Archive for May, 2011


There was a time, when the World Wide Web was young, that many entrepreneurs counted on the idea they could make money the old-fashioned way–by charging cyber-customers on a per-use basis, the same way they charged traditional brick-and-mortar patrons. Most print magazines, for example, felt they could make a seamless transition from paid print subscriptions to paid Internet subscriptions. Newspapers believed that some of their traditional departments, such as classifieds, would become huge profit centers because they would bring in the same revenue without the cost of all that paper or postage. However, it became clear very quickly that while many would be willing to pay for many physical goods by means of e-commerce, very few seemed terribly enthusiastic about paying for information or entertainment on a per-use basis.

As a result–a very good result in the opinion of many observers–almost all of the information on the Internet, including a great deal of entertainment–is free to all. The trouble, of course, is that creating and posting all that content still costs money, and so, slowly but very surely, much of the Web switched over to supporting content and services by means of advertising, analogous to the broadcast TV model. I believe that a significant number of people wouldn’t use Google or Facebook if they had to pay for it. But unlike broadcast TV, which only talks to you, the great strength of the Internet is its easy interactivity, and these characteristics produced a different kind of advertising strategy–one typically involving the extensive tracking of consumer activity.



Most popular smartphone apps have no privacy policy to tell consumers how their personal data will be collected, stored and reused, according to a recent study by the Future of Privacy Forum. In a review of the top 30 applications across iPhones, Androids and Blackberries, 22 failed to provide a privacy policy on the company’s web site or the app itself.

While a written privacy policy does not guarantee consumer privacy won’t be violated, “posting a privacy policy is the essential first step for companies to take to be accountable for their practices of collecting and using online data,”

By Ondrej Krehel, Identity Theft 911

There’s been a lot of commentary and gotcha-style journalism surrounding the Sony data breach, but not much constructive criticism.

Yes, the breach could have easily been prevented. Had Sony enabled fairly standard firewall technology and kept its systems up-to-date with the latest patches, none of this most likely would have happened.

Since most of us have enabled firewalls on our personal computers and are aware of the risks if we don’t, Sony’s mistake immediately smacks of foolishness. But setting up protection for a network of 100 million users is a little different than protecting the Mac in your living room.

By Matt Cullina,

New clients at Identity Theft 911 often ask me, “Aren’t all identity theft service providers the same?”

It may seem that way. Many promise seemingly comparable services to help victims untangle the financial and legal mess created by identity theft.

But the approaches—do-it-yourself, power of attorney and one-on-one case management—are very different from one another.


By Brian McGinley,



We’ve talked about how to protect your identity in the aftermath of a disaster such as the deadly tornadoes in the South and Midwest.

But what can you do before catastrophe strikes?

If you live in a danger zone—areas susceptible to earthquakes, flooding and bad weather—it’s important to get organized. A little preparation can go a long way when your family is recovering from a cataclysmic event.


By Brian McGinley,

Small businesses take note: Verizon recently just released its , and the findings have real implications for companies with fewer than 100 employees.

The number of stolen records dropped dramatically to 4 million in 2010, down from 144 million in 2009. But the tally of confirmed breaches rose sharply to 761 from 141 the previous year.

How can we explain these numbers? Hackers are changing their tactics and chasing opportunities. They’ve noticed that many larger corporations are doing a better job of protecting their information. So black hats are honing in on lower-tier business targets—organizations with less savvy, maturity and investment in countermeasures. Once they identify vulnerability, they exploit it.



Well, two fascinating—and repellant—things happened in the last few days, which but for the broadest possible subject matter connection, would seem to be unrelated. On May 6, a group calling itself and released personal information about people from the database of potential contestants for the popular Fox show “X Factor.” Five days later, the same group announced in quite caustic terms that it also had hacked computers to gain access to the personal information, including email addresses, of 363 Fox employees. Within a nanosecond or two, the group also had defaced the profiles of 14 of those employees on LinkedIn, a popular business-oriented social networking site (which found and corrected the hackers’ work quickly and efficiently). These , appropriately enough, on Twitter—one of the most trafficked social networking sites in the universe.

[Article: ]

Within those same few days, Michaels Stores—the popular arts and crafts retailers— that in at least 80 of its stores nationwide, debit card swipe pads had been either swapped out or otherwise tampered with so as to allow debit card numbers and pins to be systematically and routinely stolen. Unlike other attacks of this type, such as the one directed at in which only a few stores located in the New England region were compromised, the Michaels Stores were geographically located all over the country from New Mexico to Massachusetts. Very quickly it was also discovered that the compromised information had already been used to drain the bank accounts of scores of Michaels customers through the use of ATM machines. The process is quite simple really; the information from the bogus swipe pads is collected and transmitted to the thieves, who quickly create equally bogus ATM debit cards, consisting of very little but a piece of plastic with a magnetic strip. It works just like the real thing at an ATM, though. Michaels announced that within two weeks it would replace more than 7,200 swipe pads at all of its stores, and in the meantime would utilize a much slower yet more secure manual method of processing debit card transactions.


Miss Wisconsin USA has forfeited her crown and resigned from the Miss USA beauty pageant after admitting to charges of identity theft, the . Shaletta Porterfield, 26, was named Miss Wisconsin USA last year, and would have competed in the national contest in Las Vegas on June 19.

The allegations arise from Porterfield’s job selling ads last summer, . Three business owners in the Madison, WI, area complained to police that someone had forged their signatures on contracts to buy advertisements in Homepages, a local business directory.

Police allegedly connected the fraud to Porterfield, who confessed on Dec. 9, the Waunakee paper reported. She faces three counts of misappropriating identity information to obtain money, with a maximum penalty of $30,000 or six years in prison.

Porterfield resigned as Miss Wisconsin USA on Friday to avoid bringing more scandal to the Miss USA pageant, her attorney, Robert F. Nagel, told the Milwaukee paper.

“It’s unfortunate, but she has a lot going for her, and she’s ready to move on,” Nagel said.


is’s Staff Writer. Chris graduated with honors from the Columbia University Graduate School of Journalism, and has reported for a number of publications including The New York Times, TIME magazine and Popular Mechanics.

Image by via Dreamtime

This article originally appeared on .

For families prepping for spring and summer vacations, as well as employees often traveling to various international locales, identity theft is one issue to consider.

Senior Vice President of Data Risk Management Brian McGinley offers tips and advice for those heading for a getaway or traveling on business.

By Eduard Goodman,

We’ve been waiting for a federal data breach notification law for well over five years now. So when I read the , I was disappointed to the point of being grumpy.

The intention was for Congress to take federal action to unify the nation’s 50-plus different notification laws and requirements. Past legislative attempts barely got off the ground because they weakened state laws on breach notification. While state laws may not be easy for business, they’re meant to protect consumers.

The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches. Bottom line: It offers little, meaningful help to the consumer.

Here are five weaknesses of the bill: