for myself but never did.

LifeLock Command Center™ drills a little deeper, though. With the new services, LifeLock proactively mines for my personal and financial information, to make sure all is as it should be, and no one but me is using it.

What I find most assuring about the new Command Center™ services, though, is that I get the reports from all their searches. In fact, I got all the reports within 48 hours of enrolling.

How LifeLock Command Center™ works

Public records databases are scoured for any evidence of criminal ID theft—that is, using another person’s identity when arrested. The continually check my county’s court records and those at the Department of Motor Vehicles, Department of Corrections and administrative courts. As damaging as any type of ID theft can be, when you know some of the firsthand stories about how horrific the aftermath of criminal ID theft can be, this service is a big relief.

They also check all the sex offender registries. First, to make sure none of my information shows up there; apparently it’s common for sex offenders to use bogus addresses when they have to register. Secondly, LifeLock emails me a list of all the sex offenders registered in my zip code. (If you’ve never seen one of these reports, they’re real eye-openers. Even a friend of mine who lives in a very exclusive neighborhood found there are two sex offenders living within blocks of his home.)

Command Center™ monitors P2P networks. These are the links from one computer to another established with file sharing applications like LimeWire that are commonly used for music downloads and shared work

LifeLock’s eRecon™ has always checked more than 10,000 websites for bits of my identity information, e.g. my Social Security number, address, birth date, etc. They also looked for any pieces of my financial information, e.g. bank account or credit card numbers or PINS. With LifeLock Command Center™ I get the reports.

Command Center™ also provided me with a report of every address I’ve lived at for the last 25 years. Fortunately I recognized every address on the report.

Check out LifeLock Command Center™ for yourself. If you decide to enroll, use the promotion code DEFENSE for the best deal.

The Identity Theft Resource Center’s numbers on last years’ data breaches are out, but despite some figures that are seemingly good news, the overall picture is muddled if not outright bleak.

Nearly 500 data breaches were reported last year – a 25% decrease from 2008. That’s the first decrease in reported data breaches since the ITRC began tracking data breaches in 2005. However, more than 220 million records were reported as lost or compromised, according to the 2009 ITRC Data Breach Report – a 630% increase from the 35 million reported in 2008.

Further clouding the question of whether data security is improving or worsening is that only two data breaches were responsible for nearly 96% of all reported lost or compromised records last year: Heartland Payment Systems and the National Archive and Records Administration (NARA).

Hackers attacked Heartland, a credit card payment processor, and stole 130 million records. Another 76 million records were compromised when NARA sent a hard drive with the unencrypted personal information of 76 million servicemen out for repair.

Among the bleakest news of all though, is that only six of all the data breaches last year involved encrypted records, only slightly more than 1% of the total.

“Why are organizations that have these massive amounts of our data still not encrypting it?” asks Linda Foley, ITRC director and co-founder. “When we know we have these super breaches going on, why are they resisting a technology that could prevent them?

But, in the end all the numbers are nearly meaningless in the overall picture because what can’t be measured are the number of unreported data breaches, and the numbers of affected records that are reported simply as “unknown.”

Other highlights:

• Data breaches of paper records account for 26% of all reported breaches in 2009 (up 41% from 2008).
• The business sector was responsible for 41% of all reported breaches last year (compared to 21% in 2008).
]]> http://www.id-theft-security.com/lifelock-blog/2010/01/data-breach/feed/ 0 http://www.id-theft-security.com/lifelock-blog/2009/12/family-id-theft-protection/ http://www.id-theft-security.com/lifelock-blog/2009/12/family-id-theft-protection/#comments Mon, 21 Dec 2009 21:43:21 +0000 admin http://www.id-theft-security.com/lifelock-blog/?p=582 The holiday season brings families and friends together. It’s a blessing for some, but for others … not so much. These are the families whose relatives and friends include at least one drug addict, alcoholic, convict, compulsive shopper or gambler or a get-rich-quick scammer. In other words, these are the families who need to worry about ID theft.

Few ID theft victims can identify the culprit, but among those who can, 50% point to a friend, family member or in-home employee, according to a study by Javelin Strategy and Research.

So, can you predict with any likelihood whether any of your friends or family members would take advantage of a holiday gathering to steal your identity? Yes. Those who’ve already suffered the pain of ID theft and family betrayal identified these attributes of their imposters in a survey by the Identity Theft Resource Center:

• 42% said the imposter was an alcoholic or addict
• 54% said the imposter had a criminal history
• 32% said the imposter had previously stolen identities of other family members

So, how can you protect yourself when a suspect family member will be part of a holiday family gathering?

• Keep only cash in your wallet. Lock credit cards away in a safe or locked file drawer. If you must carry a driver’s license, put it in your pocket.
• Keep mail, financial statement and checkbooks out of sight. The best place for them is in a safe or locked drawer.
• Make sure your computers are password protected and/or encrypted.
]]> http://www.id-theft-security.com/lifelock-blog/2009/12/family-id-theft-protection/feed/ 0 http://www.id-theft-security.com/lifelock-blog/2009/12/data-breach-hall-of-shame-2009/ http://www.id-theft-security.com/lifelock-blog/2009/12/data-breach-hall-of-shame-2009/#comments Thu, 17 Dec 2009 21:59:42 +0000 admin http://www.id-theft-security.com/lifelock-blog/?p=574 This is the time of year when all the Top 10, Best of, and Worst of lists come out. And just for the folks who worry about data breaches, information security, identity theft and institutional stupidity, ComputerWorld has rolled out their 2009 Data Breach Hall of Shame.

