Jim Malmberg does a fine job of picking apart two new state bills in Utah and Virginia. A must read.

In the new year, a variety of state legislatures continue to debate credit freeze law. Among these are two states on opposite sides of the country that are working on unique credit freeze solutions. One of them is probably the best credit freeze laws proposed in any state. The other is dumbest credit freeze proposal that we have ever seen.

More: GuardMyCreditFile: The Best and the Worst of Credit Freeze Laws.

The Wall Street Journal did a brief, but good article on ID theft on January 30. The basic premise is that the number of victims is lower but the amount of losses per victim it going up. My take on this is that ID theft statisics are usually really overstated or just plain inaccurate. What is always missing (and the main question to ask) is not if the data is accurate. It’s how do they define identity theft? Some surveys consider existing credit card fraud as ID theft, others do not. Still, having some statistics are helpful, at least as a benchmark. 

Roughly 8.9 million people, or 4% of U.S. adults, last year learned their personal data had been stolen and used to commit fraud, according to a report due out tomorrow from Javelin Strategy & Research and the Better Business Bureau. That was down from 9.3 million identity-theft cases in 2004, researchers found based on 5,000 telephone interviews and standard polling techniques.

But the average fraud amount per victim rose to $6,383 last year from $5,885 in 2004, for a total annual cost of nearly $56.6 billion.

More: WSJ.com - Incidences of ID Theft Decline, But Losses per Victim Increase.

Two recent computer security breaches at the University of Delaware have resulted in the possible exposure of names and Social Security Numbers that were stored on the machines.

A computer in the University's School of Urban Affairs and Public Policy was hacked, and a back-up hard drive in the UD Department of Entomology and Wildlife Ecology was stolen.

UDaily: Computer security breach in urban affairs, agriculture.

Here we have another case of data backup tapes being stolen. This time they were stolen from an employee’s car. This wasn’t a rogue employee, however—certain employees were supposed to take the tapes home every night as part of a data recovery plan. What an utterly foolish idea (obviously), especially when such customer sensitive data was on the tapes. There are plenty of companies that will automate the off-site storage of tapes for you.

Portland, Ore. — Providence Home Services has begun contacting current and former patients following the theft of tapes and disks that hold confidential data. The theft involves the records of some 365,000 patients who received health care through Providence Home Services. Those patients live predominantly in Oregon (83 percent) and Washington (16 percent), with the rest in other states.

Providence Launches Outreach to Home Services Patients After Data Theft.

I read an article that talks about an interesting twist on ID theft (see below, registration required). Essentially, a fraudster applies for credit in your name, but purposely mispells the name, or uses a similar but different name; the same goes for the Social Security Number. It seems that in some instances, the credit bureaus may allow the credit check to “go through” because they allow some tolerance for what they assume are honest errors. Afterwards, the fraud becomes even more difficult to track down, because the creditor isn’t even sure who really filed for the credit. Especially if you have a common name.

Now watch out for identity manipulation and synthetic identities.

Edentify Inc., a Pennsylvania-based identity fraud detection firm, says identity manipulation is an insidious and fast-growing form of identity fraud.

It defines identity manipulation as the "intentional modification of identity records for the purposes of deceiving."

"The fraudster is looking to try to change the information enough so that whoever is looking at it from the surface will see it as something different, but the authentication process will match it as something already existing," said Terrence DeFranco, chairman and chief executive officer of Edentify.

The Providence Journal.

I read this headline on a press release today: “New Software Utility Makes Identity Theft Virtually Impossible.” Immediately red flags went up for me. Then I read the press release and went to the web site. (See links below).

First, no software can or ever will make identity theft impossible. Your sensitive data is stored on paper as well as electronically, in hundreds or even thousands of locations (i.e. rental applications, doctor’s offices). Second, the product they are touting is simply a utility for storing your passwords. There’s nothing new about that, I’ve used one of these utilities for years. And it’s hardly going to make identity theft virtually impossible. The utility is being sold by a company called BMC International and it is called PasswordMaster. The web site is a little disconcerting. BMC also sells (in their words, on their home page) “International Bulk Products and Electronics.”

