Search This Blog

Wednesday, December 28, 2005

Winding Down the Worst Year Ever in ID Theft

I started The Dunning Letter on April 19 of this year and this will be post number 46, probably the last for 2005. It all started with my concept that federal legislation should be passed, giving consumers control over their names and personal data, and they should be paid for its use.

In the nine-month period, many things have happened in the identity crisis arena, but nothing of substance that would solve the problem. If you read my last blog, “Government and Business Want to Convince You 2+2=5,” you know that Congressional leaders have once again dropped the ball by putting ID theft legislation on hold.

And then the Los Angeles Times ran an article recently by Joseph Menn, “Data Brokers Press for U.S. Law,” that clearly shows these data merchants are running scared with the state laws that are popping up, the most recent in New York. You know there is something wrong when the junk mail industry supports laws that will regulate its business. What galls me is the fact that the industry is apparently cock-sure this Congress will pass something weak enough not to hurt them, but strong enough to supersede the more stringent state laws.

The latest major event in the identity crisis fiasco is the plight of Eric Drew, from Seattle, Washington. Eric was fighting leukemia in a cancer center when a technician decided the patient probably wouldn’t make it, surmised he wouldn’t need his identity any longer, and promptly stole it from hospital records, opening several credit accounts in his name. Well, Mr. Drew fooled him on both counts. His health improved and Eric fought back to catch the thief. The technician, Richard Gibson, is being prosecuted under a new law passed to protect patients’ privacy. You can read about it on two sites: “Dateline: The lowest scam,” on MSNBC, and “Cancer Patient Catches ID Thief,” on

If you consider the millions of patient records in thousands of doctors’ offices, hospitals and medical centers nationwide—many with minimum security—you begin to understand how the Eric Drew incident occurred. Medical databases are one of the largest storehouses of private information in the country, most with Social Security numbers from the days when we readily gave them up. Now these institutions have created the perfect formula for ID theft.

Finally, have to mention what I consider to be the most bizarre news from 2005. ChoicePoint, the company who introduced the new wave of identity theft in 2005, with three incidents totaling almost 172 thousand account records lost, wants to "acquire" state DMV motor vehicle registration records for their client, the U.S. Department of Homeland Security. (Actually, ChoicePoint already has them, something that will be covered in a futute blog) In a Los Angeles Times’ article, “Big Data Broker Eyes DMV Records,” by Michael Hiltzik, he reflects what probably most of us believe: “Given ChoicePoint’s history, should it be allowed anywhere near our motor vehicle records?”

Another piece in, “The Peter Principle Lives (and then some): ChoicePoint to get DMV Data?” takes us back to the late ‘60’s and early ‘70’s when Dr. Lawrence Peter professed his belief that individuals will eventually be pushed to their highest level of incompetence, after which the competent few must deal with this inadequacy. It’s the primary reason I left corporate America years ago and never looked back.

You might also want to check Michael Hiltzik’s Golden State blog post, “Golden State Column: ChoicePoint and the Threat to Privacy,” where he also feels, “The real remedy is Congressional legislation…” He goes on to comment on ChoicePoint’s dual position of being both investigated by California Attorney General Bill Lockyer for the data breach, and at the same time awarded a contract worth over $845,000 to design a law enforcement database, also by Lockyer.

A sad year, 2005, but I am predicting that all this will change in 2006, when a fed-up public decides they won’t take it anymore. Join my grass-roots movement. Write your Congress person. Contact local TV, radio and newspapers. Tell them you want to see federal legislation passed that will give you control over your name and personal data. And, you want to be paid any time it is used.

Talk to you next year!

Thursday, December 22, 2005

Government and Business Want to Convince You 2+2=5

In George Orwell’s 1984, the “Party” had achieved its ultimate goal of transformation when its members confirmed that they believed 2+2=5. Just saying they believed was not enough. And if the Party wasn’t assured of this belief, people had a way of disappearing, as if they had never existed.

Fortunately, we don’t have to be afraid today that government will make us vanish without a trace, but it, along with certain business interests, is still using the same tactics to destroy our right to privacy. Let me explain my reasoning, starting with government.

A recent article on, “House Tables Data-Breach Law Talk,” by Roy Mark, pretty much says it all. It fizzled, according to Mark, because Democrats opposed the fact that it “lacks enforcement teeth.” They are right, because the law does not include the one factor that will insure that the legislation is both powerful and lasting, and that is… giving control of their name and personal data to the consumer.

Another article by the Counter Think organization, “Experts predict no data security bill will pass Congress in 2005,” agrees with Mark and makes an interesting comparison. They mention the California legislation responsible for exposing the ChoicePoint, LexisNexis, etc. breaches and the fact this law would be compromised in all currently proposed, weaker federal legislation. And the same applies to a recently passed New York law, the Information Security Breach and Notification Act, requiring consumer notification of data loss.

The Pennsylvania Public Interest Research Group (PIRG) is questioning that state’s Senate Bill 712, similar to California and New York, except, companies have to notify affected customers only if they “reasonably believe” the security breach will cause damage. The article in the Pittsburgh Post Gazette by Patricia Sabatini, “Security breach notification bill won’t protect consumers, group says,” reports that the governor is scheduled to sign it, regardless. Nobody listens to the experts. PIRG has been around since 1983 working at the state level to protect consumer interests.

