Tag Archive for Identity Theft

| February 19, 2013
Comments Off on School Kids’ Data at Risk – Part 2

School Kids’ Data at Risk – Part 2

School Kids' Data at RiskIn the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” author Gerry Smith writes about the growing risk of school kids data being stolen across the country.

Read Part One here:

Data Quality Campaign, an organization that encourages states to build student databases argues that students’ Social Security numbers are useful for education policy by creating “enhanced analytical opportunities” for evaluating school curriculum. “The more important conversation is not whether states are collecting Social Security numbers, but how they are ensuring the privacy, security, and confidentiality of all personally identifiable information,” Laird said in a statement to the Huff Post. “We can’t speak to how Social Security numbers are collected and stored at the local level,” she added.

The article cites one survey that concludes student PII is not stored very securely. Only half of K-12 schools use data encryption, according to a survey of IT employees at K-12 schools nationwide. 72% cited budget constraints as the primary barrier to improving their IT security, according to the survey by Panda Security (PDF). Collecting PII in central databases with lackluster security is asking or trouble, “This is making a much bigger honey pot for people with malevolent purposes to gain access to children’s information,” Joel Reidenberg, a professor at Fordham University School of Law. He told The ID Channel, “It’s a meltdown waiting to happen.”

School districts in 26 states now ask for students’ Social Security numbers. The Michigan Department of Education states (PDF), “A school district cannot mandate that parents disclose the social security number of their children.” Huff Post states that Texas is one of those states where education officials use PII to connect K-12 records to higher education and workforce data, according to Debbie Ratcliffe, a spokeswoman for the Texas Education Agency.

Last year, the Texas agency asked eight school districts to send PII, including Social Security numbers, through the mail on unencrypted CDs for research purposes. The article reports that Laredo Independent School District learned the CD it sent got lost in the mail, exposing nearly 25,000 current and former high school students to identity theft, according to the Texas Tribune. Ratcliffe told The Huffington Post that the request came from an agency employee who operated “way outside” normal protocol.

Social Security numbers are useful enhanced analytical opportunitiesIt was not the only school data breach in Texas.

  • Beaumont school officials told parents that Social Security numbers belonging to an estimated 15,000 students were accidentally exposed online for nearly a year.
  • The San Antonio Independent School District told parents that names and Social Security numbers of up to 360 students were mistakenly made visible through a Google search.

Still, the Texas Education Agency has no plans to stop asking school districts for students’ Social Security numbers, Ratcliffe told the author. “We have so many databases that use them that it would require quite a bit of change to make that happen,” she said.

Texas has no plans to stop asking for students' Social Security numbersYet concerns over child identity theft have prompted at least five states — Nebraska, North Dakota, Washington, Maine and Wyoming. to create policies that restrict the collection and use of Social Security numbers in K-12 schools.

Jerry Coleman, director of school finance at the North Dakota Department of Public Instruction Coleman said in an interview, “To protect those Social Security numbers would be a hassle we don’t need,”

Parents can refuse to disclose their child’s Social Security number, and the student would be assigned a different identifying number. Ratcliffe, of the Texas Education Agency, said most parents disclose their child’s number anyway.

Parents can refuse to disclose their child's Social Security numberBut privacy experts say, in most cases, parents should keep that information to themselves. “When someone asks for your child’s Social Security number, say no,” said Aaron Titus, chief privacy officer for Identity Finder, which helps organizations protect sensitive data. “I have found about 90 percent of the time when I push back a little bit, I get my way.”

Data breaches leave people six times more likely to become victims of identity theft, according to a survey by Javelin Research. Schools warn parents to monitor their children’s credit after a data breach. The Huff Post says credit reports only turn up 1 percent of fraud on children’s credit histories because thieves pair children’s Social Security numbers with new names and birth dates, a study by Debix found.

More than 18,000 child identity theft complaints were reported to the Federal Trade Commission. But experts tell Huff Post that figures on child identity theft are likely much higher because the crime often goes undetected for years. ID Analytics estimates more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service. When child identity theft victims turn 18, they find their credit has been destroyed, preventing them from taking out loans or renting apartments.

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.

