Consumers may soon have a stronger voice when it comes to data breaches. The Senate Judiciary Committee recently approved two bills: the Data Breach Notification Act and the Personal Data Privacy and Security Act, which, if they become law, will require businesses whose data has been compromised to inform all affected consumers of the breach – and in a timely fashion.

Currently, the majority of states have their own data breach laws in effect, but it can be difficult to enforce conflicting standards, especially when a data breach impacts residents of several different states. Also, there is no specific nationwide standard as to what type of breach event warrants consumer notification. For example, do you have to notify a person if his or her address is leaked, or only if it is something more serious, like a Social Security number?

As it stands right now, many companies do not report data breaches that occur, especially if they are smaller ones, such as an employee stealing a 20 patient list from a doctor’s office. This may not seem like a big deal – unless you happen to be one of those 20 patients.

If the Data Breach Notification Act makes it through Congress, the government will have to draft rules regarding privacy when it uses personal information it garners from outside sources. Also, large corporations will have to report significant data breaches to the Secret Service. Finally, any organization that uses personal data would have to report a breach to both the affected persons and law enforcement.

Many people do not know that data brokers, which are companies whose major role is to collect personal information, actually possess their information. If the Personal Data Privacy and Security Act passes, consumers will not only have access to this data; they will be able to make changes to it to correct any errors. People who steal this data will face increased criminal penalties, which will hopefully help to discourage potential identity thieves.

There is no guarantee that either of these laws will make it to the President’s desk, although it is hoped that they do. Even if both pass, this doesn’t mean identity thieves will cease to operate. If anything, they simply highlight the seriousness of the crime, which is not even beginning to wane. According to Javelin Research, one in 10 Americans has already been victimized.

It is still just as important to protect yourself from identity thieves and not rely on the government to do it for you. One easy way is to purchase the best identity theft protection service from a highly rated source. While there is no 100% foolproof way to prevent yourself from becoming a victim, a plan can certainly lower your odds. Since this issue is serious, as evidenced by current political activity, and it’s not going away anytime soon, the time to set yourself up with a plan is now – before this crime happens to you or a loved one.

Think a human stealing your personal information is bad? It’s even worse when a computer does it. Online identity theft is a real threat. While humans can only work for a number of hours a day, computers can be on task 24/7. They also have the potential to pull millions – yes you read that right – of records at a time.

The worst part of all is that the computer that steals your information could be the one that’s sitting on your desk right this minute. If your computer is infected with malware, your machine could be delivering your information to the botnet behind your back.

The botnet is not a small project created by one hacker in his basement either. Researchers from the University of California looked into a Torpig botnet around this time last year and found that the malware associated with it collected 56,000 passwords from infected machines in just one hour’s time. And, over 10 days, they found that the bot received login information for over 8,000 financial accounts, which was delivered to data collectors known as “botnet herders” — really just a fancy name for sophisticated identity thieves.

Some thieves even opened their bots up to others in a rental type relationship to earn more money. Researchers estimated that whomever had access to the other end of the bot could generate up to $8.3 million in profits from disseminating this information alone.

They also discovered a rather sobering fact: The people that had their login information stolen and distributed for the most part did not maintain their computers well and did not use secure passwords. They also had their computers “remember” the passwords and/or used the same password for more than one account.

While doing such things may be easier for you; as you can tell, it makes the malware’s job easier as well. So always take the time to make smart passwords that contain letters, numbers and special characters if possible, and change them at least twice a year. Be especially careful to do this for ones that are associated with secure accounts, such as anything related to your finances.

Also, make sure you have the latest in antivirus protection on your machine, since this can help to keep the malware from getting installed in the first place. One the malware’s there, it can spread like, well, a virus, infecting other machines associated with yours over the Internet. This means that even if you don’t accidentally download malware yourself you can have it hand delivered to you.

A final thing that you can do to help protect your computer, and ultimately your privacy, is to think about getting identity theft protection. That way you can find out if your personal information is making the rounds without the help of university researchers. You can have your plan email you or text you as soon as it sees something suspicious, or even something potentially suspicious. Be responsible or you may become a victim, like the nearly 10 million Americans that had their identities stolen in 2009.

A December 10 article in the Las Vegas Sun states that patients at University Medical Center do not have to be notified for 60 days if their information is involved in a data breach – which recently happened to at least 21 patients; one of which learned of the breach of his medical records from a local newspaper reporter. While that is bad enough, the article revealed another shocking turn of events at the same time.

