June 23, 2005

An investigation by the UK newspaper The Sun has revealed that call center workers in India have been regularly selling bank customer account information to criminals engaged in ID theft. Companies engaged in offshore outsourcing of their customer support and IT infrastructure functions are now seeing the true cost of their outsourcing initiatives.

June 18, 2005

According to news sources, a hacker infiltrated the computers of CardSystems Solutions Inc., a third-party payment processor, and may have stolen up to 40 million credit card numbers. However, personal information such as Social Security Numbers and birthdays, was not included in the stolen data. The main risk from this incident is unauthorized charges, and not identity theft.

June 7, 2005

Citigroup has said that it lost a computer tape containing the personal information, including social security numbers, of 3.9 million customers of its CitiFinancial subsidiary. According to company representatives, the tape went missing as it was transported by UPS to a credit bureau. As in previous incidents involving companies like Bank of America, the data on the tape was not encrypted. You would think that these people would learn by now.

May 15, 2005

Microsoft is getting ready to release a beta of its Windows OneCare service, which combines firewall, anti-spyware, anti-virus, backup and restore, file repair, hard drive clean up, defragmentation, and PC tune-up features. The consumer service will compete with a number of security and utility vendors like Symantec. It is yet unclear if customers will trust Microsoft to perform these tasks, since the company is responsible for many of the security holes in Windows that caused these problems in the first place.

May 8, 2005

Wired.com has taken a look at ZabaSearch and interviewed their top executives. ZabaSearch is a new free search engine that lets you locate people and get information about them. The service uses public records as sources and provides certain details about people that make many very nervous. Using ZabaSearch.com as well as other free people search engines like Zoominfo.com, Preople.com, Ziggs.com, and Jigsaw.com, it's possible to freely and easily obtain a stunning amount of information about a person. Privacy advocates have yet to significantly weigh in on this issue.

May 4, 2005

We all knew that Microsoft Word documents can contain information that was edited out, but it now appears that Adobe PDF documents have a similar problem. The recent situation with a document about the U.S. investigation into the death of an Italian citizen in Iraq shows just how easily sensitive information can show up in PDF files.

May 3, 2005

According to a report issued by security software maker Webroot, 88% of home PCs and 87% of corporate PCs have at least one piece of spyware. The report also estimates that pop-up spyware generates up to $2 billion in advertising revenue for their distributors.

May 3, 2005

Time Warner has said that it lost data tapes containing personal information (including Social Security numbers) on 600,000 current and former employees plus their dependents and beneficiaries, as well as contractors. The tapes went missing while being transported to a third-party storage facility. According to the N.Y. Times, the 40 tapes were in a container the size of a cooler, and the company does not rule out foul play. Although similar tape losses have occured recently at Bank of America and Ameritrade, the Time Warner situation is the biggest by far. Time Warner is notifying affected individuals and asking them to monitor their credit reports for possible identity theft.

April 30, 2005

It turns out that most large corporations, including major financial institutions, do not encrypt data stored on backup tapes sent to third parties for storage. Tapes containing sensitive customer information have already been lost or stolen from companies like Ameritrade and Bank of America. These tapes make an extremely tempting target for criminal networks of identity thieves. In many cases, these tapes are handled by low paid workers at companies operating off-site storage facilities. An article at SecurityFocus looks at this problem in depth.

April 27, 2005

A number of services for faking Caller ID information have sprung up over the past few months. These services allow your phone call to appear to be coming from any number you desire. Because many large companies use Caller ID information for authentication and routing calls, these new Caller ID spoofing services are seen as a big problem. Many credit card companies use Caller ID to allow instant activation of newly issued cards and many voice mail systems allow instant access based on Caller ID information. In addition, criminals are starting to use these services to make their bogus phone calls look like they are coming from legitimate and trustworthy companies. Criminals can even use such services to call large companies and make their calls appear to be coming from within these companies themselves. Companies providing Caller ID spoofing services include Star38, PI Phone, US Tracers, Telespoof, Spooftel, Camophone, and Covert Call.

