Dale Penn

With the holiday season upon us and the election season behind us, the average consumer may have their attention diverted away from personal privacy issues.

President-elect Barack Obama and Alaska Gov. Sarah Palin were concentrating on the election, while high tech thieves smelled an opportunity to violate the candidates’ privacy with reckless abandon. These fraudsters were phone company insiders and random email hackers, not mobsters from an Eastern European crime family.

Here is an excerpt from a story posted on fiercewireless.com:

“Verizon Wireless has fired the employees who accessed President-elect Barack Obama’s personal cell phone account without authorization.

A report on CNN.com quoted an unnamed Verizon source, who would not disclose how many people were fired but said, “we now consider this matter closed.” Apparently the employees were involved in customer service and were not authorized to look at an account unless a customer requested it.

The source also said that records of no other well-known customers had been breached. The phone that was accessed was a flip phone that had been inactive for months, and was not a Blackberry or other smartphone from which email could have been sent or data services could have been accessed.”

In Palin’s case, a 20-year-old student at the University of Tennessee has been indicted for breaking into one of Palin’s accounts and posting the information on a public website.

Here’s the point. We are all vulnerable to attack even if we are careful to do everything right in the privacy arena. Recovering from the emotional roller-coaster and sense of violation after being victimized can be both traumatic and lengthy. In extreme cases, you could even be facing a run-in with the law.

Prepare to remain steadfast this holiday season. If you are a member of AAA, you can unwrap an early Christmas present from them just by visiting their website and reading about their “free”, yes FREE credit monitoring and alerts for members only.

As major banks, insurance companies and investment firms fall victim to the current tsunami of financial storms, your privacy may suffer. When firms change hands, downsize their payrolls and transfer massive amounts of data, proprietary information is left exposed and privacy erodes.

At the end of September, the Dow Jones Industrial Average took the single biggest dive in history, dipping 777 points. In the wake of the impending reorganization of American business, your credit card balances, your mortgage, your savings accounts and your credit history will probably be reshuffled and reinserted into the database of the account’s new overseer.

After days of marathon negotiations, the bailout measure initially went down to defeat in the Congress by a vote of 228 to 205. After the Senate and the House gave final approval for a modified version of the $700 billion rescue plan, President Bush signed it into law on October 3rd, 2008.

Although the free markets globally are facing their toughest challenge ever, those markets do work. The problem is that they are controlled by human beings who are subject to behavior that is sometimes irrational, emotional and irresponsible.

Because of the irresponsible and sometimes deliberate misdeeds of the guardians of the financial gate, it is still your responsibility to to guard your personal information the best way you know how.

If you do not have a personal identity theft risk prevention, detection and mitigation plan in place, what are you waiting for? Visit the Privacy Rights Clearinghouse for great tips on how to protect yourself.

Many of you who have kids may have wondered if your little crumb snatchers are vulnerable to identity theft. If that thought has ever crossed your mind, you are not alone.

My first clue that our own kids were potential victims, surfaced when unsolicited mail began showing up in the mailbox. Credit card offers with the names of pre-teens and teenagers are not uncommon.

If you have not opted-out of junk mail, you are probably still seeing offers from predatory lenders arrive pretty frequently. “Don’t they know that little Bobby has no job or income?”

Each year, experts estimate that more than 3 million people discover that a new credit account has been opened up in their name. Your child’s vital data has value in the dark world of identity thieves.

Many fraudsters troll in these waters and they know that their crimes could possibly go undetected simply because of the age of the victim. Targeting victims who are unaware of their exposure makes the chance of detection slimmer than usual.

Not only do young victims remain in the dark, but their parents may not uncover the damage for many years. When the young person tries to get a driver’s license or applies for a credit card, they discover a crime that could be years old with no way to fight back.

Here are 6 steps parents should take for the protection of their child’s identity.

1. Never disclose your child’s social security number unless it is mandatory- such as school records, income tax returns or medical emergencies.
2. Keep copies of birth certificates under lock and key and share them only when the information is mandatory.
3. Don’t be intimidated or afraid to ask anyone who requests a personal document WHY that specific information is needed. Also ask WHAT steps they take to safeguard the information.
4. Don’t let a child or adolescent carry a copy of his or her Social Security card in their purse or wallet.
5. Watch the mail for credit offers or other personalized mail to your child. These early warning signs can signal danger ahead or possibly danger in progress.
6. Opt out of junk mail for you and your kids. There are companies that will allow you to get your children’s name off of the direct marketers lists along with your own. Check out greendimes.com for a great example of this type of service.

