LifeLock Blog

Recent data breaches have most of us focused on private corporations’ failures in protecting our personal information. There are, however, bigger and more threatening security risks.

The Government Accountability Office (GAO) just completed an analysis of all 24 federal agencies and determined that almost all of them have exposed citizens’ personally identifiable information, and, in some cases, present significant threats to national security.

“An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs,” according to the report. “As a result, agencies have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise.”

Still not clear on exactly how bad the problem really is? Reports of security incidents more than doubled from 2006 (5,503 reports) to 2008 (16,843 reports).

The GAO report specifically cited unresolved security problems at the Securities and Exchange Commission, the Internal Revenue Service, the Los Alamos National Laboratory and the Department of Homeland Security.

The SEC deficiencies were identified earlier this year, but still have not been addressed. The agency doesn’t consistently authenticate users and isn’t consistently encrypting network services or auditing its databases for unauthorized activity, the GAO report said.

Security weaknesses at many of the agencies include 1,100 users having access to mainframe system management utilities. In one agency, a contractor had full-system access, meaning any incidents that occurred on the contractor’s network could affect the federal agency’s network. Other agencies gave application users full access to source code.

The report also noted decreases in security training for personnel with critical IT responsibilities.

Sometimes even identity thieves are the recipients of manna. This week it came in the form of New York City’s public housing residents’ confidential files found blowing through the streets of East New York.

The files contained enough information about the residents to make stealing their identities easy for even the greenest or laziest of thieves: names, addresses, Social Security numbers (even those of dependent children), birth dates, phone numbers, income affidavits, court orders, lease agreements and records of payment were among the files left there for the taking.

And take it they did. “I’ve seen people picking them up off the ground and putting them in their pockets,” said one witness.

New York Housing Authority officials don’t know how the files got there, but they stated that the agency shreds any documents containing residents’ confidential information before it’s disposed of.

“The incident is being investigated and appropriate disciplinary actions will be taken against the individuals responsible,” said agency spokeswoman Sheila Greene.

Greene also said that the residents will be alerted to the situation and provided with information about how to protect their personal information. (Really? Isn’t that like being told how to care for your new prosthetic limb by the doctor who mistakenly amputated your leg?)

In case you’re thinking the payoff for stealing the identities of people poor enough to live in public housing isn’t worth the trouble, consider Laura Bustamante, a Utah state employee who stole the identities of applicants for food stamps and Medicaid benefits and netted $70,000 within four months. She was sentenced this week to three years in federal prison.

It’s usually a good thing when jobseekers’ interviewers says they’re excited about a prospective candidate’s resume, and want to move forward with background and credit checks. Most desperate jobseekers would happily give out any information the interviewer asked for at that point.

Fortunately Denise Crawford was a little paranoid when she got the request for her Social Security number. Instead of sending her information on, she contacted her state’s attorney general’s office and talked to them about the request.

“That shows a lot of red flags,” said Hugh Williams, the identity theft administrator in the Office of the Attorney General. “Most businesses that are going to run a credit report are going to do that on their own,” he said.

Crawford’s reaction to all this was predictable: she’s afraid now to apply for any other jobs over the Internet, but at the same time she knows that’s nearly the only way to find a job these days. Worse yet, the scammer has her resume and email address.

Other tips to jobseekers:

• Don’t give out personal information over the Internet unless you initiated the contact.
• Research any companies that you’re applying to. If they’re not on the Internet, steer clear.
• Be sure the hiring company is emailing from a their company’s URL. Example: humanresources@hiringcompanysname.com.
• Misspellings and poor grammar aren’t usually found in email messages sent by hiring managers.

It’s a brutal market for jobseekers, not just because of a dearth of jobs, but because there are so many scammer taking advantage of jobseekers.

While you’re doing your holiday shopping, make sure you’re not putting anything special under the tree for identity thieves. Whether you see them or not, they’re just waiting for an opportunity like kids lined up for Santa’s lap.

Here’s how it happens:

You’re waiting in line at the register with eight or nine other people. Everyone’s overheated, overburdened, overspending and maybe a wee bit grumpy and impatient. When it’s finally your turn to check out, all you’re thinking of getting it over with and getting out of the store. What you’re not thinking about is the guy behind you who’s reaching inside your open purse.

Or, you’re taking a break from shopping in the mall food court. It’s hot, it’s loud and it takes forever to find an available table. Once you find one, you set your tray down on the table, and set your purse in the empty chair. Then you stash your five bags with 27 pounds of gifts under the table where no one can steal them. While you’re doing that, someone has lifted your purse.

Or, you’re finally able to find the time to get together with friends at a favorite restaurant. You enjoy a long, leisurely dinner with lots of laughter and a little wine. The food was delicious and the waiter was attentive. When you get the check, you hand over your credit card and do a silent calculation of the generous tip you’re going to give him. What you don’t know is that he’s doing a little calculating too. He’s got a matchbox-sized card skimmer in his pocket, and has just discreetly recorded all of your credit card information.

Identity theft is a terrible thing to go through at any time of the year. But becoming an identity theft victim during the holiday is disastrous. Now, more than ever, you need LifeLock identity theft protection.