It’s always a relief when tax time is over and you can get back to not worrying about Uncle Sam for another year. That is, if you’re not a victim of tax time identity theft. If you are, you could find yourself in quite a close relationship with the good old uncle for months or even years longer than you had hoped. According to the Government Accountability Office, the IRS identified nearly 245,000 incidents of taxpayer identity theft in 2010 – which is almost a 400% increase over 2008.

In most cases, this type of fraud occurs when a person uses another person’s Social Security number to file a return. For example, a troop leader used the information of girls in her troop to get $87,000 of refunds that were not actually owed to her. People can also use victims’ SSNs to get jobs, and then the victim ends up with income that is not reported – which could lead to an audit and substantial fines. This has been a huge ongoing problem with illegal immigrants.

The IRS takes this type of crime seriously and is trying to increase its identity protection efforts. For example, it’s supplying special identification numbers for people that may have already been victimized by identity thieves. It’s also working to freeze the Social Security numbers of people who have died so that they cannot be used. It attests that through its efforts, it has prevented over $900 million in fraudulent refunds since 2009.

There is still a huge problem, though. The IRS usually only knows that fraud has occurred after two individuals file a tax return under the same number. This means that if you file early, chances are you can have the problem taken care of fairly swiftly if a thief tries to file after you using your information. If it’s the other way around, though, it could take quite some time to get everything fixed.

Sometimes it’s impossible to file your taxes right away though, which is where identity theft protection services can help – alerting you to fraudulent uses of your Social Security number very soon after they happen, or helping to prevent them from happening at all. There is only so much that the government can do. You have to take responsibility for your own personal security nowadays. Who knows how many tax fraud victims there were in 2011?

If you get a letter from your financial institution or another company you do business with saying that your account was compromised due to a data breach, first call the company to ensure the letter is legitimate. Then, watch your back if it is. According to a study by Javelin Strategy and Research, if you receive one of these letters your chances of becoming an identity theft victim increase by 400% over persons who did not receive one.

Javelin’s survey of about 5,000 American consumers found that 19.5% of those who got a letter were later victimized, compared to 4.3% who were victimized but did not get such a letter. Robert Vamosi, an analyst at Javelin, told SCMagazineUS.com that it was not a fluke. The company has seen similar numbers in 2006 and 2007.

One of the reasons why this could be the case is because companies may only send letters to persons most severely impacted by data breaches, such as people whose ATM card personal identification numbers or Social Security numbers got out. Persons who simply had their addresses or other more minor information released may not get notified.

A second reason is that many consumers do not know what to do when they receive one of these letters; so instead, they do nothing at all. They simply throw the letter in the recycle bin and hope that nothing happens to them.

If you ever find yourself in this situation, one of the most important things you can do is be proactive about it right away. The sooner you work to protect yourself, the less likely it is that you will become a victim. First of all, change any account numbers and passwords that were released during the breach if the company who sent you the letter has not already done so. Then, order a copy of your credit report from each of the three bureaus via www.annualcreditreport.com.

Once your credit report arrives, check that all of the accounts, all of the charges, all of the addresses and all of the names are correct. Report any errors, including incorrect balances, immediately.

If the company that sent you the letter offers you a free credit monitoring service for any period of time, by all means take advantage of the service. It’s the least they can do for putting you through so much stress and hassle. Don’t count on that service as a be all and an end all, though.

You should probably look into getting yourself on an identity theft protection service as well. You’ll need a way to know your information isn’t being compromised after that free monitoring plan expires. Plus, you may want a plan that is more comprehensive in its protections, especially now.

Even if you haven’t gotten one of these dreaded letters yet, it’s a good idea to sign up. There may be one headed your way right now. There is no way to know when or where a breach will occur and quite frankly its very likely that at least some of your personal information has been exposed in some way already. Its not really if you will become an identity theft victim but when. Sad to say but that’s the truth in this electronic age where people can steal your identity from another continent…. but that is something we will have to elaborate on further in a future article.