According to both a nurse and a paramedic associated with the hospital, they have both been approached by more than one individual and offered cash, dinners and perks in the hopes that they will illegally share personal information. At times, these individuals are attorneys looking to profit off of specific cases. At other times, they may be plain old identity thieves. While both the nurse and paramedic said that they refused the offers, there must be someone who hasn’t, or else why would these actions be so blatant and prominent?

So not only can a hospital employee make off with your information for up to two months without your knowing about it, he or she can also sell your information on the black market, again without your knowing about it. See the Dateline Video on our homepage for more on how identity thieves sell our information, account numbers and passwords illegally.

Well, if you had identity theft protection, this could help keep you out in both of these situations. Even if a hospital, a company, or a relative, doesn’t tell you your information is in the wrong hands, your protection plan can give you a head’s up – and in a much shorter time than 60 days. It can also protect your finances with a guarantee that can help you recoup money lost if identity theft still occurs. This coverage will differ depending on your plan, so it’s important to do some research before purchasing one.

While it can be tough to think that your confidentiality is not really guaranteed when you go in for medical treatment, it can be even tougher to face the consequences of identity theft. I’m sure you’ll find this to be a common response if you ask a few of the 10 million Americans victimized in 2008.

So get hospital care if you need it, even with the risk involved. Just sign up with an identity protection service first. It’s as important for your peace of mind as having a medical policy – and it could even save you more money and time in the long run.

You may have already heard about the August 18 indictment of Albert Gonzales and accomplices, regarding the theft of over 130 million debit and credit card numbers, making it the biggest ID theft case prosecuted in the history of the crime. Gonzales, a former government informant, on the subject of credit card fraud nonetheless, used a vector attack to obtain numbers from large retailers, including 7-Eleven (through third party ATM’s), Hannaford Brother and Heartland Payment Systems, a popular payment processing company. Learn more about the Heartland Payment Systems data breach.

The process involved in these thefts was fairly complex. Gonzales and his “team” would visit various businesses to view their point of sale equipment. Once they were able to find vulnerability in a system, they would attempt to find a way to hack into it. Since retailers are less likely to frequently update their software than, for example, a large technology or medical company, they were able to find a virtual hacker’s paradise.

By using servers and systems located around the world, and assistants in Russia and Eastern Europe, as well as the U.S., Gonzales was able to hack into networks, install malware on the machines in some cases, and get credit information essentially delivered directly to him. This information included cards currently in use and those that had been stored on the system from previous use.

When Gonzales was indicted for his latest crimes, he was already under investigation for hacking the systems of several additional companies. These include such shopping mall staples as Barnes & Noble, the Sports Authority, Forever 21, OfficeMax and Boston Market. Another Gonzales target, T.J. Maxx, told the Securities Exchange Commission that it has lost $200 million due to a similar data breach. For more information on these see our article Identity Theft Ring Busted – Retail Hackers Charged.

If Gonzales is convicted of the charges against him, he faces not only over $1 million in fines, but up to 35 years in prison. This will hopefully keep him out of the picture for quite some time, but there will soon be others who will learn from his experience. There are always plenty of hackers out there that would love to make a quick buck, whether in an ethical way or not.

While it is tough to switch to a cash-only payment system, doing so might seem tempting with all of the information that seems to be floating about. However, you don’t have to if you have an identity theft protection service watching your back. They help to keep your card numbers safe, even if they do end up picked up by a criminal.

Additionally, read your credit card and debit card statements each month. If you notice anything unusual, get your card number changed, and notify your credit card company of the charges that you don’t recognize so you can go through the process to contest them. While companies targeted in the Gonzales case may be out a good deal of money, you do not have to join them in the same boat. These retail companies often have insurance policies to help them out. You can have similar protections for your own accounts for as little as a few nickels a day.

Learn why you need to get protection from identity theft today.

Most everyone in the United States and millions of people around the world have become familiar with “Octomom” Nadya Suleman, who gave birth to octuplets, all of whom survived. Since this story garnered so much public interest, it piqued the media’s collective interest as well, which resulted in some unfortunate behavior.

