CIMIP - Center for Identity Management and Information Protection

October 2009 News Archive



October 30, 2009


Parma: FBI seeking Ukrainians who bought illegal IDs



PARMA -- Hundreds of Ukrainian immigrants who fraudulently obtained Ohio drivers licenses in Parma are being encouraged to contact the FBI before agents come after them. ...read full article

Reports: N. Korea behind cyberattacks on U.S.


July Web assaults caused outages of government-run sites


...read full article

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule



At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC. ...read full article


October 29, 2009


Farmers bank account details lost by Rural Payments Agency



Thousands of farmers' bank account details have been lost by the Rural Payments Agency (RPA) after the Government body lost two back-up tapes of confidential data belonging to all English farmers. ...read full article

Twitter users warned about new phishing attack



Twitter warned on Wednesday about a new phishing attack in which direct messages to users link to a fake log-in page that steals passwords. ...read full article

US-CERT warns about BlackBerry spyware app



The United States Computer Emergency Response Team (US-CERT) has flagged the release of a free BlackBerry spyware application that allows an attacker to call a user’s BlackBerry and listen to personal conversations. ...read full article

Banking Trojan steals money from under your nose



Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn't just steal your bank log-in credentials but actually steals money from your account while you are logged in and displays a fake balance. ...read full article

Facebook users targeted by Zeus banking Trojan



Hot on the heels of one fake Facebook email scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data. ...read full article

Spike seen in web-based malware infections



The number of websites hosting malicious software, either intentionally or unwittingly, is rising rapidly, according to statistics to be released on Tuesday from Dasient. ...read full article

AG orders Hollyrock owner to stop collecting personal information from IDs



UTICA, N.Y. (WKTV) - The owner of Hollyrock has been ordered by the NYS Attorney General's office to pay $5,000 and immediately stop using a scanner to retrieve personal information from patron's IDs. ...read full article

Three accused of selling fake drivers licenses to Ukrainian immigrants out of Parma license bureau



For four years a corrupt clerk at the Parma driver's license bureau passed out licenses to illegal Ukrainian and Uzbeki immigrants, FBI agents said Thursday. ...read full article


October 28, 2009


Targeted attacks possible in the cloud, researchers warn



Study shows how attackers can search, locate and attack specific targets in a cloud infrastructure ...read full article

More security breaches hit midsized companies



More midsized companies are being attacked by cybercriminals at the same time they're spending less on security, says a McAfee report released Wednesday ...read full article

IDSP Issues Report Calling for National Identity Verification Standard



WASHINGTON, Oct. 28 /PRNewswire-USNewswire/ -- The Identity Theft Prevention and Identity Management Standards Panel (IDSP) today released a workshop report calling for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. The IDSP workshop and report were driven by recognized vulnerabilities in the issuance of foundational documents used to prove identity, in particular the birth certificate. Since agencies typically rely on but do not verify birth certificates and other source credentials such as driver's licenses and Social Security cards used to establish identity, there is a loophole where identity theft and fraud can occur. ...read full article

ID-theft defendant denies guilt: Miguel Bell seeks bail; feds resist



The alleged ringleader of a massive identity-theft ring that involved 29 others and that allegedly stole $1.3 million from the bank accounts of unsuspecting customers pleaded not guilty yesterday in federal magistrate court to conspiracy and multiple counts of bank fraud and aggravated identity theft. ...read full article

Man Accused Of Identity Theft



KETTERING, Ohio -- A young man was arrested and accused of stealing credit card numbers and running up thousands of dollars in charges, police said. ...read full article

Ex-state revenue employee booked with identity theft



A former state Department of Revenue employee was arrested Tuesday on charges she used stolen credit card information to buy personal items at Walmart and other stores in East Baton Rouge and Ascension parishes, Louisiana State Police said. ...read full article

Former Fort Campbell Soldier Sentenced


Deldrick Toles Ordered To Pay $21,000 In Restitution


PADUCAH, Ky. -- A 28-year-old former Fort Campbell soldier has been sentenced to 3½ years in prison after pleading guilty to identity theft and bank fraud. ...read full article

FDIC Warns of E-Mail Fraud



The FDIC has issued a warning today concerning the recent wave of fraudulent emails that have been sent to consumers, posing as official statements from the agency in an attempt to gain account information. The scam takes advantage of the recent rise in bank failures by using a false FDIC website link and attempting to elicit information after claiming that your bank has failed. ...read full article

