[Dataloss] Police tips for Breach prevention
George Toft
george at myitaz.com
Tue Sep 5 10:38:28 EDT 2006
New York Times coverage about what's happening in the ID Theft Capitol -
Phoenix:
http://www.nytimes.com/national/nationalspecial2/index.html
This is their main page with many articles. Some interesting numbers
they toss out:
- 1 in 20 working adults are using fake SSN's
- 1 in 6 adults in Phoenix have had their ID stolen.
(I'm still not sure they really mean had their personal information
stolen - there is a bit of a difference.)
- Much of the information is stolen by meth addicts.
[George's comment: I tried to reproduce the Scottsdale meth addict's ID
information farming technique by looking up my own information on the
County Recorder's web site. All the images with my signature and
account information were unavailable, so it looks like Maricopa County
made it more difficult as a result of this story. I wonder if I can
still purchase official copies of the documents for a nominal charge?
Of course it might be a little suspicious if I purchased 1000 copies -
maybe this is the deterrent?]
They draw some interesting conclusions:
- The IRS has the capability to identify the stolen SSN's but chooses
not to pursue it.
- The SSA also has this capability, but chooses not to as collecting SS
tax revenue from illegals is money that never has to be repaid. It's a
free subsidy.
[George's comment: A simple database query on the order of "select all
SSN's with birth dates less than 16 years ago and having more than $1 of
reported income" would be really easy to do. However, with 5% of the
workforce working under fake ID's, paying taxes, and spending their
money in *this* country, what incentive is there for the government to
do anything about it? Why would they spend money (tracking down and
deporting illegals) to reduce tax revenue? I went to a workforce
development presentation in Tempe last week, and they claim that by
2010, there will be a shortage of 10 million *skilled* workers in the
US. Again, what is the incentive to stop this problem?]
Living in Phoenix, I can vouch for most of what these articles are
pointing out, including personally knowing victims of drug-addict ID
thieves and children deprived of benefits because their ID was stolen.
A high percentage of businesses I've spoken with have employed illegal
immigrants with stolen ID's. Contrary to the articles, these businesses
usually did not know the ID's were stolen, rather, they found out via
IRS/INS inquiries or via background checks.
This problem is huge in Arizona - the more people I talk to, the more
rampant I see it is.
George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067
Confidential data protection experts for the financial industry.
Al Mac wrote:
>
> Here is a good article by a Police Detective on the many things that
> work places ought to be doing to prevent data breaches, but most are not.
>
> *Businesses And Governmental Agencies Contribute to The Identity Theft
> Problem*
>
> *By: Salem Police Detective Paul Henninger*
>
> I recently talked with a person in prison who had been the mastermind of
> a major identity theft ring operating throughout Oregon. I asked him
> about of the relationship between “meth” and the people who commit
> identity theft. He told me, “They are as husband and wife.”
>
> The myth that most personal information is stolen directly from the
> victim is not true. A national study showed that 70% of all stolen
> personal information is taken from a business.
>
> [...]
>
> Did you know that if you call the Oregon DMV information call center
> using the published number, there is a good chance you will be talking
> with an Inmate (convicted felon) at the Coffee Creek Correctional
> Facility (prison) in Wilsonville? This is part of the State of Oregon
> prisoner work plan. You won’t be told you’re talking to a prisoner
> unless you ask.
>
> They have computer access to some of your personal information. DMV
> officials have told me they have set up strictly enforced protocols to
> prevent prisoners from using the system to commit identity theft.
>
> http://www.salem-news.com/articles/august032006/id_theft_tip_8306.php
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 143 million compromised records in 326 incidents over 6 years.
>
>
More information about the Dataloss
mailing list