In no particular order–but each special in its own way–here are five of the data breaches ComputerWorld deems most egregious:

Transportation Security Administration (TSA), for posting highly guarded secrets of airport security and screening procedures on the Internet. Want information on how to sneak explosives onto a plane? It’s in there along with a lot of other terrorist and nutjob-friendly information.

Heartland Payment Systems, for the sheer magnitude of the breach. The latest estimate is that data from 130 million credit and debit cards was stolen; current US population is roughly 305 million, including children.

Health Net, for remaining hush-hush for six months about the loss of an hard drive holding names, addresses, Social Security numbers as well as financial and medical information on roughly 1.5 million patients.

U.S. GPO, because some illiterate nitwit misread the label on a document detailing hundreds of civilian nuclear sites. As a result what actually read as “Highly Confidential Safeguards Sensitive” was misinterpreted as “Post to Internet for All to See.”

RockYou Inc, for serving up 32.6 million unencrypted social networking (Facebook, etc.) passwords to a hacker this week. This one should definitely be filed under the heading of institutional stupidity.

]]> http://www.id-theft-security.com/lifelock-blog/2009/12/data-breach-hall-of-shame-2009/feed/ 0 http://www.id-theft-security.com/lifelock-blog/2009/12/notre-dame-data-breach-id-theft-risk-for-24000-employees/ http://www.id-theft-security.com/lifelock-blog/2009/12/notre-dame-data-breach-id-theft-risk-for-24000-employees/#comments Fri, 11 Dec 2009 20:04:42 +0000 admin http://www.id-theft-security.com/lifelock-blog/?p=569 A data breach is never a good thing, but when the data breach isn’t discovered for three years, and then those responsible wait two months before notifying those affected and at risk of ID theft … Well, 24,000 University of Notre Dame employees are confronting that situation.

Files containing the employees’ names, Social Security numbers, birth dates and zip codes were posted on the Internet on a publicly accessible university website from August 2006 until October of this year when they were discovered. Social Security numbers are the most valuable piece of personal information for ID theft, and when combined with names and birthdates, ID theft is easily perpetrated.

The files were removed after their discovery in October, but university officials waited until November 20 to notify employees affected by the data breach, including student workers and a “large number” of temporary and on-call employees.

Consumers whose information is compromised in a data breach have a one in five chance of becoming ID theft victims within the next 12 months, according to analysis by Javelin Strategy and Research, an independent financial services research firm. The study results were released on November 20, the same day Notre Dame mailed the data breach notification letters.

There isn’t any information pertaining to the data breach on the university website’s home page or the news and information department’s page. Nor are there any links for employees who would like additional information.

None of the information appears to have been used to commit ID theft, according to Dennis Brown, Notre Dame’s assistant vice president for news and information. After mailing the notification letter, the university decided to offer credit-monitoring services to the affected employees, according to Gordon Wishon, the university’s chief information officer and associate vice president of information technology.

He advised employees to order and review their credit reports for evidence of ID theft. “That’s something the university cannot do.”

]]> http://www.id-theft-security.com/lifelock-blog/2009/12/notre-dame-data-breach-id-theft-risk-for-24000-employees/feed/ 0 http://www.id-theft-security.com/lifelock-blog/2009/12/id-theft-risk-for-bluecross-blueshield-members-after-data-breach/ http://www.id-theft-security.com/lifelock-blog/2009/12/id-theft-risk-for-bluecross-blueshield-members-after-data-breach/#comments Fri, 04 Dec 2009 22:38:03 +0000 admin http://www.id-theft-security.com/lifelock-blog/?p=566 Members will be receiving mail from BlueCross BlueShield any day now, but it won’t be Christmas cards. Instead, they’ll be getting letters warning them that they are at a heightened risk from ID theft because their personal, financial and even medical information may be among the millions of records missing after 57 computer hard drives were stolen from a Chattanooga storage.

Members who called BlueCross BlueShield to discuss eligibility or coordination of care were likely recorded on the stolen hard drives. All members would have had names and benefits ID numbers on the recordings, and some would also have Social Security numbers, birth dates and possibly diagnoses or diagnostic codes.

The information was not encrypted, according to BlueCross BlueShield officials. Those whose Social Security numbers and birth dates were recorded are at the greatest risk of ID theft. BlueCross BlueShield has said they’ll offer free credit monitoring services to those members.

The insurance giant has back up data from the stolen hard drives, and is combing through that information, identifying which members have been affected and their level of ID theft risk. As the research proceeds, current and former members will be sent the letters with contact information call centers where they can gather more information and report any instances of ID theft.

The data breach was discovered October 5, and is thought to have taken place at rough 6 PM the previous Friday. Blue Cross has notified the Secretary of the Department of Health and Human Services and the State of Tennessee.

]]> http://www.id-theft-security.com/lifelock-blog/2009/12/id-theft-risk-for-bluecross-blueshield-members-after-data-breach/feed/ 0