LifeLock Blog

On a good day I can shower and get ready for work in just about an hour. On the rare occasion that I enjoy a single hour without interruption, I can research and write a rough draft for a short blog post.

In that same amount of time, two men broke into lockers at a Colorado recreation center, used a skimmer to copy account information off credit cards in the lockers, manufactured new cards using that information, and ran up $13,000 in fraudulent purchases.

Video cameras at the Wheat Ridge Recreation Center recorded one of the suspects entering the men’s locker room, while another man appears to be talking on a cell phone while he loiters in the hallway just outside the door.

An hour later, the thieves had added $7,000 to one credit card account, and $6,000 to another man’s credit card account.

Skimmers are small electronic devices that record the account information contained on the magnetic strips of credit and bankcards. Some skimmers are roughly the size of a matchbox and can be purchased for less than $200 from the Internet.

In identity theft cases where credit cards are stolen, the crimes are usually detected as soon as the victims realize their cards are missing. But, when the information from a card is copied with a skimmer, the victims continue to carry the cards themselves in their wallets, feeling blissfully secure … until the next time they attempt to use them and the cards are denied.

Visit LifeLock.com to learn more about the tools and strategies they employ to protect their nearly 1.5 million customers. Enroll using the LifeLock promo code Defense for a deep discount on service.

Because I write so much about identity theft I read a lot about it, too. And what I’m seeing lately is a lot of medical identity theft.

The story I saw today came from the Baltimore Sun: Christel Ebony Norwood stole the names, birth dates and Social Security numbers of at least 49 people from two medical facilities where she worked. She use it to get a fraudulent driver’s license and change the mailing address of her victims so she got their mail and they didn’t see the bills she was running up in their names. Among her purchases was a 2002 Mercedes-Benz she financed for $35,560.

Last week the big medical identity theft news from the LA Times was about a Cedars-Sinai Medical Center former employee who stole the personal information of at least 1,000 patients and parlayed it into fraudulent insurance claims worth at least $69,000. That’s a nice chunk of change, but he might have made additional money by selling that information to others.

One of the biggest identity theft stories of 2008 had to be the one about an extortion attempt involving Express Scripts and a few million of their customers. The extortionist added credibility to their ransom request by adding the details of 75 of the company’s members, including their names, dates of birth, Social Security numbers and even some prescription info. The message was “Pay up, or we publish similar information on millions of your customers on the Internet.”

Visit LifeLock.com for information on how they can protect your identity, your finances and your good name. Need LifeLock discounts? Use the LifeLock discount code Defense to receive a huge discount on service.

Sometimes even identity thieves are the recipients of manna. This week it came in the form of New York City’s public housing residents’ confidential files found blowing through the streets of East New York.

The files contained enough information about the residents to make stealing their identities easy for even the greenest or laziest of thieves: names, addresses, Social Security numbers (even those of dependent children), birth dates, phone numbers, income affidavits, court orders, lease agreements and records of payment were among the files left there for the taking.

And take it they did. “I’ve seen people picking them up off the ground and putting them in their pockets,” said one witness.

New York Housing Authority officials don’t know how the files got there, but they stated that the agency shreds any documents containing residents’ confidential information before it’s disposed of.

“The incident is being investigated and appropriate disciplinary actions will be taken against the individuals responsible,” said agency spokeswoman Sheila Greene.

Greene also said that the residents will be alerted to the situation and provided with information about how to protect their personal information. (Really? Isn’t that like being told how to care for your new prosthetic limb by the doctor who mistakenly amputated your leg?)

In case you’re thinking the payoff for stealing the identities of people poor enough to live in public housing isn’t worth the trouble, consider Laura Bustamante, a Utah state employee who stole the identities of applicants for food stamps and Medicaid benefits and netted $70,000 within four months. She was sentenced this week to three years in federal prison.

Laura Bustamante used her job as an eligibility specialist at the Utah Department of Workforce Services to steal the identities of roughly 100 of the agency’s clients, and giving the information of 33 clients to two other people.

Their victims gave their personal information to the agency while applying for food stamps, financial aid, childcare and Medicaid. The crimes took place between September 2007 and January 2008.

Bustamante and her accomplices opened instant credit lines or obtained credit cards with the stolen information.

Once she had the clients’ addresses, she would determine whether she could access to their mailboxes. If she could, she used their personal information to submit credit card applications and either stole the cards from the victims’ mailboxes when they arrived, or had them sent to her boyfriend’s mother’s address.

Bustamante, 34, pleaded guilty to unlawful access of a protected computer and aggravated identity theft and was sentenced to 36 months in a federal prison. She must also make nearly $70,000 in restitution to Workforce Services and her other victims.

Her accomplices also pleaded guilty to using the clients’ identities. Michelle Rae Chapman, 32, received a sentence of 36 months in federal prison. Joshua Smith, 32, will be sentenced next week for his participation in the crimes.

Chapman and Smith were arrested at a hotel January 2008 when Motor Vehicle officers discovered counterfeit state ID cards, a large amount of stolen mail, credit cards, credit card member agreements, credit card PINs, credit reports and two laptops.

Smith and Chapman directed the officers to Bustamante.

Binghamton University has been keeping their current and former students’ records in a very public, easily accessible, unlocked storage area—in fact, the door to the storage area was actually taped open.