You can also request a free credit report from each of the major credit reporting agencies once a year for your child. If the child is under age 13, the request must be in writing.

For more information go to annualcreditreport.com, a website operated by the three credit reporting agencies. While there, you can request a free copy of your own report.

Finally, remember that privacy leakage occurs often on the web and especially at social networking sites like MySpace and Facebook. These companies do what they can to help monitor activity on their sites, but ultimately your child’s identity safety practices are your responsibility.

I appreciate the value of my intact identity profile…don’t you?

It has been too long since my last post. The past month has been a whirlwind for me as a result of my vacation to China.

As anyone who travels regularly will tell you, keeping tabs on your identity is a both a necessary evil and a blessing beyond belief when traveling abroad. Venturing off to China during the Olympics is certainly a test of all the safeguards that are supposed to be in place to make sure that you are really the real you when you travel.

Passing through customs, immigration and the tightest security I have ever witnessed gave me both a sense of awe and gratitude. Chinese security officials had their hands full and the world witnessed one of the most spectacular displays of pomp, ceremony and athletic achievement ever organized.

At the same time, security was at an all time high for good reason. The eyes of the world were fixed on Beijing and our hosts wanted the occasion to shine. I think we all agree …..it did.

The 12 hour flight from the West Coast gave me a chance to catch up on some of the latest and greatest scams we are facing here at home. One that caught my eye in particular was the number of credit card skimming cases which the Secret Service is investigating around the country.

In my seminars, I magically produce and vanish a card “reader” which could be called a “skimming device” if it fell into the wrong hands. The problem is that we are so used to seeing them, that we don’t even think about sliding our credit and debit cards into a device at an ATM, bank or retail location.

The challenge is that these high tech and deceptive skimmers don’t prevent the machine we are accessing from working and can be painted to match the color of any legitimate machine. According to USA Today, there are major investigations going on right now in California, Delaware, Nevada, Pennsylvania and Washington.

In Washington state alone, the number of recent victims could total as high as 250 people with losses totaling $500,000. The combined total of the cases totals between $1 million to $3.5 million stolen from victims.

The obvious first step for self protection is awareness and a keen eye for anything that may look suspicious. Thieves quite often place a small camera on or near the pump or ATM which records pin numbers as you key them in.

Diligent, constant awareness of irregularities and unauthorized activity on your accounts is your personal responsibility. The good news for American consumers is that reporting fraudulent or suspicious activity generally stops or reverses damage done with credit cards and most debit cards bearing the Mastercard or Visa logos. Irregularities must be reported in a “timely fashion” which generally means 60 days or less from discovery of the event.

Yes, old fashioned skimming is alive and well and being dispensed at an ATM or gas pump near you.

Part 3 of 3

A Prescription to Prevent Prying Eyes

Your doctor’s office, clinic or hospital are clearly in the bulls-eye when it comes to being targeted by predatory identity thieves. Insurance company records are under attack as well. Many of the bad guys are on the outside trying to get in to databases and files, but unfortunately many culprits are on the inside and can’t resist the temptation to pry or steal.

Sadly, the market demand for our most private health-related information is quite high and therefore tempting for those inclined to take advantage of their to access to our most private health matters.

Privacy experts, attorneys and fraud investigators have their hands full battling fraud and theft on these fronts. As I mentioned a couple of posts ago, the FTC reported in a recent survey that 3 percent of U.S. identity crime victims (250,000 people) had some form of their personal information used to obtain either medical services or false insurance claims payments.

If your company is in the habit of searching for the best value in medical benefits for employees, there is a good chance that they will make a switch to a new provider for “better benefits”. While that could be good for the company’s bottom line, your medical history has now been replicated in a new place and “abandoned” in another. These realities of the health care landscape make vigilance a necessity.

The Washington Post reported earlier this month about a peer to peer data breach that involved the medical records of at least 1000 patients at Walter Reed Army Medical Center. In many cases, breaches are caused by the careless downloading of file sharing or peer to peer (P2P) software by careless employees at work.

Leading the way again, California passed legislation this year requiring notification when consumers’ medical information is “improperly accessed”. Only Arkansas has passed similar legislation and the topic is now being debated in Congress.

