10 percent of children’s Social Security numbers are being used by someone else

 

 Protecting the Innocent: The Basics of Child Identity Theft

Written by Peter Schoenrock on March 26, 2012 in Credit  |   No comments

In our cyber-connected world, we’re increasingly at risk of data breaches, hackers, phishing scams, and all manner of identity theft. While many adults have learned to keep their Social Security number protected and to not give out personal information over the internet or phone, a new victim of identity theft and fraud is on the rise—our children.
Children are at risk because they have a clean slate. They have no credit history or debts, and that makes them an attractive target to identity thieves and scam artists. People are looking to rebuild their life with a fresh start, and a child’s clean credit report may provide them with that new (albeit fraudulent) beginning.
According to a report on Child Identity Theft from the Carnegie Mellon CyLab, over 10 percent of children’s Social Security numbers are being used by someone else, and children are 51 times more likely to be victims of identity theft than adults.
Some perpetrators of child identity theft are friends and family members looking to get around their own bad credit ratings. According to the CyLab report, other primary causes of identity theft can be traced to illegal immigration (to obtain false ID for employment) and organized crime and financial fraud.
Criminals will search for Social Security numbers and run checks to see if the numbers have been used to obtain credit. When they find an unused number, they’ve hit the jackpot. Such numbers—and other personal information—can then be sold for hundreds or even thousands of dollars.
Even if you think your child’s Social Security card is protected in your safety deposit box, you might be surprised at the activities that can place his or her personal identification at risk.
According to Marietta Jelks, consumer action handbook manager for the Office of Citizen Services and Innovative Technologies, children are online more, and they don’t understand the consequences of certain actions. “They’re giving out private information like their phone number or address, and [they] don’t think about the negative implications. They’re not reading privacy statements,” says Jelks.
You trust your children’s doctor’s office and school with their health and safety, but you don’t know what such agencies are doing with your family’s personal information. If you submit a form when you see the doctor or sign your child up for an extracurricular activity, you don’t know who is seeing the information and how it’s kept or destroyed. Jelks also says that parents are placing their children at greater risk when they carry around children’s Social Security cards without keeping track of the materials.
What kind of personal information could put your child at risk for identity theft?

• Social Security number
• Address and phone number (present and prior)
• Student ID number (often easily traced back to a Social Security number)
• Email address
• Medical ID number
• Health insurance ID number
• Bank account numbers

As your children become teenagers and may have jobs, bank accounts, and email addresses, educate them on the importance of protecting their personal information. While your children are growing up and finding their identity, help them out and make sure to protect their credit and financial identity.

Richard Figley
Independent Associate
614.395.2313
www.800-DO-A-WILL.com
www.ID-TheftProtection.com

Learn the Signs of Scams

By ELISABETH LEAMY (@elisabethleamy), ABC NEWS Consumer Correspondent
I have some con artists to thank for today’s column. Yes, you heard that right. This week’s topic arrived by mail—in the form of a classic come-on. My husband received a $3,850 check in the mail. It looked awfully official, complete with “security features” and bank account numbers. I’m going to dissect if for you, to show all the tip-offs to a rip-off. Here’s a picture of the “check.”:

(Image Credit: Elisabeth Leamy)

Your heart DOES do a little pitter pat at first, eyeballing a substantial sum like that. However, the accompanying letter gives the ploy away. The crooks have managed to roll two oldies but baddies into one: the foreign lottery scam and the check overpayment scam.
Click here for the letter.
The letter announces “Cash Prize Notification” and goes on to say, “…you are one of the winners in the “CONSUMER PROMOTIONS SWEEPSTAKES DRAWING.” Pretty thrilling, right? But here’s the clue: “…this draw was held in the United Kingdom.” It’s actually illegal for Americans to participate long-distance in foreign lotteries. Therefore, if you’re ever told you have won one (especially one you never entered!), it’s a scam. Period.
There’s another clue, too. The letter informs the recipient that the prize winnings will be delivered by a courier company. The bad guys try to avoid sending their correspondence by U.S. Mail, because they don’t want to be subject to U.S. mail fraud laws. I suspect that if my husband had fallen for this plot, future correspondence from the crooks would have, indeed, arrived via a private courier.
In a sick sort of way, you have to admire the crooks’ handiwork. They even managed to use postage that looks like it’s from a foreign country. Wow! It came via the “Royal Mail!” Actually, it’s quite possible the letter WAS sent from another country, because often con artists prey upon Americans from beyond our borders, knowing it’s very hard for US authorities to prosecute them. I took a picture of the postmark too:

(Image Credit: Elisabeth Leamy)

So how were the thieves going to profit? Let’s go back to the letter. The “company” has sent my hubby a check for $3,850 and says that’s to cover the “Tax Clearance Fee.” But here’s the trick. The tax clearance amount is NOT “$3,850. It’s $1,950! The company has overpaid my husband! Why? The crooks want their victims to deposit the $3,850 check in their accounts and forward them $1,950 of their own money. By the time the victims find out that the $3,850 check is bogus, their OWN money is long gone.
That, my friends, is the latest example of the “Check Overpayment Scam.” It comes in many forms. The classic is that if you are selling something, like a used car, a stranger may send you a check for more than the asking price and ask you to forward them the difference, while they arrange to have the car transported to them. The crooks have a million excuses for why they’ve sent too much money and why you need to forward them the difference. Never, ever do it. If a stranger overpays you by check, it’s a scam. Period.



