Up to 1 Million email Accounts Phished for Identity Theft

Robert Siciliano Identity Theft Expert

Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised.

News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com. Internet users are urged to change their passwords regularly and ensure anti-virus software is up to date to protect themselves from fraudsters.

While phishing emails keep pouring in, their methods are changing rapidly. Posing as a Nigerian prince is still common, but not as effective. Even posing as a known bank or Paypal, asking to update an account for various reasons and requesting a potential victim’s user name and password is not as effective as it used to be.

Much of the phishing that occurs today is targeted “spear phishing,” in which the spammers are after a localized target. Going after a CEO is called “whaling.” Who better to take down than the biggest phish of them all? Most corporate websites offer plenty of data on the company officers and administrative contacts, which makes it relatively easy to create a sucker list. If scammers send an email blast to the entire company, eventually someone is likely to cough up enough data to allow the scammers to tap into the company’s intranet. Once the scammers have accessed the intranet, all further phishing emails will appear to be coming from a trusted, internal source.

Perhaps the most insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user’s data, including usernames and passwords, credit cards details, banking and Social Security numbers. Often, that same virus makes the victim’s PC part of a botnet.

How to avoid becoming a victim? Delete.

Change passwords often. Combine uppercase and lowercase letters, as well as numbers and characters. Don’t use consecutive letters or numbers, and never use names of pets, family members, or close friends. Instead use the first letters of phrases

Never click links in the body of an email that are coming from a bank, Paypal or any enterprise that may be leading to a request to enter data. Go to your favorites menu or manually type the address in.

Pay attention to phishing filters. Most updated browsers have built-in phish filters that toss up a red flag warning of a potential ruse.

1. Protecting yourself from new account fraud requires effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Robert Siciliano, identity theft speaker, discusses hacked email on FOX & Friends.

Government Officials Contributing to Identity Theft

Robert Siciliano Identity Theft Expert

Government officials are posting our Social Security numbers on the web, but corporations are required to keep them under lock and key.

Congressman Robert Wexler was recently targeted by a Ghanaian extortionist who supposedly obtained Wexler’s Social Security number, as well as his wife’s, from a public record posted at The Virginia Watchdog. Betty Ostergren, founder of The Virginia Watchdog, has spent the past seven years trying to put an end to the public exposure of our Social Security numbers, which are often posted online by elected or appointed state government officials. Virginia and other states apparently want this personal information online, since they have yet to pass any laws mandating the removal of Social Security numbers.

State officials posts these records online because they are public records. This is already happening in every state. Records containing extensive personal information are available on the Internet, and the elected officials that post this information put individuals at risk by failing to remove or black out Social Security numbers and other sensitive data.

The fact that Congressman Wexler and his wife were extorted should not be the big story. The big story should be the fact that these records, with Social Security numbers exposed, are made available on the Internet, thanks to elected officials.

Betty Ostergren recently found the same documents for one major U.S. corporation and their top brass on twelve different state government websites. The same list of Social Security numbers and home addresses for the top executives appeared on government websites in in Arizona, Colorado, Florida, Indiana, Iowa, Kentucky, Massachusetts, Michigan, Mississippi, New Hampshire, North Carolina, and South Dakota. And each year that the company filed a report within those states, the same 40+ Social Security numbers showed up on the documents, which are available to anyone in the world. (North Carolina did unsuccessfully attempt to redact the numbers.) The Social Security numbers of many top executives from many corporations are available on the Internet, on public records published on state websites. And so are the Social Security numbers of plain old Joe Shmoes, too. But most of them don’t realize it, and when their identities are compromised, they’ll wonder how their Social Security numbers got into the wrong hands.

We live in an ignorant country, where people pay more attention to sports and entertainment than the actions of our legislators.

Go to The Virginia Watchdog and read everything you can to become fully informed about the identity theft crisis fueled by public records.

1. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News

Florida Congressman Robert Wexler Targeted in Identity Theft Extortion

Identity Theft Expert Robert Siciliano

Sun Sentential reports that Congressman Robert Wexler, of Florida, was targeted by an extortionist who threatened to turn his Social Security number over to identity thieves. Wexler refused to give in to the extortionist’s demands, and reported the plot to the Secret Service and Capitol Police. Other members of Congress were targeted, as well. The alleged extortionist has been arrested and remains in custody in Ghana.