Perhaps in response to the huge data breach at Heartland Payment Systems that resulted in millions of consumers with compromised data, the State of Massachusetts passed a law stating that merchants are responsible for data breaches – not the people who are victims of the breach. This means that if your personal information is stolen from a business’s records, you are not responsible for the money that you lose as a result of the crime. The business that lost your personal information is responsible if the financial crime against you is directly correlated.

One hopes that with this law in place, businesses will do more to help prevent this crime from happening to their customers or their members via increased data security. According to Joel Ross of Hotel News Now, this could have a serious impact on the hotel industry, which uses guests’ names and credit card numbers in its records. Ross feels that the service industry is particularly vulnerable to identity thieves, possibly due to the sheer volume of people that cycle in and out of a hotel in a year.

Even with businesses being more vigilant about protecting their files to prevent identity theft, this doesn’t mean you will be 100% protected. In fact, Ross himself said that data is not guaranteed safe even if a business has intrusion detection, firewalls or other security measures in place. All it takes is one employee who has access to secure data to bring down the entire business.

Since even laws won’t change this fact, and the Massachusetts law does not apply in any other states – although other states are considering similar legislation – it’s still very important to work to protect yourself. While you will have to give out real credit card information to reserve a hotel room, you can have some extra protection on the back end of your accounts, in the form of an identity theft protection plan.

With this plan in place, even if a data breach happens and the company responsible doesn’t reimburse you, you could be protected, and reimbursed by the plan’s insurance policy. Another thing that can help is if you get notice of the breach before it becomes public thanks to your identity theft protection service letting you know that something in your credit file looks a little fishy. That could save you the inconvenience of worrying about a reimbursement altogether. In fact, you could be the one that alerts the company of the problem, possibly saving dozens or thousands of people from unneeded hardship. Remember, there are about 10 million victims of identity theft each year in this country alone.

If you’ve used a credit card to make a payment on anything since the year 2005, you should be thankful for the Payment Card Industry’s Security Standard. It is a set of rules that help protect consumer information, specifically the information that is attached to your credit card. These rules govern the type of information security technology a merchant is required to have.

While these rules have undoubtedly made consumers safer, there is a huge problem with them, mainly that thousands of businesses do not comply with them. The PCI Security Standards Council recently conducted a survey of 560 U.S. based and international businesses, and its findings were quite discouraging.

The organization determined that:
*Only 28 percent of small businesses comply with the standards.
*Of those that do comply, 55 percent only secure credit card information, not other sensitive details, like Social Security numbers.
*Many companies don’t even attempt to comply because they find it to be cost prohibitive.

So what does this mean to you? Well, you are safer than you were before, kind of. It depends on the companies you do business with. You can get more assurance by working with larger companies – which means those with over 75,000 employees – since over 70 percent asserted that they were fully compliant. However, there is no way to tell who is compliant and who isn’t unless you personally interview a member of the IT department.

In other disturbing news, these guidelines do not even say what specific software a company needs to use. They just give advice for best practices. About 10 percent of the businesses deemed fully compliant were not using basic antivirus software on their company machines. This means a thief could easily hack into the network and farm data, regardless of how well the company adheres to the guidelines.

After analyzing the results of the survey and feedback from additional sources, the Council plans to introduce a new set of guidelines in September of next year. Hopefully these guidelines will be more consistently followed.

Even if all companies follow these guidelines to a T, you are still at risk every time you make a credit card transaction. Even if you don’t become the victim of a data breach, something can happen that can expose your information to the public. You could accidentally leave your card on the checkout counter, as I am guilty of doing. A thief could peer over your shoulder while you’re getting a cash advance at an ATM. Or, a server at a restaurant could discreetly copy down your credit card number, name and expiration date before running your check.

What’s a consumer to do? Sign up for identity theft protection of course! This can help you get notified ASAP if someone who is not you is accessing your credit accounts, or opening new accounts using your name, address, Social Security number or other information. These plans are affordable and you can sign up for one right now.

The red flags are coming … and soon! No Really. These are those oft-discussed Red Flag Identity Theft Rules that were initially designed to go into effect in May 2009 then August then November. The date of enforcement was then bumped back to June 1, 2010 both so that organizations had more time to comply and so that people involved with writing the policies could sort out any ambiguities in the language of the regulations. Well, guess what? You got it. The red flag rules were bumped back again with the new compliance date being December 31, 2010.