Richard Figley
Independent Associate
figleyr@legalshield.com
www.800-DO-A-WILL.com
www.ID-TheftProtection.com.

---

ID Theft Tax Fraud Hits 404,000 Americans

 

For Identity Theft Victims, Paying Taxes is a Nightmare

By Allison Linn

After Meghan Bach learned last year that her husband’s identity had been stolen to collect a fake tax refund, she spent perhaps 200 hours working to resolve the issue with the IRS and other agencies.
She thought she had been successful until the family returned home from a vacation this month to find that her husband’s identity had been stolen again.
 “It’s just appalling,” she said.
The IRS has acknowledged that identity theft tax fraud –- stealing someone’s Social Security number to file a fake tax return and collect a bogus refund –- is one of the most complex issues it deals with. Victims describe hours of phone calls, piles of correspondence and long periods of silence in which they aren’t sure whether their problems are being resolved or not.
The tedious process has left some victims worried about what will happen when they file this year’s tax returns.
“Of course I’m nervous,” said Dr. Vera Rosado, 33, who found out last year she was a victim and still has not been able to get it resolved with the IRS.
Rosado, a physician studying infectious diseases in Indianapolis, was recently told to file her fraud affidavit for a second time and her 2010 return for a third time after previous filings was lost. She said the IRS has told her it could take another few months to get the new paperwork processed.She is waiting to get an approximately $3,000 refund check from last year’s return, which she plans to use toward medical board exams.
The IRS estimates 404,000 people were victims of identity theft tax fraud from mid-2009 to the end of 2011, and officials say the problem is growing.
The agency recently set up a specialized unit to just to deal with identity theft tax fraud, and it is expanding its screening process aimed at flagging this type of fraud. The issue also has attracted the attention of the some U.S. Senators. On Tuesday, a finance subcommittee held a hearing on the matter.
The IRS said it could not comment on specific cases such as Rosado’s and Bach’s because of privacy laws.
Experts say the IRS is working hard to root out identity theft tax fraud in the approximately 140 million tax returns that come in each year. But some believe the problem will get worse before it gets better because it will take time to train staff members to root out and deal with such issues.
“For the next four to five years it’s going to be a learning curve for everybody across the country,” said Jay Foley, a partner with ID Theft Info Source.
Foley said one issue is that IRS employees who aren’t part of the identity theft unit may not know how to handle such complaints. That’s why they might audit tax forms instead of use them in an investigation, for example, or not file paperwork correctly.
He recommends that anyone who is a victim of such fraud work directly with the identity theft unit and also contact the Taxpayer Advocate, an independent agency charged with assistant taxpayers who are having problems.
Foley said the bad news is that there is little people can do to shield themselves from such fraud attempts.
“There’s absolutely nothing that can be done at this point in time that’s going to give you a guarantee of safety,” he said.
Bach, a real estate agent who lives in San Diego, found out her husband had been a victim of identity theft tax fraud in March 2011, when she tried to file their taxes and learned that someone had already filed a return using her husband’s name and Social Security number.
Over the next year, she said she spent several hours each week working with the IRS and other government agencies to get the fraud resolved on behalf of her husband, a military doctor.
At one point, she sent the IRS summaries of her past 10 years of tax returns in order to prove that she and her husband were the true taxpayers. Instead, she said, the IRS audited one of those returns and presented her with a bill for nearly $900.
She paid that bill, then successfully contested a later IRS attempt to audit another past return she had provided to prove her family’s identity.
Eleven months later, the family finally got its refund for the 2010 return and she figured the issue had been resolved. But a few weeks ago, they returned from a Disneyland vacation to find letters from the IRS that had been addressed to her husband had instead been sent to an address down the street that had recently been used as a rental. The mail had been returned to the post office and redelivered to Bach.
One letter, sent to the other address, was informing the family that they had once again been victims of tax fraud for the 2011 tax year. The second letter said that a refund of more than $10,000 was being applied to an existing balance of more than $12,000 that the letter said the family owed the IRS.
Bach said the family had not yet filed their 2011 taxes and was not scheduled to receive a $10,000 refund for the year. They also did not owe the IRS any money – in fact, after their fraud had been resolved, she said the IRS had sent them a refund for 2010 with interest.
Bach surmises that the fraud might have occurred at the address where the IRS correspondence was sent. She doesn’t know if the IRS sent any other correspondence to that address.
Bach and her husband immediately went to the local IRS office to get the address issue corrected. In addition, she said she has left multiple messages with the IRS identity theft case manager she has been working with but has not heard back. She plans to file her real 2011 tax return this week.
Bailey Yahraus, 30, found out four years ago that her husband and young children’s Social Security numbers had been used to file a fraudulent return. The couple got it resolved, and for the next couple years they used a tax filing service to file their returns with no problems.
This year, Yahraus decided to file her return herself using an online tax service. That’s when she found out that her children’s Social Security numbers had already been used by someone else claiming them as dependents.
Yahraus, who lives in Montpelier, Ohio, has been trying to figure out how she can keep the Social Security numbers from being used fraudulently again. She’s worried about what effect the ID theft might have on her kids when they become adults.
But after a rough few years in which both she and her husband lost their jobs and got new ones, she hopes to shield them for now.
“They’re 8- and 9-year-old boys,” she said. “They’re worried about baseball, basketball (and) football.”