Credit cards re-issued in Finland after data breach in Spain



A credit card security breach has been uncovered in Spain that may involve up to tens of thousands of Finnish bank and credit cards. ...read full article

DA: Nigeria scammer stole 150 IDs



As temps from hell go, officials say this one takes the cake -- and whatever mother's maiden names he can get his hands on ...read full article

Client blows whistle on data theft in BPO



A BPO data theft came to light after a client blew the whistle on an employee of FGMB-PM Services Pvt Ltd who had sold the data to a former employee and current rival of the company ...read full article


October 27, 2009


Rise in Halloween spam expected this week with warnings made of links sent by 'friends'



Users have been warned about Halloween-related spam as the annual horror fest approaches. ...read full article

Guardian Jobs website hack may have been an SQL injection and not a 'sophisticated' attack



An SQL injection may have been the cause of the hacking of the Guardian's Jobs website last week. ...read full article

Application introduced for Apple iPhone to help combat identity theft



Deepnet has announced the launch of an iPhone application to combat the growing problem of ID theft and cope with the rise in smartphone use. ...read full article

Email leaks 350 Baptist East employee Social Security numbers



(WHAS11) - For the second time in less than a week hundreds of people in Kentuckiana are worrying about identity theft after their employer accidentally released their social security numbers. ...read full article


October 26, 2009


Identity fraud threat after Guardan jobs site hacked



The Guardian has written half a million users of its jobs site suggesting they take action to protect themselves from identity fraud in the wake of a hacker attack. ...read full article

Time Warner home routers still open to attack, blogger says



If you have an SMC8014 cable modem/Wi-Fi router from Time Warner your network might still be vulnerable to attack. ...read full article

Swiss ministry says it was victim of cyber attack



Official: Attack was aimed at obtaining information on ministry’s network ...read full article

Smartphone security threats likely to rise



Worms, spam, viruses and hackers -- they're not just for your desktop or laptop anymore. According to internet security experts they could be well on their way into your pocket or purse. ...read full article

CalOptima says data on 68,000 members may be compromised


Plans notification after loss of disks containing the info


Computerworld - Personally identifiable information on about 68,000 members of CalOptima, a Medicaid managed care plan serving Orange County, Calif., may have been compromised after several CDs containing the information went missing earlier this month. ...read full article

Social Security numbers of 2,920 people at UW-Madison may have been exposed



Forty computers in the UW-Madison Department of Chemistry were hacked over the course of roughly 18 months, possibly exposing the names and Social Security numbers of 2,920 people on campus. ...read full article


October 21, 2009


Group Indicted In $1 Million Identity Theft Ring



A group of Philadelphia residents have been charged in a widespread identity theft ring used to steal over $1 million. ...read full article

Social networks become targets for cybercrime



With millions of people using social networking sites, these virtual communities have become viable targets for cybercriminals. ...read full article

SOCA attacks the heart of organised cyber crime



SOCA wants to hit the infrastructure of criminal enterprises and find out where they're storing data. ...read full article


October 20, 2009


IDSP Releases Report Outlining Best Practices for Measuring Identity Theft



A new workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that key terms are defined in statute versus in practice—terms such as identity theft, identity fraud, and data breach. This potentially causes confusion in the marketplace and creates impediments to fixing the underlying problems. The publication also reviews research studies and methodologies for studying identity theft and makes best practice recommendations for how research companies should measure and report on the issues. ...read full article

DeWitt civil liberties lawyer Bonnie Strunk charged with identity theft



DeWitt, NY -- Bonnie Strunk, Faith Seidenberg and Dr. Robert Seidenberg have made local news for decades as crusaders for civil liberties. The local chapter of the Civil Liberties Union has named an award for Faith Seidenberg. Her husband was the first male president of a local chapter of the National Organization for Women. Strunk, a one-time candidate for district attorney, has championed gay rights. ...read full article

Iconix Settles Charges of Violating Children's Privacy Law



Iconix Brand Group, which sells clothing for children and teens under several brands, will pay a US $250,000 civil penalty to settle U.S. Federal Trade Commission charges that it violated a law prohibiting companies from collecting and using children's personal information without parental permission. ...read full article

Privacy Still Dogs Electronic Health Records


New study highlights security shortcomings with the ways medical facilities are digitizing patients' records.


