E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: STLtoday

Posted on August 30, 2010

For two years, an analyst for Countrywide Financial Group allegedly stole customers' personal financial information and sold batches of data for $500 each. Authorities say the analyst scored $50,000; the full cost to consumers - both in dollars lost through identity theft, and in time spent fixing botched credit reports - may never be known.

Criminal prosecution is ongoing, but civil suits stemming from the data breaches were settled Monday.

Bank of America, which bought Countrywide two years ago, will offer free credit monitoring for up to 17 million consumers whose identities were stolen - or, still might be - as a result of the data breaches.

If that number seems high, it's just the tip of the iceberg, according to the Privacy Rights Clearinghouse. For five years, the group has maintained a roll of shame listing the companies, schools and government offices that have data stolen, misplaced or otherwise made available to identity thieves.

This week, the tally of sensitive records involved in those breaches hit the half-billion mark, the San Diego group reported. "It might seem like a large number, but it's really quite low," said Beth Givens, director of Privacy Rights Clearinghouse. "Many of the breaches we list involve an unknown number (of records) . . . Five hundred million is, actually, a conservative count."

The group's list is comprised of more than 1,700 data breaches that became public because they made headlines or they were reported to regulators. Because many states don't require data breaches to be reported, and because those that do may use different standards for what constitutes a reportable offense, Privacy Rights Clearinghouse's list remains incomplete.

The list, which is available online at privacyrights.org/data-breach, includes these 2010 entries of local note:
• A hacker penetrated a St. Louis police computer and may have viewed addresses and Social Security numbers of 24 people.
• A Riverview Gardens schools employee left hundreds of documents listing personal student information near an outside trash bin.
• About 1,900 patients of a St. John's Mercy Medical Group doctor were notified that files containing personal and financial data were improperly discarded.
• Mail clerks at the University of Missouri incorrectly folded IRS tax forms sent to students. As a result, Social Security numbers were clearly visible through the plastic-covered address window on envelopes sent to the students. The university couldn't say how many of the 75,000 mailings were affected, according to Privacy Rights Clearinghouse.

Compared with some breaches, those incidents were small potatoes. They don't rival the work of hacker Albert Gonzalez. Last year, he pleaded guilty of stealing more than 130 million credit and debit card numbers from Heartland Payment Systems and several national retailers.

Givens said that 46 states - including Missouri and Illinois - now have laws on the books requiring companies to notify consumers if there is reason to believe their personal information has been compromised.

There's a push in Congress to pre-empt that regulatory patchwork with a federal notification law. A measure has passed the House; four Senate bills have been submitted with varying degrees of support from industry and privacy advocates.

Notification is important because consumers can't stop data breaches, but properly informed consumers can protect themselves after one occurs.

After being notified of a breach, what consumers should do next depends on the information that was compromised and whether foul play was involved.

If there is something sinister about the breach, consumers should react just as they would if they were burglarized or had their wallets or purses stolen.

(Those old-fashioned crimes, by the way, shouldn't be ignored. In 2009, they led to 76 percent of identity thefts with known causes, according to a study of insurance claims data released by Travelers.)

Consumers who think their information is at risk should obtain credit reports and study them for new accounts and other debts they didn't authorize.

Depending on what they find, they might want to ask credit bureaus to flag their reports with a fraud alert.

They also should scour credit and bank statements - including old ones - for unauthorized spending. And they should be suspicious if bills don't arrive on time.

That's because those who commit fraud sometimes change billing addresses to keep victims in the dark.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.