Small breaches can have big consequences

April 28th, 2009 Rob Douglas

Over the course of the last year, the fact that many – perhaps most – data security breaches are going unreported by the majority of data breach reporting organizations and web sites has become very apparent. 

Almost every day, small breaches that appear in news items around the United States are never reported to the public by the Privacy Rights Clearinghouse, the Identity Theft Resource Center and other organizations that the media often cites as authoritative on the total number of data breaches.  This under-reporting does a disservice to the American public and our elected representatives and government agencies charged with protecting those who’ve had their personal information exposed.

Equally as important, those overlooked “small” breaches are often far more significant than the larger breaches that are reported by data breach monitoring organizations.  More often than not, the small, unreported breaches have actual victims who’ve sustained actual losses as compared to many of the larger breaches where it is fairly obvious the missing data will never fall into the wrong hands.

By way of one extreme example, yesterday the Associated Press reported from Virginia:

A former bank credit card department manager has been sentenced to two years, three months in prison for bank fraud and identity theft.

U.S. Attorney Dana Boente said Monday that 38-year-old Bernard James Brown Jr. of Saluda also was ordered to pay more than $65,000 in restitution to his former employer, Eastern Virginia Bankshares.

According to prosecutors, Brown used a stolen access device and identifying information to withdraw money from someone else’s account. After the credit card account was closed, Brown reopened it under a new name and address and continued to tap the account for cash and purchases.

Granted, this is a relatively small breach of one customer account, of one bank, by one bank employee.  Odds are this breach will never appear on the lists of breaches compiled by the Privacy Rights Clearinghouse, the Identity Theft Resource Center and other breach reporting organizations.

Yet, to the bank and its’ customer, this is an extremely serious breach that resulted in at least $65,000 in losses – not to mention the damage to the bank’s reputation for safeguarding customers.

This is not to criticize the fine work that the PRC, ITRC and others do.  It is a recognition that the collection and reporting methods of breaches are so inadequate as to be useless from a statistical perspective.

And, without good data about data breaches, we cannot come to the correct answers in addressing the epidemic of data breaches.

Posted in Data Breach, ID Theft, Identity Theft, Security Breach, credit card fraud, employee theft, news | No Comments »

CitiBank Employee Sentenced For Identity Theft

February 28th, 2009 Rob Douglas

A woman who used to work for CitiBank will now spend two years in prison for aggravated identity theft and bank fraud.

A federal judge in Jacksonville handed down 26-year-old Isla Brumfield’s sentence Thursday. According to court documents, Brumfield had worked in the Customer Service Sales Department at CitiBank.

Prosecutors said that in her position, she used a computer to access both credit card account numbers and the personal identification information associated with CitiBank credit card accounts. They said that in December 2007 and January 2008, Brumfield assisted in a scheme to use compromised personal information to obtain a CitiBank credit card. According to investigators, one of Brumsfield’s associates then used the fraudulently obtained credit card to withdraw cash from ATMs throughout Duval County.

See the full report at MSNBC.com.

Posted in Data Breach, ID Theft, Identity Theft, SSN Identity Theft, Security Breach, credit card fraud, employee theft, information security | No Comments »

Workers Stealing Company Data

February 23rd, 2009 Rob Douglas

Six out of every 10 employees stole company data when they left their job last year, said a study of US workers.

The survey, conducted by the Ponemon Institute, said that so-called malicious insiders use the information to get a new job, start their own business or for revenge.

“They are making these judgements based out of fear and anxiety,” the Institute’s Mike Spinney told BBC News.

“People are worried about their jobs and want to hedge their bets,” he said.

See the full report at the BBC.

Posted in Data Breach, Security Breach, employee theft, information security | No Comments »

Attorney Sentenced for Identity Theft

February 13th, 2009 Rob Douglas

Former Lake Charles attorney Byrlyne Van Dyke will spend 2 years in prison after pleading guilty last year to one count of Aggravated Identity Theft.

According to a press release from the U.S. Attorney’s Office, Van Dyke starting stealing detailed financial information in 2004 from a number of clients and former employees to get credit cards. Authorities say she used the cards to satisfy her gambling debt and for numerous day-to-day transactions.

Van Dyke lost her law license in 2005, and she’s now scheduled to begin serving her sentence March 16th.

The investigation began when the Calcasieu Parish District Attorney’s Office received complaints from Van Dyke’s clients, alleging identity theft.

See the full report at kplctv.com.

Posted in Data Breach, ID Theft, Identity Theft, SSN Identity Theft, Security Breach, credit card fraud, employee theft | 2 Comments »

Mailman Accused of Stealing Identities

February 11th, 2009 Rob Douglas

A mail carrier in San Diego County is accused of stealing dozens of gift cards, debit cards and Social Security documents sent through the mail.The Sheriff’s Department said Monday that Allen Pitman is suspected of stealing the mail over the last four years while working for the U.S. Postal Service in Santee.

