Sunday, November 2, 2008

Un-Common Knowledge

Ok, here is a test for you.
What do the Division of Motor Vehicles Colorado, the University of Utah Hospitals and Clinics in Salt Lake, Monster.com, the University of Miami and Fidelity National Information Services all have in common? (Hint: Think TJ Maxx) Give up?
Answer: Each was the victim of a data security breach that resulted in the exposure of over 2 Million computer records which contained confidential, non-public, private information.

In the case of Fidelity the total number of computer records exposed exceeded 8.5 million! You can monitor the events yourself the Privacy Rights Clearinghouse where you will find a frightening amount of information. Just yesterday, November 1st, 2008, privacyrights.org reported that the Seattle Washington School District released 5000 social security numbers to a local union representing some of the district workers. More than half of the district's workers were affected by leak. No wonder that the FBI and the National White Collar Crime Center saw Americans report losses of $239 million as a result of online fraud.

Don't assume that an "identity thief" is a "hacker" in the computer crime underworld. The "identity thief" may simply obtain the information from a source and then sell the information. However, "identity thieves" are now recruiting "hackers" to obtain access to electronic databases which contain the most choice data. The trafficing of stolen data is a quick operation. The hard earned reputation, financial & banking records as well as personal information such as age, marital status, and children's names can all be sold for a few dollars each. Think about that. If 2 million records are stolen and sold for $2 per record, the "ID Thief" has made a cool $4 million off of what took you years of honest hard work to create. The same technology used to steal your information is often used to sell your information. Your data is often sold through large instant-message groups or via online auctions, both of which may only exist for a few hours or days to avoid detection by authorities.

Here are a few tips that may alert you that your credit information has been compromised.

1) When ever possible go "paperless". You simply receive an email stating that your statement is available online for viewing and you can pay electronically too.

2) If you can't go paperless and you have a mailbox on the curb that anyone can walk by and open, consider getting a PO Box or a lockable mailbox. It is real easy for a thief to simply take a credit card statement containing most of the info they need out of the box on the curb.

3) Monitor your statements. Did you really put $2 worth of gas in the car? One of the ways thieves validate that a stolen card is still active is to charge a very small amount and if the transaction goes through they know that the card is still good.

4) Be alert to creditors calling to verify a telephone number! Creditors performing information verification often call telephone numbers associated with credit applications. The 3 big agencies are not offended when you question why the information is needed. Thieves often take personal information and attempt to open "business accounts" which makes the transaction more difficult to trace.

5) And last but not least, your Social Security Card (and number) should only be used for tax purposes. Says so right on the card. Do not use for ID.

Your social security number is not "required" for anything else under the law. It serves one purpose, to associate your earnings with your taxes. Banks, insurance companies, and others are required by law to use alternative photo ID cards. If the person or company won't do business without your Social Security number, ask to borrow their telephone, and call the local Social Security office and report the company. Then take your business someplace else!
Copyright 2008 - Kevin M Nixon. All Rights Reserved.

3 comments:

Anonymous said...

what would you say about this on UC Davis's web site when registering for a class: "UC Davis Extension is required by federal law to report your Social Security Number (SSN) and other pertinent information to the Internal Revenue Service pursuant to the reporting requirements imposed by the Taxpayer Relief Act of 1997. UC Davis Extension also will use the SSN you provide to verify your identity. SSN disclosure is mandatory. This notification is provided to you as required by the Federal Privacy Act of 1974."

Kevin M Nixon (aka, Sandman) said...

Would the commentor please email me a few details about this report. Please send to kmnixon@gmail.com. We intend to fully investigate the issues you raise and will post our findings, results and any actions.

A few questions to help:

1) Is the person attending UC Davis receiving any scholarship money, grants or any other type of financial assistance from the University(any form of assistance from the school or alumni or campus group directly associated with the University)?

2) Is the person attending UC Davis receiving any Federal Assistance in the for of a school loan, the Military or any other Federally funded program?

3) Is the person attending UC Davis simply enrolling in an additional class, where the University may already have the person's protected private data already on file?

4) What is the exact URL address of the page that the notice quoted was displayed? Please copy the entire URL from the address line after landing on the page and the page has fully loaded.

5) Is a profile required to be completed that is stored on the University's Network?

6) Does the system require a person accessing the system, where the issue you pointed out is located, require any form of Identification and authentication (i.e., userid and password)?

I think those are all my questions. Hopefully, the commentor will feel comfortable with emailing me the information. I DO NOT want to receive the person's user ID or Password. If the information I am requesting resides on pages behind a login page, please use the following steps. Enlarge the Browser Window to Full Screen and then press CTRL-Print Screen, The an image of the complete screen will be placed onto the clipboard. Then in Windows, go to START, Programs, Accessories and click on Windows Paint. When the blank canvas opens, click on the canvast to place the cursor in position, and the PASTE the image from the clipboard into Paint. Be sure to use the FILE AS selection to Save the document (any format provided by the application is fine with me) then save to your desktop and include the Image as an attachment to your email. If there are several pages that worry you please don't hesitate to send them as well.

Data Protection and Education is one of the things I believe very strongly about. Everyone should feel free to send websites that they are worried about and I will be happy to investigate and reply both personally and incorporate general data about your sighting in the blog.

For anyone interested on learning about "Two Factor Authentication" you may view a very instructional 3 minute video at ZDNet, The link to the streaming video is: http://news.zdnet.com/2036-2_22-6158972.html

Thank you and I sincerely hope to hear more via my email.

Sandman

Anonymous said...

Kevin, missed that you'd posted these questions. This was awhile ago, but I commented because I was impressed with the finality of UC Davis's assertions. If you go to the UC Davis web site and click to register for a class online, this is what they ask of you and these are the words they use to justify the request. So, you can't even register unless you agree. There's no declaration that you are using any Federal benefits of any kind. However, I would add, that I've read and heard convincing arguments that anyone with a Social Security number has already agreed, by implicit contract with the Federal Gov't, that they are receiving (or are entitled to receive) a benefit for which they therefore owe certain duties. Many of these duties involve the surrender of Constitutionally protected rights (privacy, wage ownership, property ownership, etc.). This is illegal, of course, but who's going to be able to fight it now? The entrenchment of this misunderstanding has become, by default, a defacto common law imposed upon the foundational law of the country. I think they are able to treat you differently than a true citizen of the republic if you have an ss# based on your status under the implicit contract of acquiring the ss#. Nevertheless, UC Davis is making no distinction whatsoever as to the jurisdictional quality of the registrant. Perhaps you can simply say "no," but can't they then also say "then you can't apply?" And how would one successfully and cheaply fight that? They undoubtedly receive federal money, so they are required and empowered to make that demand (where there's a benefit, there's a duty). Indeed, why would you fight it? It's only paperwork. Right? Here's the link: https://extension.ucdavis.edu/apps/waiting_list/?prgList=WAP&unit=WINE&count=1&action=add&item=144453

Powered By Blogger