CIMIP - Center for Identity Management and Information Protection

October 2009 News Archive

October 30, 2009

Parma: FBI seeking Ukrainians who bought illegal IDs

PARMA -- Hundreds of Ukrainian immigrants who fraudulently obtained Ohio drivers licenses in Parma are being encouraged to contact the FBI before agents come after them. full article

Reports: N. Korea behind cyberattacks on U.S.

July Web assaults caused outages of government-run sites full article

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC. full article

October 29, 2009

Farmers bank account details lost by Rural Payments Agency

Thousands of farmers' bank account details have been lost by the Rural Payments Agency (RPA) after the Government body lost two back-up tapes of confidential data belonging to all English farmers. full article

Twitter users warned about new phishing attack

Twitter warned on Wednesday about a new phishing attack in which direct messages to users link to a fake log-in page that steals passwords. full article

US-CERT warns about BlackBerry spyware app

The United States Computer Emergency Response Team (US-CERT) has flagged the release of a free BlackBerry spyware application that allows an attacker to call a user’s BlackBerry and listen to personal conversations. full article

Banking Trojan steals money from under your nose

Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn't just steal your bank log-in credentials but actually steals money from your account while you are logged in and displays a fake balance. full article

Facebook users targeted by Zeus banking Trojan

Hot on the heels of one fake Facebook email scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data. full article

Spike seen in web-based malware infections

The number of websites hosting malicious software, either intentionally or unwittingly, is rising rapidly, according to statistics to be released on Tuesday from Dasient. full article

AG orders Hollyrock owner to stop collecting personal information from IDs

UTICA, N.Y. (WKTV) - The owner of Hollyrock has been ordered by the NYS Attorney General's office to pay $5,000 and immediately stop using a scanner to retrieve personal information from patron's IDs. full article

Three accused of selling fake drivers licenses to Ukrainian immigrants out of Parma license bureau

For four years a corrupt clerk at the Parma driver's license bureau passed out licenses to illegal Ukrainian and Uzbeki immigrants, FBI agents said Thursday. full article

October 28, 2009

Targeted attacks possible in the cloud, researchers warn

Study shows how attackers can search, locate and attack specific targets in a cloud infrastructure full article

More security breaches hit midsized companies

More midsized companies are being attacked by cybercriminals at the same time they're spending less on security, says a McAfee report released Wednesday full article

IDSP Issues Report Calling for National Identity Verification Standard

WASHINGTON, Oct. 28 /PRNewswire-USNewswire/ -- The Identity Theft Prevention and Identity Management Standards Panel (IDSP) today released a workshop report calling for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. The IDSP workshop and report were driven by recognized vulnerabilities in the issuance of foundational documents used to prove identity, in particular the birth certificate. Since agencies typically rely on but do not verify birth certificates and other source credentials such as driver's licenses and Social Security cards used to establish identity, there is a loophole where identity theft and fraud can occur. full article

ID-theft defendant denies guilt: Miguel Bell seeks bail; feds resist

The alleged ringleader of a massive identity-theft ring that involved 29 others and that allegedly stole $1.3 million from the bank accounts of unsuspecting customers pleaded not guilty yesterday in federal magistrate court to conspiracy and multiple counts of bank fraud and aggravated identity theft. full article

Man Accused Of Identity Theft

KETTERING, Ohio -- A young man was arrested and accused of stealing credit card numbers and running up thousands of dollars in charges, police said. full article

Ex-state revenue employee booked with identity theft

A former state Department of Revenue employee was arrested Tuesday on charges she used stolen credit card information to buy personal items at Walmart and other stores in East Baton Rouge and Ascension parishes, Louisiana State Police said. full article

Former Fort Campbell Soldier Sentenced

Deldrick Toles Ordered To Pay $21,000 In Restitution

PADUCAH, Ky. -- A 28-year-old former Fort Campbell soldier has been sentenced to 3½ years in prison after pleading guilty to identity theft and bank fraud. full article

FDIC Warns of E-Mail Fraud

The FDIC has issued a warning today concerning the recent wave of fraudulent emails that have been sent to consumers, posing as official statements from the agency in an attempt to gain account information. The scam takes advantage of the recent rise in bank failures by using a false FDIC website link and attempting to elicit information after claiming that your bank has failed. full article

