Tag Archives: identity theft


Workers in state wait to see if personal data was taken

Arizona has more than 55,000 federal employees who could find out as early as Monday if they are among the 4 million federal workers and retirees whose personal information may have been compromised in a cyberattack.

The Office of Personnel Management announced late Thursday that it had detected, in April, a breach of worker records earlier this year.

The agency said it hopes to begin letting individual workers know Monday if they were affected. In the meantime, it is encouraging all federal workers to take precautionary measures.

OPM is also “offering affected individuals credit monitoring services and identity theft insurance,” an agency statement said.

The agency said it is currently working with the FBI and Department of Homeland Security’s U.S. Computer Emergency Readiness Team to address the issue and “the impact to federal personnel.”

It was unclear Friday how many workers or retirees in Arizona were affected, but labor unions and elected officials said the breach was another call for the need for government cybersecurity.

Sen. John McCain, R-Arizona, called on the administration to find “ways to deter our enemies from attacking in the first place.” McCain, the chairman of the Senate Armed Services Committee, said in a prepared statement that up to 1 million military members could be among the 4 million potential victims.

Unions representing federal workers, meanwhile, were scrambling to help their members, after what could be the largest federal data breach in recent history. One of those was the American Federation of Government Employees, which claims to be the largest federal employee union with 700,000 members.

“We will work with the administration to ensure that all available measures be taken to secure the personal information of all affected employees,” AFGE National President J. David Cox Sr. said in a statement posted to the union’s website.

News reports indicated that state-sponsored Chinese hackers committed the cyberattack that targeted what OPM called “personal information of current and former federal employees.”

But OPM did not make the link to the Chinese, and White House spokesman Josh Earnest would only say Friday that the incident is still under investigation, according to a transcript of the daily press briefing.

News reports also said the breach occurred in December, but OPM would only say in its statement that it became aware of this cyberattack during a recent “update to its cybersecurity posture” this spring.

Although identity theft and loss of personal information can take many different forms, there are standard procedures that are recommended for anyone who finds themselves in such a situation.

The first step to take, according to Courtney Bennett, a program manager in the community outreach and education division for the Arizona Attorney General’s office, is to file an identity theft affidavit with the Federal Trade Commission.

Bennett also recommends notifying merchants of any unauthorized charges on your account, as well as contacting credit reporting agencies.

She said one step that is commonly overlooked – calling the police – can be one of the most important. But people may hesitate, since they don’t think of credit theft in the same way as theft of property.

“There is theft of your personal information,” she said. “So it’s important they contact local law enforcement and file a police report.”

McCain said everyone needs to be vigilant.

“Whether a government agency or private company, no one is immune from attacks by increasingly sophisticated enemies,” his statement said.


Holiday shopping identity theft prevention tips

With the holidays quickly approaching, consumers across the country look to the internet and their favorite stores to pick up the hottest gift items. Investment professional Megan E. Koopman provides guidance on how to safeguard your finances during the peak season of identity theft.

“The threat of credit card fraud looms heavily at this time of year,” said Koopman, CFP® at MK Financial Solutions. “Whether you are protecting yourself from credit card information being stolen online or having it lifted in the large shopping crowds, a number of measures can be taken to ensure your monetary safety in these closing months of the year.”

Koopman provides a few safe practices to deter those from taking advantage of your good credit. She says that if you choose to shop with a debit card to keep your holiday budget under control, opt to sign for a debited purchase whenever possible rather than providing your PIN number. This prevents many identity thieves from discovering your PIN number from a store’s keypad. Koopman goes on to emphasize that should you choose to put your purchases on a credit card, utilize your credit card company’s safety features by frequently checking on the status of your card to ensure you have not fallen victim to fraudulent charges. Some credit card companies also offer alert services that will notify you through your mobile phone or email if any suspicious activity presents itself on your account.

“It’s important to look beyond your immediate shopping surroundings by destroying all risks of future fraud,” adds Koopman. “Be sure to fully destroy mail from your credit card company or bank, receipts and invoices using a shredder. Removing a paper trail to your account information can decrease your chances of having your identity and credit information stolen.”


Survey: Cybersecurity Tops List of Concerns

Security related topics are often front and center in the 24-hour news cycle, but what concerns Americans the most? According to a new national survey from University of Phoenix® College of Criminal Justice and Security, identity theft (70 percent) and personal cybersecurity (61 percent) are the security issues of greatest concern. These fears may be grounded in experience as nearly two-in-five (39 percent) have suffered a personal security breach, such as identity theft, unauthorized use of credit card information or email/social media account hacking.

