August 2008 Archives

The Bank of New York Mellon has admitted that the number of its customers hit by a data breach was much larger than previously stated...about 8 million more.

 BNY Mellon, told customers in May that 4.5 million customer information including, names, addresses, dates of birth and Social Security numbers, had been compromised after two sets of tape backups were discovered missing.

However, it has now increased that figure to 12.5 million.

According to the Connecticut Post;

Bank of New York Mellon shocked Connecticut officials this week when it revealed there could be an additional 8 million people or businesses nationally left vulnerable to a data breach first discovered in February.

BNY originally told the state the personal information of more than 4 million people was on several data tapes the bank's Shareowners Services couldn't find in February. The tapes were being moved to a secure vault; the bank hasn't been able to locate them. MORE

******************************************************************

This week's headlines include more "reported" data loss...

Reynoldsburg Ohio City School District - 8/28
Stolen laptop contains names, addresses, and Social Security numbers of 4,259

Kansas State University - Aug. 27
Stolen document contains names and Social Security numbers of 86

Prince William Co. Public Schools - Aug. 26
Confidential information for more than 2,600 exposed through file-sharing program

Graphic Data, Royal Bank of Scotland, NatWest, American Express - Aug. 26
Drive purchased on eBay contains personal and account details of around one million

Pennsylvania Public Welfare Department - Aug. 26
2,845 welfare renewal packets sent to wrong mailing addresses

Source: Attrition.org

See earlier blogs: ...Reported Date Breaches blast past 2007

Are you one of tens of millions to be notified...?

The best way to prevent and identity theft from occurring is to prepare for one!

The best way to prevent an an identity theft is to prepare for it. Just as we need to take measures to prepare for hurricanes and the effects of Mother Nature, the same is true for Identity theft.

I live in a state prone to hurricanes and each year when hurricane season arrives, we take all the necessary precautions to lessen the impact if one strikes. We make sure we have batteries, food and water on hand and that our important personal papers and documents are in waterproof containers.

We hope and pray a hurricane never strikes but nevertheless, we need to prepare as if it will. If we take that same pro-active stance when it comes to identity theft, we will certainly lessen the impact one occurs!

The East Cost is currently in the peak of hurricane season and the Identity Theft Resource Center recently released some tips and warnings to prepare for Mother Nature and predators;

Double Disasters: Mother Nature and Identity Theft Present a "One-Two Punch"

San Diego, CA. (August 27, 2008): As the Southeast enters into what is commonly referred to as Hurricane Season, the ITRC would like to make consumers aware of the inherent dangers that may occur during this chaotic time. According to National Oceanic and Atmospheric Administration of the U.S. Dept. of Commerce, "some 90% of all presidentially declared disasters are weather related." NOAA also said that we can expect an above-normal Atlantic Hurricane Season in 2008. Taking a few minutes today to create an action plan might help you avoid future identity theft-related situations.

Are you prepared to evacuate with your personal identifying and valuable papers?

Do you know what to take with you?

Keep copies of birth certificates, driver's licenses, Social Security cards, death certificates, bank account numbers, insurance papers and any other vital papers for each family member in a locked box or a large, waterproof plastic bag. Place the papers in your car only when you are ready to leave. Unfortunately, thieves sometimes loot cars parked in driveways during times of evacuation. You will need those papers to identify yourself with various assistance groups and insurance companies. In the hands of thieves, you might lose more than property; you could lose the ability to prove your own identity.

If you end up in a shelter, do not allow those papers to leave your sight or person. If you need to tape them to the inside of your clothing, do so. Unfortunately identity thieves know that the chaos of many people living in close quarters is a crime waiting to happen.

Businesses also need to consider data security.

Are you: Flood proof? Tornado proof? High winds proof? Absent proof?

If you evacuate, what safeguards are in place to protect the integrity of the data you have collected?
In prior years, broken file cabinets were found more than a half mile away from the office building where they were housed. Papers were found flying around for blocks. It would be preferable if all papers with proprietary and personal identifying information were scanned into your computer systems and encrypted. These systems and networks should be encrypted so that if they are stolen or moved by a hurricane, no one without the encryption key can view the information secured in the hard drive.

You might also want to consider a back-up system in an area that is typically not included in the same disaster zone. That system should also be encrypted. Computer hard drives can also be pulled as a pro-active measure to transport your data. Please note, you are now responsible for protecting that data in transit. Those people who have entrusted their information to you depend on your best efforts.

Scam artists will be quick to set up telephone scams. You may get a call from a "group collecting money for relief services." During a crisis, most relief agencies are busy attending to the immediate needs of victims. Only donate if you initiate the call to a well-established group. Hang up on any telephone solicitors asking for donations.

Other con artists will pretend to phone from a company you do business with and that "lost your data." Think about it - if they lost your information, how could they call you? Never provide bank account, credit card or Social Security numbers. This is always a scam. Companies will not contact you this way.

For other tips about emergency kits and physical safety, visit the American Red Cross and FEMA websites. You can also find out more information on Disasters and Identity Theft at the Identity Theft Resource website

*************************************************************

For additional scam alerts and warnings on predators at times of disasters see earlier blogs; Victims of Floods Warned of Scammers AND Scams

To take steps to prevent id theft see earlier blog: See blog, video and tips on what you can do to protect yourself see earlier blog:  ...What should I do?