If you’re not sure what these regulations are and how they affect you, here is the basic gist:
*Red flags, according to the Federal Trade Commission, are defined as “a pattern, practice or specific activity that indicates the possible existence of identity theft.”
*Organizations that deal with sensitive personal information must have a plan in place to deal with these red flags.
*Said plan must include a policy for identifying these red flags and a procedural response.
*The policy must also contain a clause on how to monitor changes, such as new threats that were not present before, like new kinds of identity scams.

Companies subject to these regulations could face severe fines for noncompliance if their disregard leads to an identity theft incident. Just some of the institutions that must pay extra close attention to these regulations are:
*Banks, credit unions and other financial institutions
*Hospitals, health insurance companies and other medical organizations that store personal data
*Commerce companies that store credit information, such as car dealers and real estate agencies
*Any company that keeps sensitive personal data on file for record-keeping or billing purposes

It may seem that these regulations have no real affect on consumers. However, it is exactly the consumer that they were designed to benefit. The hope is that with more streamlined rules in place there will be fewer data breaches and other unintended leaks of company data to identity thieves and others with criminal intentions. While many companies already have robust identity theft prevention policies in place, the red flags are supposed to give a not so gentle push to those that continue to fall behind in this area. Consumers with questions about these rules can contact the Federal Trade Commission to get more information.

One thing to keep in mind is that these regulations can help keep your information safe, but that does not mean that the risk of identity theft isn’t still very real. First of all, there are organizations that are not going to be careful enough no matter how many fines are levied against them. Second of all, a breach is only one way for sensitive data to get out. There are still dozens more.

After all, there have to be a lot of ways … and a lot of identity thieves, for over nine million Americans to become the target of these fraudsters every year. If each American family took the time to watch their credit, shred sensitive documents and buy identity theft protection, this would do more to shrink this number than any laws on the books.

Consumers may soon have a stronger voice when it comes to data breaches. The Senate Judiciary Committee recently approved two bills: the Data Breach Notification Act and the Personal Data Privacy and Security Act, which, if they become law, will require businesses whose data has been compromised to inform all affected consumers of the breach – and in a timely fashion.

Currently, the majority of states have their own data breach laws in effect, but it can be difficult to enforce conflicting standards, especially when a data breach impacts residents of several different states. Also, there is no specific nationwide standard as to what type of breach event warrants consumer notification. For example, do you have to notify a person if his or her address is leaked, or only if it is something more serious, like a Social Security number?

As it stands right now, many companies do not report data breaches that occur, especially if they are smaller ones, such as an employee stealing a 20 patient list from a doctor’s office. This may not seem like a big deal – unless you happen to be one of those 20 patients.

If the Data Breach Notification Act makes it through Congress, the government will have to draft rules regarding privacy when it uses personal information it garners from outside sources. Also, large corporations will have to report significant data breaches to the Secret Service. Finally, any organization that uses personal data would have to report a breach to both the affected persons and law enforcement.

Many people do not know that data brokers, which are companies whose major role is to collect personal information, actually possess their information. If the Personal Data Privacy and Security Act passes, consumers will not only have access to this data; they will be able to make changes to it to correct any errors. People who steal this data will face increased criminal penalties, which will hopefully help to discourage potential identity thieves.

There is no guarantee that either of these laws will make it to the President’s desk, although it is hoped that they do. Even if both pass, this doesn’t mean identity thieves will cease to operate. If anything, they simply highlight the seriousness of the crime, which is not even beginning to wane. According to Javelin Research, one in 10 Americans has already been victimized.

It is still just as important to protect yourself from identity thieves and not rely on the government to do it for you. One easy way is to purchase the best identity theft protection service from a highly rated source. While there is no 100% foolproof way to prevent yourself from becoming a victim, a plan can certainly lower your odds. Since this issue is serious, as evidenced by current political activity, and it’s not going away anytime soon, the time to set yourself up with a plan is now – before this crime happens to you or a loved one.

