We are going to cover the challenges relating to identity theft and data breach. The impact identity theft and data breach has on the consumer and business. We will cover the state and federal compliance requirements relating to data security and how and why a compliance plan is vital to your organization. We will review methods to help prevent a data breach and ways to mitigate the damages when a breach takes place. And finally ERM Best Practices in the Cyber World.
A Tsunami can be devastating. We are all aware of what has recently taken place in Japan. Identity theft and data breach I want you to think of how devastating it can be to an individual business. Give an example.
Identity Theft has been first on the list of consumer complaints for 11 consecutive years. Epidemic proportionsNot Enough resources
A whopping 13% increase over prior year. A new victim every 3 seconds HAS ANYONE BEEN A VICTIM OF IDENTITY THEFT? PLEASE AK THE PERSON TO YOUR RIGHT IF THEY HAVE BEEN A VICTIM. DISCUSS
There are five common types of Identity Theft. Identity thieves know that in the United States one's drivers license is the number one source of identification. Fake drivers licenses are not only used to sneak into bars anymore. With a stolen drivers license a person could get arrested for DWI, or DUI (Use your name, claim they have no ID, and post bail) then fail to appear in court.. Many thieves use your drivers license when applying for jobs, to open new bank accounts, or even start a business. Until recently many states had your social security number as your drivers license number, unfortunately many of these numbers are still in old files and on the web. Social Security Number Identity Theft is perhaps the most misunderstood of identity theft. Some people have said, “I wish someone would steal my identity – My credit is messed up anyway, good luck!”. Please be careful of what you wish for. In the United States almost everything you do is tied to your social security number, when a thief gets this information, be it a stolen wallet or hacked database they can do almost anything to you and your name. Get copies of your credit reports, get employment, change your name, reroute credit, get loans, buy a house, a business, and rack up thousands of dollars in bills in your name. Many illegal immigrants have gotten employment, opened business, or applied for federal assistance with someone else’s social security number.Financial Identity Theft - Credit Card Identity Theft, also know as financial identity theft is the most thought of all identity theft, as it is the most common, and easiest to pull off. While there is anunlimited number of ways thieves get your credit card information, the two most common are mail theft, and dumpster diving. While sending and receiving your mail in a PO box, and shredding documents can deter a thief from your information, it will not stop them. As they also steal the mail and trash from companies you do business with, or hack their computers and steel their data. Medical Identity Theft is one of the most difficult types of Identity Theft to correct. Medical identity Theft is the unauthorized misrepresentation of individual identifiable health information for the purpose of obtaining access to services, which may result in long-lasting harm to an individual interacting with health healthcare benefits. It frequently results in erroneous entries being put into existing medical records, and can involve the creation of factious medical records in the victims name. A great example of medical Identity theft is a case in point. A women who owned a horse farm in Florida. Criminal/character identity Theft-Criminal Identity Theft is when the thief becomes you. Many thieves have their utilities, their homes, establish other credit cards, buy cars and make fake identity to be you. While for a time these thieves will even pay the bills. Some will take things to more extreme cases. I recall a high school Liberian from a Midwestern state retired after 30 impeccable years of service. She and her husband moved to Florida. She decided to answer an add for a part time Liberian in the local high school. She interviewed however did not get the job even she was the ideal candidate. She eventually found out the reason she did not get the job because she had two arrests for prostitution. Obviously she was not aware of the police record . Someone had stolen her identity and when arrested gave the vital information to the police. Identity theft is not just about credit cards
No one is immune from identity theft. After his social security number was published in the Congressional Record the former Chairman of the Joint Chiefs of Staff General SHAL I KASK VILI became an identity theft victim.
It’s no surprise that identity theft continues to be a time-consuming and expensive problem, but it’s just one fraction of the overall identity picture. A consumer’s identity portfolio is comprised of many different pieces and financial identity theft is just one portion. Medical, criminal and child identity theft, just to name a few, are some other factors consumers need to consider when monitoring their records for fraud.
And that’s only a tiny fraction of the $30 billion worth of devices that go missing around the globe each year. ( Yes I will hold while you make sure your cell is still at hand). With more personal info than ever being stored the mobile way, there’s a lot on the line if you and your beloved IPhone get separated. People have come to depend on there phones as there wingman. They help us remember birthdays, get directions and capture memories.
Boston-Contractor lost a hard drive with customer contact informationCity of Burlington-A hacker or hackers managed to transfer $ 400,000 in city funds to accounts across the country. City employees may have also had their direct deposit bank account information compromised.Wayne Count MI- sends out email blast containing some 1300 names and social security numbers of employees department of personnel/Human Resources
There are various ways a breach can take place. Negligence accounts for approximately 37% of all breaches.An example of negligence. In early 2010, the Massachusetts Secretary of State’s office accidentally released the Social Security numbers of, dates and locations of birth, and height , weight, hair color of 139,000 investment advisers registered with the state. The data were mistakenly sent to an investment industry publication that requested a list of registered investment companies, which is public information, from the Securities Division. The Securities Division mistakenly sent them a CD-Rom with the wrong data.Internal Theft-A hacker in India breached the databases of Digital River Inc, a Minnesota-based e-commerce company, leaving 200,000 customer records compromised. To make matters worse, an American teenager somehow got his hands on the data and attempted to sell it to a Colorado marketing firm for $500,000. Digital River suspects that a contractor working for them aided in the theft.Organized crime targeted a high – volume Redondo Beach, Calif., Arco gas station. The crime ring assigned a low-level person to infiltrate the business and waited eight months while he worked himself into a position that allowed him to plant a high-tech device skimmer, which gathered customers’ credit information. More than 1,000 customers were affected: the criminal spent nearly $300,000 before the scam was uncovered.
As mentioned a data breach can be very costly. Wells Fargo settled out of courtWells Fargo settles lawsuit / Class action alleged bank sold customers' financial informationWells Fargo agreed on to a $6.7 million settlement of a class-action lawsuit that accused the banking giant of illegally selling customers' financial information to telemarketers. The settlement calls for the bank to pay $3.2 million to 81 charities and provide $3.5 million worth of online services to customers. VA will pay $20 million to settle lawsuit over stolen laptop's dataThe Department of Veterans Affairs has agreed to pay $20 million to current and former military personnel to settle a class action lawsuit on behalf of the men and women whose personal data was on a laptop computer stolen during a burglary.The names, dates of birth and Social Security numbers of about 26.5 million active duty troops and veterans were on the laptop and external drive, which disappeared while in the custody of a Veterans Affairs data analyst in 2006. 800,000 people answered the email imagine the expense to service this number of calls/people.The theft led to an urgent search by federal authorities that ended with recovery of the laptop and a conclusion that the missing data had not been improperly used.TJX Inc. probably the most famous case has paid out big bucks Let's face it, there is a war out there: criminals are after sensitive information. Certainly the $256 million is much more than what TJX would have spent on just securing their wireless communications. The parent company of T.J. Maxx and Marshall stores, disclosed in January 2007 that its systems were hacked, exposing at least 45.7 million credit and debit cards to possible fraud. Under the terms of the settlement, the company will pay $2.5 million to create a data security fund for states and a settlement amount of $5.5 million and $1.75 million to cover expenses related to the states' investigations. In addition, TJX said it agreed to certify that TJX's computer system meets detailed data security requirements specified by the states; and encourage the development of new technologies to address systemic vulnerabilities in the U.S. payment card system. "Under this settlement, TJX and the attorneys general have agreed to take leadership roles in exploring n...
Identity Theft and Data Compromise - TWCA Fall 2012
Identity Theft and Data CompromisePresented by David Speciale, J.D., CITRMS