Wexler’s attorney, Pamela J. Marple, issued a statement:

“Congressman Wexler greatly appreciates the professionalism and ongoing assistance of the United States Secret Service and Capitol Police regarding a matter where he was targeted as a member of Congress and was the victim of crime involving extortion and attempted identity theft. This remains an ongoing legal matter that will be closely monitored.”

The Ghanaian telephoned Wexler this month while President Barack Obama was visiting Ghana, guarded by Secret Service agents. Wexler reported the matter to the Secret Service while they were in the country, which helped the investigation. The congressman, while understandably shaken that he was being extorted, should have already known that his Social Security number is out in the wild. Our Social Security numbers are in public records, databases, file cabinets, school records and, quite possibly, for sale on the Internet.

  1. Be aware that your Social Security number has already been compromised. Over the past five years, hundreds of millions of records have been stolen in major data breaches.
  2. Do everything you can to prevent your own data breaches by making sure to install and update Internet security software.
  3. Never use public PCs where spyware might be installed.
  4. Recognize that when using wireless in a hot spot, your personal information is available for the taking.
  5. Do a scan in the public records in your state to see if your Social Security number is posted anywhere.
  6. Invest in Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.
  7. Get a credit freeze. Search “state credit freeze laws” online and lock down your credit to prevent new account fraud.

Identity theft speaker Robert Siciliano discusses Social Security numbers on Fox News.

Tweets Link to Identity Theft

Identity Theft Expert Robert Siciliano

“Misty Buttons” just started following me on Twitter. She’s curvaceous, bodacious and isn’t getting her needs met. Apparently, she needs me to meet those needs. It is, of course, a tempting offer that someone, somewhere may accept. But I’m going to pass.

Twitter porn and cybercrime are one and the same. Criminal hackers use porn to lure unsuspecting Twitter users into their lairs, where they distribute malicious software and solicit credit card data. In some cases, their victims may deserve to be scammed. Clicking on the links that these ne’er-do-wells post on their Twitter feeds can have a devastating effect on your PC and your bank account.

Internet security software provider McAfee reported a 500% increase in malware in 2008. That’s more than the past five years combined. And the FBI reported a 33% increase in Internet crime last year. According to a survey of 1000 firms, companies coping with data breaches lost an average of $4.6 million in intellectual property. This is all due to insufficient hardware, outdated software and the various ruses, such as those perpetrated by Misty Buttons, that trick technology users into opening a door to criminals.

But it isn’t just obvious Twitter porn that you need to watch out for. It’s also seemingly legitimate links posted by those you follow. Criminals have figured out that Twitter is a social network that brings people together. Strangers follow you, and you often reciprocate, following them back and bringing them into your network. As with email phishing scams, criminals post tweets highlighting current events, with links that lead to malicious sites or direct malware downloads. Numerous news outlets have reported on malicious tweets purporting to point to news about Michael Jackson, Obama, Farrah Fawcett, Iraq and even the Sonia Sotomayor’s Supreme Court confirmation hearings. The shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained NextAdvisor:

Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.

How to protect yourself:

  1. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  2. Install anti-virus protection and keep it updated.
  3. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft.


Social Security Numbers Cracked, Creates Identity Theft Risk

Robert Siciliano Identity Theft Expert

SearchSecurity.com reports that researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people on the east coast had the lowest numbers and those on the west coast had the highest. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researches had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” “Unless mitigating strategies are implemented, the predictability of SSNs exposes them to risks of identify theft on mass scales,” the researchers wrote.

While the researchers work is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations and educational institutions. Networks are like candy bars – Social Security numbers can be hacked from outside the hard chocolate shell or from the soft and chewy inside.

The problem stems from that fact that our existing system of identification is seriously outdated and needs to be significantly updated. We rely on nine digits as a single identifier, the key to the kingdom, despite the fact that our Social Security numbers have no physical relationship to who we actually are. We will only begin to solve this problem when we incorporate multiple levels of authentication into our identification process.

The process of true and thorough authentication begins with “identity proofing.” Identity proofing is a solution that begins to identify, authenticate and authorize. Consumers, merchants, government don’t just need authentication. We need a solution that ties all three of these components together.

Jeff Maynard, President and CEO of Biometric Signature ID, provides a simple answer to a complicated issue in four parts:

Identify – A user must be identified when compared to others in a database. We refer to this as a reference identity. A unique PIN, password or username is created and associated with your credential or profile.