The FBI Cyber Investigations Unit warns that the Hit Man is going to kill you e-mail scam has returned. The content of the email has evolved since late 2006; however, the messages remain similar in nature, claiming the sender has been hired to kill the recipient.

Two new versions of the scheme began appearing in July 2008.

One instructed the recipient to contact a telephone number contained in the e-mail and the other claimed the recipient or a "loved one" was going to be kidnapped unless a ransom was paid. Recipients of the kidnapping threat were told to respond via e-mail within 48 hours. The sender was to provide the location of the wire transfer five minutes before the deadline and was threatened with bodily harm if the ransom was not received within 30 minutes of the time frame given. The recipients' personally identifiable information  was included in the e-mail to promote the appearance that the sender actually knew the recipient and their location.

Perpetrators of Internet crimes often use fictitious names, addresses, telephone numbers, and threats or warnings regarding the failure to comply to further their schemes.

In some instances, the use of names, titles, addresses, and telephone numbers of government officials and business executives, and/or the victims personal identifying information are used in an attempt to make the fraud appear more authentic.

Consumers always need to be alert to unsolicited e-mails. Do not open unsolicited e-mails or click on any embedded links, as they may contain viruses or malware. Providing your personal identifiable information (PII) will compromise your identity!

Individuals who receive e-mails containing threats of violence and their PII are encouraged to contact law enforcement as well as file a complaint at www.ic3.gov.

Source: F.B.I Cyber Investigations

Below is a typical email I receive from frustrated consumers forced to deal with credit bureau errors. Margaret is aggravated -and rightfully so! Her checking account continues to be accessed by Experian and she has been unsuccessful in getting them to stop charging her account!

Whenever disputing credit report errors, trying to cancel credit monitoring services, or fix any problems that affect your credit reports, always submit your complaints in writing, send via certified mail and document, document, document!

Here's just one reason why...

Denise: I am having a problem with Experian...Here's a copy of a letter that will explain my situation;

To Experian:

I called a couple of weeks ago to get my yearly FREE credit report and also asked for my score. I was told that would be only $6.00 for my score.

I paid using my debit card which is connected to my checking account.

I also called Equifax and Trans Union. I received both of their credit reports right away.

The only thing I received from Experian was my credit score. I called back Experian to see what had happened to my FREE report and was told that the request was never put in for the report only for my credit score.

The second time I called you, a representative told me "No problem, I will get that right out to you".

I finally received my credit report but when I looked at my bank account I saw that I was charged twice!

So, I called Experian once again and was told by a representative that I would have to write a formal letter requesting a refund.

I was pretty upset at this as this because there was no error on my part.

I asked "Why should I have to take the time out of my busy work day AND pay the postage to write a letter when it is not even my fault"? And then asked for a supervisor and was sent to VOICE MAIL!

I left a message and finally received a call back a day or so later. I was then again told they couldn't detect their errors and I needed to write a letter. Experian should be doing the investigation, not me!

Now to top it off, today I just received yet ANOTHER $6.00 charge on my checking account made by Experian. The grand total now for one credit that was supposed to be $6.00 is now $18.00 and it appears you are continuing to access my account and take more money!

What scares me is you are a credit reporting agency and can't even keep your own records straight. How are you supposed to keep mine straight?

I was told I needed to send in a copy of my checking account statement to prove they made errors! That's insane! What makes you think that I want your representatives, or anyone for that matter to see my personal business?

You certainly wouldn't give me a copy or your checking account statement if I asked for it!! It seems that Experian being such a big company should be able to go back in their own system be able to retrieve records of what they are charging THEIR customers.

All businesses can do that! That's how refunds are given!! At this point I think I should be refunded the entire $18.00 for the enormous frustrations, time spent and horrible way I've been treated. Shame on Experian!! And your zero customer service!

I refuse to send you a copy of my checking account statement. It's personal. I did not make these mistakes. If this is not resolved in a timely fashion I am going straight to my consumer advocate from my local news station, my local newspaper and an attorney!

A Frustrated Consumer,

Margaret ******
Florida

***********************************************************

Margaret will keep us posted!

Her story paints a picture of the enormous frustrations we are forced to deal with when working to clean up someone else's costly mistakes!

It's bad enough that we carry the burden to prove ourselves innocent when dealing with removing fraudulent or inaccurate credit data, but we must constantly work to prove that credit bureaus (and creditors) makes errors!

In order to do so, we often feel like unpaid quality control employees who work for the credit bureaus!

It's remarkable! First we must purchase their (for-profit) product (our information), then monitor it, and fix any found defects that could possibly harm us! 

What other company can get away with selling a defective and harmful product, and then force consumers to repair it?

Just maybe...this will explain it!

It is always advisable to go for credit counseling agencies approved by National Foundation of Credit Counseling whose members are accredited by the "Council on Accreditation". NFCC accredited members provide quality counseling services to the clients and its services.

Building up a good credit score takes time and so you should always try to maintain the score once it is build. A good consumer credit counseling agency works not only to help you repair your credit but also to help you maintain the credit score once it is achieved. These counseling agencies (also known as debt counseling) additionally work with the individuals to help them find ways to repay their existing delinquent accounts and to improve their creditworthiness over time.

