CLLB Information Security Newsletter. Volume 3 Number 5 May 2010.

Volume 3 Number 5 May 2010
Identity Theft

From the Desk of David Badertscher
What is Identity Theft?

Identity theft is a crime in which your personal information such as your name, social security number, date of birth, and address is stolen and may be used by someone to assume your identity, often for the purpose of financial gain. It is also referred to as “identity fraud” when the stolen identity is used to impersonate the victim. Methods a criminal may use to steal your data over the Internet include hacking or using spam and phishing. Social media sites and file sharing can be prime targets for identity thieves, since users often make the assumption of a trusted environment, sharing personal information without understanding the consequences.

Identity theft is not just a risk for those who use the Internet. Criminals can obtain information by sorting through garbage, eavesdropping, stealing wallets, picking up receipts at restaurants, and other means.

Once enough information is gathered, criminals may open new credit card accounts, apply for loans, empty your bank accounts, make charges on your credit card, or develop fake forms of identification.

Identity thieves will not always use the information themselves. They may sell it to underground markets for financial gain.

What can I do to protect my identity?

• Ensure that any computer used to connect to the Internet has proper security measures in place. Use and maintain anti-virus software and keep your application and operating system patches up-to-date.
• Do not follow links provided by unknown or un-trusted sources.
• Do not open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
• If you employ file sharing programs, check the configuration settings to ensure you are not inadvertently sharing your personal information.
• Be careful what personal information you distribute, particularly on social networking sites, and continuously check to see what information others may be posting about you. Also verify your privacy settings to ensure you are not inadvertently sharing your personal information.
• Check your credit reports from all three major credit bureaus (Equifax, Experian, and TransUnion) at least once a year. You are entitled to one free credit report from each bureau every year. You may wish to stagger your requests to check a different credit bureau every four months.
• Guard your personal information, including your social security number. Don’t carry your social security card with you, and don’t provide your social security number to anyone unless they have a legitimate need for it.
• Don’t put your social security number or driver’s license number on your checks.
• Be aware of your surroundings when providing personal information orally. Watch for eavesdroppers.
• Properly discard hard copy documents containing personal information. A crosscut paper shredder works best.

What do I do if my identity has been stolen?

The first step is to notify your bank, and any other entities with which you have accounts, to inform them that someone may be using your account fraudulently. File a report with your local police and report the event to the Federal Trade Commision. It is helpful to have your financial statements available to better explain your situation.

Contact all three major credit bureaus to request a credit report, and have a fraud alert or a credit freeze placed on your credit reports to prevent accounts from being opened without your permission.

Continue to monitor all of your accounts for any suspicious activity.

Additional Information:

• Multi-State Information Sharing and Analysis Center – ||

• Federal Trade Commission

• Identity Theft Resource Center

• Test your Identity Theft Knowledge

• National Cyber Security Alliance

For more monthly cyber security newsletter tips visit:

The above information is from tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to

At a Technology Managers Forum on May 13, 2010 devoted to information security issues, Spencer Parker, Director of Product Management at CISCO gave a keynote presentation titled Dispelling The Myths of Cloud Security. In his presentation Mr. Parker examined the truth behind five common myths about cloud security and outlined the factors fueling its rapid growth. He also presented data from real companies utilizing the cloud, such as:

Employee time spent on Facebook applications.
Ongoing prevelance of data theft Trojans.
A look at advanced, granular reporting capabilities.

Interview with Brian Hengesbaugh, partner with Baker & McKenzie, on global security and privacy challenges

In a May 2010 interview and podcast reported by Bank Info Brian Hengesbaugh, partner in the Chicago office of the law firm Baker & McKenzie observes there isnothing smooth about navigating the tricky waters of data security and privacy on a global basis. Regulations vary and often conflict with one another. Click here to read the interview and link to the podcast.

Contact Information