Authenticate – Authentication is different than verification of identity. Authentication is the ability to verify the identity of an individual based specifically on their unique characteristics. This is known as a positive ID and is only possible when using a biometric. A biometric can be either static or dynamic (behavioral). A static biometric is anatomical or physiological, such as a face, a fingerprint or DNA. A dynamic biometric is behavioral, such as a signature gesture, voice, or possibly gait. This explains why, when authentication solutions incorporate multiple factors, at least two of the following identifiers are required: something you have, such as a token or card, something you are, meaning a biometric identifier, and something you know, meaning a pin or password.

Verify – Verification is used when the identity of a person cannot be definitely established. These technologies provide real time assessment of the validity of an asserted identity. When we can’t know who the individual is, we get as close as we can in order to verify their asserted identity. PINs, passwords, tokens, cards, IP addresses, behavioral based trend data and credit cards are often used for verification. These usually fall into the realm of something you have or something youknow.

Authorize – Once the user has passed the identification test and authenticated their identity, they can make a purchase or have some other action approved. Merchants would love to have a customer’s authenticated signature to indicate his or her approval of a credit card charge. This is authorization.

Effective identification results in accountability. It is being achieved in small segments of government and in the corporate world, but not systematically. Unfortunately, we are years away from full authentication.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;
Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity Theft Speaker discussing identity theft

Requests For Social Security Numbers Leads to Identity Theft

Robert Siciliano Identity Theft Expert

A patient at a Washington state medical clinic was asked for his Social Security number numerous times. Many of us have endured this familiar process. Considering the recent buzz about identity theft, this patient became concerned about releasing his own sensitive personal data, and requested that the facility remove his Social Security number from their records. The clinic refused, the patient put up a stink, and was ultimately ejected from the facility. The clinic considered his request unreasonable, and a violation of their rules and regulations. So, who’s right and who’s wrong in this scenario?

One Saturday afternoon, years ago, my spouse and I went to a major chain that rents videos. Without naming them, let’s just say they rent some block buster movies. The account was under my wife’s name, but she didn’t have her card with her that day. Upon checkout, the pimply faced 17-year-old clerk said, “No problem,” and asked for her Social Security number, which appeared on the screen in front of him. I freaked out and was ejected from the store. So, who’s right and who’s wrong?

In both cases, the customer is wrong. That may not be the answer you were expecting. I was wrong and the patient was wrong.

In general, routine information is collected for all hospital patients, including the patient’s name, address, date of birth, Social Security number, gender and other specific information that helps them verify the individual’s identity, as well as insurance enrollment and coverage data. And due to federally mandated laws like HIPAA, they are careful to maintain confidentiality of all patient information in their systems.

Corporations such as banks, credit card companies, automobile dealers, retailers and even video rental stores who grant credit in any form are going to ask for your name, address, date of birth, Social Security number and other specific information that helps them verify your identity and do a quick credit check to determine their risk level in granting you credit.

The Social Security Administration says, “Show your card to your employer when you start a job so your records are correct. Provide your Social Security number to your financial institution(s) for tax reporting purposes. Keep your card and any other document that shows your Social Security number on it in a safe place. DO NOT routinely carry your card or other documents that display your number.” But beyond that they have no advice and frankly, no authority.

Over the past fifty years, the Social Security number has become our de facto national ID. While originally developed and required for Social Security benefits, “functionality creep” occurred. Functionality creep occurs when an item, process, or procedure designed for a specific purpose ends up serving another purpose, which it was never intended to perform.

Here we are decades later, and the Social Security number is the key to the kingdom. Anyone who accesses your number can impersonate you in a hospital or bank. So what do you do when asked for your Social Security number? Many people are refusing to give it out and quickly discovering that this creates a number of hurdles they have to overcome in order to obtain services. Most are often denied that service, and from what I gather, there is nothing illegal about any entity refusing service. Most organizations stipulate access to this data in their “Terms of Service” that you must sign in order to do business with them. They acquire this data in order to protect themselves. By making a concerted effort to verify the identities of their customers, they establish a degree of accountability. Otherwise, anyone could pose as anyone else without consequence.