Credit counseling, is a system which helps you not only to repay your bad debt but also help you learn the importance of maintaining a good credit score. Legitimate credit counseling services also help you to plan your monthly expenses efficiently and allocate your finance in such a way so as to gain maximum benefit from your investment in future. Credit counseling services offered by legitimate counseling agencies help consumers on the path to get rid of the rid of their burdensome debt. The work to help consolidate your loans into a single account to lessen the payments and work with creditors to lower your interest rates on your past debt, making it easier for you to  repay the debt sooner.

Rebecca Lewis, Guest Blogger

**********************************************************************************

Consumers are often confused, and rightfully so, on just what agency to trust. As Rebecca mentions, do your homework and find the proper agency. There have been a lot of problems with credit counseling agencies in recent years. For instance, many credit counseling agencies are set up as non-profit organizations, yet they behave like for-profit businesses. These non-profits spend huge amounts of money on advertising and aggressively try to sell "debt relief" products to consumers.

Credit counseling can be very useful in some cases. Unfortunately, not all credit counseling agencies are acting in your best interests. For tips and warnings on choosing a reputable credit counseling agency, see: Consumer Facts, by the National Consumer Law Center (NCLC.org)

For tips on avoiding predatory lending see: AFFIL provides tips and warnings...

For more info on why we must track and verify our loan payments are both accurately calculated and applied as intended to avoid paying for lender errors, see earlier blog: Bank Errors...

More data breaches have been reported to date this year, than all of 2007. The Identity Theft Resource Center, a nonprofit organization that works to educate the public on Identity theft and fraud, released its recent findings that report 449  businesses, government agencies and universities have reported a loss or theft of consumer data through August 22, 2008.

Their 2007 study indicated the total "reported" data breaches for the year was  446, involving 127 million consumer records. About 90 million of those records were attributed to a single retail chain, TJX, which operates T.J. Maxx stores.

So far this year, at least 22 million consumer records have been the target of data breaches, according to the report.

However, ITRC additionally points out that the true number of records affected could be much higher noting that in 41 percent of the cases the number of consumer records affected wasn't disclosed and they note that many businesses may not be reporting data breaches and/or may not even be aware of them. Often, one data breach can affect multiple companies, as we have seen this year.

To Read the ITRC's report, and find more info go to idtheftcenter.org.

Here's a portion of their press release:

Breaches Blast '07 Record
As of August 22, ITRC's list surpasses 446 documented breaches

San Diego, CA (August 22, 2008):  Today, the total number of breaches in on the Identity Theft Resource Center's 2008 breach list surpassed the final total of 446 reported in 2007, more than 4 months before the end of 2008.  As of 9:30 a.m. August 22nd, the number of confirmed data breaches in 2008 stood at 449.  The actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses, are listed as single events.  In the last few months, two subcontractors became examples of these "multiple" events.  In one case, the customers and/or employees of at least 20 entities were affected by a breach that the ITRC reported as a single breach event.

To read the full press release click here

The European operation of the Best Western hotel chain has become the victim of a massive data cyber-theft attack.

By placing a "keylogger" on a corporate computer that was connected to Best Western's reservations system, a criminal gang has pulled off the theft of  8 million customer records! Included in the records are names, address, phone number, credit card numbers and employment information.

AN INTERNATIONAL criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defenses of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007.

...After thanking the Sunday Herald for exposing the raid on its systems, Best Western Hotels closed the breach at around 2pm on Friday afternoon. Stressing that staff are fully aware of the potential seriousness of the attack, the company reassured customers that it is now taking appropriate action.

"Best Western took immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected," said a spokesman.

"We continue to investigate the root cause of the issue, including, but not limited to, the third-party website that has allegedly facilitated this illegal exchange of information." MORE

I recently came across an article entitled, Loan WatchDog Pro software catches lenders' loan errors and it caught my attention.

It claims there is a software program available that can audit our personal mortgage and credit card payments for accounting errors or fraud. As many of you know my story was sparked by gross errors that contaminated my mortgage and later my credit reports.

With the ongoing mortgage crises, a looming credit squeeze and non-stop news of continued illegal foreclosures, (caused by greed, fraud and/or corruption), a software such as this, one that can calculate our true payments, and find accounting errors, is worthy of looking into. If it works as claimed, it could be a valuable tool used to deter and fight fraud.

Many of us continue to send off our monthly payments, blindly trusting that our payment due is calculated correctly. And some people further trust, all monies are applied accurately, but many of us know that is not always the case!

The truth is, unless we are CPA's or we have an expertise in compounding interest and have an in-depth accounting background, (with plenty of  time and energy) it's impossible to verify that our payments and interest on loans and credit cards are properly calculated!

We are forced to accept the servicer's calculations and trust that there are no errors or fraud manipulating the accounting of our loans.  Additionally, as my experience proves, along with similar stories of many others, without access to a monthly statement -we can't even track or verify that our payments have been received, let alone, applied and applied accurately!

What I found particularly interesting about this software was its founder. I learned the creator of the Loan Watchdog software, is Christopher Alison, the President and CEO of Ditec, a successful international (and eco-friendly), paint preservation company based in Florida, that has been around for more than 30 years. Ditec apparently has a software division.

Alison claims these two software programs were created and designed for mortgage and credit card loan accountability. And these are the first tools available to the public, where an individual (or business), can actually audit their own mortgage or credit card debt. A checks-and-balance system of sorts...what a concept!

Simply put, the software apparently calculates our actual payments due, once the start date and interest rate is plugged into the program. When inaccuracies, mistakes, or even fraud are detected, the software then generates demand letters for refund and detail the correct calculations and accounting errors found.