Related articles
    • Child Identity Theft: Warning Signs and Action (lexingtonlaw.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| February 14, 2013
Comments Off on School Kids’ Data at Risk

School Kids’ Data at Risk

School Kids' Data at RiskGerry Smith writes about the growing amount of school kids’ data being stolen across the country. In the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” the author explains why.  Data thieves want this information to commit identity theft. The author cites several recent cases:

Child identity theftThe article says these incidents highlight the growing risk of school kids’ vulnerability to identity theft. Across the country, schools have become conduits for children’s pristine Social Security numbers. The students’ numbers are increasingly falling into the hands of credit-hungry identity thieves. The frequent data breaches have prompted calls for schools to stop collecting sensitive student data. The breaches have angered parents like Art Staehling, whose 14-year-old daughter was among 18,000 Nashville students who had their Social Security numbers accidentally exposed online for three months in 2009.

They left the gate wide open for data theft

“They left the gate wide open,” Mr. Staehling told The Huffington Post. “It’s clumsiness. There’s no excuse for it. If schools want that information, there should be some sort of penalty paid if they don’t guard it with their lives. I haven’t found a reason why they honestly need it.

Schools collect students' Social Security numbersSchools collect students’ Social Security numbers as part of a campaign to more precisely track their progress. But privacy experts told Huff Post there are less risky ways to identify students. The privacy experts accuse schools of needlessly exposing children to identity theft by gathering their Social Security numbers. Mn then not securing them.

The push for collecting student data began under the federal No Child Left Behind Act. Financial incentives in the 2009 stimulus package, including Race to the Top‘s $250 million in competitive grants drove schools to collect student social security numbers, according to Reidenberg.

No Child Left Behind Act drove schools to collect student social security numbersThe U.S. Department of Education has warned schools not to use students’ Social Security numbers in their databases. The Huff Post says the Feds urge schools to create other unique identifiers. The National Center for Education Statistics warned schools last fall that. They told educators that Social Security numbers are “the single most misused piece of information by criminals perpetrating identity thefts.”

School abuses student’s Social Security numbers

Despite the warnings, the collection and use of student’s Social Security numbers in K-12 schools remain “widespread.” An audit last year by Patrick O’Carroll, the Social Security Administration‘s inspector general. The IG found students’ Social Security numbers printed on transcripts, tests, and athletic education forms. According to the article, the audit concluded that schools were using the numbers “as a matter of convenience.” Mr. O’Carroll found there have been at least 40 data breaches of confidential student information at K-12 schools since 2005.

In his report, O’Carroll wrote.”We believe the unnecessary collection and use of Social Security numbers is a significant vulnerability for this young population. Each time a student provides his or her Social Security number, the potential for a dishonest individual to unlawfully gain access to, and misuse, the number increases.

Read Part 2 here.

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.

Related articles
  • Young children can be identity-theft targets (goerie.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| May 29, 2012
Comments Off on Securely Shred Unnecessary Files

Securely Shred Unnecessary Files

Securely Shred Unnecessary FilesOrganizations often hold on to files that are no longer needed. Help Net Security points out that these records take up valuable storage space and cost money that could otherwise be saved. Adhering to a retention schedule helps businesses run more efficiently to save time, money, and space.

expedite the destruction of out-dated records“While it may seem easier to keep everything, this is actually a losing strategy,” Sarah Koucky, Senior Director of Security and Compliance for Cintas Document Management told the blog. “Saving unnecessary records costs both time and money. By setting retention schedules and policies, organizations will remain compliant with government regulations and can expedite the destruction of outdated records to ensure a clutter-free system.”

The author provided the following retention schedule as a general recommended guideline for certain files and documents. Consult your legal advisor for specific retention schedules for your business and records.

  • Accounts payable – 7 years
  • Accounts receivable – 7 years
  • Audit reports – Permanent
  • Bank reconciliations – 3 years
  • Bank statements – 7 years
  • Canceled checks – 7 years
  • Electronic payment records – 7 years
  • Employee files (ex-employees) – 7 years
  • Employment applications – 3 years
  • Employment taxes – 7 years
  • Expense reports – 7 years
  • Financial statements (annual) – Permanent
  • Insurance policies– Permanent
  • Leases/Mortgages – Permanent
  • Loan payment schedules – 7 years
  • Payroll/Labor records – 7 years
  • Purchase orders– 7 years
  • Sales records – 7 years
  • Tax returns – Permanent

It is important to safely and securely dispose of all documents that are no longer needed. With identity theft and data breaches on the rise, doing so will protect confidential information from falling into the wrong hands according to the article.

use a secure shredding serviceMany organizations use a secure shredding service that destroys business documents on-site on a scheduled basis. The author says these companies place secure storage containers in an accessible and identifiable location to make it safe and convenient for all employees to properly shred documents.

