On April 4th, I received apology letters from my bank, a major retailer, a large pharmaceutical chain, and three hotel companies.  All of the apologies were similar, but I’ll share just one:

Dear Ritz-Carlton Customer,

We were recently notified by Epsilon, a marketing vendor The Ritz-Carlton Hotel Company uses to manage customer emails, that an unauthorized third party gained access to a number of their accounts including The Ritz-Carlton email list. We want to assure you that the only information obtained was your name and email address. Your account and any other personally identifiable information are not at risk.

Please visit our FAQ to learn more.

In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that The Ritz-Carlton does not send emails requesting customers to verify personal information.

It must have really hurt Ritz Carlton, that paragon of sophistication and propriety, to fall on its virtual knees and send out thousands for such emails.

I subsequently learned that USA Today reported:

With the possible theft of millions of e-mail addresses from an advertising company, several large companies have started warning customers to expect fraudulent e-mails that try to coax account login information from them.

Perhaps the Wall Street Journal wanted to make me feel special, one of select few:

Alliance Data (parent of Epsilon) reiterated that social-security and credit-card numbers were not stolen. It also said that only 2% of its more than 2,500 customers were affected.

I have yet to know whether there will be a harmful personal affect from this data breach. But it does illustrate that we are all vulnerable, whenever we trust any confidential information to someone else.

Technorati Tags: Identity Theft, Information Security, Privacy

Some information doesn’t go out of date quickly.  This afternoon I stumbled across a post by Wilma Colon-Ariza who published a helpful article entitled “Identity Theft and Phishing Scams” last January.  Its content is still timely.

She first notes:

The federal government reports that identity theft is now the fastest-growing financial crime. Every 79 seconds, a thief steals someone’s identity and opens accounts in the victim’s name.

I don’t know what the current statistics are, but guess they are worse.

After commenting on an “Identity Theft Prevention Act” which took effect in New Jersey, on January 1, 2006, Wilma proceeded to provide a very practical outline of how consumers can protect themselves against Identity Theft and Phishing attempts. 

Finally, if you become a victim of Identity Theft, you can refer to specific steps Wilma provided to get things back in order.

Thanks, Wilma, for an informative and practical post, even it took me a long time to read it!

According to a CNNMoney.com article today,

“An international cybercrime ring was broken up Thursday by federal and state officials who say the alleged hackers used phony e-mails to obtain personal passwords and empty more than $3 million from U.S. bank accounts.

“The U.S. Attorney’s Office charged 37 individuals for allegedly using a malicious computer program called Zeus Trojan to hack into the bank accounts of U.S. businesses and municipal entities.”

Isn’t it interesting that this sophisticated cybercrime tool was named for Zeus, the Greek "Father of Gods and men" and the Trojan Horse, which allowed Greeks to surreptitiously enter the city of troy and end the Trojan War?

It is as if God and the Greeks have ganged up on the rest of us!

I’m sure God and the Greeks aren’t really conspiring against us, but the Zeus Trojan case underlines the tragic reality that bad guys are  becoming extremely sophisticated in their attacks, and that the cost to us all is rapidly increasing.

Thanks to @idtexpert for tweeting this humorous commentary on privacy and Identity Theft.

In response to my colleague, Jack Crail, who circulated the link to the video in my previous post, another colleague, Brad Diggs, responded:

Hey Jack,

No this isn’t an urban legend.  I have been working up a blog post that gives folks a strategy for how to deal with it.  I am the deacon of IT at my church and we have had to deal with it head on.  For everyone’s benefit, your best friend in this is Darik’s Boot and Nuke.  Of course the best thing is to make sure that the drive is not accessible by anyone that shouldn’t be accessing it.  You also need to make sure that you pull the drive when ever you have it serviced, sell it or dispose of it.

Lastly, note that this risk applies to both photocopiers AND printers with internal print queues.

Have a great day!

Brad

Brad followed up that note with an excellent post on his blog recommending a step by step process to deal with the problem.

Thanks, Brad!

The thought never crossed my mind until my colleague Jack Crail sent me a link to this short CBS News video that outlines little-known security risks lurking in the background – hard drives in digital copier containing thousands of pages of sensitive information.

A companion print article highlighted a short study of four copiers detailed in the video:

The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders.

On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.

The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.

But it wasn’t until hitting "print" on the fourth machine – from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

Who knows how much of your personal information is floating out in never-never land on copier hard drives you may not have even known about?