Richard Figley
Independent Associate
figleyr@legalshield.com

 614-395-2313
www.800-DO-A-WILL.com
www.ID-TheftProtection.com

Judges Officially Combine Breach Class-Action Suits

Ruling puts together 11 lawsuits over incident

Friday, March 02, 2012

A total of 11 different class-action lawsuits filed against a healthcare company over a data breach in California last fall have now been combined into one case.

The suits, filed against Sutter Health, stem from a data breach in which a computer containing the personal data for 4.24 million people was stolen from an office late last year, according to a report from the Sacramento Business Journal. In all, eight of the combined cases were originally filed in Sacramento County, with the others coming from San Francisco, Los Angeles, and even White Plains, New York.

Estimates for the liability, damages and attorneys' fees associated with the case range considerably, but are sizable, the report said. Some say it could add up to anywhere between $944 million to $4.25 billion, not counting court costs. Information exposed in the breach included at least the names, addresses, dates of birth, phone numbers, emails, medical record numbers and health insurance providers for all involved.

Richard Figley
Independent Associate
figleyr@legalshield.com

614-395-2313
www.800-DO-A-WILL.com

Health Care & Data Breaches

Healthcare industry CIOs, CSOs must improve security

By Thor Olavsrud, CIO |  Security, health IT Add a new comment

March 06, 2012, 9:39 AM — Protected health information (PHI) data breaches are growing in frequency and magnitude as the healthcare industry moves to adopt electronic health records (EHR), say a group of standards and security organizations. The healthcare industry must take action to better defend PHI if it wants to keep the public's trust, they say.
The Identity Theft Prevention and Identity Management Standards Panel (IDSP) of the American National Standards Institute (ANSI), in partnership with The Santa Fe Group/Shared Assessments Program Healthcare Working Group and the Internet Security Alliance (ISA), on Monday unveiled a report, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, at a press conference kicked off by White House Cybersecurity Coordinator Howard A. Schmidt. The report is intended to help CIOs, CSOs and IT security, privacy and compliance staff create a compelling business case for enhanced security to present to business executives.
"When it comes to cybersecurity, we all have a role whether we're a consumer, the executive of a company or a political leader," Schmidt says. "By working together, we can make sure we make the improvements that ensure the balance between privacy rights and security. While we can't solve all the problems in the world when it comes to cybersecurity and privacy, we can affect those parts we're responsible for."
Privacy Protections Critical to Trust
Joe Bhatia, president and CEO of ANSI, added, "Privacy protections are absolutely critical to maintaining consumer trust in this information age. In the U.S., the healthcare delivery system is founded upon trust. This trust, as we all know, is now being severely tested."
According to the 67-page report, which involved a cross-section of more than 100 healthcare industry leaders from more than 70 organizations, nearly 39.5 million EHRs were breached between 2005 and 2008. In addition, within the past two years, the health information privacy of nearly 18 million Americans-a number roughly comparable to the population of the state of Florida-was breached electronically.
The data points don't end there. Between September 2011 and November 2011, a government benefits program suffered the theft of EHRs of 4.9 million military personnel, the health information of 4 million patients of a reputable West Coast healthcare system were stolen electronically and a major academic medical center inadvertently disclosed the EHRs of 20,000 of its patients. In November of last year, Ponemon Institute completed a survey of 72 provider organizations and found that 96% of respondents reported at least one data breach in the past 24 months. On average, Ponemon Institute found that health organizations have experienced four data breach incidents over the past two years.
"Healthcare is one of the most-breached industries," says Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "Healthcare providers and supporting organizations don't currently have sufficient security and privacy budgets, including adequate processes and resources, to protect sensitive patient data."
"The entire healthcare delivery system depends upon a single transaction: your willingness to share the most intimate details of your personal information with your physician," adds James C. Pyles, panel member and principal with Powers Pyles Sutter & Verville PC. "You have to trust that the information won't be used to harm you or your children. If you're dealing in this business of handling health information electronically or any information electronically, you're touching on a very tender nerve that people have."
Pyles added, "It's more than breaches, it's also understanding, as a business, the expectations of your customers. If you frustrate those expectations, I promise you, you will be sued."
Part of the problem, says Catherine Allen, chairman and CEO of The Santa Fe Group, is that the financial incentives are on the side of those who seek to steal medical records. Allen said medical records go for $50 a record on the underground market, making them much more lucrative than even financial information. "It's very valuable data," she says.
Evaluating the Cost of Data Breaches
The new report is intended to be a tool to help organizations quantify overall potential data breach costs and to provide a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach.