The borrowers can then use this data, and the letter created by the software, for actual proof of errors (or fraud) and bring the documentation to their loan servicer's attention to demand a refund.  If this software works as claimed, this could be a potentially valuable tool to deter predatory lenders, catch costly errors, and seems worthy of a closer look!

I certainly wish this software was available to those of  us who have battled long and hard to prove, and then correct, the errors found in our mortgage and loan accounting documents.

Finding just one error, could potentially cover the price the software, and that alone is worthy of a second look.

Reports indicate the Australian version has been quite popular. Ditec Founder, Christopher Alison reports they are currently launching the U.S. version.

American's for Fairness in Lending (AFFIL.org) is the collaborative effort of numerous partner and ally organizations, each contributing their expertise to AFFIL and the public through AFFIL activities. As one of their allies, I endorse their Principals for Fairness in Lending and support their continued efforts on behalf of borrowers.

AFFIL provides tips and warnings to College Students dealing with credit card companies;

Credit card companies sign you up even if you have little or no income, knowing you'll trigger high "penalty" interest rates and fees.  That's where they make their big $$$.

College students, young workers, immigrants, the elderly and others who are not aware of the traps get solicited the most and hit the hardest.

Free t-shirts, Frisbees and pizza come at a dangerous cost.  Your signature can lock in very unfair terms.

Credit card companies hire students to get their friends to sign up for cards that are filled with hidden fees and unfair terms.

And that's just credit cards!  The subprime mortgage debacle is the same story of greed and abuse - not to mention abusive payday loans, car title loans, car financing, and more. 

Click here for more reasons why you should care - and see below on how to make a difference.

Now that you're making financial decisions for yourself, be sure to protect yourself from credit card tricks and traps.  Here are some tips to consider before you break out the plastic.  Adapted from "Credit Card Tips for College Students," Consumers Union

1. Don't get tricked, trapped or suckered into a card with bad terms.  If you want a credit card, get one with a long-term low interest rate (APR).  If you get a low introductory rate, chances are it'll start at 0% and then jump to 20% with one almost-on-time-but-didn't-quite-make-it payment.  Still want a credit card? Just know what you're in for...

2. Once you choose a card, don't let your guard down. Credit card companies are notorious for changing rules and playing GOTCHA.  Look through those mailings they send...they may include a nasty change in terms. 

3. Pay your bill on time. Better yet, pay it several days ahead of time.  If the due date is on a Sunday and your payment (duh) arrives on Monday - you're late!  Don't laugh, this is REALLY common. And when you're late - see (1) above, your interest rate jacks up.

4. Pay your bill in full.  Whenever possible.  And as quickly as you can.

5. Do not go over your credit limit.  And set the credit limit as low as possible.  Don't be fooled - credit card companies LOVE to give you a credit limit you can't afford.

6. Stay as far away from a credit card 'cash advance' as you can.  The interest rate on cash advances is MUCH higher and credit card companies apply any payment you make to whatever else you owe first.  That cash advance hangs around unpaid and with increasing interest until you DO pay your bill in full.  Did we already mention that they're looking to get you?

7. Ignore those in-store "15% off today if you sign up for our credit card" offers.  You'll pay back what you saved and then some REAL fast.

8. Carry only one card.  Less confusion.  How many companies do you want abusing you at once?

9. If you do get into credit card debt, get help right away.  Don't wait until it gets worse.  Try the Consumer Action Help Desk.

10. Remember your other option: CASH.
 

Still not convinced? Read the facts about college students and credit cards.  Or watch a funny video and see how the credit card companies are laughing: 

• A screwball parody of Ashton Kutcher's "Punk'd" by Americans for Fairness in Lending

• It's always Christmastime for Visa! by Consumers Union
  

• Sarah Byrnes of AFFIL and partner of AFFIL Ira Rheingold, Executive Director and General Counsel for the National Association of Consumer Advocates talk more about credit card reform and borrowers rights on ListenToSpotLight.com
  

***************************************************************

For additional college student safety tips see a couple earlier blogs:

Students may find more than a Degree in their future...

Read and watch video: Profits over Student Credit Card Debts

The FBI has issued a recent warning to be on the lookout for spam e-mail spreading malicious software (malware) which mentions "F.B.I. vs. facebook."

The e-mail directs the recipient to click on a link to view an article about the FBI and Facebook. Once the user clicks on the link, the "Storm Worm" malware is downloaded to the Internet-connected device, causing it to become infected with the virus and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.

The Storm Worm virus has capitalized on various holidays and fictitious world events in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail.

Be wary of any e-mail received from an unknown sender.

Do not open any unsolicited e-mail and do not click on any links provided.

Never dial a number provided in a phishing email -look up phone numbers to legitimate lenders or entities you deal with.

If you have received this, or a similar e-mail, please file a complaint at www.ic3.gov.

For additional tips and scam warnings see Scams and Phishing Scams

Educational preparation company The Princeton Review accidentally leaked personal data including test scores of Florida students on its Web site - as long as one can call posting personal data of 34,000 students a leak.

One of the files contained the information about 34,000 Florida students, while another one consisted of names and birth dates of 74,000 students, The Princeton Review wrote in a report. The company has initiated an internal investigation to determine how the files became public, but refused to give any further details.

