Archive for data breach

Doctors, hospitals leery of federal rules

Posted in Identity Theft, Legal with tags , , , , on August 7, 2009 by truthwillrise


The Wichita Eagle

Physicians and hospitals are adopting procedures to prevent patient identity theft, even as they protest their inclusion in new federal “Red Flags Rules.”

The Federal Trade Commission announced the regulations in November 2007 but has delayed their implementation three times. The rules require many businesses to establish and implement identity theft prevention programs; many have done so.

Health care providers, through the American Medical Association and other groups, say they shouldn’t be included because they aren’t “creditors”; the FTC says many are because they aren’t paid in full at the time of service.

Last week, the FTC delayed the Aug. 1 implementation until Nov. 1. The AMA says it will continue to make its case to Congress.

The Wichita Clinic, with its 160 physicians, and the Medical Practice Association at the University of Kansas School of Medicine-Wichita, with its 50, are among those that were prepared to put programs into effect but are grateful for the latest delay.

“We can always use more time,” said Donna Johnson, director of medical affairs at the Wichita Clinic.

Lorene Valentine, executive director of the KU physicians’ group, said some policies are in place while others need a bit of tweaking.

The FTC rules are designed to help businesses from auto dealers to utility companies detect “red flags” that could indicate identity theft.

Not all health care providers are considered creditors under the regulations. But those that file insurance claims for patients, then bill the patients for the what insurance doesn’t pay, or those that set up payment plans for patients are creditors, the FTC says.

Medical identity theft can occur when someone uses someone else’s name or insurance information to get medical services or to create fictitious medical records.

For health providers, Johnson said, there’s a fine line between appearing impersonal and complying with the law.

At Wichita Clinic locations, new patients or those not recognized at check-in will be asked for photo identification and told why it’s needed.

But that won’t always be possible: “It’s one thing for a bank to say, we’re not going to process your loan,” Johnson said, and another for a health care provider to ask for a photo ID from someone who shows up with a broken arm.

As hospitals already do, the clinic will verify identity later in such cases.

The Wichita Clinic uses electronic records, so a driver’s license can’t be photocopied for a paper file, she said. And adding photo scanners or cameras everywhere would be prohibitively expensive.

The Medical Practice Association has the capability of having a photo added to its electronic records but “we haven’t actually implemented that yet,” Valentine said.

She said the KU clinics are implementing some of the other procedures suggested by the AMA.

“We need to tweak just a little bit on the policies and procedures,” she said.


For more information on how identity theft can impact you, please log on to or call 1-866-510-7907

Identity Theft Risk for National Guard Members

Posted in Business, Identity Theft, Legal with tags , , , , on August 7, 2009 by truthwillrise

By Ann-Elise Henzl
August 6, 2009 | WUWM | Milwaukee, WI

 Share / Email    Print

The theft of a laptop computer has endangered the personal information of more than 130,000 soldiers across the nation. In Wisconsin, 1,700 members of the National Guard are affected. 

The laptop was owned by an Army National Guard contractor. It contained names, Social Security numbers and other personal data. 

Maj. Jackie Guthrie says the Guard is informing affected soldiers, and urging them to take security measures. 

“That’s ensuring that you put fraud alerts out to your banks and report it to the credit card agencies, you’re more meticulous about watching your accounts, nothing different than any other individual would do if you lost your wallet,” Guthrie says. 

Guthrie says as far as she knows, no Guard members from Wisconsin have been the victims of identity theft, as a result of the stolen computer. 


If you think you may have been affected by this breach, or are concerned about Identity Theft, please log on to  or or you can call 1-866-510-7907 for more information on what you can do before you become a victim of identity theft.

Data breach hits Commonwealth Solar

Posted in Business, Economy, Identity Theft, Legal, News with tags , , , , on June 29, 2009 by truthwillrise

Boston Business Journal – by Jackie Noblett

About 810 residents who had applied for the Massachusetts Commonwealth Solar rebate program had their personal information posted on a government Web site for nearly an hour, according to a notice from the Massachusetts Technology Collaborative.

The quasi-public agency that administers the program said a file containing the names, addresses and Social Security numbers of customers and businesses was posted on the MTC’s Web site for 50 minutes June 25 before being taken down. The data breach affected most of the people who applied for the program. As of May 31, 846 residents had submitted applications.

A security consultant hired by the agency found that one user accessed the file during the incident.

“I sincerely apologize to our customers for this incident and any inconvenience or concern it may cause,” Massachusetts Technology Collaborative deputy executive director Philip Holahan said in a statement. “We are taking all possible steps to protect our customers’ information and ensure that such a breach does not happen again.”

