[Dataloss] CA: Identity Thefts Traced to Graduate Healthcare

Arshad Noor arshad.noor at strongauth.com
Tue Jun 3 23:37:50 UTC 2008

Its interesting that identity thieves are taking the theft of personal
information to new levels - filing IRS tax returns in the names of the
victims for tax refunds!  This is the result when business processes
(eFiling) are modified to take advantage of electronic efficiency
without taking security into consideration.

There are thousands of such business processes waiting to be exploited
IMO - credit card numbers are just the tip of the iceberg.  What makes
this especially problematic is that most business processes are not as
standardized as credit card processing, and consequently have many more
vulnerabilities due to their variability.

Companies and government agencies are well advised to start reviewing
their business processes for security - specifically authenticity and
integrity - before issuing any money or benefits.  However, this is
easier said than done - business people and management consultants
don't know enough about security, while security consultants don't know
enough about business processes.  Attackers will be sure to exploit this
gap for some time to come.

Arshad Noor
StrongAuth, Inc.

Michael Hill, CITRMS wrote:
> http://www.newuniversity.org/main/article?slug=identity_thefts_traced_to156
> United Healthcare, the provider for UCI’s Graduate Student Health 
> Insurance Program, admitted that it was the source of identity thefts of 
> past and present UCI graduate and medical students on Wednesday, May 28.
> Beginning in February, UC Irvine graduate students who attempted to 
> submit income tax returns electronically were informed by the IRS that 
> their had already been filed, provoking complaints to the UCI Police 
> Department to solve the identity thefts. To date, all 155 reported 
> victims were participants in UCI’s Graduate Student Health Insurance 
> Program.
> UCI is currently making efforts to provide identity theft victims with 
> sufficient information to solve the problems caused by the situation. 
> UCIPD sent out the first crime alert on March 20 and has released 
> periodic updates with more information. In addition, affected students 
> will also be provided a guide to prevent identity theft and fraud in the 
> future.
> Administration has assured students that data security is their top 
> priority. IT security teams meet regularly in discussion of security 
> problems and practices. UCI’s computer safety Web site, located at 
> security.uci.edu, provides students with information on how to protect 
> their computers from cyber attacks. The site also discusses recent 
> security concerns and email scams.
> UCI’s financial aid office has set up emergency loans available to 
> victims of identity theft whose delay in receiving their income tax 
> refund has affected their financial status.
> [...]

More information about the Dataloss mailing list