April 23, 2005

The World Privacy Forum is warning job seekers about posting their personal information and résumés on Internet job sites. Criminals are using this type of information to commit identity theft and other types of financial fraud. According to the privacy group, over the past year more than a dozen Americans have been accused of felonies because their identities were used by online criminals. Pam Dixon, the executive director of the World Privacy Forum states: "If you post your résumé publicly you are asking for identity fraud. If you have a fantastic résumé, that puts you at a high risk, because your identity will get nabbed, and they will use your information to set up a new account in your name and do criminal acts and it will look like you participated in that scheme."

April 20, 2005

Online investment brokerage Ameritrade has started informing more than 200,000 clients that their information may have fallen into the wrong hands due to the loss of a backup tape. As a precaution against possible identity theft, the company is offering free credit reports and one free year of credit protection and monitoring services to affected customers.

April 20, 2005

Personal Wi-Fi security is once again in the news, and two articles about it have just been published. In the first, Fortune magazine writer David Kirkpatrick is shocked to discover someone browsing through personal files on his Wi-Fi enabled home network. In an article at Win DevCenter, author Preston Gralla shows you how to make sure your Wi-Fi network is secure from snoops and hackers.

April 20, 2005

Before you sell, donate, or throw out that old PC, make sure you securely erase the hard drive. With identity theft on the rise, your PC is a treasure trove of personal information about you, containing tax records, personal finance information, and more. Simply reformatting a hard drive is not enough, because your files can be easily recovered. An article over at CNET shows you what software options are available for those who want to make sure their hard drive is wiped securely.

April 19, 2005

Informit.com has a really great article about protecting yourself from identity theft. Here are some tips from the article: clean up your wallet and remove your social security card as well as any credit cards you don't need, protect your mailbox with a lock, keep only a minimum amount in your checking account, do not use the same PIN or password for different accounts, photocopy the front and back of all your credit cards and keep the photocopy in a safe place, be extremely careful about who you give your social security number to, have yourself removed from pre-approved credit card solicitations, sign up for the national do-not-call registry, check your credit report from all three bureaus at least once a year, and make sure your annual Social Security statement contains correct contribution amounts.

April 19, 2005

DSW Shoe Warehouse has reported that 1.4 million credit card and 96,000 check transactions were stolen from their computers. The company has notified Visa, MasterCard, Discover and American Express, who will all likely issue new cards to affected cardholders.

April 18, 2005

Symantec has made available a free beta version of their consumer firewall, anti-virus, and now anti-spyware software package. The final version of Norton Internet Security 2005 AntiSpyware Edition will ship in June.

April 17, 2005

If you're worried about losing your laptop or a USB memory stick containing sensitive data, one way to protect yourself is by using an EncFS encrypted filesystem under Linux. EncFS encrypts all data written to the filesystem and decrypts it on the fly when you need it. It also runs in userspace and does not require kernel changes or driver support. This article from LinuxDevCenter shows you how to start using EncFS to protect sensitive information on your Linux PC.

April 16, 2005

SecurityFocus has an excellent article looking at spyware keyloggers, malicious software that captures keystrokes and steals personal information. With identity theft growing out of control, and more people getting wise to simple phishing attacks, keyloggers are becoming the tool of choice for the bad guys. Find out how they work, how to detect them, and how to remove them. In addition, see what strategies are available for preventing keystroke capture entirely.

April 15, 2005

More than 226,000 alumni of Tufts University and Boston College have been warned that computer break-ins at a third-party alumni fund-raising firm have exposed their personal information. The personal information exposed includes names, addresses, social security numbers, and credit card numbers, all of which can be used for identity theft. Similar recent break-ins have occured at California State University, the University of California at Berkeley, Northwestern University, ChoicePoint, and LexisNexis.