"No organization can afford to ignore the potential consequences of a data breach," says Rick Kam, president and co-founder of ID Experts and chair of the PHI Project. "We assembled this working group to drive a meaningful dialogue on appropriate levels of investment to better protect healthcare organizations and PHI."
He added, "One of the things that we realized as we started to work through this process is that the chief information officer, the chief security officer, they're essentially getting outgunned by the criminals. It's not that we don't have the technology or processes or people to deal with this problem. It's that we don't have enough focus and investment from the executives."
The report provides a five-step method, the PHI Value Estimator (PHIve), for estimating breach costs and what needs to be done to protect organizations. The PHIve provides detailed information about each of the steps, which include: conducting a risk assessment, determining your security readiness score, assessing the relevance of a cost, determining the impact and calculating the total cost of a breach.
"Cybersecurity is not an IT issue," says Larry Clinton, president and CEO of the Internet Security Alliance. "It is an enterprise-wide risk management issue that needs to be addressed in a much broader sense."
Thor Olavsrud is a senior writer for CIO.com. Follow him @ThorOlavsrud.

Identity Theft Shield

Richard Figley

 614-395-2313
www.800-DO-A-WILL.com

Business Identity Theft

You wouldn’t know it from reading the news, but business identity theft is becoming an increasingly large concern for small business owners, according to a report filed by NPR’s Yuki Noguchi today on Morning Edition.
Noguchi tells the story of Scott Burnett and the Memphis-based company he and his family have operated for the last 40 years or so, AAA Termite & Pest Control. Burnett claims that when he opened the Yellow Pages last year, he was dismayed to see that there were three “me-too” listings affiliated with his business.
None of those numbers were actually affiliated with Burnett’s businesses. When he looked up their addresses they either pointed to vacant lots or gas stations. When Burnett called the numbers and asked to speak with a manager, the person on the phone hung up.

Editor's Pick

• XBox Security Chief Says Account Hacks Linked To Phishing, Resale Schemes
• Expert: Three Quarters of Employees Duped by Phishing Scams
• Researchers Discover New ACH Banker Trojan

Threatpost Newsletter Sign-up

So, Burnett hired a lawyer, but the phone company reportedly refused to divulge any information about who was behind the fraudulent listings. He then called the National Pest Management Association, but they didn’t know what he should do. Apparently the only person Burnett could find that knew anything about business identity theft was a local locksmith who was also the victim of business identity theft. This is the problem: business identity theft, despite the fact that it could be quite commonplace, is so obscure that no one knows what to do about it.
Colombia University’s Hugh Thompson (also affiliated with the RSA Conference), however, does know about business identity theft and he says it is severely under-reported. Among the reasons this sort of identity theft flies under the radar, Thompson claims, are the facts that there are no federal or states stats or tracking of the problem and, as is the case with data breaches, companies don’t want to report for fear of besmirching their brand.
Things may be turning around though. North Carolina secretary of state and chair of the National Association of Secretaries of State, Elaine Marshall, says the number cases like these involving falsified documents in her state is increasing.
The sophistication of many instances of business identity theft has led Thompson to suspect that organized criminal syndicates may be responsible for these scams.
AAA isn’t alone. In fact, Noguchi claims that 103 phony pest control businesses popped up last year.
It is unclear whether these are pure scammers, masquerading as legitimate companies to steal credit card information from consumers or if they themselves are offering a service and are merely piggybacking on the success of already established businesses. The fake-businesses could even be attempting to steal the identity of the legit ones in the way cybercriminals steal an individual’s identification. It appears as if no one really knows.

For individual and spouse Identity Theft Shield go HERE.

Richard Figley
Independent Associate
614-395-2313