Other security concerns include: terrorism (55 percent), national security (54 percent), personal safety (49 percent), neighborhood crime (47 percent), property theft (44 percent) and natural disasters (44 percent). Despite recent high profile incidents, only 18 percent of working adults are concerned about workplace violence. More working adults (31 percent) are concerned about organizational security issues such as corporate cybersecurity, network security, fraud and corporate espionage.

The recent online survey of more than 2,000 Americans was conducted on behalf of University of Phoenix by Harris Poll in August 2014.

The survey also examines shifts in security concerns. Only 12 percent of Americans feel generally more secure than they did five years ago, while 41 percent feel equally secure and nearly half (47 percent) feel less secure. At least half of Americans are more concerned about personal cybersecurity (61 percent), identity theft (60 percent) and national security (50 percent) than they were five years ago.

“Security issues affect every American in some way, both personally and professionally,” said James “Spider” Marks, recently appointed executive dean of University of Phoenix College of Criminal Justice and Security. “All industries and most businesses have to dedicate resources to identify and address security threats, creating significant job growth in the sector and demand for training.”

Marks, a retired major general with more than 30 years of service in the United States Army, has held numerous leadership and consulting roles in the private sector, including entrepreneurial efforts in education, energy and primary research. Previously, Marks was president and CEO of Global Linguist Solutions, a private company that provided linguistics services to the U.S. military. In his current role with the University, Marks is responsible for the management of the College of Criminal Justice and Security, overseeing the College’s academic standards and the development of programs and curriculum.

Employee Theft

Identity Thieves Targeting the Deceased: Plan Now

Identity theft is always a difficult and frustrating situation and could take many years to repair the damage done to one’s credit. However, today millions of Americans are being haunted with an even more disturbing situation: learning that a criminal is using the identity of a deceased loved one to apply for credit.

An ID Analytics study determined 2.5 million deceased Americans identities are stolen each year. Targeting the deceased is appealing to identity thieves because it can take up to six months for death records to be registered, giving thieves ample time to rack up charges. Thieves scour through obituaries to obtain the victim’s name, age and birthdate. They are then able to locate the Social Security Number through the Social Security Administration’s list of deceased Americans known as the “Death Master File.”

This could turn out to be quite a headache for surviving family members as they are left to manage the estates of their deceased loved ones. Luckily, a simple yet effective estate plan can safeguard you or your family members if identity theft after death does indeed occur.

For example, storing all important account information within your estate plan and designating a financial power of attorney to monitor your information after death will help reduce the risk of identity theft. It is also crucial to notify the proper Government agencies of one’s death right away which helps limit opportunities for identity theft occurring.

“Be proactive- plan your estate and have everything organized for your family before death so that your loved ones know exactly what needs to happen when you are gone”, said Jaburg Wilk Estate Planning attorney Michelle Lauer.” “An estate planning attorney can assist you in creating a highly effective estate plan which can reduce not only the risk of identity theft but also the hardships for your family”.


LifeLock Presents Free Identity Theft Summit

LifeLock, Inc., an industry leader in proactive identity theft protection, and the FBI Law Enforcement Executive Development Association (FBI-LEEDA) will provide a free, one-day identity theft summit for local law enforcement officials in Virginia. The award-winning educational summit will be hosted by the Piedmont Regional Crime Prevention Association on January 23.

“LifeLock’s longstanding partnership with the FBI Law Enforcement Executive Development Association provides attendees an in-depth, behind the scenes look at the crime. These summits demonstrate the scope of the crime and provide law enforcement with proven investigative techniques,” said Todd Davis, LifeLock Chairman and CEO.

Attendees of the summit will be presented with in-depth instruction on the technological resources available to assist in identity theft investigations, as well as hands-on learning with tools used by today’s identity thieves, including the use and demonstration of trending technologies and tampering devices.

“Identity theft can often be thought of as a credit card compromise. However, the actual scale of this crime is much larger than that. Criminals can use personal information to commit medical identity theft, IRS tax fraud, employment fraud, criminal identity theft and much more,” said Davis.