In addition, Help Net Security indicates businesses that have a large volume of records with long retention rates but limited space can consider an off-site storage and imaging provider. This will free up space and make sure all electronic and physical records live in a secure environment. All documents can be retrieved on-demand and properly destroyed if required.

rb-

I had a conversation with a client the other day about electronic and physical document retention. The client was blase about a policy until we started to talk about FOIA and eDiscovery and the fact that if they had the documents they would have to produce it for the courts. While I am not a lawyer, I have been told that if there is a policy in place and enforced prior a request to produce a document, the courts will recognize the fact that a document is not available.

Now if you look at what the State of Michigan requires K-12 to keep (PDF), some documents have to be kept for 30-50 years and others have to be permanently retained. This can certainly create real-estate as well as technical challenges.

Can these required documents be stored electronically? What happens when technologies change? In case you didn’t notice the floppy drive is dead. I noted its passing here. The UK’s National Archives says (PDF) that USB drives and CD-Rs are the least reliable long-term storage media. They recommend LTO, but what versions 1, 2,3, 4, 5? This locks you into a single backup server software.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| February 14, 2012
Comments Off on Schools Riskiest for Computer Theft

Schools Riskiest for Computer Theft

Schools Riskiest for Computer TheftAbsolute Software Corporation (ABST), is a Vancouver, Canada-based computer security and end-point management firm. The company founded in 1993 provides firmware-based, computer theft recovery, data protection, and secure computer life-cycle management systems identified the top 10 target areas for the theft of mobile computers.

Absolute Software logoThe maker of LoJack for Laptops told ITnewsLink that the top 10 list reveals that consumer computers are more likely to be stolen while at school or home. The list is based on theft reports filed to the Absolute Theft Recovery Team by Absolute customers over a one-year period. With the holidays approaching, Absolute is warning that the risk of computers being stolen from the home is higher than what many consumers perceive.

“The trends in this list may surprise some computer owners. They often think of security issues only when they are on the move,” said Mark Grace, vice president of consumer business at Absolute Software. “However, with schools and residences topping the list of places computers are stolen, owners need to be extra cautious, particularly around the holidays when home burglaries often increase.

Top 10 Places Consumer Computers Are Stolen

Typing class1. K-12 Schools
2. Residential Properties
3. Automobiles
4. Businesses/Offices
5. Universities and Colleges
6. Hotels and Motels
7. Restaurants and Cafes
8. Stores and Shopping Malls
9. Public Transit (includes taxis, buses, trains, etc)
10. Airports (terminals, security checkpoints, storage areas and airport restaurants

rb-

The Absolute software offers several advantages. When a device is reported stolen a signal is sent that freezes the computer and displays a custom message for whoever finds it. In order to prevent identity theft unauthorized users cannot access the content on the computer, and even delete files, including the operating system. If a computer is stolen, the Absolute Theft Recovery Team will work with local law enforcement to recover it.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| September 29, 2011
Comments Off on Detroit Netizens Vulnerable to Online Threats

Detroit Netizens Vulnerable to Online Threats

Detroit Netizens Vulnerable to Online ThreatsDetroit Internet users rank seventh among 35 U.S. cities for being most at risk for online threats and being “digitally duped,” according to an AVG Technologies survey of online behavior. Of the more than 8,000 Americans with home Internet surveyed, AVG says many consumers are unknowingly putting themselves at risk of falling victim to identity thieves, viruses and malware with bad PC habits and a lack of comprehensive protection:

Malware

  • 75% don’t back up their phone’s data – many rely on their provider to restore their contacts should an accident occur.
  • 67% don’t use an identity monitoring service.
  • 41% never run a manual antivirus scan to make sure the computer is virus-free
  • 40% don’t use a password on their mobile device and of those that do, another 34% have not changed the password in the past year.
  • 38% admit to sharing online passwords with at least one other person
  • 23% don’t back up the data on their PC

U.S. cities at highest risk

AVG says that the top 10 U.S. cities at highest risk are:

1. San Antonio
2. Tampa, Fla.
3. Atlanta
4. Dallas
5. Oklahoma City
6. Charlotte, N.C.
7. Detroit
8. Denver
9. Washington D.C.
10. Sacramento, CA

rb-

The rules of the road still apply to online activities:

  • Patch your system
  • Use current anti-malware software
  • Change passwords regularly, use variations for each online account, and never, ever share them with others
  • Use one credit card with a low spending limit for all online purchases. Monitor this account regularly, and flag any inappropriate activity to the bank.
  • Back up your data
  • Don’t share your personal data on Facebook
  • Be wary of phishing scams. Never click on links in emails
Related articles
  • 5 Essential Mobile Security Tips (informationweek.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
« Older Entries   Recent Entries »