Credit cards re-issued in Finland after data breach in Spain

A credit card security breach has been uncovered in Spain that may involve up to tens of thousands of Finnish bank and credit cards. full article

DA: Nigeria scammer stole 150 IDs

As temps from hell go, officials say this one takes the cake -- and whatever mother's maiden names he can get his hands on full article

Client blows whistle on data theft in BPO

A BPO data theft came to light after a client blew the whistle on an employee of FGMB-PM Services Pvt Ltd who had sold the data to a former employee and current rival of the company full article

October 27, 2009

Rise in Halloween spam expected this week with warnings made of links sent by 'friends'

Users have been warned about Halloween-related spam as the annual horror fest approaches. full article

Guardian Jobs website hack may have been an SQL injection and not a 'sophisticated' attack

An SQL injection may have been the cause of the hacking of the Guardian's Jobs website last week. full article

Application introduced for Apple iPhone to help combat identity theft

Deepnet has announced the launch of an iPhone application to combat the growing problem of ID theft and cope with the rise in smartphone use. full article

Email leaks 350 Baptist East employee Social Security numbers

(WHAS11) - For the second time in less than a week hundreds of people in Kentuckiana are worrying about identity theft after their employer accidentally released their social security numbers. full article

October 26, 2009

Identity fraud threat after Guardan jobs site hacked

The Guardian has written half a million users of its jobs site suggesting they take action to protect themselves from identity fraud in the wake of a hacker attack. full article

Time Warner home routers still open to attack, blogger says

If you have an SMC8014 cable modem/Wi-Fi router from Time Warner your network might still be vulnerable to attack. full article

Swiss ministry says it was victim of cyber attack

Official: Attack was aimed at obtaining information on ministry’s network full article

Smartphone security threats likely to rise

Worms, spam, viruses and hackers -- they're not just for your desktop or laptop anymore. According to internet security experts they could be well on their way into your pocket or purse. full article

CalOptima says data on 68,000 members may be compromised

Plans notification after loss of disks containing the info

Computerworld - Personally identifiable information on about 68,000 members of CalOptima, a Medicaid managed care plan serving Orange County, Calif., may have been compromised after several CDs containing the information went missing earlier this month. full article

Social Security numbers of 2,920 people at UW-Madison may have been exposed

Forty computers in the UW-Madison Department of Chemistry were hacked over the course of roughly 18 months, possibly exposing the names and Social Security numbers of 2,920 people on campus. full article

October 21, 2009

Group Indicted In $1 Million Identity Theft Ring

A group of Philadelphia residents have been charged in a widespread identity theft ring used to steal over $1 million. full article

Social networks become targets for cybercrime

With millions of people using social networking sites, these virtual communities have become viable targets for cybercriminals. full article

SOCA attacks the heart of organised cyber crime

SOCA wants to hit the infrastructure of criminal enterprises and find out where they're storing data. full article

October 20, 2009

IDSP Releases Report Outlining Best Practices for Measuring Identity Theft

A new workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that key terms are defined in statute versus in practice—terms such as identity theft, identity fraud, and data breach. This potentially causes confusion in the marketplace and creates impediments to fixing the underlying problems. The publication also reviews research studies and methodologies for studying identity theft and makes best practice recommendations for how research companies should measure and report on the issues. full article

DeWitt civil liberties lawyer Bonnie Strunk charged with identity theft

DeWitt, NY -- Bonnie Strunk, Faith Seidenberg and Dr. Robert Seidenberg have made local news for decades as crusaders for civil liberties. The local chapter of the Civil Liberties Union has named an award for Faith Seidenberg. Her husband was the first male president of a local chapter of the National Organization for Women. Strunk, a one-time candidate for district attorney, has championed gay rights. full article

Iconix Settles Charges of Violating Children's Privacy Law

Iconix Brand Group, which sells clothing for children and teens under several brands, will pay a US $250,000 civil penalty to settle U.S. Federal Trade Commission charges that it violated a law prohibiting companies from collecting and using children's personal information without parental permission. full article

Privacy Still Dogs Electronic Health Records

New study highlights security shortcomings with the ways medical facilities are digitizing patients' records.