Sheriff’s Sgt. Tom Poulin says deputies found 30 gift cards, stolen mail, debit cards and money when Pitman was arrested after he finished his route Wednesday. Poulin says detectives also found Social Security documents and W-2 wage and tax statements at Pitman’s home.

See the full report at sfgate.com.

Posted in Data Breach, ID Theft, Identity Theft, Mail theft, SSN Identity Theft, Security Breach, credit card fraud, employee theft, information security | No Comments »

Real Estate Agent Jailed for Bank of the West Identity Theft

February 11th, 2009 Rob Douglas

A 56-year-old woman who helped her adult daughter defraud Bank of the West customers so they could buy expensive online goods tearfully said Tuesday that their relationship is forever changed.Cynthia Jean Walker was sentenced in U.S. District Court in Richland to six months in federal custody — the same sentence her daughter received last month.

She took responsibility for her actions and told the court she’s never tried to minimize the impact it had on others, but continued to blame Cassidy R. Janosky for pulling her into the scheme.

“This is between my daughter and I, and if you had a daughter you would know it’s cut me to the core … because our relationship will never be the same,” Walker told the court in between sobs.

“My daughter has a life left; she’s young, she’s beautiful and she’s very talented,” Walker added. “I just think I’m too old to start over again. … I know it’s nobody’s fault but mine. I would like to just hold and hug my daughter.”

Janosky has said Walker’s boyfriend devised the identity theft scheme and that she finally agreed to participate after her mother’s repeated begging to help out.

See the full report at Tri-CityHerald.com.

Posted in Data Breach, ID Theft, Identity Theft, SSN Identity Theft, Security Breach, employee theft, information security | No Comments »

Credit Card Thieves Worked As Waiters

February 9th, 2009 Rob Douglas

The credit card numbers stolen from 200 customers at an Asian restaurant last year were taken by three people who offered to work for tips only, according to Longmont police.

Cmdr. Tim Lewis told 7NEWS two men and one woman offered to work at Longmont’s East Moon Asian Bistro without pay. They offered to work for tips only and management accepted. Because of that agreement, the owners never received any personal information about the workers.

Longmont police told 7NEWS that the three Chinese waiters illegally scanned customers’ credit and debit cards and that information was later used to withdraw cash at casinos in Las Vegas.

See the full report at TheDenverChannel.com.

Posted in Data Breach, ID Theft, Identity Theft, Security Breach, credit card fraud, employee theft, information security | No Comments »

Radiance Spa and Salon Identity Theft

February 7th, 2009 Rob Douglas

Radiance Spa and Salon Identity Theft:

A Granite Bay salon and spa owner was arrested Friday on suspicion of identity theft, grand theft and, fraudulent use of an access card, says the Placer County Sheriff’s Department.

Det. Jim Hudson said 40 customers of Radiance Spa and Salon had filed complaints that their bank cards were double and triple-billed after visiting the spa.

Arrested was spa owner Heather Lynn Collins, 33. Hudson said she is also accused of charging customers for services and products using two non-existent companies, Balance Body Works and Enchanted Skin Services.

See the full report at News10.net.

Posted in Data Breach, Identity Theft, Security Breach, credit card fraud, employee theft | No Comments »

Credit Card Fraud at Kohl’s

February 6th, 2009 Rob Douglas

Credit Card Fraud at Kohl’s:

Kohl’s is reimbursing two customers after learning an employee illegally used customer credit cards to buy gift cards.

A customer told Ocala police officers her credit card was overcharged by $100 last month. Another customer’s credit card was mysteriously billed $300.

Police said cashier Chastity Stanley, 23, told them she used the customer credit cards without their knowledge.

Stanley was arrested and charged with grand theft.

See the full report at cfnews13.com.

Posted in Data Breach, ID Theft, Identity Theft, Security Breach, credit card fraud, employee theft, information security | No Comments »

Newspaper Helps Cops Nab Identity Theft Suspect

February 6th, 2009 Rob Douglas

Newspaper Helps Cops Nab Identity Theft Suspect:

Police officials credited the Daily Times for assisting in identifying a woman wanted for racking up more than $5,000 in charges on a senior citizen’s bank card.

Police Superintendent Michael Chitwood called it “powerful” when the police department and the media collaborate to solve a crime.

It was two weeks ago that the Daily Times published a surveillance photo from an ATM machine of a woman withdrawing cash.

“We had no idea who she was,” Chitwood said. “But as soon as the photo ran, we started receiving calls with an identification and where she worked.”

Tanna Marie Murray, 20, of the 2600 block of South 67th Street, Philadelphia, was a cashier at a Secane restaurant and allegedly stole the victim’s credit card.

“The victim is 75 years old and went to the restaurant to eat,” Chitwood said. “She preys on him, gets his card and charges more than $5,000 in a short period of time.”

See the full report at delcotimes.com.

Posted in ID Theft, Identity Theft, Senior Citizen Identity Theft, credit card fraud, employee theft | No Comments »

« Previous Entries