Healthcare data breaches are on the rise, 32% over last year. Though some may find this to be alarming, there is a school of thought that this is actually good news and that we are identifying breaches that perhaps went unnoticed in the past. However, the fact remains that breaches are on the rise, statistically, and many organizations fear they lack the infrastructure and budget to protect patient privacy.

The study found the reasons for growing data breaches in healthcare organizations to include:

• employee mistakes and sloppiness
• lost or stolen mobile computing devices
• unintentional employee action
• third-party error

On average, it is estimated that data breaches cost benchmarked organizations $2,243,700. This represents an increase of $183,526 from the 2010 study, despite healthcare organizations’ increased compliance with federal regulations.  Respondents in the study noted relying less on an “ad hoc’ process to prevent or detect data breach incidents and are relying more on policies, procedures and security.

Additional loss considerations to healthcare organizations include:

• Productivity loss
• Brand or reputation diminishment
• Loss of patient goodwill
• Potential for patient churn

Countermeasures being put in place to improve year-over-year breach statistics:

• Employee training on policies and procedures governing information protection
• Evaluation of organization-wide protection procedures for mobile devices
• Enhancing the guidelines relative to privileged user and access governance of patient data

Conducted by Ponemon Institute and sponsored by ID Experts, the study utilized in-depth, field-based research involving interviews vs a traditional survey-based approach.

http://www2.idexpertscorp.com/ponemon-study-2011/

Summary of the top findings:

• Over the last 24 months, 96% of organizations have had at least one data breach and, on average, organizations have had 4 data breach incidents, up from 3 cited in last year’s report.
• The average economic impact is approximately $2.2 million, up $200,000 over last year
• The average number of lost or stolen records per breach was 2,575 compared to last year’s average of 1,769

Top 3 causes of data breach:

• Lost or stolen computing devises
• 3^rd party snafu
• Unintentional employee action

Methods of Detection

• Employees are most often the group to detect the data breach, followed by audits and finally, by patient complaints
• The average time to notify data breach victims is approximately 7 weeks
• A year-over-year increase (10%) is shown in organizations implementing an electronic health record (EHR) system

What a patient can do:

• Sign-up for an identity monitoring service that includes both credit monitoring and medical identity monitoring.
• Review explanation of benefits, insurance statements and medical summaries in detail.
• Use passwords strategically. Don’t use the same one for all devices and mix them up using letters, numbers and symbols.
• Stay alert to requests for personal data. Reputable organizations do not ask for this information over unsecured channels.
• Read your financial statements thoroughly.
• Freeze your credit or place a fraud alert on your credit (contact Equifax, Experian or TransUnion).
• Get a free credit report by going to www.annualcreditreport.com or calling 1-877-322-8228.

John Sileo is an award-winning author and speaks worldwide on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Contact him on 800.258.8076 or learn more at ThinkLikeASpy.com.

Related posts:

1. Medical Identity Theft Increasing
2. IRS Overwhelmed by Tax Related Identity Theft
3. Commonly Overlooked Sources of Identity Theft

To go directly to placing a security freeze on your 3 bureau accounts, page down to the bottom section.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file which is maintained by companies like Experian, Equifax and TransUnion (listed below). The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account (that said, let’s face it, businesses want to make it as easy as possible to unfreeze your credit because they benefit when you set up new accounts and spend more money) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Since all states don’t allow you, by law, to freeze your credit, the three credit reporting bureaus have begun to offer credit freezes on a national basis. This is a major step forward in the prevention of identity theft, even if they are offering it for profit reasons (they make money every time you freeze/unfreeze your credit). If your state does not currently offer credit freezes by law, you can now apply with each credit reporting bureau individually. Regardless of where you live, freeze your credit today.A credit freeze doesn’t affect your existing credit – it doesn’t freeze credit cards, bank accounts or loans you already have. It only freezes access to your account unless someone has a password to get in. It’s like having a PIN number on your ATM card. It also doesn’t lower (or raise) your credit score.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Credit Freeze Stops Financial Identity Theft
2. Does Your Financial Advisor Protect You from Identity Theft?
3. Reading Credit Reports

The IRS admittedly has little control over protecting your tax returns against identity theft. The problem is too big, the data too widely available, prevention too rarely attended to until it’s already too late.
Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your tax return information and your identity. The changes aren’t difficult, they simply require you read through this document so that you recognize the risks. Once that’s done, you simply avoid the highest-risk behaviors.