Beginning with the February economic stimulus package, the Obama administration has made it clear that the digitization of medical records is a high priority. But converting people's most sensitive personal information into the digital format inevitably brings privacy concerns in tow, and a new study has called attention to just how significant the challenge may be. full article

October 19, 2009

ChoicePoint to Pay Fine for Second Data Breach

Data broker ChoicePoint, the victim of a 2004 data breach affecting more than 160,000 U.S. residents, has agreed to strengthen its data security efforts and pay a fine for a second breach in 2008, the U.S. Federal Trade Commission said Monday. full article

Credit cards also involved in Cheers Liquor security breach

A security breach in the credit-card processing system at Cheers Liquor Mart involves both credit and debit cards and likely involves customers of dozens, if not hundreds, of financial institutions nationwide, the Colorado Springs-based retailer said today. full article

October 16, 2009

Keizer mortgage broker charged

State says the man bought two homes using clients' information

A Salem mortgage broker has been charged with using clients' personal information to purchase two homes. Julian James Ruiz III, 38, of Keizer was arraigned Thursday on charges of mortgage fraud, aggravated theft, forgery and identity theft. full article

Charges filed in rash of Thurston County thefts

Crimes: Woman suspected of directing others who burglarized cars, made fraudulent transactions

OLYMPIA - Prosecutors have filed 30 charges against an Olympia woman thought to be the ringleader of an identity-theft ring in which unlocked vehicles throughout Thurston County were burglarized, and thieves stole checks, credit cards, cash and other items. full article

Shakopee man guilty of federal identity theft, fraud charges

A 52-year-old Shakopee man pleaded guilty Friday in federal court to one count of aggravated identity theft and one count of wire fraud in connection with a scheme to defraud a loan company. full article

Lancaster police seek woman for credit card theft

Lancaster police have released surveillance photos of a woman who apparently used stolen credit cards to steal $7,500 worth of cash and prepaid credit cards three weeks ago. full article

October 15, 2009

Data on 103,000 Students Misplaced

A flash drive containing the personal information of more than 103,000 former adult education students in Virginia was misplaced last month, state education officials reported Wednesday. full article

Man arrested in identity theft to buy beauty products online

Jason Le Tran, 23, is suspected of buying $11,000 worth of Sephora products with stolen credit card information.

COSTA MESA – A Fountain Valley man suspected of stealing credit card information and buying Sephora beauty products online has been charged with grand theft and identity theft, police said. full article

October 14, 2009

Hacker pleads guilty to monster credit card theft

A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in US history pleaded guilty in a deal with prosecutors that will send him to prison for up to 25 years. full article

Yahoo settles pay-per-click fraud suit

Yahoo has settled a lawsuit over pay-per-click ads sold by Yahoo that wound up in some shady corners of the Internet. full article

£600,000 internet fraud gang faces jail

A gang of internet fraudsters was facing jail today for using a sophisticated computer virus to steal £600,000 from bank customers. full article

CSULA: Private Student Info Leaked

Los Angeles ( - The names and Social Security numbers of 82 students who took selected Cal State Los Angeles computer courses in 2002 and 2003 were inadvertently posted on a faculty member's Web site, university officials said today. full article

October 13, 2009

Three Nigerians among 5 held for fraud through fake lottery case

Five persons, including three Nigerian nationals, were arrested on Monday for allegedly duping people of lakhs of rupees after promising them that they have won online lotteries abroad. full article

International mail fraud scheme unlawfully using insurance carrier names

Ohio Department of Insurance Director Mary Jo Hudson and the Ohio Attorney General Richard Cordray have announced that they have recently learned of numerous incidents where insurance companies and consumers have been identified as victims of an international mail fraud scheme. full article

Banks report 70 percent of phishing attacks hosted offshore

Former Soviet republics responsible for most scams. full article

Fugitive busted after accepting friend request

Alleged fraudster added former Justice Department official to friends list full article

Schwarzenegger Vetoes Update to California Privacy Law

Governor Arnold Schwarzenegger has vetoed an update to California's landmark data-breach notification law, saying that the new bill would be too hard on businesses without adequately benefiting consumers. full article

Hospital Says Patient Personal Data Possibly Compromised

The hospital is trying to notify 1700 former patients, offering them free credit monitoring to those whose personal information may have been compromised.