Think a human stealing your personal information is bad? It’s even worse when a computer does it. Online identity theft is a real threat. While humans can only work for a number of hours a day, computers can be on task 24/7. They also have the potential to pull millions – yes you read that right – of records at a time.

The worst part of all is that the computer that steals your information could be the one that’s sitting on your desk right this minute. If your computer is infected with malware, your machine could be delivering your information to the botnet behind your back.

The botnet is not a small project created by one hacker in his basement either. Researchers from the University of California looked into a Torpig botnet around this time last year and found that the malware associated with it collected 56,000 passwords from infected machines in just one hour’s time. And, over 10 days, they found that the bot received login information for over 8,000 financial accounts, which was delivered to data collectors known as “botnet herders” — really just a fancy name for sophisticated identity thieves.

Some thieves even opened their bots up to others in a rental type relationship to earn more money. Researchers estimated that whomever had access to the other end of the bot could generate up to $8.3 million in profits from disseminating this information alone.

They also discovered a rather sobering fact: The people that had their login information stolen and distributed for the most part did not maintain their computers well and did not use secure passwords. They also had their computers “remember” the passwords and/or used the same password for more than one account.

While doing such things may be easier for you; as you can tell, it makes the malware’s job easier as well. So always take the time to make smart passwords that contain letters, numbers and special characters if possible, and change them at least twice a year. Be especially careful to do this for ones that are associated with secure accounts, such as anything related to your finances.

Also, make sure you have the latest in antivirus protection on your machine, since this can help to keep the malware from getting installed in the first place. One the malware’s there, it can spread like, well, a virus, infecting other machines associated with yours over the Internet. This means that even if you don’t accidentally download malware yourself you can have it hand delivered to you.

A final thing that you can do to help protect your computer, and ultimately your privacy, is to think about getting identity theft protection. That way you can find out if your personal information is making the rounds without the help of university researchers. You can have your plan email you or text you as soon as it sees something suspicious, or even something potentially suspicious. Be responsible or you may become a victim, like the nearly 10 million Americans that had their identities stolen in 2009.

A December 10 article in the Las Vegas Sun states that patients at University Medical Center do not have to be notified for 60 days if their information is involved in a data breach – which recently happened to at least 21 patients; one of which learned of the breach of his medical records from a local newspaper reporter. While that is bad enough, the article revealed another shocking turn of events at the same time.

According to both a nurse and a paramedic associated with the hospital, they have both been approached by more than one individual and offered cash, dinners and perks in the hopes that they will illegally share personal information. At times, these individuals are attorneys looking to profit off of specific cases. At other times, they may be plain old identity thieves. While both the nurse and paramedic said that they refused the offers, there must be someone who hasn’t, or else why would these actions be so blatant and prominent?

So not only can a hospital employee make off with your information for up to two months without your knowing about it, he or she can also sell your information on the black market, again without your knowing about it. See the Dateline Video on our homepage for more on how identity thieves sell our information, account numbers and passwords illegally.

Well, if you had identity theft protection, this could help keep you out in both of these situations. Even if a hospital, a company, or a relative, doesn’t tell you your information is in the wrong hands, your protection plan can give you a head’s up – and in a much shorter time than 60 days. It can also protect your finances with a guarantee that can help you recoup money lost if identity theft still occurs. This coverage will differ depending on your plan, so it’s important to do some research before purchasing one.

While it can be tough to think that your confidentiality is not really guaranteed when you go in for medical treatment, it can be even tougher to face the consequences of identity theft. I’m sure you’ll find this to be a common response if you ask a few of the 10 million Americans victimized in 2008.

So get hospital care if you need it, even with the risk involved. Just sign up with an identity protection service first. It’s as important for your peace of mind as having a medical policy – and it could even save you more money and time in the long run.

You may have already heard about the August 18 indictment of Albert Gonzales and accomplices, regarding the theft of over 130 million debit and credit card numbers, making it the biggest ID theft case prosecuted in the history of the crime. Gonzales, a former government informant, on the subject of credit card fraud nonetheless, used a vector attack to obtain numbers from large retailers, including 7-Eleven (through third party ATM’s), Hannaford Brother and Heartland Payment Systems, a popular payment processing company. Learn more about the Heartland Payment Systems data breach.

