[Dataloss] Police tips for Breach prevention

George Toft george at myitaz.com
Tue Sep 5 10:38:28 EDT 2006 

New York Times coverage about what's happening in the ID Theft Capitol - 
Phoenix:
http://www.nytimes.com/national/nationalspecial2/index.html

This is their main page with many articles.  Some interesting numbers 
they toss out:
- 1 in 20 working adults are using fake SSN's
- 1 in 6 adults in Phoenix have had their ID stolen.
(I'm still not sure they really mean had their personal information 
stolen - there is a bit of a difference.)
- Much of the information is stolen by meth addicts.

[George's comment: I tried to reproduce the Scottsdale meth addict's ID 
information farming technique by looking up my own information on the 
County Recorder's web site.  All the images with my signature and 
account information were unavailable, so it looks like Maricopa County 
made it more difficult as a result of this story.  I wonder if I can 
still purchase official copies of the documents for a nominal charge? 
Of course it might be a little suspicious if I purchased 1000 copies - 
maybe this is the deterrent?]

They draw some interesting conclusions:
- The IRS has the capability to identify the stolen SSN's but chooses 
not to pursue it.
- The SSA also has this capability, but chooses not to as collecting SS 
tax revenue from illegals is money that never has to be repaid.  It's a 
free subsidy.

[George's comment: A simple database query on the order of "select all 
SSN's with birth dates less than 16 years ago and having more than $1 of 
reported income" would be really easy to do.  However, with 5% of the 
workforce working under fake ID's, paying taxes, and spending their 
money in *this* country, what incentive is there for the government to 
do anything about it?  Why would they spend money (tracking down and 
deporting illegals) to reduce tax revenue?  I went to a workforce 
development presentation in Tempe last week, and they claim that by 
2010, there will be a shortage of 10 million *skilled* workers in the 
US.  Again, what is the incentive to stop this problem?]

Living in Phoenix, I can vouch for most of what these articles are 
pointing out, including personally knowing victims of drug-addict ID 
thieves and children deprived of benefits because their ID was stolen. 
A high percentage of businesses I've spoken with have employed illegal 
immigrants with stolen ID's.  Contrary to the articles, these businesses 
usually did not know the ID's were stolen, rather, they found out via 
IRS/INS inquiries or via background checks.

This problem is huge in Arizona - the more people I talk to, the more 
rampant I see it is.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067

Confidential data protection experts for the financial industry.


Al Mac wrote:
> 
>   Here is a good article by a Police Detective on the many things that
>   work places ought to be doing to prevent data breaches, but most are not.
> 
>   *Businesses And Governmental Agencies Contribute to The Identity Theft
>   Problem*
> 
> *By: Salem Police Detective Paul Henninger*
> 
> I recently talked with a person in prison who had been the mastermind of 
> a major identity theft ring operating throughout Oregon. I asked him 
> about of the relationship between “meth” and the people who commit 
> identity theft. He told me, “They are as husband and wife.”
> 
> The myth that most personal information is stolen directly from the 
> victim is not true. A national study showed that 70% of all stolen 
> personal information is taken from a business.
> 
> [...]
> 
> Did you know that if you call the Oregon DMV information call center 
> using the published number, there is a good chance you will be talking 
> with an Inmate (convicted felon) at the Coffee Creek Correctional 
> Facility (prison) in Wilsonville? This is part of the State of Oregon 
> prisoner work plan. You won’t be told you’re talking to a prisoner 
> unless you ask.
> 
> They have computer access to some of your personal information. DMV 
> officials have told me they have set up strictly enforced protocols to 
> prevent prisoners from using the system to commit identity theft.
> 
> http://www.salem-news.com/articles/august032006/id_theft_tip_8306.php
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 143 million compromised records in 326 incidents over 6 years.
> 
>

More information about the Dataloss mailing list