Here is a comprehensive list of frauds, scams and high risk tax-time practices.

Top Tips for Tax Time Identity Theft Protection

Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

• Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
• Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
• Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.
• Make sure you always (not just at tax time) pay with security checks like those provided by Deluxe.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

• Strong alpha-numeric passwords that keep strangers out of your system
• Anti-virus and anti-spyware software configured with automatic updates
• Encrypted hard drives or folders (especially for your tax preparer)
• Automatic operating system updates and security patches
• An encrypted wireless network protection
• A firewall between your computer and the internet
• Remove all file-sharing programs from your computer (limewire, napster, etc.)

Even though you use a strong password to protect your data file when e-filing, burn the file to a CD or flash drive once you’ve filed. Remove the personal information from the hard drive. Store the backup in a lock box or safe.

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack.

Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

• Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
• If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
• If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
• To learn more about IRS scams, visit the only legitimate IRS website. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service.
• If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification, such as a Social Security card, driver’s license or passport, along with a copy of a police report and/or a completed IRS Form 14039, Identity Theft Affidavit, which should be faxed to the IRS at 978-684-4542. Please be sure to write clearly.
• As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. IPSU hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).
• If you have information about the identity thief that impacted your personal information negatively, file an online complaint with the Internet Crime Complaint Center.  The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.
• Subscribe to an identity theft detection, protection and resolution product like CSID.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

• Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
• Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
• Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. IRS Overwhelmed by Tax Related Identity Theft
2. 5 Business Survival Lessons from Google’s Spying
3. Google Spying Cost Them $1

It’s nerve racking to realize that the IRS increasingly struggles to control taxpayer identity theft. Since 2008, the IRS has identified 470,000 incidents of identity theft affecting more than 390,000 taxpayers. “Victims of tax-related identity theft are the casualties of a system ill-equipped to deal with the growing proficiency and sophistication of today’s tax scam artists” said  Sen. Bill Nelson, who chairs the newly formed Subcommittee on Fiscal Responsibility and Economic Growth.

Identity theft harms innocent taxpayers through (1) employment and (2) refund fraud, according to the GAO. In refund fraud, an identity thief uses a taxpayer’s name and Social Security number to file for a tax refund, which the IRS discovers after the legitimate taxpayer files. In the meantime, the victim is out the money due her, causing Sharon Hawa of the Bronx, N.Y. to take on a second job. Ms. Hawa testified before the Subcommittee, describing how she had become an ID theft victim for the second time in three years (the first in 2009) after thieves twice filed tax returns in her name and received her tax refunds. Painstakingly proving her identity to the IRS, time after time over a 14-month period, was only a small part of the stress and utter frustration in the first fraud.  And  then, as if that trauma hadn’t sufficiently wreaked havoc in Ms. Hawa’s life, it happened a second time.

In employment fraud, an identity thief uses a taxpayer’s name and SSN to obtain a job. When the thief’s employer reports income to the IRS, the taxpayer appears to have unreported income on his or her return, leading to enforcement action. Think of your stress level when you open that envelope from the IRS demanding taxes for money you didn’t earn and don’t have!

The GAO states that the IRS’s ability to address identity theft issues is constrained by several factors, one being that privacy laws limit the sharing of ID theft information with other agencies. Another problem is the timing of fraud detection efforts; more than a year may have passed since the original fraud occurred.  The resources necessary to pursue the large volume of potential criminal refund and employment fraud cases are another constraint.

It’s imperative that we taxpayers take responsibility and implement the steps necessary to protect ourselves. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

• Tax documents exposed on your desk (home and work)
• Private information that sits unprotected in your tax-preparer’s office
• Improperly mailed, emailed and digitally transmitted or filed records
• Photocopiers with hard drives that store a digital copy of your tax forms
• Copies of sensitive documents that get thrown out without being shredded
• Improperly stored and locked documents once your return is filed
• Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Protect Your Taxes from Prying & Spying Eyes
2. Identity Theft Expert John Sileo on 60 Minutes
3. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR

What is Social Spam?