So where does this leave us? I have previously discussed “Identity Proofing,” and how flawed our identification systems are, and how we might be able to tighten up the system. But we have a long way to go before we are all securely and effectively identified. So, in the meantime, we have to play with the cards we are dealt in order to participate in society and partake in the various services it offers. So, for the time being, you’re going to have to continue giving up your Social Security number.

I give up mine often. I don’t like it, but I do things to protect myself, or at least reduce my vulnerability:

How to protect yourself;

  • You can refuse to give your Social Security number out. This may lead to a denial of service or a request that you, the customer, jump through a series of inconvenient hoops in order to be granted services. When faced with either option, most people throw their arms in the air and give out their Social Security number.
  • You can invest in identity theft protection.
  • You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. You can use Google news alerts to sweep the net and take precautions to prevent social media identity theft.
  • Protect your PC. Regardless of what others do with your Social Security number, you still have to protect the data you have immediate control over. Make sure to invest in Internet security software.

Robert Siciliano, identity theft speaker, discusses the ubiquitous use of Social Security numbers.

What have you done in the past when asked for your SSN? Did you refuse? What happened?

Fake IDs, Fake Passports Easy To Make or Buy

Robert Siciliano Identity Theft Expert

Fake IDs aren’t just a tool to get in a bar, they are a significant threat to personal security and national security.

Who in their teens and college years didn’t have a fake ID? I did.

At 17, I was 23! That meant I could buy alcohol, go to bars and take others to “R” rated movies. It also meant I was a ROCK STAR. For a minute.

A friend of mine peeled apart Massachusetts IDs and melted crayons together to create colors that matched the IDs colors. He would apply the crayon to the face of the ID and alter the persons age. For example if you were born in 1968, he would color the left side of the 8 the same color as the ID making it a 3. 1963 gave you five extra years to party!!

Then he’d just seal it back up and voila! You were a ROCK STAR.

CNN reported the Government Accountability Office did a test. An investigator used a fake ID to get a real passport. Once he had the passport he bought an airline ticket and went through security. How stupid big is that hole in security?

Former DHS Secretary Chertoff said, and I agree; “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

The problem here is the speed of technology has far outpaced the security of our identifying documents. Anyone with a computer, scanner, printer, laminators and for crying out loud CRAYONS can create breeder documents getting real IDs.

This makes it very difficult to prevent identity theft when anyone can be you any time.

What contributes to the problem is there are thousands of variations of birth certificates, dozens of social security cards and a couple hundred different drivers’ licenses in circulation. Very little security and no significant standards preventing counterfeiting. I’m sure plenty will argue this point with me, however the fact remains, fake IDs are everywhere.

Identity theft protection becomes very difficult.

While technology certainly exists to properly identify and authenticate through numerous technologies, privacy advocates and ignorant politicians will fight till the death to prevent their implementation for 2 reasons; 1. Cost, which is a naive argument. 2. Privacy issues.

Cost; spend whatever it takes to properly identify and authenticate. Privacy; is DEAD. Security is the issue we need to be concerned about. Manage out circumstances and tighten things up. The UAE has an “Identity Card” in place that is the best active solution I’m aware of.

There are hundreds of solutions being proposed every day, but cost and privacy continue to creep up. One argument some have is technologies such as RFID and biometrics are the equivalent to the Mark of The Beast. That just goes right over my head.

The Real ID Act has been passed, slammed and revisited. It is the first step towards effective authentication. Fight it as you might, its coming.

Robert Siciliano Identity Theft Speaker discusses Identity Theft and the rampant use of Social Security numbers Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Identity Theft Protection Expert and One You Security: Research Reveals That Usability of Social Security Numbers Enables Mortgage Fraudsters

(SARASOTA, Fla. – July 30, 2008 – One You Security) The results of a research investigation by the Federal Bureau of Investigation recently revealed an apparent, significant upward trend in the incidence of mortgage fraud. Furthermore, homeowners who have Home Equity Lines of Credit (HELOCs) are prime targets for financial fraud, suggested a related statement from the Identity Theft Assistance Center (ITAC). The best way to combat the threat is to transform Social Security numbers into something useless to thieves, who use these universal identifiers to obtain financial identities, said Robert Siciliano, widely televised and quoted identity theft protection expert and chief security analyst for One You Security, LLC.

