http://www.kansascity.com/business/story/180429.html By PAUL WENSKE The Kansas City Star July 07, 2007 Here’s something scary: Millions of personal files on consumers are stored on laptop computers routinely left in areas accessible to thieves. Forget hackers that bypass sophisticated security systems. Identity thieves are simply walking off with laptops containing lots of juicy private and financial information. Ask Linda J. of Lenexa. In May, she received a letter from a former employer stating cryptically: “We are contacting you about a potential problem involving possible identity theft.” The letter went on to say the stolen computers contained names, addresses and Social Security numbers on current and former employees. Ironically, the company, Securitas Security Services USA Inc., is one of the world’s biggest security firms. Once known as Pinkerton’s — the detective agency that dogged Jesse James — the $6 billion company operates in 30 countries and has 200,000 employees. But on the night of April 26, apparently without detection, thieves slipped out of the company’s West Coast operations center with “a number” of laptop computers. Linda J., who asked that her name not be used since her identity has already been compromised, worked for the company for three months as a grade-school crossing guard. She said those three months are hardly worth the current hassle of calling credit bureaus, creditors and banks to ensure someone doesn’t go on a spending bender using her good name. “I’m the one that has to take all the responsibility,” she said. “I have to put fraud alerts on all my credit reports. Basically, they are saying their responsibility ended when they sent me a letter.” Securitas set up a hotline for employees. A spokesman said that more than 100,000 current and former employees got letters and that the company was also contacting credit bureaus. “The investigation is still ongoing,” the spokesman said. The theft of laptops loaded with personal information seems to be a thriving business. I counted more than 11 laptop thefts listed since late April by the Privacy Rights Clearinghouse. The thefts affect hundreds of thousands of people. That doesn’t even count thefts of discs, tapes and software files. “My guess is there are far more incidents that exist than we have in our listing,” said Beth Givens, director of the California-based identity theft watchdog. The list counts only breaches reported in the media. And a lot of embarrassed companies don’t go out of their way to make their goofs public. Here’s a sample of more information compromised by laptop thefts: * Information on Caterpillar employees was stolen from a benefits consultant April 27. * Patient information was stolen from Highland Hospital in Rochester, N.Y., on May 11 and was sold on eBay. * Student financial aid information was stolen from Northwestern University on May 20. * Student Social Security numbers were stolen from a Texas A&M professor on vacation June 18. * Data on Texas First Bank customers disappeared when a car was stolen in Dallas on June 22. What this suggests is that some businesses may be too cavalier with consumer data. Most attention focuses on what consumers can do after they’ve been victimized. Not enough is focused on businesses protecting consumers. Federal identity theft laws vary depending on the industry.. “We don’t have an overarching identity theft protection law,” Givens said. Linda J. called Securitas for more information. She said she was told not to fret too much because there was no evidence her personal data had been misused by thieves. “They (businesses) always say that,” Givens said, with a mock laugh. “It aggravates me. They have no way of knowing what kind of voyage that information embarked on.” In its letter to Linda J., Securitas said: “We regret that this unfortunate event occurred and we are in the process of enhancing our procedures and controls so that criminal events like this do not happen in the future.” This is the same company that says on its Web site: “At Securitas, our mission comes down to pretty much one thing: to protect you, our client.” Taking action If you have reason to suspect identity theft, you can put a fraud alert on your credit file. It tells creditors to check with you before opening any new accounts. Filing an alert also entitles you to a free credit report from each bureau, and it can be renewed every 90 days. For more information, go to www.ftc.gov/idtheft. © 2007 Kansas City Star and wire service sources. All Rights Reserved. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jul 09 2007 - 01:42:14 PDT