Nothing more than junk posts on your social media sites luring you to click on links that download malicious software onto your computer or mobile device.

Social media (especially Facebook and Twitter) are under assault by social spam. Even Facebook cautions that the social spam volume is growing more rapidly than their user base. The spam-fighting teams at both Facebook and Twitter are growing rapidly. The previous handful of special engineers has seen the inclusion of lawyers, user-operations managers, risk analysts, spam-science programmers and account-abuse specialists. Spammers are following the growing market share, exploiting our web of social relationships. Most of us are ill-prepared to defend against such spam attacks. Here’s how social spam tends to work:

1. Malware infects your friend’s computer, smartphone or tablet, allowing the spammer to access their Facebook or Twitter account exactly as if the spammer were your friend.
2. The spammer posts a message on your friend’s Facebook or Twitter page offering a free iPad, amazing coupons or a video you can’t ignore.
3. You click on the link, photo, Like button (see Like-jacking below) or video and are taken to a website that requires you to click a second time to receive the coupon, video, etc. It’s this second click that kills you, as this is when you authorize the rogue site to download malware onto your computer (not a coupon or video).
4. The malware infects your computer just like it has your friend’s and starts the process all over again using your contacts, your wall and your profile to continue the fraud.
5. Eventually, the spammer has collected a massive database of information including email addresses, login information and valuable social relationship data that they can exploit in many ways. In the process, the malware may have given them access to other data on your computer like bank logins, personal information or sensitive files. In a highly disturbing growth of criminal activity, social malware can actually impersonate users, initiating one-on-one Facebook chat sessions without your consent.

“Like-jacking” involves convincing Facebook users to click on an image or a link that looks as if a friend has clicked the “Like” button, thereby recommending that you follow suit. If our friends Like it, why shouldn’t we. So we click and download in an almost automated response. The key is to interrupt this automatic reflex before we get stung.

Fighting social spam requires immense investments of time, which can mean lost productivity (and money). Gratefully, various company site-integrity teams watch trends in user activity to spot spam. Every day, Facebook says it blocks 200 million malicious actions, such as messages linking to malware. The company can’t prevent spam, but it’s diligently working to make it harder to create and use fake profiles.

But never count on someone else to protect what is yours. You must Own Up to your responsibility. Follow these 5 Steps to Minimize the Risks of Social Spam:

1. If the offer in the post is too enticing, too good to be true or too bad to be real, Don’t Click.
2. If you do click and aren’t taken directly to what you expected, make sure you Don’t Click a 2nd Time. This gives the spammer the ability to download malware to your system.
3. Don’t let hackers gain access to your account in the first place – use strong alpha-numberic-upper-lower case passwords that are different for every site and that you change frequently.
4. Remember, in a world where your friend’s accounts are pretty easily taken over, not all friends are who they say they are. Be judicious. If something they post is out of character, it might not be them writing the post. Call them and verify.
5. Don’t befriend strangers. Your ego wins, but you loose.
6. Make sure you have updated computer security: operating system patches, robust passwords, file encryption, security software, firewall and protected Wi-Fi connection.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Twitter Security Loophole Exposes Your Direct Messages
2. Has Twitter Peaked? Is Privacy Back?
3. Facebook Safety: New HTTPS Facebook Settings

And then hackers break in to a server in Kentucky this past weekend and steal private information on 24 million Zappos customers, including (if you are a customer) your name, email address, physical address, phone number, the last four digits of your credit card number and an encrypted version (thank goodness) of your password. Consequently, your junk email folder is overflowing (your email has been illicitly sold to marketing companies), you receive the doom-and-gloom breach notification from Zappos (just like I did), and suddenly, you don’t have quite the same confidence in this best-in-practice business any more. Your shaken confidence in Zappos costs them a fortune. For the foreseeable future, you will pause before using their website again.

“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Zappos CEO Tony Hsieh said in a note to employees Sunday. “It’s painful to see us take so many steps back due to a single incident.”