The process involved in these thefts was fairly complex. Gonzales and his “team” would visit various businesses to view their point of sale equipment. Once they were able to find vulnerability in a system, they would attempt to find a way to hack into it. Since retailers are less likely to frequently update their software than, for example, a large technology or medical company, they were able to find a virtual hacker’s paradise.

By using servers and systems located around the world, and assistants in Russia and Eastern Europe, as well as the U.S., Gonzales was able to hack into networks, install malware on the machines in some cases, and get credit information essentially delivered directly to him. This information included cards currently in use and those that had been stored on the system from previous use.

When Gonzales was indicted for his latest crimes, he was already under investigation for hacking the systems of several additional companies. These include such shopping mall staples as Barnes & Noble, the Sports Authority, Forever 21, OfficeMax and Boston Market. Another Gonzales target, T.J. Maxx, told the Securities Exchange Commission that it has lost $200 million due to a similar data breach. For more information on these see our article Identity Theft Ring Busted – Retail Hackers Charged.

If Gonzales is convicted of the charges against him, he faces not only over $1 million in fines, but up to 35 years in prison. This will hopefully keep him out of the picture for quite some time, but there will soon be others who will learn from his experience. There are always plenty of hackers out there that would love to make a quick buck, whether in an ethical way or not.

While it is tough to switch to a cash-only payment system, doing so might seem tempting with all of the information that seems to be floating about. However, you don’t have to if you have an identity theft protection service watching your back. They help to keep your card numbers safe, even if they do end up picked up by a criminal.

Additionally, read your credit card and debit card statements each month. If you notice anything unusual, get your card number changed, and notify your credit card company of the charges that you don’t recognize so you can go through the process to contest them. While companies targeted in the Gonzales case may be out a good deal of money, you do not have to join them in the same boat. These retail companies often have insurance policies to help them out. You can have similar protections for your own accounts for as little as a few nickels a day.

Learn why you need to get protection from identity theft today.

Most everyone in the United States and millions of people around the world have become familiar with “Octomom” Nadya Suleman, who gave birth to octuplets, all of whom survived. Since this story garnered so much public interest, it piqued the media’s collective interest as well, which resulted in some unfortunate behavior.

Employees at the Kaiser Permanente Bellflower Medical Center, where the octuplets were born, were accused of accessing Suleman’s medical records without specific permission. Fifteen of these workers were fired and eight more were reprimanded for deciding to take a peek. In addition, investigators fined the hospital for negligence, since management did not do enough to keep the information confidential after being notified that the file was less than secure.

A lot of people say that this need to protect celebrities’ private information from the public eye is what helped to spawn a California law stating that all hospitals must report incidences of information breaches to the state’s department of public health, whether they are intentional or unintentional. Between January 1 and June 1 of this year the department has received over 500 such incident reports.

Even the data breaches that are unintentional, such as if an employee faxes a patient’s records to the incorrect fax number, can leave a patient in trouble. Identity thieves can take that information and use it to create fraudulent medical cards so they can bill treatments to the patient instead of having to pay for them. Also, medical files can contain a person’s date of birth, place of birth, employer, Social Security number, and all the other good stuff you write on the form when you go to see a new physician.

Hospitals and other healthcare providers argue that the provisions in the law are too stringent. It is arguable whether or not administrators have any power to really prevent unintentional breaches. For example, there is no way to force someone to check to make sure they are faxing records to the right place.

However, there are steps that healthcare providers can and must take, or they can be slapped with a fine of up to $250,000. If money doesn’t talk, perhaps patients will, choosing to do business with hospitals that have cleaner data breach records. It’s bad enough to have to go to the hospital to get an illness or injury attended to. It’s even worse when you have to fear losing your livelihood in the process, when a thief ruins your credit with thousands of dollars of unpaid medical bills.

Identity theft protection can help you here, by alerting you when someone is accessing your credit that should not be doing so, but a vigilant administration can be even more important. Unless employees face strict consequences for looking at information they are not supposed to see, they could continue to treat secure information as their own and even distribute it to the media. It would not be the first time that this has occurred, as anyone who has seen the Drudge Report can attest to.