The Times said that it notified the Princeton Review about the mistake on Monday and the testing service remedied it quickly. However, the mistake made it possible for anyone to access the files over a period of nearly seven weeks, The New York Times reported.

Other details about the Florida students contained in the leaked files included ethnicity, learning disabilities, performance on state tests and so on. According to Superintendent Lori White of the Sarasota school district, the students affected by the breach were mostly in the second through 10th grades.

The breach occurred after the company moved its web hosting to a new provider. Numerous students from Fairfax County, Va., also had their information posted online.

"We have apologized to our customers for this situation, and assured them that access to the information has been closed, and that we are working diligently to put in place any needed remedies to make certain this problem does not recur," the Princeton Review said in a statement released by its executives.

Similar breaches are actually quite frequent. Over the past year, there have been 466 reported breaches in the United States.

Source: EfluxMedia

**************************************************

Just one id theft can take years to clean up. Thieves not only steal your identity, but your time, energy, and peace of mind! 

See below Tips on What to Do if you think you are in danger of becoming a victim of id theft caused by any one of these recently reported data losses.

For news on the many "reported" data breaches search: Blog Archives

Dominion Enterprises announced this week that a computer server within InterActive Financial Marketing Group (IFMG), a division of Dominion Enterprises located in Richmond, Virginia, was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008.

For more info see earlier blog entries, video and tips on what you can do to protect yourself ;

Are you one of the tens of millions to be notified your information is in the hands of thieves? Do you have a plan of action?

Do you know what steps to take if your information is stolen?

 
Videos, tips and additional info see:What should I do?

So you think you're able to prevent identity theft by keeping credit card numbers and other personal information out of the wrong hands?

Well, beware the new type of ID theft gaining popularity among crooks: medical identity theft.

Brenda Evans Hart, the federal Health Insurance Portability and Accountability Act privacy officer at Baylor College of Medicine, said that when the hospital started notifying doctors about such thefts two years ago, officials thought it was being committed by people who didn't have medical insurance.

"I think now it's gone so far as to be part of organized crime for fraud regarding Medicare, Medicaid and regular commercial insurance," Hart said. "And of course, that comes out of the taxpayers' pockets as well."

Hart and other health care experts say there are several forms of medical identity theft, but most involve records stolen by people who work for health-care facilities. Then they are sold to organized crime groups and others that fraudulently bill insurance companies.

In a study released last year, the Federal Trade Commission said 3 percent of all financial identity theft victims were also hit by medical identity theft. Source: Chron.com -Health & Medicine

*******************************************

Medical Identity Theft;

I have often written about the various forms of identity theft but medical identity theft is one that can cost you more than money -it it can cost you your life.

If a thief tampers with your medical records, your chart could have the wrong history and diagnoses. Those errors can cause serious trouble when you do need medical care. Due to HIPPA privacy laws, it's very difficult to clean up inaccurate medical histories.

There are two facets to medical identity theft; one is financial and the other involves your health care. Medical identity theft happens when a thief uses your social security number or health insurance to obtain medical services and health care benefits -including prescriptions, without your knowledge. Medical identity theft can carry with it damaging, far-reaching effects. Not only is medical id theft hard to detect, it is even more difficult to correct than the more commonly recognized -financial identity theft. 

Victims of medical identity theft have found their medical histories contaminated with false diagnosis, billings for surgeries they never had, prescriptions they never received and bogus allergies and blood type notations -all services and notations that belong to someone else -the thief! And hospitals and insurance companies face massive expenses when it comes to medical identity theft, as they are forced to write-off charges incurred by the thieves.

What to Watch For:

• When you receive a notice from your insurance company, open it immediately. If you receive any notices for treatment that you don't recognize -dispute with your insurance company. After reading these notices, make sure you shred them before throwing them in the trash. Closely review your "explanation of benefits" statements.

• Check your credit report regularly. If you find medical bills on your credit reports that you don't recognize, dispute them with the credit reporting agencies and notify your insurance company.  

• If you receive mail from hospitals where you have or haven't been a patient, don't assume that this mail is junk mail and throw it away. It could be a notice of a data breach or data theft. If you get this type of notice, you should notify the Credit reporting agencies and have fraud alerts placed on your credit file.

If you're a victim
If you think you're a victim of medical identity theft:

•Contact your health provider and your insurer. Most insurers have anti-fraud hot lines staffed by experts who can talk you through what to do. Typically, they will request a new insurance card for you and have a watch put on your old one.

•File a police report.

•Correct erroneous and false information in your file. Sending copies of a police report to insurers, providers and credit bureaus may be a step in cleaning up the problem.

•Take detailed notes. Write down the name and contact information of everyone you speak to.

Where to get help
• www.patientprivacyrights.org: Patient Privacy Rights is a nonprofit organization founded in 2004 by Deborah Peel. The organization is dedicated to ensuring Americans control all access to their health records.

• www.healthprivacy.org: This Web site has information on health privacy.

• www.hhs.gov/ocr/hipaa: The U.S. Department of Health and Human Services has information on medical privacy, including privacy provisions of the federal Health Insurance Portability and Accountability Act.

• www.worldprivacyforum.org/medicalidentitytheft.html: The World Privacy Forum offers tips about what to do if you are a victim and links to other resources.

Search this blog for More info on recent data breaches and  Medical Identity Theft

See also:

Credit Card Companies Fueling Healthcare Associated Identity Theft (HAIT) Crimes

The Better Business Bureau has issued a warning to consumers that the Better Business Online (BBO) has absolutely NOTHING to do with the Better Business Bureau.