In a smart move, Zappos reset the passwords for all affected accounts and notified victims on how to create a new one. But their efforts to recover customer trust are just beginning. Here are 5 Core Concepts of Trust that Zappos leadership should weave into their breach recovery process:

1. Ownership. Leadership at the company should take complete responsibility for the loss of data and not make excuses as to how it was someone else’s fault (remember the BP oil spill finger pointing?). The last thing victims need is to become more victimized by a corporate spin cycle that further erodes trust. Authentically respecting their customer base (which they do), even when it costs a few extra dollars to maintain, is a sound investment strategy.
2. Transparency.  Zappos customers have the right to know exactly what was stolen and how it might be used. They deserve to know what the company knows and what law enforcement knows. Sharing their failure (as opposed to covering it up in any way, which they don’t seem to be doing) is a painful process with high short-term costs, but it is the first step in taking responsibility.
3. Expectation.  Zappos needs to set customer and marketplace expectations early and often about how they will make it better. Forcing users to change passwords does little to ease fears that it will happen again. What tangible steps will they take to repay customers for the trouble they have caused and what measures will they implement to better protect users in the future?
4. Delivery. Zappos must deliver on the expectations they set with the victims, with the media and with the marketplace. False promises (pretending to implement better security but underfunding the budget) are cheap Band-Aids but only further infect the inflicted wounds when nothing actually changes. To regain trust, Zappos must set impressive expectations and deliver on them flawlessly
5. Competence. Zappos is not in the business of recovering from identity theft or data breach. They need to aid their legal department by bringing in breach mitigation and recovery experts. Saving a few dollars up front keeping the efforts in house will raise downstream recovery by multiples.

In the meantime, if you are a victim of the Zappos’ breach, begin with these steps:

• Immediately change your password according to Zappos emailed instructions.
• Use an alpha-numeric-upper-lower-case password that has nothing to do with your personal life and can’t be found in a social networking profile or dictionary
• If you use the same password on other sites (webmail, financial), change those as well
• Implement identity theft monitoring services like those provided by CSID.com.
• Monitor your credit profile for suspicious activity at AnnualCreditReport.com
• Don’t click the links in that email. Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such “official” e-mails are from hackers (for example, “We’ve had a security problem. Please change your password.”). These fraudulent e-mails can be virtually indistinguishable from legitimate communications, including identical graphics, logos, and authentic looking return e-mail addresses. Instead of clicking, type the URL (in this case Zappos.com) directly into your address bar. If there’s an important notice on your account, you’ll find it there.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. 7 Steps to Secure Profitable Business Data (Part I)
2. 5 Steps to Avoid Facebook Destruction in Business
3. 7 Steps to Secure Profitable Business Data (Part II)

Cyber security expert John Sileo made the front page of the USA Today digital version, and the Money section of the print edition.

Excerpts from the full USA Today Article, Travelers at High Risk of Identity Theft, Experts Say:

“Data theft goes through the roof on the road,” says Sileo, a spokesman for CSID, an identity-protection provider . . .  Two key challenges for travelers involve the use of unsecured wireless networks at hotels, airports and other public venues and the infiltration of smartphones through Bluetooth technology . . .

When booking airline tickets, hotels or other arrangements, use a credit card rather than a debit card, because it decreases your liability. And never announce on social networks that you’re leaving town, if only to keep someone from breaking into your home . . .

Hackers also can easily get into computers. One method is a man-in-the-middle attack in which special software inserts a rogue user between the legitimate one and the unsecured wireless network. Experts recommend having updated anti-virus software, encrypting sensitive data and never typing in passwords or credit card numbers over an unsecured wireless network. Even fax and copier machines should be used judiciously, because they can store information, experts say.

John Sileo speaks and writes on defending against the dark art of deception (identity theft, social engineering, fraud) and leveraging the powerful use of trust (influence and power). His clients include the Department of Defense, Pfizer, FDIC, Homeland Security, Experian UK and Blue Cross, as well as individual leaders committed to building power and influence in a foundation of trust. Learn more about his keynote speeches or contact him directly on 800.258.8076.

Related posts:

1. Mobile Security Webinar: Defending SmartPhones, iPads, Laptops Against Cyber Attacks
2. Don’t Get Cyber-Scrooged on Cyber Monday!
3. Data Breach Expert Sileo Talks to Fox Business

Child Identity theft is the fastest growing sector of the identity theft “industry,” and the numbers are staggering. Although it’s difficult to estimate exactly how many children lose their identities since the crime can go undetected for years, the FTC states that 5% of identity theft cases target children, which translates into 500,000 kidnapped child identities per year, and growing. The Carnegie Mellon CyLab Report states that in 54% of the cases, the child was under the age of 14.