Employees at the Kaiser Permanente Bellflower Medical Center, where the octuplets were born, were accused of accessing Suleman’s medical records without specific permission. Fifteen of these workers were fired and eight more were reprimanded for deciding to take a peek. In addition, investigators fined the hospital for negligence, since management did not do enough to keep the information confidential after being notified that the file was less than secure.

A lot of people say that this need to protect celebrities’ private information from the public eye is what helped to spawn a California law stating that all hospitals must report incidences of information breaches to the state’s department of public health, whether they are intentional or unintentional. Between January 1 and June 1 of this year the department has received over 500 such incident reports.

Even the data breaches that are unintentional, such as if an employee faxes a patient’s records to the incorrect fax number, can leave a patient in trouble. Identity thieves can take that information and use it to create fraudulent medical cards so they can bill treatments to the patient instead of having to pay for them. Also, medical files can contain a person’s date of birth, place of birth, employer, Social Security number, and all the other good stuff you write on the form when you go to see a new physician.

Hospitals and other healthcare providers argue that the provisions in the law are too stringent. It is arguable whether or not administrators have any power to really prevent unintentional breaches. For example, there is no way to force someone to check to make sure they are faxing records to the right place.

However, there are steps that healthcare providers can and must take, or they can be slapped with a fine of up to $250,000. If money doesn’t talk, perhaps patients will, choosing to do business with hospitals that have cleaner data breach records. It’s bad enough to have to go to the hospital to get an illness or injury attended to. It’s even worse when you have to fear losing your livelihood in the process, when a thief ruins your credit with thousands of dollars of unpaid medical bills.

Identity theft protection can help you here, by alerting you when someone is accessing your credit that should not be doing so, but a vigilant administration can be even more important. Unless employees face strict consequences for looking at information they are not supposed to see, they could continue to treat secure information as their own and even distribute it to the media. It would not be the first time that this has occurred, as anyone who has seen the Drudge Report can attest to.

Heartland Payment Systems recently announced a data breach due to malicious software (malware) that stole an unknown number of payment transactions and may affect upwards of 100 million Americans making it the largest data breach on record and eclipsing TJX, which owns retailers TJ Maxx and Marshalls, whose breach affected 94 million customers. The malware that stole payment data such as names, addresses, debit and credit card numbers at Heartland hid in an unallocated portion of a server’s disk. According to Heartland CFO Robert Baldwin…

“The malware was hidden so well that it eluded two different teams of forensic investigators brought in to find it after fraud warnings went off at both Visa and MasterCard.”

Baldwin also indicated that both the U.S. Secret Service and Justice Department told him that the hackers had breached the records of other financial institutions.

“We understand that this incident may be the result of a widespread global cyber fraud operation, and we are cooperating closely with the United States Secret Service and Department of Justice,” Baldwin said in the statement.”

Apparently, federal law enforcement had already been investigating this identity theft ring.  The suspects are believed to reside outside of the United States as many of the attacks were initiated over seas.

Heartland’s CEO, Robert Carr, also indicated that had they been aware of this type of malware they may have been able to prevent it.  In a statement issued on Friday he asked for better communication within the payment industry in regards to such attacks.

“I have talked to many payments leaders who are also concerned about the increasing success and frequency of cyber crime attacks,” Carr said. “Up to this point, there has been no information sharing, thus empowering cyber criminals to use the same or slightly modified techniques over and over again. I believe that had we known the details about previous intrusions, we might have found and prevented the problem we learned of last week.”

According to The Identity Theft Resource Center, reports of data breaches in the United States increased 47 percent in 2008, jumping from 446 reported breaches in 2007 to 656 reported breaches in 2008. Approximately 14% of the data breaches were due to hacking and an estimated 35 million Americans had their personal information compromised, down significantly from 2007 which included the numbers from the TJX breach.

The Heartland Payment Systems data breach will likely make 2009 the worst year on record when the final numbers on compromised consumers are released. Consider that the company processes credit, debit and prepaid cards for more than 250,000 business locations and has with the help of Visa and Mastercard contacted more than 150,000 merchant locations to bring them up to date on this breach. Consider also that it is unclear when the hackers put the malware in place let alone when it was first discovered and you can see the staggering number of people that may be affected. Right now everyone is awaiting details but currently Heartland has not been forthcoming.  Stay tuned for more.

