Header graphic for print
Technology Law Source Mapping the evolving legal landscape

Category Archives: Identity Theft

Subscribe to Identity Theft RSS Feed

IMPACT: Measuring the Loss of Brand and Business Reputation after a Data Breach

Posted in Data Breach Notification, Identity Theft

Brand and business reputation suffer following a data breach. A recently released survey puts some numbers to the losses and shows just how much that damage can be, with breach of customer data being the most costly. The study, independently conducted Ponemon Institute LLC and sponsored by Experian® Data Breach Resolution, is believed to be the first study to compare the impact of the loss of confidential customer or employee information and sensitive business information with loss of brand and business reputation.…


Continue Reading →

Porter Wright Information Privacy and Data Security Workshop Series

Posted in Data Breach Notification, Identity Theft, Information Technology, Privacy

Please join us for this informative series focused on the technical, enforcement, and practical aspects of experiencing and responding to a data security incident. For the complete invitation and details on registration please click here.

IDENTITY THEFT, CORPORATE DATA SECURITY BREACHES AND LAW
ENFORCEMENT: SHOULD I CALL THE COPS?

Learn How to Effectively Utilize Law Enforcement and Private Security Resources to
Protect Yourself and Your Business From Computer Criminals

January 20, 2011
11:30 a.m. – 1:30 p.m.
Lunch will be provided
Capital Club – 41 South High Street, 7th Floor
Columbus, Ohio

Focus issues:
Trends in Identity Theft
What Can Lead to a Data Breach
Law Enforcement
Identity Theft Investigations

 …


Continue Reading →

FBI Issues Warning Regarding Denial of Service Attacks

Posted in Identity Theft, Privacy

Is your phone ringing off the hook? Then you’d better check your bank account. According to the Federal Bureau of Investigation, a new “telephone denial-of-service” attack is combining high-tech and low-tech fraud techniques to steal money from the bank accounts of unsuspecting victims.

As reported in the alert issued by the FBI, the scam begins with the suspect obtaining a victim’s personal and banking information, perhaps including bank account numbers, PINs, and passwords. Scammer can obtain a victim’s personal and banking information in a variety of ways, such as through phishing emails, social engineering tactics, or malware surreptitiously installed on a person’s computer.

Once the scammers have the victim’s personal information, they begin tying up the victim’s telephone line by using automated resources to place hundreds or thousands of calls to the victim’s telephone, not unlike a Distributed Denial of Service attack aimed at a computer network that overwhelms a computer with requests for information resulting in a slowing or failure of the network.

While the victim is busy dealing with the onslaught of telephone calls, the scammers quickly drain the victim’s bank account using the previously obtained personal and banking information to gain access to the account. If the banking institution calls its customer to verify the transactions they find the victim’s telephone line to be busy. In some cases, scammers are brazen enough to change a victim’s contact information listed with the bank. As a result, calls from a bank to verify fraudulent transactions are redirected to …


Continue Reading →

Security Breach Results in Fine Despite Prior Security Measures

Posted in Data Breach Notification, Identity Theft, Privacy

In January 2008, the Davidson Companies, a financial services holding company, announced that a database containing current and past customer records had been hacked during a SQL injection attack. On April 14, 2010—more than two years after the network intrusion—the Financial Industry Regulatory Authority (FINRA) fined the company $375,000 for the breach.…


Continue Reading →

Identity Theft Protection Company to Pay $12 Million to Settle FTC Claims, State AG Actions

Posted in Identity Theft, Privacy

According to an FTC press release on March 3, 2010 and as reported in various media outlet reports, like this one from The New York Times, LifeLock, Inc., an identity theft protection company, has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services.

The FTC claims and state attorneys general actions appear to have been centered around LifeLock’s representations that its protections against identity theft were complete, absolute, and guaranteed.  FTC Chairman Jon Leibowitz noted in the FTC’s press release,

"While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it."


Continue Reading →