The summit is open to chiefs, sheriffs, investigative supervisors, fraud unit investigators, patrol officers and community policing personnel. The training features keynote speaker, Justin Feffer, a 24-year law enforcement veteran.

Federal Rule Aimed At Stopping Identity Theft - AZ Business Magazine June 2010

Businesses Need To Prepare For A New Federal Rule Aimed At Stopping Identity Theft

Starting this month, the Federal Trade Commission (FTC) will begin enforcing a new law, the Red Flags Rule, to combat identity theft. It regulates most businesses that sell goods or services without a contemporaneous payment. It requires businesses to adopt written policies identifying and addressing red flags of identity theft patterns, practices or specific activities that indicate the possible existence of identity theft.

Since other laws already require businesses to safeguard personal information, the rule’s purpose is to prevent identity theft after personal information is misappropriated. Because the rule potentially applies to a universe of businesses, every business will need to understand the rule, determine whether it applies and comply, if necessary.

The rule requires any creditor maintaining covered accounts to “develop and implement a written Identity Theft Prevention Program that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account.” A creditor’s administration of its program involves proper program adoption and effective enforcement, training and supervision.

The rule broadly defines a creditor as “any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.” It defines credit as “the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefore.”

Basically, anyone who sells property or services without a contemporaneous payment could be a creditor. Virtually every business, aside from pure point-of-sale retailers, falls within this definition. The definition appears to exclude retailers who merely accept as payment credit extended, renewed or continued by third parties, for example, businesses allowing payment with third-party credit cards.

However, the rule’s definitions of account and covered account clarify this point. An account is “a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. Account includes: (i) An extension of credit, such as the purchase of property or services involving a deferred payment; and (ii) A deposit account.”

A covered account is one the creditor offers or maintains that is itself a “continuing relationship” between the customer/debtor and the creditor allowing purchases paid for in installments and over time. This definition includes: (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, and (2) any other account for which there is a reasonably foreseeable identity theft risk to customers or to the creditor.

Once a creditor determines that it falls within the rule’s broad scope, the program components are straightforward — identify, detect, respond and update. Identifying requires the creditor to identify relevant red flags for the accounts that the financial institution or creditor offers or maintains, and incorporate those red flags into its program. Thus, while many different businesses must comply, the rule states the program be appropriate to the size and complexity of the financial institution or creditor, and the nature and scope of its activities.

Creditors should consider several risk factors and several sources for appropriate red flags to identify. The risk factors include: (1) the types of covered accounts the creditor offers or maintains, (2) the methods the creditor provides to open its covered accounts, (3) the methods the creditor provides to access its covered accounts, and (4) the creditor’s previous experiences with identity theft. Recommended sources for red flags include: incidents of identity theft that the creditor experienced, methods of identity theft the creditor identified that reflect changes in identity theft risks, and applicable supervisory guidance.

Detection requires a creditor to establish policies and procedures to detect red flags that have been incorporated into the program. The FTC encourages adopting policies that require verifying identities, authenticating customers, monitoring transactions and verifying address changes when dealing with covered accounts.

The response requires the creditor to respond appropriately to any red flags that are detected in order to prevent and mitigate identity theft. The FTC suggests creditors consider adopting measures appropriate to their unique risks and aggravating factors, such as monitoring accounts, contacting customers, changing passwords, closing accounts, not opening new accounts and notifying law enforcement.

Updating requires the creditor to ensure the program be updated periodically to reflect changes in risks to customers, and to the safety and soundness of the financial institution or creditor from identity theft. The FTC suggests periodic program review and update to determine changes internal to the creditor and with evolving methods of identity theft and handling.

According to the FTC, there is no private right of action under the rule. However, consumers can file a complaint with the FTC about a company’s program, and the FTC intends to use such complaints to target its law enforcement efforts. Only certain agencies have jurisdiction to enforce the rule, but they have a variety of options at their disposal to ensure compliance, including penalties of up to $3,500 per violation, and injunctions.

Businesses should evaluate the rule’s applicability and, if necessary, implement a compliant program to avoid sanctions. At a bare minimum, the rule requires any creditor to periodically review its operations to assess whether the rule applies to it. Indeed, the FTC suggests that even low-risk businesses should adopt a minimal program. The FTC has published “Fighting Fraud With The Red Flags Rule: A How-To Guide For Business” to help companies interpret and apply the rule. The guide is available at www.ftc.gov/redflagsrule.

Arizona Business Magazine June 2010