"Social Security numbers’ de facto role as universal identifiers has fueled a massive increase in financial fraud—simply because these numbers allow criminals to assume others’ identities," said Siciliano. "Given the scope of financial fraud, which costs billions of dollars every year, consumers need a way to deprive thieves of the ability to gain access to someone else’s finances. They must implement measures that render those Social Security numbers useless to thieves."

Subscribers to One You Security receive newsletters and special alerts from Siciliano. Through these, they get the latest information on data breaches and learn more about identity theft prevention. Chief security analyst for One You Security and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano regularly discusses data security and consumer protection on CNBC, on NBC’s "Today Show," FOX News Network and elsewhere.

Released in April of 2008, the FBI’s 2007 Mortgage Fraud Report found that "Suspicious Activity Reports (SARs) from financial institutions indicated an increase in mortgage fraud reporting" in 2007. The year-over-year increase in SARs was 31 percent, according to the report, which went on to note that there is no central repository for mortgage fraud complaints in the U.S. Additionally, the report revealed that the total dollar impact of mortgage fraud is unknown, but that the losses associated with just 7 percent of SARs in 2007 was $813 million.

A July 8th news release from ITAC noted the FBI report’s attention to an emerging, related crime: home equity credit fraud. Consumers with HELOCs should regularly check them for suspicious activity and unaccountable discrepancies in balances, according to ITAC, whose announcement was reported in The New York Times on July 27.

"How do thieves obtain credit?" asked Chris Harris, president and CEO of One You Security. "They do so by assuming the identity of another person, and it’s largely the utility of Social Security numbers that allows them to do so. Financial fraud related to identity theft is in fact dependent on this, but the effect of One You’s service functionally strips Social Security numbers of this utility, leaving criminals with nothing but a bunch of nine-digit numbers that no longer give them access to would-be victims’ financial identities."

Consumers who choose One You Security do so in part because the company strives to transform their Social Security numbers into meaningless strings of digits of no use to thieves. The firm backs all its offerings with a 100 percent service guarantee.

The YouTube video below shows Siciliano on FOX News Network, where he explains how the ubiquity of Social Security numbers as universal identifiers helps thieves online and off-line. A collection of videos at VideoJug features Siciliano sharing advice on how consumers can protect themselves from identity theft and fraud.

###

About One You Security, LLC

Sarasota, Fla.-based One You Security‘s mission is to eliminate the threat and consequences of identity theft. For just $10 per month, anyone can sign up for One You Security’s identity theft protection service, a proactive, preventative approach whereby the company activates and manages its customers’ fraud alerts with major credit bureaus. Subscribers also receive full access to ongoing education from identity theft protection expert Robert Siciliano, chief security analyst for One You Security, which backs up its promise to protect clients’ financial identities with a 100 percent service guarantee. To sign up for One You Security, dial 1-800-434-2010.

About IDTheftSecurity.com

Identity theft affects us all, and Robert Siciliano, CEO of IDTheftSecurity.com, chief security analyst for One You Security, and member of the Bank Fraud & IT Security Report‘s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients. Author of "The Safety Minute: 01" and leader of personal safety and security seminars nationwide, Siciliano has been featured on "The Today Show," CNN, MSNBC, CNBC, "FOX News," "The Suze Orman Show," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," "The Howard Stern Show," and "Inside Edition." Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft protection. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Mademoiselle, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others. For more information, visit Siciliano’s Web site, blog, and YouTube page.

The media are encouraged to get in touch with any of the following individuals:

Chris Harris
President & CEO of One You Security
PHONE: 941-342-0500 (x231)
chris@oneyou.com
http://www.oneyou.com

Robert Siciliano
CEO of IDTheftSecurity.com
Chief Security Analyst for One You Security
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
http://www.idtheftsecurity.com

Brent W. Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com
http://www.STETrevisions.com
http://brentskinner.blogspot.com

Identity Theft Protection Expert and One You Security: Year-Over-Year Spike in Data Breaches Will Prompt Consumers to Protect Their Own Financial Identities

(SARASOTA, Fla. – July 23, 2008 – One You Security) The first half of 2008 saw a more than two-thirds year-over-year increase in the number of data breaches, revealed research reported last week. More than ever, consumers need a way to protect themselves as more of their Social Security numbers seem to go missing with every new breach of data, according to Robert Siciliano, widely televised and quoted identity theft protection expert and chief security analyst for One You Security, LLC. The key, he said, is One You Security’s service, which helps to render these universal identifiers useless to the thieves who would otherwise use them to steal consumers’ financial identities.