The federal government and the present Congress and administration will delay any substantive action and/or legislation as long as the consumer remains apathetic and continues to accept the fact that their privacy is not a priority. Further, that they continue to condone the fact that their name and personal data can be sold or used in any way the government or business decides, and without question. In other words, the consumer be damned and the public is willing to live with it.

On the business side, it is not likely to clean up its act until it is forced to do so. I was in the junk mail industry for thirty-five years and I can assure you that the emphasis was always…get as much private information as possible on the individual and sell it to the highest bidder. Not …just how do we make sure the data collected is secure.

Since ChoicePoint started the parade in February of 2005, some other major contributors to the “loose security” brigade are: Bank of America; DSW Retail; LexisNexis; Ralph Lauren Polo/HSBC; Time Warner; Dept. of Justice; Citi Financial; CardSystems (biggest ever at 40 million data files); and TransUnion. According to Privacy Rights Clearinghouse, there have been ninety-six total breaches in 2005, totaling close to 54 million consumer records lost. And then there are the more recent.

On December 2, Sam’s Club, a division of Wal-Mart, disclosed that customers purchasing gas had experienced credit card fraud. In a Computerworld article by Jaikumar Vijayan, “Update: Security breach at Sam’s Club exposes credit card data,” he says an unspecified number affected had purchased gas between 9/21 and 10/2/05. Sam’s Club is working with Visa and MasterCard in their investigation.

And then on December 16, ABN AMRO Mortgage Group, a subsidiary of LaSalle Bank Corp., announced that a computer tape with personal data on 2 million customers, including Social Security numbers, was “missing.” Covered in a Detroit News article by Susan Tompor, “ABN AMRO data lost,” the tape was lost in November when DHL delivery service picked it up in transit to the Experian credit bureau. Fortunately, the tape was located by DHL but the question persists: where was it, and why was it lost?

There is only one way to protect the use of consumers’ names and personal data. Pass federal legislation to give the individual control over their name and private information. And, while we’re at it, compensate the name-holder for its use. Why not? The control provides protection against identity theft and the payback for selling this data can be used to supplement your Social Security.

Think about it and join my grass-roots effort to pass this legislation. Write your Congress person. Write letters to the editor of your local paper or call radio and TV stations’ consumer correspondents. Or, send me an e-mail at and I will see that your thoughts are known by Congressional leaders and the media.

Thursday, December 15, 2005

Another "Given" Bites the Dust: PENSIONS

If you are a young to middle-age employee of Verizon, and a manager with the company, you just lost your pension benefits and might be wondering about the future of your retirement. “Verizon to cut managers’ pensions,” is a recent article on C/Net that seems to be predicting the future of corporate pension plans. And, Verizon is in completely sound financial condition.

The second largest telecommunications provider says the move will affect about 50,000 managers out of their 215,000 employees. Verizon’s Chairman and CEO Ivan Seidenberg says the action will enhance their ability to compete. They are also currently in the process of acquiring the long-distance carrier, MCI, so we see where the priority is.

I’m not faulting Verizon, nor am I justifying what they did. Other companies are doing it or are looking at the possibility. An Associated Press article on, “Companies look to freeze pensions,” reports that last year, 71 of the nation’s biggest firms froze or terminated pension plans, a 58 percent increase over 2003. In Verizon’s case, there are also cuts in retiree health care benefits.

The Newsday article states that Verizon tried to make the same move ten years ago, and the recent step has left several workers understandably angry and afraid. Continuing, it states that Sears, NCR, Circuit City and a division of Abbott laboratories have frozen pension plans for some or all employees and Hewlett-Packard said this past July it would do the same for some workers.

Scott Cohn, in his article on MSNBC, “Are pension promises a thing of the past?” is asking a very provocative question. He quotes a Motorola employee who lost a part of his pension as saying, “I got screwed.” Cohn goes on to add the troubled airline industry to the list of companies cutting retirement benefits. Not looking good for those of you that plan to take it easy in your golden years.

Which brings me back to my original premise: the solution is to pass federal legislation that will give consumers control over their names and personal data and pay them for its use. A double-barrel advantage of preventing ID theft and supplementing your retirement by $607 per month.

The junk mail industry alone grosses over $4 billion annually on your name and private information. Folks, this is year after year after year and growing with each new tidbit of information added to your dossier. And this doesn’t even include the non-junk mail companies, like the pharmaceutical industry, who have gotten into the business of selling your data.

The other benefit of having control over your name and personal data is that you can prevent the possibility of identity theft. You have the right to opt-in—not have to opt-out—to all uses of this data in a system of checks and balances that is both simplified and effective. For once, you can be assured that when your name and private information are being used, they are completely secure.

I’ve never done this before but here is my e-mail address: Just click on it and send me a quick message with your thoughts, suggestions, comments or even criticisms. I will use your input to help convince Congressional leaders to pass this important federal legislation. Any reference to your message will remain completely anonymous and your name and e-mail address will never be sold or shared; you have my word.