A missing computer part, with sensitive patient credit information, is missing from Pitt County Memorial Hospital. The hospital is trying to notify 1700 former patients, offering them free credit monitoring to those whose personal information may have been compromised. full article

October 12, 2009

Identity fraud is the UK's fastest growing crime in 2009

A study published at the beginning of National Identity Fraud Prevention Week shows the scale of ID theft in the UK. Identity fraud is increasing at a rapid rate. full article

Fake veteran faces 'stolen valor' charge

Richard Strandlof said he survived the 9/11 attacks on the Pentagon. He said he survived again when a roadside bomb went off in Iraq, killing four fellow Marines. He'd point to his head and tell people he had a metal plate, collateral damage from the explosion. full article

Driver's licenses scanned in search for fugitives

FBI's use of facial-recognition technology raising privacy concerns full article

Google urges to install Android upgrade to smartphones because of DoS attacks

Last week Google made an update into its Android mobile phone software after the reports that Android based mobile devise were hit by the denial of service attacks that exploited vulnerabilities in the operation system. full article

October 10, 2009

Hacked Web mail accounts used to send spam

There has been a marked increase in the amount of spam e-mails being sent from Yahoo, Gmail, and Hotmail accounts, according to analysts at Websense Security Labs. full article

Hacked Web mail accounts used to send spam

There has been a marked increase in the amount of spam e-mails being sent from Yahoo, Gmail, and Hotmail accounts, according to analysts at Websense Security Labs. full article

October 9, 2009

Cyberthieves find workplace networks are easy pickings

It took only a modicum of skill for a cybergang to steal 94 million credit and debit card payment records from the TJX retail chain — and follow that up by hauling in 130 million records from credit card processor Heartland Payment Systems. full article

British Hacker Fails in Bid to Avoid Extradition to U.S

LONDON — A British man accused of hacking into American military computers has failed in his latest bid to avoid extradition to the U.S., his lawyer said Friday. full article

Woman charged with identity theft

A 29-year-old Woodstock woman charged with felony identity theft remained in custody Thursday on $40,000 bond. full article

Adobe exploit puts backdoor on computers

A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday. full article

October 8, 2009

F.B.I. Indicts Dozens in Online Bank Fraud

In what it is calling Operation Phish Phry, the F.B.I. began arresting 53 people on Wednesday on charges of conducting a vast financial fraud based on phishing — the act of tricking Internet users into revealing their passwords and other information. Read more…. full article

Malaysia to enforce data protection law

KUALA LUMPUR--Some eight years after it was first mooted, Malaysia's Personal Data Protection Bill will finally be tabled in parliament later this month and is expected to be in force early-2010. Read more…. full article

UK online banking fraud rockets as fraudsters get smarter

Online banking fraud in the United Kingdom jumped by 55 percent during the first six months of this year as criminals become even more sophisticated in their use of technology. Read more…. full article

October 7, 2009

Blue Cross Blue Shield Association affirms laptop breach

The Blue Cross Blue Shield Association (BCBSA) is reviewing its security practices after thieves stole an employee's computer that contained an unencrypted file with the personal information of nearly every doctor who accepts the popular health insurance plan. Read more… full article

Google Robbed By Botnet

A botnet designed to facilitate click fraud is defrauding advertisers and denying potential revenue to Google and other search engines. The "Bahama botnet," a collection of thousands of compromised computers that has been defrauding online advertisers lately, has also been stealing revenue from Google (NSDQ: GOOG). Read more….. full article

October 6, 2009

Microsoft Blocks Hacked Hotmail Accounts

Phishing scam may also have breached e-mail services offered by Google and Yahoo.

Microsoft (NSDQ: MSFT) has taken the extraordinary step of blocking all access to thousands of Hotmail e-mail accounts that were compromised as a result of massive Internet phishing scam. full article

A Look at Stolen Hotmail Data Finds Simple Passwords

1234567 may not be a very secure password, but it's popular on Hotmail. That's according to Bogdan Calin, a security researcher who got hold of 10,000 stolen Windows Live Hotmail usernames and passwords that were posted to the Web site PasteBin late last week. full article

House weighs bill protecting accidental P2P data leaks

The U.S. House Energy and Commerce Committee has passed a bill intended to prevent inadvertent disclosure of information on peer-to-peer (P2P) file-sharing programs. full article

October 5, 2009

Identity theft, lack of regulation spur home health group to require employee background checks