"Smart consumers notice the data breaches," said Siciliano. "They also realize that every security breach runs the risk of leaking data likely to include Social Security numbers, maybe even theirs. And until the infrastructure in place for identifying people fundamentally changes, these smart consumers will clamor for ways to protect their financial identities themselves. With its capacity to strip thieves of the ability to use Social Security numbers as a way to obtain financial identities, One You’s service provides the very solution these consumers seek."

Subscribers to One You Security receive newsletters and special alerts from Siciliano. Through these, they get the latest data on breaches and learn more about identity theft prevention. Chief security analyst for One You Security and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano regularly discusses data security and consumer protection on CNBC, on NBC’s "Today Show," FOX News Network, and elsewhere.

Between Jan. 1 and June 27 of 2008, the number of data breaches recorded by the Identity Theft Resource Center (ITRC) was 342, the nonprofit organization reported in a June 27th statement, which noted that this was more than 69 percent greater than the same time period in 2007.

Spikes in the business sector fueled the overall increase despite significant decreases in others, revealed the ITRC’s data, which also provided numbers for 2006. Whereas the ITRC found that data breaches were down since 2006 in the educational sector by 24 percent and in the government and military sector by 43 percent, data breaches jumped over the past two years by 75 percent in the business sector. Furthermore, since 2006 the number of data breaches has increased in the health and medical sector by 15 percent and in the banking, financial and credit sector by 25 percent.

"Given the entire identification system’s reliance on Social Security numbers," said Chris Harris, president and CEO of One You Security, "the most practical approach by far is to make those digits functionally useless to the thieves who obtain them. For a long time, the frequency of data breaches has left consumers in need of a quickly implementable solution that allows them to protect their financial identities. As much as a seventy-five percent increase in the number of data breaches over the past couple years only intensifies that need, which One You meets."

Consumers who choose One You Security do so in part because the company strives to transform their Social Security numbers into meaningless strings of digits of no use to thieves. The firm backs all its offerings with a 100 percent service guarantee.

The YouTube video below shows Siciliano on "FOX Newschannel,” where he explains how the ubiquity of Social Security numbers as universal identifiers helps thieves online and off-line. A collection of videos at VideoJug features Siciliano sharing advice on how consumers can protect themselves from identity theft and fraud.

###

About One You Security, LLC

Sarasota, Fla.-based One You Security‘s mission is to eliminate the threat and consequences of identity theft. For just $10 per month, anyone can sign up for One You Security’s identity theft protection service, a proactive, preventative approach whereby the company activates and manages its customers’ fraud alerts with major credit bureaus. Subscribers also receive full access to ongoing education from identity theft protection expert Robert Siciliano, chief security analyst for One You Security, which backs up its promise to protect clients’ financial identities with a 100 percent service guarantee. To sign up for One You Security, dial 1-800-434-2010.

About IDTheftSecurity.com

Identity theft affects us all, and Robert Siciliano, CEO of IDTheftSecurity.com, chief security analyst for One You Security, and member of the Bank Fraud & IT Security Report‘s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients. Author of "The Safety Minute: 01" and leader of personal safety and security seminars nationwide, Siciliano has been featured on "The Today Show," CNN, MSNBC, CNBC, "FOX News," "The Suze Orman Show," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," "The Howard Stern Show," and "Inside Edition." Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft protection. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Mademoiselle, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others. For more information, visit Siciliano’s Web site, blog, and YouTube page.

The media are encouraged to get in touch with any of the following individuals:

Chris Harris
President & CEO of One You Security
PHONE: 941-342-0500 (x231)
chris@oneyou.com
http://www.oneyou.com

Robert Siciliano
CEO of IDTheftSecurity.com
Chief Security Analyst for One You Security
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
http://www.idtheftsecurity.com

Brent W. Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com
http://www.STETrevisions.com
http://brentskinner.blogspot.com

Identity Theft Protection Expert and One You Security: Recent News Highlights Susceptibility of Data Exposed to Peer-to-Peer Networks

(SARASOTA, Fla. – July 16, 2008 – One You Security) Use of a file-sharing network by an employee at an investment firm in McLean, Va., last year exposed the private financial and identifying data of a U.S. Supreme Court Justice and others to the public, according to news reported last week. Peer-to-peer networks in fact contain a minefield of security pitfalls, said Robert Siciliano, widely televised and quoted identity theft protection expert and chief security analyst for One You Security, LLC, who urged organizations to limit their computer users’ access to file-sharing networks, also known as P2P or peer-to-peer networks. Siciliano further encouraged firms of all kinds to introduce employees to One You Security, a firm whose focus is to render Social Security numbers unusable to thieves who want to steal financial identities.