Beginning with the February economic stimulus package, the Obama administration has made it clear that the digitization of medical records is a high priority. But converting people's most sensitive personal information into the digital format inevitably brings privacy concerns in tow, and a new study has called attention to just how significant the challenge may be. ...read full article


October 19, 2009


ChoicePoint to Pay Fine for Second Data Breach



Data broker ChoicePoint, the victim of a 2004 data breach affecting more than 160,000 U.S. residents, has agreed to strengthen its data security efforts and pay a fine for a second breach in 2008, the U.S. Federal Trade Commission said Monday. ...read full article

Credit cards also involved in Cheers Liquor security breach



A security breach in the credit-card processing system at Cheers Liquor Mart involves both credit and debit cards and likely involves customers of dozens, if not hundreds, of financial institutions nationwide, the Colorado Springs-based retailer said today. ...read full article


October 16, 2009


Keizer mortgage broker charged


State says the man bought two homes using clients' information


A Salem mortgage broker has been charged with using clients' personal information to purchase two homes. Julian James Ruiz III, 38, of Keizer was arraigned Thursday on charges of mortgage fraud, aggravated theft, forgery and identity theft. ...read full article

Charges filed in rash of Thurston County thefts


Crimes: Woman suspected of directing others who burglarized cars, made fraudulent transactions


OLYMPIA - Prosecutors have filed 30 charges against an Olympia woman thought to be the ringleader of an identity-theft ring in which unlocked vehicles throughout Thurston County were burglarized, and thieves stole checks, credit cards, cash and other items. ...read full article

Shakopee man guilty of federal identity theft, fraud charges



A 52-year-old Shakopee man pleaded guilty Friday in federal court to one count of aggravated identity theft and one count of wire fraud in connection with a scheme to defraud a loan company. ...read full article

Lancaster police seek woman for credit card theft



Lancaster police have released surveillance photos of a woman who apparently used stolen credit cards to steal $7,500 worth of cash and prepaid credit cards three weeks ago. ...read full article


October 15, 2009


Data on 103,000 Students Misplaced



A flash drive containing the personal information of more than 103,000 former adult education students in Virginia was misplaced last month, state education officials reported Wednesday. ...read full article

Man arrested in identity theft to buy beauty products online


Jason Le Tran, 23, is suspected of buying $11,000 worth of Sephora products with stolen credit card information.


COSTA MESA – A Fountain Valley man suspected of stealing credit card information and buying Sephora beauty products online has been charged with grand theft and identity theft, police said. ...read full article


October 14, 2009


Hacker pleads guilty to monster credit card theft



A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in US history pleaded guilty in a deal with prosecutors that will send him to prison for up to 25 years. ...read full article

Yahoo settles pay-per-click fraud suit



Yahoo has settled a lawsuit over pay-per-click ads sold by Yahoo that wound up in some shady corners of the Internet. ...read full article

£600,000 internet fraud gang faces jail



A gang of internet fraudsters was facing jail today for using a sophisticated computer virus to steal £600,000 from bank customers. ...read full article

CSULA: Private Student Info Leaked



Los Angeles (myFOXla.com) - The names and Social Security numbers of 82 students who took selected Cal State Los Angeles computer courses in 2002 and 2003 were inadvertently posted on a faculty member's Web site, university officials said today. ...read full article


October 13, 2009


Three Nigerians among 5 held for fraud through fake lottery case



Five persons, including three Nigerian nationals, were arrested on Monday for allegedly duping people of lakhs of rupees after promising them that they have won online lotteries abroad. ...read full article

International mail fraud scheme unlawfully using insurance carrier names



Ohio Department of Insurance Director Mary Jo Hudson and the Ohio Attorney General Richard Cordray have announced that they have recently learned of numerous incidents where insurance companies and consumers have been identified as victims of an international mail fraud scheme. ...read full article

Banks report 70 percent of phishing attacks hosted offshore



Former Soviet republics responsible for most scams. ...read full article

Fugitive busted after accepting friend request



Alleged fraudster added former Justice Department official to friends list ...read full article

Schwarzenegger Vetoes Update to California Privacy Law



Governor Arnold Schwarzenegger has vetoed an update to California's landmark data-breach notification law, saying that the new bill would be too hard on businesses without adequately benefiting consumers. ...read full article

Hospital Says Patient Personal Data Possibly Compromised


The hospital is trying to notify 1700 former patients, offering them free credit monitoring to those whose personal information may have been compromised.