Saturday, December 10, 2005

Make Your Holidays ID Theft Free

You don’t want to wake up Christmas morning with an ID thief under your tree. You may have already heard it a hundred times, but I’m going to say it again. Protect your name and personal data at all times, particularly in the rush of holiday purchases. That’s when you’re most likely to be victimized at the traditional retail locations.

Transactions occur so quickly that you can’t follow the trail of your credit card. A dishonest clerk can copy your account number without being caught and sell it to the crook who either uses it or resells the number. It’s a business, and even organized crime has been involved through bribing employees to steal your private information.

In an article on the TechNewsWorld site by Gene Koprowski, “Forecast: ID Theft by Insiders to Grow Dramatically in ’06,” he is predicting this increased activity by store personnel because retailers are not educating employees about the value of protecting consumer data. In my experience, you’re lucky during the holidays to find someone to help you with knowledge of what they are selling, much less being skilled in protecting your personal data.

Greg Simmons has written an article for you should read: “Holiday Shoppers Vulnerable to ID Theft.” He tells you why you should worry about identity theft; it won’t hurt to review some of these time-tested bits of advice. He covers a range of possibilities where you can fall victim to the fraud and makes one excellent point: You have to be in control because police departments across the country do not have the officers for investigation.

You also need to make sure your on-line purchases are secure, dealing with companies either you know or those that come highly recommended by others. Always look for the “lock.”

According to the Identity Theft Resource Center, about 22 percent of victims reported their identity stolen from charges over the Internet in 2004, which was almost a ten-percent increase over 2003. Privacy Rights Clearinghouse estimates almost 2 million U.S. adult Internet users were victimized in 2004 and many consumers are beginning to weigh the risk against the convenience.

The above isn’t meant to frighten you into a corner where you are afraid to deal with the outside world. The purpose of all this advice is to make aware shoppers out of all of you so that you take command of your personal life. And, hopefully in 2006, we can convince Congress to give all consumers control over their names and personal data and pay them for its use.

Sunday, December 04, 2005

Babes in the ID Theft Woods

I had the opportunity recently to talk to someone who had been the victim of identity theft. When you are around it constantly, doing research and blogging the results, you begin to assume that everyone knows as much as you do. The irony of this situation came crashing home when my wife and I met a young girl that had been victimized.

To make things worse, she was sitting in the emergency room of a local hospital, alone, and very scared about a condition that had come on suddenly, which was quite debilitating. Her mother had dropped her off quickly and then left to take care of her daughter. To top everything off, she told us after relating the above, that someone had just stolen her identity and made charges to an account which had just been opened.

She didn’t have the slightest idea what her next move should be and she said she could not afford an attorney. The confusion we saw in her face said everything. That account someone had scammed was opened to buy her daughter Christmas presents and now the store had shut it down. Since the girl had not yet even received a credit card for the account, it had to be an inside job. We had to move on to take care of my wife’s father—who was also in the ER—but left her with some good advice we hope she remembers.

To emphasize the plight of this young girl and others like her, Gene Koprowski has written an article you can find on titled “Forecast: ID Theft by Insiders to Grow Dramatically in ’06.” He is a top security analyst and is predicting that, even though companies install more security safeguards, their employees will find ways to breach these obstacles and steal your personal data. Comforting.

Joseph Ansanelli of data security firm, Vontu, says in the piece that retail employees will begin to realize even more so in 2006 just how valuable your name and private information are, and, if not “trained” to protect this valuable asset, they will continue to make off with your data. You don’t “train” someone to be honest; they either are or they aren’t. Even if they are on the fence, the right offer could make them fall on the wrong side.

From another angle, and it isn’t clear yet just what that angle is, 3,623 consumers’ names with data were stolen from one of the big-three credit report companies, TransUnion. The unclear angle is that it wasn’t reported as an inside theft, but it was stolen from one of their regional offices in California, at least from under the noses of their employees. You can read Jonathan Krim’s article in the Washington Post: “Data on 3,000 Consumers Stolen With Computer.”

TU says the computer was probably the reason for the burglary, not the data. Sure. Computer value, probably at most $500. Data value, at least $10,000. This is the same credit reporting agency that sued the Federal Trade Commission in order to sell your name and personal information, including some credit data, which was in violation of the Fair Credit Reporting Act of 1970. They lost, appealed to a circuit court and lost again, and finally filed a petition for certiorari with the Supreme Court—which means, will the court hear their case—which was also denied.

So, I hope you can see where all this is going. Even if the data were secure within the facility where it is housed, you can still be victimized at the last point of contact, the retail clerk where you make your purchase, including the order-taker at the junk mail company from whom you order. But it isn’t safe with the data brokers, as evidenced by the recent theft from TransUnion and all the other ChoicePoint, LexisNexis, etc. events. And, Gene Koprowski in says it will just get worse in 2006.

The only answer is to pass federal legislation to give you control over your name and personal data. This will stop the identity crisis in its tracks and give consumers the confidence to work with organizations, when necessary, in the use of their private information. By the way, that legislation would also include paying you for its use.