A Border’s employee anonymously writes in their blog about how the store they work at ignores (encourages?) credit card fraud. In the post, colorfully entitled “Scumbag,” the author refers to it as identity theft, however, that term probably doesn’t apply if we’re just talking about a lost or stolen card. The story is not surpirsing to me, but it’s still not comforting to hear how a large retailer like this doesn’t care (at least the local manager doesn’t). However, I would expect that someone at Border’s corporate would be interested to know they are violating their credit card processor’s merchant agreement by failing to take basic measures to prevent fraud.

The Alabama Attorney General has published a guide on preventing and recovering from ID theft. It appears at first glance to be fairly comprehensive, as these things go. I don’t believe that a static web page or sheet is helpful enough to deal with such a complex problem. That’s why we’re building MyTruston (coming soon—in beta testing now).

.Tags: idtheft, identitytheft

David Fraser is reporting on his blog a follow up to the recent news about a data breach by Providence Home Services in Oregon. Nice to see someone following up, David.

The company is reported by Computerworld to have carried out a thorough investigation of the incident. As a result, one employee has been fired and three have resigned.

Colorado, way behind the rest of the country, may see real ID theft legislation if a new bill gets passed.

Fraud, forgery and identity theft share close ties with a rising methamphetamine problem in Weld County -- a tie not easily broken when the desperation of addiction enters the mix.

"To get their meth labs going, they need the money to get the materials," said Rep. Jim Riesberg, D-Greeley. "Meth hooks people very rapidly. Once they hook, they'll do virtually anything to get more."

To help eliminate one link in that chain, Riesberg is co-sponsoring a bill that would make identity theft a class four felony in Colorado, which typically carries a sentence of two to six years in prison. Colorado has no laws pertaining to identity theft, and existing laws only affect fraud and forgery.

More: Greeley Tribune - News.

AOL is apparently the first ISP to use the VA’s new anti-phishing law.

To help battle the rising tide of email phishing scams, devious email hoaxes, and complex identity theft on the Internet, AOL has filed three civil lawsuits against several major phishing gangs today, as part of AOL's wide-ranging efforts to protect the email safety and security of AOL's members.

The lawsuits are the first by a major ISP to cite Virginia's first-in-the-nation anti-phishing statute, adopted in July 2005. The lawsuits also cite applicable Federal laws, including the Federal Lanham Act (trademark law), and the Federal Computer Fraud & Abuse Act (antispam). AOL is seeking total damage awards of $18 million.

AOL's lawsuits allege that these phishing gangs - some believed to operate from abroad - victimized AOL and CompuServe members through emails that attempted to trick and lure them to fake Websites of legitimate online companies, for the purpose of fooling them into giving up their personal identifying information, such as AOL screen names, passwords, and credit card information.

More: Business Wire.

This is from Daily Review Online and written by California’s senior US Senator.

EVERY FOUR seconds in America, another person falls victim to identity theft. It can happen in any number of ways. A wallet is stolen; a credit card slip is fished from the trash; or a company, academic or government database containing personal financial information is breached.

Jennifer DePreist, a 29-year-old lawyer living in Oakland when she was victimised, described the anxiety and frustration that she and so many others have felt:

"The last two months have been a nightmare ... despite the fact that my thief was arrested a week and a half ago. I am still fighting to clear my name, and I still dread opening my mailbox or answering the phone. I am told that it will take years before I clear my credit reports of fraudulent inquiries and bounced check notices."

More: Inside Bay Area - Daily Review Online - Op-Ed.

 

The Securities and Exchange Commission and 12dailypro have reached a tentative agreement that essentially ends the Charlotte Web marketing firm's alleged $50 million scheme that attracted 300,000 members worldwide in less than a year.

In a complaint, the SEC accused 12dailypro and its administrator, Charis Johnson, of not telling people that virtually all money investors earned came from fees paid by new members. Failing to tell investors they are participating in a so-called Ponzi scheme violates federal law, the SEC said.

The Charlotte company promised members 44 percent returns for surfing a dozen Web sites for a total of five minutes per day for 12 days. Despite claiming to raise money from "multiple streams" including advertising and off-site investments, at least 95 percent of the money 12dailypro's returns came from member fees -- "almost a pure Ponzi scheme," the SEC complaint said.

Much of 12dailypro's members money is being held by a Tennessee electronic payment service, StormPay, that froze last month, citing investigations into "what appears to be massive illegal" operations.

More: Charlotte Observer | Deal to end 12dailypro.

An external auditor lost a CD with information on thousands of current and former McAfee employees, putting them at risk of identity fraud.

The disc was lost on Dec. 15 by Deloitte & Touche USA, McAfee spokeswoman Siobhan MacDermott said Thursday. The Santa Clara, Calif.-based security software company was first notified on Jan. 11, and on Jan. 30, it received particulars of the data that may have been on the CD, MacDermott said.

The disc contained personal details on all current U.S. and Canadian McAfee workers hired prior to April 2005 and on about 6,000 former employees in the same region, MacDermott said. (The security company currently has approximately 3,290 employees worldwide.) The information wasn't encrypted and potentially includes names, Social Security numbers and stock holdings in McAfee.

More: CNET News.com.

Over half of all data breaches last year (and so far in 2006) are at educational institutions, according to Linda Foley of the ITRC. Universities are notorious for weak security.

About 6,000 employees at the University of Northern Iowa were advised in a letter to protect themselves from identity theft by contacting credit reporting agencies and initiating fraud alerts after a security breach was detected last week on a laptop computer at the university, officials said Friday.

The laptop, assigned to the UNI's Office of Business Operations, contained Internal Revenue Service W-2 forms for student employees, faculty and staff.

More: DesMoinesRegister.com.

This case involved the theft of a billion—yes a billion—records from Acxiom, the data services company.

Scott Levine, formerly principal owner of e-mail marketing company Snipermail Inc., was sentenced yesterday to eight years in prison on charges related to the theft of more than 1 billion data records, the U.S. Department of Justice said.

Levine, 46, of Boca Raton, Fla., was convicted on 120 counts of unauthorized access of a protected computer, two counts of device fraud and one count of obstruction of justice, the DOJ said. A jury in U.S. District Court for the Eastern District of Arkansas found him guilty of the charges Aug. 12.

More: IT exec sentenced to eight years for data theft - Computerworld.