The BBO site gives information advising consumers against most business opportunities and work-at-home offers, but then offers to sell a guide about work-at-home promotions. "The BBO has even swiped the BBB logo," the BBB says. "BBB attorneys have contacted this company. We're ticked off that somebody would steal the good name of the Better Busines Bureau to sell this kind of information."

They also released their latest product/scam warnings;

1. Cancer "cures" can bring up big bucks for shysters, the BBB reports, and to address this issue, the FDA sent warning letters to 23 U.S. companies and two foreign individuals who allegedly are marketing fraudulent claims to prevent and cure cancer.

The FDA also is warning consumers against using products like tabliets, teas, tonics, black salves and creams that are being sold online under names such as Virgin Salmon Oil, Lung Cancer Tea, Cat's Claw, Bloodroot Extract, Shark Cartilage and E-Mune, plus over 100 more.

2. Premier Credit/Premier Credit of North America operates a collection agency out of Indianapolis. Consumers are alleging harassing, and in some cases confusing phone calls by this company. Complainants have reported that Premier has stated or implied they are employed by the state or federal government. Consumers from at least eight other states, along with Indiana, have filed over 60 complaints against this company, which has the BBB's lowest rating.

3. Shopping Disbursement, Frontline Consumer Research Group, International Communications Research and United Evaluation & Marketing Services are sending letters to consumers offering employment as a mystery shopper. The consumer's first job is always to shop either Western Union or MoneyGram.

An Attica consumer received one of these letters with a $3,320 check -- which turned out to be counterfeit -- to "cover" the assignment. "This is one of the fastest growing scams around," the BBB says. "Don't fall for it. You will only lose money, not make it."

4. Kinoki Foot Pads were sold on TV claiming to "detox your body." Now they're being sold in catalogs for around $15. The BBB requested an Indiana research company to analyze these pads. The results indicate the pads are made of polyester fibers. The powder inside the pads appears to contain a mixture of natural products including insect exoskeletons, crustacean shells and hard parts of some other animals. Although the Kinoki label claims the powder contains tourmaline, none was observed in the sample analyzed.

5. Magic Jack is an Internet Service Provider advertising a free 30-day trial period. After accepting the offer, consumers allege funds were withdrawn from their accounts before the end of the trial period. Consumers also allege experiencing difficulty in contacting the company and receiving refunds. So far over 436 complaints have been filed against this West Palm Beach, Fla., company.

6. "AT&T," "Finance Central Federal" and "WIBC" are fraudsters using legitimate companies' names to call consumers saying they are either conducting surveys, or claiming to need information to reactivate credit cards. This is all about identity theft. Don't answer these questions. Just hang up.

For more info from the Better Business Bureau see the bbb.org

For more tips and scam alerts see earlier blogs on Phishing Scams and Scams.

Over the years I have heard from many consumers who mistakenly believed freecreditreport.com was the legitimate site to go to when trying to obtain their free annual credit reports.

Who wouldn't think that was the place? The commercials and catchy jingles like "F.R.E.E, that spells Free Baby" are just one of their many ads aimed at warning us to get our free credit reports implying we could then avoid identity theft. Trouble is, one, they're not free (unless you purchase their credit monitoring service) and two, credit monitoring absolutely will not stop thieves from stealing your identity!

Too bad they didn't spend a portion of the reported $70.7 million dollars they spent on major media advertising in 2007, (according to a recent NY Times article) to provide us with the available toll free number, or legitimate website, where we can actually get our "free" credit reports!

The Federal Trade Commission fined  ConsumerInfo.com, an Experian division that runs FreeCreditReport.com, saying that the advertisements  and the Web site did not have adequate disclosure and that the service (free credit report)  was not free UNLESS a consumer purchased credit monitoring services. Experian paid the F.T.C. $950,000 and had to offer refunds to certain consumers. Another $300,000.00 was paid due to violating this agreement. The Federal Trade Commission charged that ads for its "free credit report" continued to fail to disclose adequately that consumers who signed up would be automatically enrolled in a credit- monitoring program and charged $79.95. The FTC alleged that the failure to clearly disclose the enrollment and charges violated their previous settlement.

But ads still run and I haven't haven't seen any commercials or public service announcements directing consumers to the legitimate place to go get their free credit reports. Nor have I seen them advise consumers of the toll-free automated phone number that was established to allow consumers (especially those without computers) access to their free credit reports. Trouble is, not many people are aware of this phone option -or what that number is!

To order you free annual credit reports by phone dial: 877-322-8228. You can order your free credit reports from all three bureaus at once, or stagger them and order one at a time, every few months.

If ordering online...beware. One typo of the url in your browser, can cause you to be whisked off to an impostor site. Additionally, privacy experts and advocates have expressed concerns when ordering credit reports online. The websites' privacy policies are not so consumer friendly and you may be waiving rights to privacy without knowing it. There have also been reports indicating consumers have ended up inadvertently purchasing credit monitoring services, simply by clicking on a wrong link.

If you are trying to order your free credit reports at annualcreditreport.com and are asked for a credit card number, you've landed on a wrong page-back out and start over.

A NY Times article speaks more about this issue;

"The High Cost of a "Free Credit Report!