Amid growing concerns over safety, the Michigan Home Health Agency is developing plans to require staff qualifications, training and criminal background checks for all home-health providers in Michigan, according to local news items. full article

Protecting your rebuilt nest egg

ID theft basics for boomers

(ARA) - When the shock of shattered nest eggs eased, many Americans got down to the serious work of rebuilding their financial futures. Already, tentative predictions of improvement are replacing dire warnings of doom in headlines across the country. full article

Hackers Plan to Clobber the Cloud, Spy on Blackberries

A new era of computing is on the rise and viruses, spies and malware developers are tagging along for the ride. The new playground for hackers is "the cloud," the term for computer applications and services hosted on the Internet. Some of the devices making the cloud more popular these days are BlackBerries and other smartphones. full article

Microsoft acknowledges Windows Live ID breach

The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday. full article

Army Special Forces document leaked on P2P network

A recent breach involved a U.S. Army Special Forces document containing the names, Social Security numbers, home phone numbers and home addresses of 463 soldiers from the Third Special Forces group, based out of Fort Bragg, N.C. The document also contained names and ages of soldiers' spouses and children. full article

October 4, 2009

E-mail error sends out students' Social Security numbers

Suffolk Community College has agreed to pay a company for the next year to monitor the credit of 300 students whose last names and Social Security numbers were mistakenly listed in an attachment to an e-mail sent to those students last month. full article

October 3, 2009

Blue Cross physicians warned of data breach

Stolen laptop had doctors’ tax IDs

The largest health insurer in Massachusetts is warning roughly 39,000 physicians and other health care providers in the state that personal information, including Social Security numbers, may have been compromised after a laptop containing the data was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago. full article

October 2, 2009

Beware Hijacked Social Networking Accounts, FBI Warns

Social networking sites are becoming a more popular attack vector for cybercriminals because people trust those they believe to be friends.

Think twice before wiring money to help a Facebook friend who claims to be in trouble in a foreign country. Marking the commencement of National Cybersecurity Awareness Month, the Federal Bureau of Investigation (FBI) on Thursday warned that there's been an increase in hijacked social networking accounts and that cybercriminals are using these accounts to defraud victims' friends. full article

October 1, 2009

Payroll services firm PayChoice breached

Hackers recently launched a sophisticated scam in which they breached a payroll services vendor and used the information obtained to craft targeted messages aimed at getting customers to download an information stealing trojan. full article

Facebook Hit with New Spyware Scam

Hackers bypassed the social networking site's captchas to create new accounts at will.

Facebook on Thursday was hit with yet another spyware attack. This time hackers managed to crack the security captchas -- the words or letter combinations that users are asked to retype when registering -- to create new Facebook accounts designed to steal users' account and personal information. full article

DHS to hire up to 1,000 cybersecurity experts

The U.S. Department of Homeland Security plans to hire up to 1,000 people to fill cybersecurity jobs across the agency, Secretary Janet Napolitano announced Thursday. full article

Dumpsters: Easy Cash for Identity Thieves

Paper breaches year-to-date 2009 jumped to more than 25% of the total reported breaches tracked by the Identity Theft Resource Center (ITRC). This compares to 17.7% reported for the year 2008. As of September 30th, 99 paper breaches have been documented on the ITRC breach list compared to the total of 116 for the entire 2008 year. The business community accounted for 35 of the 99 total public paper breaches reported. Banking/Financial and Educational entities had the fewest paper breaches to date. full article

Express Scripts data breach may have hit 700,000 victims

Last year's data breach of St. Louis-based Express Scripts may be more serious than initially believed. full article

Suspected Identity Theft Ring Leader Arrested

SEMINOLE COUNTY, Fla. -- A Seminole County man was arrested Wednesday night for allegedly stealing mail and using that information to make fake I.D.s and checks. The suspect faced a judge Thursday who set a $20,000 bond. full article

Three Charged in Access Device Fraud and Identity Theft Conspiracy

United States Attorney Michael L. Levy today announced the filing of an Indictment1 against Michael D. Lewis, Cantrell Fletcher, a/k/a “Man Man,” and Keith Pearsall, a/k/a “Goat,” charging that from December 2007 through May 2009, they participated in a conspiracy to steal credit and debit card numbers and use them to buy things of value. full article


Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
Utica College
1600 Burrstone Road
Utica, NY 13502