The identity thief is not always a stranger. In many cases, it’s a relative with bad credit who takes advantage of a child’s pristine credit. Conveniently, these family members generally have access to the information necessary to maximize the fraud with little attention. This seems absurd, but imagine a parent who is strapped for cash, has a bad credit score and needs to buy groceries. In this case, short-term thinking blinds the relative or friend to long-term consequences. In other instances, the child’s future is not taken into consideration at all.

Frankly, it doesn’t take much to get the crime underway; all a criminal needs is the child’s name and Social Security number. These pieces of personal information are exposed in a variety of ways:

• When registering for daycare, schools and recreational sports
• On medical, dental and hospital records
• When joining organizations like the Girl Scouts, Boy Scouts, etc.
• When the above information is permanently stored and accessed by volunteers or employees
• When one of the above organizations is breached by a hacker or malicious software
• When an adult befriends your child on a social networking site (MySpace, Facebook) and eventually socially engineers private information out of them

The Three Basic Types of Child Identity Theft

1. Financial identity theft occurs when the name and Social Security number is used to establish new lines of credit.
2. Criminal identity theft happens when the criminal uses the child’s identity to obtain a driver’s license or substitutes the child’s identity if caught in a criminal act.
3. Identity cloning entails using a child’s identity (via information collection or a black market ‘purchase’ of personal information) for medical, financial, criminal and governmental purposes. The most common form of cloned identity theft is committed on behalf of undocumented workers looking for an identity that will keep them working in this country.

For parents, cleaning up the disaster of identity theft for their children is costly and incredibly time consuming. Getting a new Social Security number is almost impossible, and rarely the best option.

Taking steps right now to protect your child from this horrible crime is one of the greatest investments you will ever make in their financial and emotional future.

Protecting Your Children

Acting now on behalf of your child will protect them from consequences common to child victims:

• Starting adulthood with a credit rating low enough to scare away the hungriest of loan sharks
• Being denied a first loan, credit card or apartment rental because of a crime committed 10-15 years earlier (the passage of time makes this crime very hard to clear up)
• Being denied access to college or a new job
• Having a warrant out for her arrest for crimes that she didn’t commit

In the same way that you can’t protect your children from every bruise and scrape, you can’t entirely remove the risk of identity theft. You can, however, prevent or soften the fall if it does happen. Take these steps first:

1. Watch for mail in your child’s name. This is a potential sign that credit has been established using their identity. The most common types of mail that signal identity theft are financial (pre-approved credit cards, etc.).
2. Consider ordering a free credit report for your child. If you suspect foul play, write to the three credit reporting bureaus (Equifax, Experian and TransUnion) to see if your child has a credit profile (no profile, no chance that it is being used illegally). If they do have an active credit profile, you will need to resolve this with the specific credit bureau. Please note that requesting your child’s credit report repeatedly can actually establish a credit profile in their name. For a more convenient option, use an identity monitoring service like CSIdentity.com for you and your family that alerts you when credit is established in any of your names.
3. Stop giving out your child’s personal information. Until you are confident that it is absolutely necessary to receive the services desired, withhold their personal information. More than 80% of organizations that ask for your child’s Social Security number don’t actually need it to establish services. If you must give it, ask them how they will use it, how long they will keep it and how it will be protected while they have it.
4. Protect your child’s identity documents. Birth certificates, passports, bank account information, wills and trusts involving children should all be locked securely in a fire-safe or bank’s safety deposit box. Physical document theft is one of the most prevalent ways kid’s identities are stolen.
5. If you find evidence of fraudulent activity, contact the police, the source of the fraud and all three credit bureaus. Filing a police report helps to establish your child’s innocence in an official way. Have the credit bureaus FREEZE your child’s credit for maximum protection. Keep detailed records of all correspondence between yourself, the police, the merchant and the credit bureaus. It will come in handy should you ever find yourself in court, as I did.
6. Educate your children on the importance of protecting their personal information. Teach them about the value of their personal information: their name, address, phone numbers, email address, Social Security Number and any passwords and PIN numbers. Reinforce that they own their private information and that it should not be shared with friends, over the internet or with anyone whom they don’t know or trust. Education is absolutely the best financial gift you will ever give to them.