"...It's what I call a protection racket; the companies are charging you a fee and they're making a promise that it's going to improve your credit, and protect against identity theft, but in fact it does neither," said Edmund Mierzwinski, consumer program director for the United States Public Interest Research Group. "The sites are designed to trick people into taking on overpriced, useless credit monitoring, and they do so by attempting to make it appear as if you're going to get something for free."

 

For additional info...see a couple of my earlier blogs:

If F-R-E-E Spells 'Free" Why Does it Cost Money to Get That "Free" Credit Report?
 

"Free" Credit Report Sites: Worth the Real Costs?

The Associated Press says Wells Fargo & Co. is notifying some 5,000 people that their personal information might have been seen by someone using a bank access code illegally.

A bank spokeswoman said Tuesday that MicroBilt Corp., a consumer data vendor, told Wells Fargo on July 1 that there was unusual activity on one of the bank's access codes. The activity was particularly suspicious because Wells Fargo no longer uses that particular vendor for consumer information.

"We notified law enforcement right away," said Wells Fargo spokeswoman Mary Berg, adding that it appears that the unauthorized activity happened in May and June. "A full investigation is under way."

The bank is currently sending letters to the list of about 7,000 names, which will probably end up being 5,000 once the duplicates are eliminated. They are offering those individuals a free one-year membership to Identity Guard, an identity theft protection service.

The bank is also recommending that the individuals affected, most of which are not Wells Fargo customers, set up an alert with the credit bureaus and review their accounts for suspicious activity.

This breach is not the first for the San Francisco-based bank, which in 2006 experienced two separate data breach incidents.

***************************************************

Take preventative steps to guard your identity. By doing so before you are notified your information was accessed through someone's database, you will lessen the impact if the information lands in the hands of thieves. If you think your information may have been compromised, see What Should I do?

A 27 year old Illinois man laughed off repeated attempts made to steal his identity, claiming his credit rating was so bad -he didn't care.  

He claimed he had delinquent student loans, a foreclosure and credit card judgments so the thought of an identity thief wanting to steal his credit, was laughable to Jake Brown. And he's not alone, many people have that same misconception.

Jake learned why it wasn't so laughable. He found out his identity was being used for criminal activity -and that criminal activity didn't depend on or need -Jake's credit!

Criminals registered an an illegal Dutch gay porn website under his name, and soon Jake leaned learned of a subpoena from RIAA claiming he illegally uploaded "No fewer than 425,000 copyrighted songs from his Dominican Republic based server from 2003-2005. Not so laughable anymore...Read story here

************************************************************************

In the news:

recently reported data losses;

Laptops With Cable Company Workers' Data Stolen
 

GREENVILLE, S.C. -- The personal information of thousands of current and former Charter Communications employees are in the wrong hands after several laptop computers were stolen last month, the company said.

A letter sent to the affected workers said that the computers were stolen from the company's Greenville offices and contained records of more than 9,000 Charter employees nationwide.

The information included Social Security numbers, dates of birth and driver's license numbers. MORE

****************************************************

Records loss may violate U.S. law

'Total files' of patients, many with HIV and AIDS, missing

A low-level Harris County Hospital District administrator probably violated federal law when she downloaded medical and financial records for 1,200 patients with HIV, AIDS and other medical conditions onto a flash drive that later was lost or stolen, legal experts said Thursday.

District officials have refused to release any information about the employee who saved the information to the now-missing device. But a memo from the district's chief financial officer obtained by the Houston Chronicle identifies the employee as an associate administrator.

The administrator did not return an e-mail seeking comment or a telephone message left with a man who identified himself as her brother at a number listed under her name.

Fines possible

The Health Insurance Portability and Accountability Act, or HIPAA, requires health-care providers to safeguard patient records containing individually identifiable health information. The law calls for a $100 fine per violation but sets a $25,000 cap for each calendar year. The most serious violations, such as stealing information to sell it, could result in criminal prosecutions.

The federal Department of Health and Human Services fined Seattle-based Providence Health & Services $100,000 last month for allowing backup tapes, optical disks, and laptops containing unencrypted electronic protected health information to be lost or stolen in 2005 and 2006. The devices contained information about more than 386,000 patients. MORE

*********************************************************

Personal data of 380,000 welfare recipients stolen

The Ireland Department Social and Family Affairs is contacting 380,000 social welfare recipients after it emerged their personal details were stored on a laptop computer which was stolen more than a year ago.

About 100,000 of the records contained bank account details of welfare recipients.

Information relating to these welfare recipients was stored on a computer used by the Comptroller and Auditor General at a Department of Social and Family Affairs office on Dublin's Pearse Street in April 2007. MORE

Microsoft is warning Windows Live Hotmail users of a recent phishing scam that asks for the person's username, password, date of birth, and country or territory.

E-mails claim to be from the Windows Live Hotmail team, both in the signature and at the start: "This Email is from Hotmail Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety."

The e-mail typically arrives from an @hotmail.com address and has the following subject: "Hotmail Warning (Verify Your Hotmail Account now To Avoid It being Closed)."

Make sure to warn other who may received these notices and/or have Hotmail accounts. Remember any reputable company will never ask you for your personal information via an e-mail. Don't click on embedded links or dial an 800 number when asked to verify account or personal information.

Example of phishing email scam from Microsoft warning:

Dear Account User

This Email is from Hotmail Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. We are sending you this email to so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.
Due to the congestion in all Hotmail users and removal of all unused Hotmail Accounts, Hotmail would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

* Username: ..............................