Here are 10 ways you can protect your medical history, your records and your health.

• Limit your authorization for release of medical records to anyone unless it is an absolute necessity.
• Inspect all your insurance statements for accuracy and the absence of any discrepancies.
• Put your shredder (cross cut) to work on any health or medical documents that you may discard.
• Ask for and inspect your medical records or statements for any benefits which may have been paid for under your name, but not received.
• Monitor your credit report for any collection notices filed by medical providers.
• While not always easy, make a serious attempt to correct any inaccuracies in your medical records.
• File a police report if your information is stolen.
• Read and digest the privacy statements of all your medical providers and request copies for your records.
• Remember that your medical records are just as vulnerable as other sensitive documents. Keep them out of reach and out of sight.
• According to the Identity Theft Resource Center, if you are a Medicare patient, you should make a photocopy of your Medicare card and carry a wallet sized version with only the last 4 digits of your Social Security number showing. The original should be locked away. The name and contact information of a trusted person should be included in your wallet. This medical contact person should have on hand the following information: the last 4 numbers of your SSN, your pertinent medical history, the name of your doctors and a list of all your medications. This tip could be a lifesaver.

Part II in a series

It would not be an exaggeration to say that medical identity theft could possibly kill you.

Research indicates that there may have been as many as 500,000 medical id thefts in just the last two years. Much of recent medical id theft has gone on undetected, which presents the real threat. We don’t even know we are victims…..yet.

Because this violation of our medical privacy can go on for years until it is discovered, the threat looms even larger for those who rarely seek medical services or advice. Sadly, these medical privacy breaches are not much of a priority for most health-care providers.

According to a recent Price Waterhouse Coopers report, the situation is not only dire in the United States, but around the world. Studies indicate that less than 50 percent of medical facilities even bother to encrypt your health data before transmitting or storing it electronically.

The opportunities for caregivers to misdiagnose a patient’s condition are drastically increased due to potentially false or inaccurate medical information being stored and shared in databases worldwide.

The recent disclosure that the medical files of George Clooney, Britney Spears and Maria Shriver were recently “snooped on” by curious hospital workers is a case in point. Just as most companies strive to prevent attacks and hacks from insiders, health-care providers are just waking up to the same stark reality.

We have become victims of not just the criminals, but victims of the curious. Marc Rotenberg, director of The Electronic Privacy Information Center agrees. “Now we’re moving into an era where many of those same problems occur with medical records.”

Next post, we’ll look at specific recommendations to help make and keep you a smaller medical identity theft target.

Part I:

What you can’t detect, anticipate, control or prevent could kill you.

There is a dark world far beyond the gates of mere identity theft. This region lies beyond the boundaries of credit card fraud, phishing and pharming scams or corporate data breaches.

The victims who inhabit this world are reportedly growing in number. The Federal Trade Commission (FTC) recently reported that as many as 250,000 Americans may be engulfed in medical identity theft each year.

The current economic climate fans the flames of temptation for perpetrators who include health care workers, those with access to medical and insurance records and regular Janes and Joes who are personally struggling with the economic reality of “too much month left over at the end of the money.”

Its not just the career criminals who are taking advantage of the health data that falls into their hands, but desperate and otherwise harmless opportunists who can’t resist the temptation to latch on to someone else’s medical history.

Consumers drowning in debt, may find the lure of this type of theft too great to resist according to Chris Dorn, a fraud expert with Ingenix, a health care investigations firm in Eden Prairie, Minnesota. Dorn says “Anytime you have 47 million Americans without adequate health care coverage, you will have people out there willing to steal it.”

The life threatening nature of this type of fraud and theft are apparent. Imagine that someone else’s medical problems were suddenly thrust into your medical records without your knowledge. This could change the way you are treated in a hospital or emergency room, change your blood type and allergy records or litter your personal medical files with maladies that could affect your ability to travel or to obtain certain types of insurance.

Next post, I’ll take a closer look at this growing problem and examine what the experts are commonly referring to as the age of “medical exploitation.”

Consumers may have finally scored big time!

Credit reporting agency TransUnion has agreed ( as part of a pending class action settlement) to provide free credit reports and credit monitoring to anyone who had a credit card, loan or credit account between January 1998 and May 28, 2008.

In case you’re counting, that amounts to over 160 million Americans who would qualify for free credit monitoring. Under the settlement, the free monitoring would be good for between 6 and 9 months.