In the case of child identity theft, an ounce of prevention is worth a lifetime of financial security. Don’t let the center of your universe become just another statistic. Because you love and protect your children as much as I do, start this process immediately.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com.

Related posts:

1. Your Child is 51X More Likely to Become Victim of ID Theft (Part I)
2. Child Identity Theft Expert – Part III
3. Child Identity Theft Expert – Part II

Why are our kids, the very people we most want to protect, so vulnerable? Because they have unused, unblemished credit profiles. Richard Power, Distinguished Fellow, Carnegie Mellon CyLab, recently published the first ever child identity theft report based on identity protection scans of over 40,000 U.S. children. It is extremely alarming that 10.2% of the children in the report had someone else using their Social Security numbers. That figure is 51 times higher than the rate for adults of the same population.

We take so many steps to protect our children. But how often do you check their credit report? “Check my kid’s …credit report?,” I can hear you say. “She is only seven! She doesn’t even have her front teeth yet, let alone a credit card! There are so many years to go before we need to worry about that. Right?”

Unfortunately, no. Because children have untouched and unblemished credit records, they are highly attractive targets. Child identity theft is profitable, hard to detect and a nightmare to recover. Thieves steal a child’s identity early on, nurture it until they have a solid credit score, and then abuse and discard it. If it’s not discovered in time, fraudulent use of your child’s identity could mean the loss of educational and job opportunities and starting off adulthood at a serious disadvantage with someone else’s bad credit in her name. All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.

“Shouldn’t my child’s age show up on any credit background check, shouldn’t the merchant recognize that the person in front of them buying a car on credit isn’t seven years old?” you ask. Yes, it should, but the people screening the credit report rarely give it the time and care necessary to detect fraud.

All too often, background checks involve simply matching the name and the Social Security number provided. This leaves doors wide open for scandalous minds to wreak havoc on your child’s perfect credit. The most unsettling part is that the age of the applicant (in this case, the person posing as your child) becomes official with the credit bureaus upon the first credit application. This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is only seven and isn’t responsible for thousands of dollars of debt.

In no time at all, your child could have a maxed out credit card, unpaid bills and a huge mortgage for beachfront property across the country. You might not discover the illegal purchases until your child opens a bank account, applies for a job, tries to get a driver’s license or enters college. At that point, you are left with the time-consuming dilemma of cleaning up someone else’s fraudulent mess. If only clearing up a credit report was as easy as cleaning up after your kids.

Do the gaping holes in our current credit system and the audacity of criminals leave you enraged? They should. It is imperative that you use your anger as fuel to protect and prepare your children’s future before it is too late. In Part II of this series, we will talk about the specific steps to take in order to protect your child from identity theft.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com.

Related posts:

1. Child Identity Theft (Part II)
2. Child Identity Theft Expert – Part III
3. Child Identity Theft Expert – Part II

• Verizon Wireless – rolling one-year records of cell tower usage & what phone accessed what web site
• AT&T / Cingular – ongoing records of cell tower usage since July of 2008
• T-Mobile USA – doesn’t keep any data on Web browsing activity
• Sprint Nextel’s Virgin Mobile – 3 month record of text content
• Other than Virgin Mobile and Verizon, none of the carriers keep texts but they keep records of who visited a particular web site.
• Verizon keeps some information for up to a year that can be used to ascertain if a particular phone visited a particular Web site
• Sprint Nextel’s Virgin Mobile keeps the text content of text messages for three months. Verizon keeps it for three to five days. None of the other carriers keep texts at all, but they keep records of who texted who for more than a year.
• AT&T keeps up to seven years of records of who texts who — and when, but not the message content. Virgin Mobile keeps that data for two to three months.

Readily available via a simple Internet search, this document shows how cellphone companies in the U.S. treat data about their subscribers’ cell phone use.

Bring privacy and security expert John Sileo in to scare the care into your next audience. Identity theft, data breach, social media exposure and human manipulation keynote training.

Related posts:

1. iPhone Location Tracking Leads to Privacy Lawsuit
2. Internet Explorer 9 Privacy Feature Limits Tracking
3. 5 Steps to Good Privacy Habits