A missing computer part, with sensitive patient credit information, is missing from Pitt County Memorial Hospital. The hospital is trying to notify 1700 former patients, offering them free credit monitoring to those whose personal information may have been compromised. ...read full article


October 12, 2009


Identity fraud is the UK's fastest growing crime in 2009



A study published at the beginning of National Identity Fraud Prevention Week shows the scale of ID theft in the UK. Identity fraud is increasing at a rapid rate. ...read full article

Fake veteran faces 'stolen valor' charge



Richard Strandlof said he survived the 9/11 attacks on the Pentagon. He said he survived again when a roadside bomb went off in Iraq, killing four fellow Marines. He'd point to his head and tell people he had a metal plate, collateral damage from the explosion. ...read full article

Driver's licenses scanned in search for fugitives



FBI's use of facial-recognition technology raising privacy concerns ...read full article

Google urges to install Android upgrade to smartphones because of DoS attacks



Last week Google made an update into its Android mobile phone software after the reports that Android based mobile devise were hit by the denial of service attacks that exploited vulnerabilities in the operation system. ...read full article


October 10, 2009


Hacked Web mail accounts used to send spam



There has been a marked increase in the amount of spam e-mails being sent from Yahoo, Gmail, and Hotmail accounts, according to analysts at Websense Security Labs. ...read full article

Hacked Web mail accounts used to send spam



There has been a marked increase in the amount of spam e-mails being sent from Yahoo, Gmail, and Hotmail accounts, according to analysts at Websense Security Labs. ...read full article


October 9, 2009


Cyberthieves find workplace networks are easy pickings



It took only a modicum of skill for a cybergang to steal 94 million credit and debit card payment records from the TJX retail chain — and follow that up by hauling in 130 million records from credit card processor Heartland Payment Systems. ...read full article

British Hacker Fails in Bid to Avoid Extradition to U.S



LONDON — A British man accused of hacking into American military computers has failed in his latest bid to avoid extradition to the U.S., his lawyer said Friday. ...read full article

Woman charged with identity theft



A 29-year-old Woodstock woman charged with felony identity theft remained in custody Thursday on $40,000 bond. ...read full article

Adobe exploit puts backdoor on computers



A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday. ...read full article


October 8, 2009


F.B.I. Indicts Dozens in Online Bank Fraud



In what it is calling Operation Phish Phry, the F.B.I. began arresting 53 people on Wednesday on charges of conducting a vast financial fraud based on phishing — the act of tricking Internet users into revealing their passwords and other information. Read more…. ...read full article

Malaysia to enforce data protection law



KUALA LUMPUR--Some eight years after it was first mooted, Malaysia's Personal Data Protection Bill will finally be tabled in parliament later this month and is expected to be in force early-2010. Read more…. ...read full article

UK online banking fraud rockets as fraudsters get smarter



Online banking fraud in the United Kingdom jumped by 55 percent during the first six months of this year as criminals become even more sophisticated in their use of technology. Read more…. ...read full article


October 7, 2009


Blue Cross Blue Shield Association affirms laptop breach



The Blue Cross Blue Shield Association (BCBSA) is reviewing its security practices after thieves stole an employee's computer that contained an unencrypted file with the personal information of nearly every doctor who accepts the popular health insurance plan. Read more… ...read full article

Google Robbed By Botnet



A botnet designed to facilitate click fraud is defrauding advertisers and denying potential revenue to Google and other search engines. The "Bahama botnet," a collection of thousands of compromised computers that has been defrauding online advertisers lately, has also been stealing revenue from Google (NSDQ: GOOG). Read more….. ...read full article


October 6, 2009


Microsoft Blocks Hacked Hotmail Accounts


Phishing scam may also have breached e-mail services offered by Google and Yahoo.


Microsoft (NSDQ: MSFT) has taken the extraordinary step of blocking all access to thousands of Hotmail e-mail accounts that were compromised as a result of massive Internet phishing scam. ...read full article

A Look at Stolen Hotmail Data Finds Simple Passwords



1234567 may not be a very secure password, but it's popular on Hotmail. That's according to Bogdan Calin, a security researcher who got hold of 10,000 stolen Windows Live Hotmail usernames and passwords that were posted to the Web site PasteBin late last week. ...read full article

House weighs bill protecting accidental P2P data leaks



The U.S. House Energy and Commerce Committee has passed a bill intended to prevent inadvertent disclosure of information on peer-to-peer (P2P) file-sharing programs. ...read full article


October 5, 2009


Identity theft, lack of regulation spur home health group to require employee background checks