After a 10 year legal battle in which TransUnion was accused of selling private consumer data, it seems that anyone with a loan during the last 10 years will get this neat gift by simply applying for it.

The data in question was sold to marketers like retail and financial institutions, who then analyzed it and sent out unsolicited offers (a.k.a. junk mail) to consumers like you and me.

In addition to the free credit report available now from the big 3 bureaus, consumers will also get free monitoring of their credit files. Monitoring can be a useful early warning signal that an identity fraud has occurred or may be pending.

Until now, it seemed that consumers had no defense against the sale of their personal and private credit profiles. During my public lectures, I have always shared the dangers of this sort of “dirty tricks” industry practice which I refer to as “Pirates Peddling People’s Personal Preferences.”

A TransUnion spokesman denied that any law was ever violated and claims that the practice in question was terminated in 2001. The company plans to make lemonade from lemons when it begins an ad campaign in mid June to announce its free monitoring plan to the public.

You can read a copy of the settlement online at: www.listclassaction.com Claims can be filed starting June 16th, 2008 on the website or by calling 866 416-3470.

Postal Inspector laments: “Like nothing we have ever seen!”

Nebraska police and postal authorities have uncovered what appears to be one of the largest cases of mail fraud and identity theft they have ever encountered.

A vehicle searched after a routine traffic stop uncovered a mountain of stolen mail which lead veteran postal inspectors to discover one of the largest caches of stolen mail in the state’s history.

Similar incidents in Fremont, California have led to the arrest and conviction of a couple who were recently sentenced to five years in prison and slapped with a $25 million dollar judgement for trying to misuse the U.S. Mail to defraud Microsoft Corporation.

The Microsoft case involved multiple defendants who were very organized and persistent.

In a frightening turn, it was discovered that the proceeds from the racket were being funneled out of the country and in to Pakistan, according to federal prosecutors.

Here are 5 simple ways to reduce your chances of being a mail fraud victim:

1. Only use a locked mailbox at home
2. Never leave mail for pickup in, on or around your mailbox (that red flag is a no no)
3. Stop your mail delivery when going on vacation
4. Utilize online bill payments to reduce the paper mail you receive
5. If you suspect you are missing mail, contact local police and Postal Inspectors pronto

Sadly, we have finally come to the point in our nation’s history when it is naive and foolish to utter the hackneyed phrase “the check is in the mail.”

Not all Identity Theft protection providers are created equal.

Many consumers are scrambling for answers and guidance. Some just roll with their hunches or simply give in to the relentless marketing barrage of the “high profile “solution providers.

We all know who they are. These companies seem to pop up every time we visit the web. Their promises to prevent financial peril have been carefully crafted to deliver the greatest set of wiz-bang features ever offered before.

Some firms prop up spokesmen who carelessly boast of their own invulnerability to financial theft, while others claim to have cornered the patented ability to deliver a cloak of protection which only they can serve up.

All these contenders with their endless features and benefits remind me of a fantastic local deli near our house. The menu is huge and there are just too many delectable choices with a wide variety of prices!

So what’s a typical security seeker to do?

First, answer these revealing questions:

• Are you a victim? (If so, contact your local police immediately!)
• Have I checked the FTC’s online resources for information and guidance?
• Am I prepared between $9 and $15 dollars per month for the “right” solution?
• Do I mind paying someone to do something I could do myself for free?
• Are the company’s promises and claims reasonable and realistic?
• Is my entire family in need of protection or just me?
• Have I been lured with promises of “free” services? www.freecreditreport.com
• Do I really expect to “cash in on those well publicized $1,000,000.00 loss guarantees?
• Should I take a deep breath and examine my real no cost credit report?
• Have I taken advantage of freely accessible steps to minimize my exposure?

Consider your needs before “jumping on-board” with a provider.

Simply scratch off anyone on your list who claims to be able to PREVENT your identity from being stolen.

Consider that the Big 3 credit aggregators are in the business of selling your personal information to data-hungry marketers, while they simultaneously “protect” you from many of the very vultures that they feed.

It makes sense to protect yourself from the seemingly inevitable world of data breaches, medical fraud and financial fraud.

Well known Silicon Valley IT expert Ravi Char refers to information security as “the delicate dance”. No one solution is capable of covering all the bases.

In today’s complex world of portable data and predatory opportunists, the best identity protection solution is to stay light on your feet and keep on dancing.