News & information

Just as SpotMyID continuously scans the Internet for your personal identification and cards, we also make time every day to read up on the latest issues of Internet security, identity theft and fraud. When we find something of particular interest, we pass it along to our users and visitors on this page. Check back often!

Have a comment or see an article or commentary we should check out? Please let us know! news@spotmyid.com

Two videos to watch

We talk a lot about the dangers of online identity theft – and for good reason! They're prevalent and they're rising.

But it's important to remember that many identity thieves work in the “real” or offline world, gathering your info in the most low-tech ways (including dumpster diving, mail theft, pickpocketing and so on). Once they have your data, it can be used to purchase goods, make transactions, or sold on the online black market.

For example: thousands of Citizens Insurance customers may be at risk after someone tried to change the company's mailing address. It is unknown exactly how much correspondence may have been captured by the thieves. Watch news report.

And how about debit or credit card skimming? You've probably heard of skimming devices, which will copy information from your cards at ATM machines or point of sale transaction devices. Watch this short news story from Calgary – this man noticed the bank machine (in his bank branch) looked a bit different. No kidding! There was a skimmer attached. See the evidence.

Just goes to show – we must all be on high alert at all times. And take the extra precaution of proactive identity monitoring, just in case.

Who can you trust?

The short answer to the question above is: no one. While sophisticated hackers may indeed be out there with the means to break into your computer, the most likely threats to your privacy may be much more benign.

According to an article in the Wall Street Journal, government agencies and private companies are far more likely to leave your data exposed. They don’t necessarily mean to – they just don’t always take the time and effort to make sure all their data files are encrypted or completely secure.

Eric Johnson, a business professor, says he has found health insurance information, medical diagnoses, contact information and SSNs of thousands of patients – simply by entering basic terms like hospital names into peer-to-peer file sharing programs or search engines.

"There's no hacking or anything like that going on," he said. "We were just searching."

As of June 2010, 317 data breaches have been reported by U.S. organizations. That puts 2010 well on pace to surpass 2009’s 498 breaches – which was, in itself a record year.

Unfortunately, the evidence keep mounting: your personal data is out there, and it’s up to you to stay vigilant. You can’t count on anyone else to do the job for you.

Proactive identity monitoring has never been a better idea.

Beware the botnets!

A botnet recently commandeered a computer at Penn State University, revealing and stealing the names, SSNs and other personal details of almost 16,000 students.

A “bot” is a type of malicious software; Botnets are virtual armies of computers infected by the bot. The botnets are basically zombie computers, which obey the commands of a remote computer, which can be in another city or country. The “bot master” can access the files on all its zombie army.

Sounds a bit sci-fi, doesn't it? But botnets are an increasingly popular, and increasingly invasive, type of computer virus. Just look at the thousands of Penn State students who are now at risk of identity theft.

Unfortunately, Penn State alumni and students are not alone.

As the article states:

“Accidental and deliberate data breaches have proliferated in record numbers at U.S. colleges and universities in the past few years as hackers continue to seek out large pools of data that are often less secure than information housed on corporate or government PCs and servers.”

Rash of major data breaches

Recent reports detailing massive data breaches show, once again, how valuable a service like SpotMyID really is. Here are just three major stories about compromised personal information that hit the news recently:

• The personal information of 3.3 million student loan borrowers was stolen in the largest personal data breach in U.S. history. The Oakdale headquarters of  the Educational Credit Management Corp. was broken into in March 2010; “portable media,” likely computer disks, containing personal data were stolen.
• The Barnet Council (near London, England) announced that the confidential details and personal information of more than 9,000 school aged children had been stolen from the home of a council employee. According to a report on Computing.co.uk's news blog the data was on unencrypted CD-ROMs and USB memory sticks.
• As of April 2, 2010, BlueCross and BlueShield of Tennessee had identified almost 2 million current and former members as being at risk following the theft of 57 hard drives. The biggest problem? That theft happened in October, meaning  some victims may not have known they were affected for six months or more.

It just goes to show how important it is to take responsibility for the safety and security of your private data. Do not count on other institutions to do it for you! Always watch your bank and credit card statements, keep an eye on your credit report, and use SpotMyID monitoring to scan the Internet for your data in places you simply cannot look yourself.

Bulletproof your identity

It's been said before, but it's not a message we mind repeating! Not when a major national newspaper (this time from Canada) takes time out in January 2010 to warn the public that “the issue of identity theft is becoming more serious every day...people are facing greater attacks on their personal and financial privacy than ever before.”

Those are the words of Ray Williams, a blogger and columnist with The National Post. He goes on to list several steps you should take to reduce your risk of ID theft, including leaving your SSN or SIN at home, locking up personal documents and safeguarding your PC. We'll also add the importance of keeping tabs on the use of your ID by examining your credit report and registering for an Internet scanning service such as SpotMyID.

As the new year begins, we suggest everyone review their financial and personal security habits.

On this one, we leave the last words to Mr. Williams:

Consumers victimized by identity theft can lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports.

Equipped with the knowledge of how to protect yourself and take action, you can make identity thieves’ jobs much more difficult. You can also help fight identity theft by educating your friends, family, and members of your community.

Guessing your SSN

Did you know that there is an algorithm that can help outsiders guess your Social Security Number? It uses your date and place of birth and statistical analysis and it's frighteningly accurate.

We sure didn't. And the fact that two researchers were able to use basic personal information – the stuff many people put on their Facebook or other social networking sites – to guess a considerable percentage of SSNs should makes everyone sit up and take note.

Given that your SSN is linked to all your government records and is used as identification by most financial institutions and employers, having your unique number fall into the wrong hands can have far-reaching consequences.

An article from July 2009 detailing the methods used by the researchers appears on arstechnica.com. It's a fascinating look into the flaws of basic government information management. The researchers used publicly available information, many of it from government databases, to get started:

The accuracy of these algorithms is positively disturbing. Using a separate pool of data from the Death Master File, the authors were able to get the first five digits right for seven percent of those with an SSN assigned before 1988; after that, the success rate goes up to a staggering 44 percent. For a smaller state, like Vermont, they could get it right over 90 percent of the time.

The rest of the SSN was a little more difficult to predict, even so, they were able to guess the correct answer up to 5% of the time.

“The accuracy of these algorithms is positively disturbing,” the writer continues. Indeed! Consider that the researchers “estimate that even a moderate-sized botnet of 10,000 machines could successfully obtain identity verifications for younger residents of West Virginia at a rate of 47 a minute.”

With technology like that on the market today, it's vital to have all the protective protection you can. If your SSN is out there in someone else's hands, SpotMyID may help catch it in action, before it's too late.

Register Now