The agency will provide free credit-monitoring services to those affected by the breach and will review its internal data security and encryption protocols. It has also informed the state attorney general’s office as well as the Office of Consumer Affairs and Business Regulation, per an executive order signed by Gov. Deval Patrick last year.

Launched in 2008, the Commonwealth Solar program provides rebates to individuals, businesses and communities that install solar photovoltaic systems on their property. It is the major financial driver behind a state goal to install 250 megawatts of solar in Massachusetts by 2017.


If you were affected by this latest data breach, know anyone who was, or just concerned about Identity Theft, please call Brandon King at 1-866-510-7907 or go to

Make sure red flags rules are on your radar screen

Posted in Economy, Identity Theft, Legal, Life Improvement, News with tags , , , , , , , on June 29, 2009 by truthwillrise

Fri, 2009-06-26 14:47 — Steve Grant

Red Flags

There’s so much to keep tabs on … increasing regulation, rapidly fluctuating market conditions, changing lender relationships and more. Properly managing it all can make you feel like an air traffic controller. Here is one more thing that you should be aware of: The “Red Flags” rules, which go into effect May 1. By this date, it’s important to have detailed policies and procedures in place to effectively detect, prevent and mitigate identity theft. These rules, which have been in the pipeline for more than a year, call for an alert, proactive attitude toward protecting customers, including mortgage customers. Although there aren’t any criminal penalties for not following these rules, violators could be subject to civil monetary penalties. So consider identity theft a big “blip” on your personal radar.

Understanding the rules, and committing to following them, is just the first step. There’s the practical matter of being able to catch everything and prevent incidents. The latest technology can help you stay on top of it all without breaking a sweat.

How the “Red Flags” rules came to be
Each year, despite the best efforts of financial institutions and law enforcement, identity thieves devise new ways to steal personal information. In 2007 alone, more than 250,000 identity theft complaints were received by the Federal Trade Commission (FTC), according to media reports.
Because of this ongoing concern, and the need for intensive action, a number of agencies including the FTC, bank regulatory agencies and the National Credit Union Administration created the Red Flags rules, as part of the Fair and Accurate Credit Transactions Act (FACTA) of 2003, technically Sections 114 and 315. Identification and detection of patterns, practices or specific activities that could be related to identity theft are required, along with guidelines on specific, continual responses.

Who needs to be aware of this? Professionals at any financial institution that hold a “transaction account” belonging to a customer. This can include local banks, savings and loans and credit unions. Importantly for mortgage brokers, it also includes creditors, and the so-called “covered accounts” include mortgages. Also in the mix are finance companies, utilities and telecommunications companies.

What to look for
So how can you prevent identity theft as instances occur? There are several key pieces of information to look for, including:

◄ Alerts, notifications or warnings from consumer reporting agencies that suspicious activity may have taken place. This can include anything from excessive inquiries for information to an unusually high number of financial transactions, both of which might indicate fraud.

◄ Suspicious documents or personal identifying information. This would include documents that appear to be forged or contain information inconsistent with other pieces of identification.

◄ Unusual or suspicious activity on an account—noticeably different from typical activity.

◄ Information that comes directly from customers, victims of identity theft or law enforcement authorities.

Ongoing awareness is key. Some fraud can be caught in person, but technology is a great partner. There are plenty of services that provide pieces of information that can serve as notice about potential identity theft. The challenge is gathering all the information in a meaningful and easy-to-use way.

For example, each of the three major credit bureaus—Equifax, Experian and TransUnion—offer fraud prevention services as part of their credit report services. They flag phone numbers and addresses considered high risk, and when application information is submitted that doesn’t match what is already on file from the customer.

The systems also reports if there have been excessive credit inquiries on a given Social Security number, and tracks the use of Social Security numbers for deceased individuals or numbers not yet issued. Luckily, there are providers that consolidate information from the three agencies into one report.

Here’s another resource: Alerts by the Office of Foreign Assets Control (OFAC) allow a professional to automatically check borrower records against the U.S. Treasury’s master list of Specially Designated Nationals and Blocked Persons, which contains thousands of individual names. These individuals may be more likely to commit fraud.

There’s assistance from the Internal Revenue Service (IRS) that can be helpful as well. For example, TRV (tax return verification) reports provide a streamlined method of verifying a borrower’s tax information by electronically comparing the income-related lines of the borrower’s tax return with the same lines on file at the IRS. This data can be obtained on any individual or business that has authorized the release of this information in connection with an application for credit. Any variations uncovered can be highlighted in an easily read report. TRVs offer further protection against fraud by verifying that the applicant’s information matches Social Security Administration files.