Amid growing concerns over safety, the Michigan Home Health Agency is developing plans to require staff qualifications, training and criminal background checks for all home-health providers in Michigan, according to local news items. ...read full article

Protecting your rebuilt nest egg


ID theft basics for boomers


(ARA) - When the shock of shattered nest eggs eased, many Americans got down to the serious work of rebuilding their financial futures. Already, tentative predictions of improvement are replacing dire warnings of doom in headlines across the country. ...read full article

Hackers Plan to Clobber the Cloud, Spy on Blackberries



A new era of computing is on the rise and viruses, spies and malware developers are tagging along for the ride. The new playground for hackers is "the cloud," the term for computer applications and services hosted on the Internet. Some of the devices making the cloud more popular these days are BlackBerries and other smartphones. ...read full article

Microsoft acknowledges Windows Live ID breach



The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday. ...read full article

Army Special Forces document leaked on P2P network



A recent breach involved a U.S. Army Special Forces document containing the names, Social Security numbers, home phone numbers and home addresses of 463 soldiers from the Third Special Forces group, based out of Fort Bragg, N.C. The document also contained names and ages of soldiers' spouses and children. ...read full article


October 4, 2009


E-mail error sends out students' Social Security numbers



Suffolk Community College has agreed to pay a company for the next year to monitor the credit of 300 students whose last names and Social Security numbers were mistakenly listed in an attachment to an e-mail sent to those students last month. ...read full article


October 3, 2009


Blue Cross physicians warned of data breach


Stolen laptop had doctors’ tax IDs


The largest health insurer in Massachusetts is warning roughly 39,000 physicians and other health care providers in the state that personal information, including Social Security numbers, may have been compromised after a laptop containing the data was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago. ...read full article


October 2, 2009


Beware Hijacked Social Networking Accounts, FBI Warns


Social networking sites are becoming a more popular attack vector for cybercriminals because people trust those they believe to be friends.


Think twice before wiring money to help a Facebook friend who claims to be in trouble in a foreign country. Marking the commencement of National Cybersecurity Awareness Month, the Federal Bureau of Investigation (FBI) on Thursday warned that there's been an increase in hijacked social networking accounts and that cybercriminals are using these accounts to defraud victims' friends. ...read full article


October 1, 2009


Payroll services firm PayChoice breached



Hackers recently launched a sophisticated scam in which they breached a payroll services vendor and used the information obtained to craft targeted messages aimed at getting customers to download an information stealing trojan. ...read full article

Facebook Hit with New Spyware Scam


Hackers bypassed the social networking site's captchas to create new accounts at will.


Facebook on Thursday was hit with yet another spyware attack. This time hackers managed to crack the security captchas -- the words or letter combinations that users are asked to retype when registering -- to create new Facebook accounts designed to steal users' account and personal information. ...read full article

DHS to hire up to 1,000 cybersecurity experts



The U.S. Department of Homeland Security plans to hire up to 1,000 people to fill cybersecurity jobs across the agency, Secretary Janet Napolitano announced Thursday. ...read full article

Dumpsters: Easy Cash for Identity Thieves



Paper breaches year-to-date 2009 jumped to more than 25% of the total reported breaches tracked by the Identity Theft Resource Center (ITRC). This compares to 17.7% reported for the year 2008. As of September 30th, 99 paper breaches have been documented on the ITRC breach list compared to the total of 116 for the entire 2008 year. The business community accounted for 35 of the 99 total public paper breaches reported. Banking/Financial and Educational entities had the fewest paper breaches to date. ...read full article

Express Scripts data breach may have hit 700,000 victims



Last year's data breach of St. Louis-based Express Scripts may be more serious than initially believed. ...read full article

Suspected Identity Theft Ring Leader Arrested



SEMINOLE COUNTY, Fla. -- A Seminole County man was arrested Wednesday night for allegedly stealing mail and using that information to make fake I.D.s and checks. The suspect faced a judge Thursday who set a $20,000 bond. ...read full article

Three Charged in Access Device Fraud and Identity Theft Conspiracy



United States Attorney Michael L. Levy today announced the filing of an Indictment1 against Michael D. Lewis, Cantrell Fletcher, a/k/a “Man Man,” and Keith Pearsall, a/k/a “Goat,” charging that from December 2007 through May 2009, they participated in a conspiracy to steal credit and debit card numbers and use them to buy things of value. ...read full article


 

Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
315.792.3231
drebovich@utica.edu
Utica College
1600 Burrstone Road
Utica, NY 13502