You shred your credit card statements, guard you Social Security number and always put your outgoing mail in a locked box, all to protect yourself from the risk of identity theft. Unfortunately, in this day in age, no matter how hard you try to safeguard your information on your own, it will most likely not be enough. The number of identity theft victims increases every year.

This is because even if you keep your information safe when conducting your personal business, you have no control over the fact that your data can be compromised when it’s in the hands of a company, educational institution or other organization that you do business with. In fact, large-scale data breaches seem to happen on a weekly – or even daily—basis in recent months.

This is not just an illusion, the instances of identity thieves compromising corporate data really are on the rise. In fact, according to the Identity Theft Resource Center, a nonprofit organization in the U.S., the number of breaches in the first six months of 2008 is over 69 percent higher than in the first six months of 2007. This trend continued over the third quarter.

Identity thieves get information from companies in a variety of ways, some of which are by stealing laptop computers or other electronic devices, by hacking into databases they should not have access to or by working alongside someone who is actually an employee of the company. (Believe it or not, this type of “inside job” made up 15.8 percent of the breaches in early 2008.) Stolen Laptops and lost or stolen data tapes add to the mix.

Plus, there are also passive ways in which an identity thief can come by the information, such as if an employee accidentally loses the information or posts it online or in an email to unauthorized users.
So, in other words, even if you are doing a near perfect job of protecting your personal information, there is no way for you to police everyone that you work with to make sure that they do the same, and oftentimes you will not be notified as soon as a breach occurs. So you may want to consider some additional help to protect your personal information from identity thieves.

This help could come in the form of identity theft protection, which is available from dozens of companies. With identity theft protection services, you can put further guards on your accounts to prevent identity thieves from accessing your accounts or opening new ones if your information becomes public due to a data breach. These companies take this risk very seriously. In fact, at least one company, Trusted ID, keeps a comprehensive list of these breaches on its Web site.

Others, such as LifeLock, offer a service guarantee to help with costs you incur if you become a victim of identity theft while using the service. Without this type of protection, recovery could cost you thousands of dollars and quite possibly a substantial amount more. Not only that but they also do the strong majority of work to recover your identity saving you your valuable time, often 200 – 600 hours over a frustrating two year period.

You can’t control everything in the world of data breaches, but you can choose to make the best effort possible to safeguard yourself in the event that your name and personal information does get out there. It is time to start learning about your identity theft protection options. Find what you feel is a good fit for you and your family then use that as your identity protection plan.

A month after the initial discovery, former dental patients of the University of Florida College of Dentistry are just now being informed of unauthorized access to their information.
Over 330,000 former patients, some dating back to 1990, have been notified that their information, which includes names, address, birthdates and Social Security number, had been accessed by an outside source.

This was discovered by some IT technicians that were upgrading the school server. They found that there was software that had been installed by a remote user, and along with removing the files, they disconnected the server from the internet to avoid further access. The hacker had access to these files for quite some time, but there is no evidence at this time that any of the information has been used to commit identity theft. Obviously those affected will be at risk for a lng time and should take preventative measures to protect themselves from identity fraud.

Most have been notified, but the university was unable to contact over 8,000 previous patients whose information was at risk. The university has, however, set up a hotline for patients to call and request information about the data breach. This number is 866-783-5883. The FBI and University Police are working together to investigate this security breach.

Patients who had their private information compromised should consider utilizing an identity theft protection service.

Getting an official looking letter in the mail is rarely good news. Oftentimes it means a jury summons or a property tax bill or as is becoming very common in the last few years, a notice that you have been the victim of a data breach. Companies often use the mail to notify you that their records have been compromised and your personal and private information may have been released into the wrong hands or lost.

Of course, a data breach letter can be a rather upsetting piece of mail to get, but the first thing to remember is not to panic. Just because you receive a breach notification does not mean that identity thieves have run up your credit card and are on the way to Venezuela. Instead, here is what you should do.