What you’ll need to do
Just like an air traffic controller needs to make the right decisions without panicking, so will you as a mortgage professional. It’s all about having a plan in place focused on prevention and reaction to incidents.

A big step is putting your program in writing, and in as much detail as possible. Not only must you say how you will work to prevent identity theft and mitigate it if it happens, you must be able to explain how you will update and execute on this plan for the future. You’ll need to think through how employees will be trained, and how this will be verified and continually improved upon.  Importantly, there needs to be buy-in from senior leaders within your company, since they are ultimately charged with overseeing the program.

Like a successful air traffic controller, a mortgage professional needs to rely on the right technology and expertise to keep everything moving smoothly. Taking a few important steps where identity theft protection and compliance with the Red Flags rules are concerned will keep your business under firm control.


If you are concerned about how the red flag rules may affect you and your business, please give Brandon King a call at 1-866-510-7907.

Security Breach Leaves 45,000 at Risk of Identity Theft

Posted in Business, Economy, Identity Theft, Legal, News with tags , , , , , on June 25, 2009 by truthwillrise

June 24, 2009 – 6:30pm
By Sun Staff

On Tuesday Cornell informed more than 45,000 current and former members of the University community that their sensitive personal information — including name and social security number — had been exposed when a University-owned laptop was stolen earlier this month.

The breach exposes many Cornellians to the possibility of identity theft, and the University said it will provide protective services to those affected, including free credit reporting, credit monitoring and identity theft restoration services to those affected by the breach.

A University employee, described as “a member of the Cornell technical staff” had access to a computer containing the sensitive data for the purposes of correcting file-processing transmission errors, according to the University.

The files on the computer containing the names and social security numbers were not encrypted and the laptop was left in a physically unsecure environment, which violates University policy, according to Simeon Moss ’73, director of Cornell University Press Relations.

Moss said that the data on the laptop contained “no other sensitive data elements” besides names and social security numbers and the University is “confident” that it has identified everyone whose data was on the computer.

The stolen computer stored the social security numbers of 22,546 students (10,597 of whom are alumni) and 22,731 faculty and staff members (of whom 4,284 are retirees or other separated employees), according to Moss.

New York State Police have launched an investigation to find the thief and locate the computer.

State Police Investigator Aaron Lewis told The Sun on Wednesday that there is a chance that the person who stole the laptop does not know that it contains such sensitive information.

“There is no indication that this is a sophisticated type of operation to steal people’s identities,” Lewis said. “It appears to be more of a crime of opportunity.”

Lewis said that investigators have interviewed people involved in the incident as well as the Cornell employee who had custody of the computer. Thus far, however, there are no further leads and the case remains open, he said.

The employee who had the computer is not a suspect in the investigation, Lewis added.

Cornell officials have only said that the employee violated University policy by leaving the laptop in a physically unsecured location, and characterized the person’s actions as “unintentional.” They have declined to comment on whether the person was still employed or has been the subject of any disciplinary action.

Lewis also cautioned that since the breach has been widely reported in the media, there is now a greater chance that someone will realize that the laptop contains the sensitive data.

“It’s obviously a Cornell computer and has a Cornell sticker,” Lewis said.

Laptop thefts on college campuses like Cornell occur somewhat frequently, he said, and most never get recovered.

Both Lewis and University officials declined to comment on when and from where the laptop was stolen.

“Cornell informed us within a few days that [the laptop] possibly has sensitive information on it,” Lewis said.

“It did take the university some time to make sure that they knew all the information that was on the computer,” Moss said.

Moss said that while Cornell Police would assist other law enforcement agencies, they are not involved in the investigation. The Ithaca Police Department said it was not involved in the case.

While officials said there has been no indication that the exposed data has been abused, the incident shines light on the broader issue of security and the vulnerability of private information in the digital age.

Last June, a computer at Cornell used for administrative purposes was hacked, and the University alerted 2,500 students and alumni that their personal information had potentially been stolen. In 2005, the University alerted over 900 individuals that their personal information was stored on a computer that had been inappropriately accessed.

Lewis said that those affected by the recent data breach should follow Cornell’s protocol. There is no need to call local or state authorities unless one’s information is stolen and used in an unauthorized way, he added.

Cornell said it will provide credit monitoring and identity theft restoration services through Kroll, Inc. at no charge to affected individuals. The University said it will provide those individuals with more information about how to access the services in a letter sent via U.S. mail.

Moss said on Wednesday that the cost to the University of providing these services was not available and likely unknown at this point.

“Given the importance that Cornell places on data security, this is truly an unfortunate situation,” Vice President for University Communications Tommy Bruce said in a statement on Wednesday. “We apologize to all those who have been affected, and we are dedicated to resolving this matter fully.”