"Peer-to-peer networks, otherwise known as file-sharing networks, function by establishing fluid, generally unsecure connections between geographically dispersed computers," said Siciliano. "These networks are prime haunts for high-tech identity thieves, who will visit them in order to gain access to the databases behind computers logged in. This is one way that thieves obtain the Social Security numbers they need to commit all manner of financial identity fraud — and why the solution is to turn to services such as One You’s, which can make Social Security numbers useless to the thieves who would otherwise use them to steal financial identities."

Subscribers to One You Security receive newsletters and special alerts from Siciliano. Through these, they get the latest data on breaches and learn more about identity theft prevention. Chief security analyst for One You Security and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano regularly discusses data security and consumer protection on CNBC, on NBC’s "Today Show," FOX News Network, and elsewhere.

On July 8, The Washington Post and others reported that an employee at a Washington, D.C.-area investment firm who used the popular file-sharing (peer-to-peer) site LimeWire inadvertently released to the public the private financial and identifying information on many of the firm’s clients, including U.S. Supreme Court Justice Stephen G. Breyer. Analysts quoted in a nextgov article covering the breach involving the Supreme Court Justice’s data said peer-to-peer security holes are posing an increasing threat to data repositories of many kinds.

"P2P networks represent yet another access point that thieves have to consumers’ treasured identifying information, namely Social Security numbers," said Chris Harris, president and CEO of One You Security. "These numbers are the keys to everything for identity thieves. But what if they keys didn’t work? What if other people’s Social Security numbers were of no use to the thieves who want to steal financial identities with them? That’s what One You relentlessly strives to do — make Social Security numbers of as little use as possible to thieves. Until Social Security numbers cease to be universal identifiers, someone will have to step into the vacuum and functionally strip Social Security numbers of their potency as a means to obtain financial identities."

Consumers who choose One You Security do so in part because the company strives to transform their Social Security numbers into meaningless strings of numbers of no use to thieves. The firm backs all its offerings with a 100 percent service guarantee.

The YouTube video below shows Siciliano on FOX News Network, where he explains how thieves were able to crack the computers of Hannaford Bros., a grocery chain that operates 165 stores in the Northeast, to obtain the credit card and debit card numbers of millions of customers. A collection of videos at VideoJug features Siciliano sharing advice on how consumers can protect themselves from identity theft and fraud.

###

About One You Security, LLC

Sarasota, Fla.-based One You Security‘s mission is to eliminate the threat and consequences of identity theft. For just $10 per month, anyone can sign up for One You Security’s identity theft protection service, a proactive, preventative approach whereby the company activates and manages its customers’ fraud alerts with major credit bureaus. Subscribers also receive full access to ongoing education from identity theft protection expert Robert Siciliano, chief security analyst for One You Security, which backs up its promise to protect clients’ financial identities with a 100 percent service guarantee. To sign up for One You Security, dial 1-800-434-2010.

About IDTheftSecurity.com

Identity theft affects us all, and Robert Siciliano, CEO of IDTheftSecurity.com, chief security analyst for One You Security, and member of the Bank Fraud & IT Security Report‘s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients. Author of "The Safety Minute: 01" and leader of personal safety and security seminars nationwide, Siciliano has been featured on "The Today Show," CNN, MSNBC, CNBC, "FOX News," "The Suze Orman Show," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," "The Howard Stern Show," and "Inside Edition." Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft protection. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Mademoiselle, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others. For more information, visit Siciliano’s Web site, blog, and YouTube page.

The media are encouraged to get in touch with any of the following individuals:

Chris Harris
President & CEO of One You Security
PHONE: 941-342-0500 (x231)
chris@oneyou.com
http://www.oneyou.com

Robert Siciliano
CEO of IDTheftSecurity.com
Chief Security Analyst for One You Security
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
http://www.idtheftsecurity.com

Brent W. Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.com
http://www.STETrevisions.com
http://brentskinner.blogspot.com