1. Read the letter carefully. A thoughtfully written statement should tell you the exact details of the information that was stolen or otherwise released. In some cases, it may be minor information, such as your name and address. In others, it will be a more serious situation, such as a breach of account numbers, passwords or Social Security number.
2. If some of your more sensitive information was disclosed, make haste and cancel the accounts in question. Call your credit card issuers, insurance company or bank as need be. Most will have 24-hour hotlines set up for this purpose.
3. Place a fraud alert on your credit file. Hopefully, you found out about the breach in a timely fashion and can prevent identity thieves from using your information. With a fraud alert on your file creditors are required to verify your identity, routinely done by phoning you for verification, before opening any new accounts in your name. Fraud alerts do not affect your credit negatively in any way. Fraud alerts need to be renewed every 90 days.
4. If you believe that an identity thief is already misusing your information, file a report with the local police department where the theft occurred and contact the Federal Trade Commission at 1-877-IDTHEFT for information on how to proceed. Consider freezing your account at each of the three main credit bureaus, Experian, Equifax and TransUnion.

Many companies will supply victims of data breaches with free credit monitoring for a limited time and offer to assist you with any expenses you incur due to their negligence. It is well within your right to take advantage of these offers and even to file a lawsuit if it comes to that. Placing a fraud alert to go along with the credit monitoring is a great idea as it can prevent the theft from occurring in the first place. This way you don’t have to worry about cleaning up the mess or clearing your good name.

Since you never know when a previous data breach will come back to haunt you, many identity thieves wait up to two years, you may also want to consider signing up for identity theft protection with one of the leading companies on our site. In addition to placing and renewing fraud alerts, ordering credit reports and other beneficial services, you also get identity theft insurance from $25,000 to $1 million. Prices are also very reasonable with Debix offering their service for $24 per year, TrustedID $89 per year and LifeLock $99 per year. Most services offer family discounts so you can protect your entire family for a very affordable price.

Some plans, like TrustedID even offer options to freeze your credit so that no one, but existing creditors, can access it. All identity theft services offer identity theft experts to help you if you do become a victim. Since hundreds of breaches happen yearly in the United States alone, and close to 10 million Americans fall victim each year, it’s great to have a professional advocate on your side if identity theft happens to you. Take the time to explore our site to learn about your options and how you can protect yourself from this devastating crime.

A recent European data breach has rung alarm bells worldwide. According to the Wall Street Journal European law-enforcement officials discovered a high tech identity theft ring that funnels account data to Pakistan and has affected big retailers like Walmart Stores and Tesco in Britain.

What has raised alarm bells, in addition to the fact that account information was being sent to a county that al Qaeda uses as a base, is the use of untraceable devices and a sophisticated program that makes the data breach very hard to detect. In fact, Joel F. Brenner, the U.S. government’s top counterintelligence officer said

Pretty small but intelligent criminal organizations are pulling off transnational, multi-continent heists that only a foreign intelligence service would have been able to do a few years ago.

The Pakistan identity theft ring placed a 4 ounce card capable of wireless communication under the motherboard of credit card readers made in China. The bug would read credit or debit card information, store it and then call a Lahore Pakistan server once a day to upload the data.

What made their system almost undetectable was a sophisticated program that would only upload account information sporadically, changing the pattern of the theft to avoid detection. The bug would also communicate with the server in Pakistan to receive new instructions daily and could even be told to become inactive to avoid detection.

So far hundreds of tampered credit card readers have been found in Britain, Ireland, the Netherlands, Belgium and Denmark. Investigators can only tell the tampered readers by weight as there are no indications externally. The investigation is continuing and is likely to find many more data breaches though it is uncertain whether this particular scheme may have been implemented anywhere outside Europe.

According to the WSJ the ring has made repeated bank withdrawals and online purchases, including airline tickets, in several countries including the United States. Early estimates peg the loss in the $50 to $100 million range. Hard to believe that everyday good citizens ‘could be’ contributing to terrorists to the tune of $100 million or more. The key there is ‘could be’ as there has been no official blame put on al-Qaeda or anyone for that matter. Still it is alarming that identity theft rings from far away countries can steal our personal information and withdraw money from our bank account or charge our credit cards. Terrorists or not, we all know they are not up to anything good.

If you have not taken the time to educate yourself about the threat of identity theft I think this gives you a clear and present reason to do so. In the last three years over 217 million Americans had some form of personal information exposed by a data breach and over 25 million Americans have become victims of this crime. Data breaches are still increasing. Street gangs and sophisticated identity theft rings have already been busted but far more have not been uncovered. Large criminal rings like the mafia, biker gangs and even terrorists have far more resources and if not already involved will be soon. This is not meant to scare you, it is simply reality. Please follow the link to learn about the best identity theft protection services available. Your financial security is far too important to leave unprotected.