Roughly 42,000 students are currently enrolled at the university, but because the records include information on students enrolled as far back as the mid-nineties–and their parents–the number of records is expected to easily exceed 100,000.

News reporters spent hours last week perusing the records found haphazardly scattered around the two-story storage area in boxes and binders, stacked loosely on open shelving and stuffed in unlocked file cabinets.

Every imaginable type of personal and financial information for the students and their parents was available to anyone meandering through the halls or attending classes in one of the most commonly used lecture halls on campus.

The compromised records include:

• Records of tuition payments sorted by Social Security number.
• Receipts for tuition payments, complete with credit card account information.
• Residency records with tax information and copies of students’ parents’ Social Security cards.
• Scans of students’ Social Security cards, driver’s licenses and vehicle registrations.
• Scans of a letter from the U.S. government granting a student’s mother asylum.
• Scans of W-9 tax forms from a student’s parents, both parents’ social security numbers, tax forms for the parents’ business and Social Security numbers and vital information for the parents’ employees.
• Undeliverable mail which included students’ names, addresses and Social Security numbers.

Learn more about LifeLock’s identity theft prevention and protection strategies at LifeLock.com. Enroll using the LifeLock promo code Defense and for a deep discount.

It’s usually a good thing when jobseekers’ interviewers says they’re excited about a prospective candidate’s resume, and want to move forward with background and credit checks. Most desperate jobseekers would happily give out any information the interviewer asked for at that point.

Fortunately Denise Crawford was a little paranoid when she got the request for her Social Security number. Instead of sending her information on, she contacted her state’s attorney general’s office and talked to them about the request.

“That shows a lot of red flags,” said Hugh Williams, the identity theft administrator in the Office of the Attorney General. “Most businesses that are going to run a credit report are going to do that on their own,” he said.

Crawford’s reaction to all this was predictable: she’s afraid now to apply for any other jobs over the Internet, but at the same time she knows that’s nearly the only way to find a job these days. Worse yet, the scammer has her resume and email address.

Other tips to jobseekers:

• Don’t give out personal information over the Internet unless you initiated the contact.
• Research any companies that you’re applying to. If they’re not on the Internet, steer clear.
• Be sure the hiring company is emailing from a their company’s URL. Example: humanresources@hiringcompanysname.com.
• Misspellings and poor grammar aren’t usually found in email messages sent by hiring managers.

It’s a brutal market for jobseekers, not just because of a dearth of jobs, but because there are so many scammer taking advantage of jobseekers.

Three recent examples of the illegal sale of consumers’ personal and financial information illustrate the need for LifeLock identity theft protection.

Rental Research Services’ failure to screen customers requesting consumer information resulted in the sale of at least 318 credit reports to identity thieves, according to a complaint filed by the Federal Trade Commission.

RSS uses information from the credit reporting agencies to provide a screening service for landlords who want to vet prospective tenants. Unfortunately, they failed to maintain “reasonable procedures to prevent such impermissible disclosures and to verify their customers’ identities and how they intended to use the information,” according to the complaint.

The reports allegedly provided by RSS to the identity thieves contained names, Social Security numbers, birthdates, bank and credit card account numbers and credit histories.

A $500,000 judgment was brought against RSS, but suspended because the defendant claims they are unable to pay it.

ChoicePoint, another data aggregator, agreed to a $10 million settlement of a class-action lawsuit in January after admitting they sold more than 160,000 consumer reports to identity thieves, though neither the company nor its officers admit in wrongdoing.

“I think the point we wanted to make is we’re not a company going around willy-nilly selling data to anyone who wants it,” Choice Point’s information security vice president, Aurobindo Sundaram, said in a an interview with SCMagazineUS.com.

In Canada, the federal privacy commission is investigating Landlord Source Centre, a service that provides financial and background information on tenants, for posting a website with extensive tenants’ information, including mental health diagnoses, personal and identifying information about their children and details of previous landlord-tenant disputes.

Cars, furniture, a motorcycle and a personal watercraft were among the fraudulently-purchased big-ticket goodies Riverside, Cal. police found when they busted Miriam Macedo.

Macedo had apparently been living large until the day she drove her fraudulently-purchased, $40,000 2008 Chevy Tahoe to a Riverside motorsports dealership, and tried to fraudulently purchase two Sea-Doo watercrafts with fraudulent identification. A dealership sales associate spotted the ID for what it was and called the cops.

That’s when Macedo’s fraudulently-funded, identity theft-enriched life came to an end.

Police officers discovered that Macedo was carrying three other people’s identification, including their credit reports and fake California driver’s licenses. She had even more driver’s licenses bearing different men’s names but the same man’s picture.

The officers searched the fraudulently-financed Tahoe and found envelopes stuffed with credit card applications made out under the names printed on the fake driver’s licenses, and a receipt for $6,000 worth of new fraudulently-purchased furniture from Ashley Home Store. The receipt showed the furniture had been fraudulently financed under one of the men’s names and delivered to Macedo’s address in Moreno Valley.

Police found more loot before they even got inside the Macedo’s house: in the driveway was a fraudulently-purchased 2008 Nissan Altima, and a fraudulently-purchased Waverunner; in the garage sat a brand new, fraudulently-purchased Yamaha motorcycle. All three vehicles were registered to one of the fraudulent names.

It comes as no big surprise, but Macedo’s house was nicely furnished with $6,000 worth of fraudulently-purchased furniture from Ashley Home Store.