If you are affected by this latest breach, think you may be, know someone who is, or just concerned about Identity Theft in general please log on to or call 1-866-510-7907 to get some help.

Czechs acknowledge data breach at EU-US Summit

Posted in Identity Theft, New World Order, News with tags , , on April 23, 2009 by truthwillrise

PRAGUE (AP) – The Czech government confirmed on Saturday that a computer file containing personal information about European Union

leaders was mishandled during the April 5 EU-U.S. summit in Prague.
The statement from the government, which currently holds the EU presidency, was reacting to a report earlier this week by the Finnish news agency STT. It said the private information was found by a Finn on a public computer in a Czech hotel after the summit.
The STT report said the information included passport numbers, flights, blood groups and allergies of some 200 EU-U.S. summit participants, including some prime ministers and presidents. But the report said the file did not include details about Americans attending the summit.

The Czech government said Saturday that unidentified details about the EU delegations were made available to the public «in a limited way» because of an «unintentional human error» but that the computer file had «no confidential information» and was removed from the computer where it was found.
The Czech statement called the STT report about the blunder «overstated,» but said steps will be taken to prevent such problems in the future.



White House helicopter data found on Iranian computer

Posted in General, News with tags , , on March 7, 2009 by truthwillrise
Mon, Mar 02 20:58 PM EST

By Andrea Shalal-Esa

WASHINGTON (Reuters) – Engineering documents about one of two types of helicopters in the U.S. presidential fleet were found on a computer in Iran after they were inadvertently disclosed by an American defense industry executive last year, according to a cybersecurity company.

The defense contractor and the U.S. government are investigating the incident, said Keith Tagliaferri, director of operations at Tiversa, a Pennsylvania-based company that monitors data breaches linked to peer-to-peer file sharing.

Tagliaferri declined to name the U.S. contractor or give any information about the identity of the Iranian computer where the file was found on February 25.

Pentagon spokesman Geoff Morrell said the government was notified about the data disclosure last summer and fully investigated it. He stressed the data was not classified and involved the VH-60 helicopter built by Sikorsky Aircraft Corp, a unit of United Technologies Corp.

The VH-60 is used to carry White House staff and guests, not the president. A larger Sikorsky helicopter, the V-3, is the model used for the president.

“The information should not have been released, but it did not involve any helicopters that transport the president,” Morrell said. The presidential helicopters are operated by the Marine Corps, a part of the Navy.

President Barack Obama has expressed grave concern about cybersecurity issues, and has ordered a 60-day review of computer security efforts across the federal government.

Tiversa said it notified the Bethesda, Maryland-based company responsible immediately after the data breach was discovered, and the company alerted the U.S. government.

Navy spokesman Lt. Clay Doss said an internal review conducted in June 2008 found that all the documents were marked either unclassified or “for official government use only,” but they were relatively dated and “not particularly sensitive.”

He said cost data in the documents, part of a cockpit upgrade for the current fleet of VH-60N helicopters, would have a minor impact on future contract awards. The documents did not include critical technical data and the risk of someone using the data to harm the helicopters was “very low,” he said.

The findings were provided to the Naval Criminal Investigative Service and the Defense Security Service for appropriate action, he said, declining comment to name the company involved or whether any charges were filed.

The data breach did not involve the new generation of presidential helicopter being developed by Lockheed Martin Corp, which is also based in Bethesda, Maryland. That VH-71 helicopter project, which is more than 50 percent over budget, was singled out by President Barack Obama last week as an example of the Pentagon’s procurement process “gone amok”.

Lockheed spokesman Troy Scully said the company was not responsible for the data breach.

Connecticut-based Sikorsky said it was investigating the incident and declined further comment. Doss said Sikorsky was not the source of the data breach.

Tagliaferri said the employee was a high-level executive, but the breach took place outside the company’s offices, indicating the executive may have had the helicopter data on a home or personal computer that was also used to share music or movies. The disclosure was likely unintentional, he said.

The file was found on an Iranian computer on February 25.

He said the U.S. defense contractor was not a Tiversa customer, which meant his company had not noticed the data breach until some time after it occurred.

Tiversa downloads more than 100,000 files a day that are inadvertently disclosed through peer-to-peer music and movie sharing software, which give users around the world direct access to another person’s computer. The files can include Social Security numbers, payroll data, tax returns and many other sensitive documents, Tagliaferri said.

“This is like a stolen laptop times a million,” Tagliaferri said. Data breaches through file-sharing networks are becoming more common as more people share electronic versions of movies and music, he said, and hackers and criminals are becoming more savvy in pinpointing such files.