* Password: ................................

* Date of Birth: ............................

* Country Or Territory: ................

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.
Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.

For additional information phishing scams see earlier blogs.

We've all heard the reports; Illegal immigration costs the country billions of dollars each year. How  much does it really cost? Two economic studies report two very different findings. Catch our show SpotLight, this Tuesday, August 12th @ 1:00 PM EDT and hear;

Part 2 of our 2 part series: The Costs of Illegal Immigration with Mike Farrell and Gordon H. Hanson

UPDATE: We are pleased to announce that Immigration Attorney Carmen Chavez will be an additional guest.

Mike Farrell, Author, Activist & Actor, best known for his eight years on M*A*S*H and five years on Providence. Mike Farrell is also a writer, Author, director and producer; co-chair emeritus of Human Rights Watch in Southern California; spokesperson for Concern America; and co-founder of Artists United to Win Without War.

Mike Farrell's book: Just Call Me Mike; A Journey To Actor and Activist

"...but I don't want to be put into somebody's category. I'd rather just talk and let whoever's listening take it in, see if it fits and figure out how they feel about it -- and maybe even why. Pigeonholing does the public's thinking for them, and kind of insults them in the process. I don't want to be part of that. Because it's been quite a trip, this journey of mine. So if someone wants to discuss -- or debate -- the issues, I'm happy to do that, but I'd rather not start off with a label that sets someone's teeth on edge.

Say I'm a "liberal" and some think they know my views on everything. They start dialing the phone or writing an angry letter without even knowing what I'll say. Or others think we agree, when we might not."

Click here to see events for Mike Farrell

Purchase book: Here

Follow Mike's daily travels on his Huffington Post tour blog!

To learn more about Mike Farrell's efforts visit mikefarrell.org

Gordon H. Hanson is the Director of the Center on Pacific Economies and Professor of Economics at UCSD, where he holds faculty positions in the Graduate School of International Relations and Pacific Studies and the Department of Economics.  Professor Hanson is co-editor of the Journal of Development Economics, a research associate at the National Bureau of Economic Research, a member of the Council on Foreign Relations, and a senior research fellow at the Bureau for Research and Economic Analysis of Development. MORE

Gordon Hanson's book: Why Does Imigration Divide America?: Public Finance And Political Opposition To Open Borders

Immigration is an issue capable of dividing otherwise like-minded people. Identify a group whose members tend to agree on political issues; liberals, conservatives, isolationists, internationalists, environmentalists, free marketers and one will tend to find that within the group there is no strong majority opinion about US immigration policy. This important new book examines how public finance shapes individual preferences towards immigration policy in the United States.

On Full Focus, Professor Gordon Hanson discussed the conclusions of a new report which says that contrary to popular belief, immigrant workers are having a positive effect on nearly all workers in the Golden State - mainly in the form of higher salaries and expanded business opportunities.

A new report from the Public Policy Institute of California or PPIC says that overall immigrant workers have helped California's economy. The study says there's no indication immigrant workers took jobs from native workers and that from 1990 to 2004 average real wages for native workers went up by 4 percent.

For more information on Professor Gordon H. Hanson and his reports visit Council on Foreign Relations, a Non-partisan Resource for Information and Analysis

Download PDF: The Economic Logic of Illegal Immigration

Carmen Chavez, Immigration Attorney and Executive Director of the Casa Cornelia Law Center  CCLC is a 501(c)(3) public interest law firm providing quality legal services to victims of human and civil rights violations. CCLC has a primary commitment to indigent persons within the immigrant community in Southern California. CCLC seeks to educate others regarding the impact of immigration law and policy on the community and the public good.

The legal services are provided by four attorneys and three Board of Immigration Appeals accredited representatives. Volunteer law clerks and interns from the community's law schools and universities support this professional staff. Community volunteers also assist with foreign language interpretation, among other services. Over fifty attorneys from the private bar also participate on a volunteer basis in our programs, providing direct legal services.

How do you think we should handle immigration reform? Listen to both part 1 & 2...and then you decide.

This hot topic was a request from our SpotLight listeners. We have opted to provide information in a fair and balanced way with two shows that include opposing economic studies and viewpoints.

Tune in for Part 2  here on Tuesday, August 12th @ 1:00 PM EDT

Show Call-in Number: (718) 664-6583 for questions or email the show questions in advance

If you miss any of our live shows, don't worry -they remain available in our archives.

If you missed part I you can find it here with all other SpotLight shows:

Do you continually run your Virus Scanner believing it keeps your computer healthy?

Virus Scanners can give you a false sense of security. They react when there is a serious indication that something bad is happening, but the trouble is, they are powerless to prevent problems from occurring in the first place. Virus scanners only have the ability to detect a virus, after you have been infected.

For many years we recommended one virus scanner as being able to detect more viruses than another. Brand A held the competition back for more than two years.  Then Brand A failed to stop the viruses.

Virus scanners are powerless to stop the virus infections, because the source of the virus may already be in your computer.  Some viruses are distributed via Email messages; this is a quick and easy method for spreading viruses quickly.  Email distribution of viruses can be sent in bulk via email (about 5 to 15 million per infected PC), and these messages may be delivered faster than virus scanners can be updated.

Another method for infecting computers is via the web.  Perhaps you (or your children, or grand children) have visited a free social networking site (Neo Pets is one that