Now, I have not down loaded their software and I have no proof that it is good or bad. It may be rock solid and very useful. But please be careful of whom you trust and where you store your sensitive personal data Here’s an excerpt from the release and a link.

Introduction of New security software for personal information storage.

Sicklerville, NJ, January 25, 2006 --(PR.COM)-- With Identity theft being such a growing problem on the Internet, there are still many good programmers that continue to search for methods to thwart intruders from invading our PCs in order to steal vital information.

Invented by a victim of identity theft, the program is easy to set up, takes up minimal space and can sit right on the desktop for quick access and unlike virus software, there is no need for updates.

New Software Utility Makes Identity Theft Virtually Impossible - PR.com.

Ameriprise Financial, the investment advisory unit spun off from American Express last year, said yesterday that lists containing the personal information of about 230,000 customers and advisers had been compromised.

A security breach occurred in late December, Ameriprise said, after a company laptop was stolen from an employee's parked car. The laptop contained a list of reassigned customer accounts that was being stored unencrypted, a violation of Ameriprise's rules.

More from New York Times.

Identity Theft Again Leads the List

The Federal Trade Commission today released its annual report detailing consumer complaints about fraud and identity theft in 2005. Complaints about identity theft topped the list, accounting for 255,000 of more than 686,000 complaints filed with the agency in 2005. The complaints, filed online or at a toll-free number, are shared via a secure database with more than 1,400 federal, state, and local law enforcement agencies, and law enforcement and consumer protection agencies in Canada and Australia.

“With a call or a click, consumers can file complaints with law enforcers across the country and around the world,” said Deborah Platt Majoras, Chairman of the FTC. “These reports provide ammunition that helps law enforcers fight fraud and identity theft.”

Identity theft complaints represented 37 percent of the 686,683 complaints filed. Other top categories of fraud complaints for 2005 include:

* Internet Auctions - 12 percent
* Foreign Money Offers - 8 percent
* Shop-at-Home/Catalog Sales - 8 percent
* Prizes/Sweepstakes and Lotteries - 7 percent
* Internet Services and Computer Complaints - 5 percent
* Business Opportunities and Work-at-Home plans - 2 percent
* Advance-Fee Loans and Credit Protection - 2 percent
* Telephone Services - 2 percent
* Other - 17 percent

More: FTC Releases Top 10 Consumer Fraud Complaint Categories.

ChoicePoint Settles Data Security Breach Charges; to Pay $10 Million in Civil Penalties, $5 Million for Consumer Redress

At Least 800 Cases of Identity Theft Arose From Company’s Data Breach

Consumer data broker ChoicePoint, Inc., which last year acknowledged that the personal financial records of more than 163,000 consumers in its database had been compromised, will pay $10 million in civil penalties and $5 million in consumer redress to settle Federal Trade Commission charges that its security and record-handling procedures violated consumers’ privacy rights and federal laws. The settlement requires ChoicePoint to implement new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes, to establish and maintain a comprehensive information security program, and to obtain audits by an independent third-party security professional every other year until 2026.

Choicepoint Settles Data Security Breach Charges; to Pay $10 Million in Civil Penalties, $5 Million for Consumer Redress.

COLUMBUS, Ohio -- The Ohio Department of Commerce's Division of Unclaimed Funds issued an identity theft alert to Ohio residents on Tuesday after receiving numerous complaints from residents throughout the state.

According to a press released issued by the Department of Commerce, the alert warns Ohioans to be on guard if they receive a letter or telephone call from an organization calling itself the "Department of Unclaimed Funds," located on West Fifth Avenue in Columbus. The agency uses the telephone number (800) 467-7010, according to the release.

"The so-called 'Department of Unclaimed Funds' is not a government entity and has no relationship to the Ohio Division of Unclaimed Funds or any other State of Ohio agency," Unclaimed Funds Superintendent David Moore said.

nbc4i.com - News - State Issues Identity Theft Alert.