Well, for one thing, there's always the problem of counterfeiters. Not college kids making fake ID's,
but foreign governments bent on disruption of our economy. If the design of the $20 bill has to be
changed every seven or eight years because foreign governments are engaged in counterfeiting, you can
bet the same problem will complicate the National ID Card program.
No database is immune to intrusion, both foreign and domestic, as the articles below illustrate.
million Obama amnesty applicants on deportation hit list. Some 1.4 million illegals who followed President
Obama's request to sign up for two controversial amnesty programs could be among the first to face deportation under the new
administration. The reason: In exchange for getting into the two programs, they handed over their identities, home
addresses, and admitted to being in the United States illegally, making them the easiest to find and legally deport.
York City rethinking municipal card program for immigrants, may erase ID data. When New York City launched the
nation's biggest municipal ID card program last year, advocates said it would help people living in the U.S. illegally to
venture out of the shadows. But since Donald Trump was elected president, city officials are instead fielding questions
about whether the cards could put those same people at greater risk of being deported.
grabs over 58 million customer records from data storage firm. At least 58 million people have had their
personal information published on the internet — including their names, dates of birth, email and postal
addresses, job titles, phone numbers, vehicle data, and IP addresses — after a hacker stole a massive unsecured
database. And, if you think that sounds bad, there may be yet more hacked data still to be exposed.
North Miami man convicted
of cashing $11 million in tax-refund checks for dead people. His North Miami business cashed more than 2,000
tax refund checks issued in the names of people who were dead or disabled. The refunds added up to more than $11
million, courtesy of the Internal Revenue Service. Now, Junior Jean Baptiste faces up to 20 years in prison at his
sentencing in October after being convicted Tuesday by a Miami federal jury of money laundering, theft of government funds,
stealing identities and possessing false driver's licenses. His crime, though commonplace in Miami during the past
decade, stands out for the sheer volume of stolen identities and fraudulent checks.
doesn't tell 1 million taxpayers that illegals stole their Social Security numbers. The IRS has discovered more
than 1 million Americans whose Social Security numbers were stolen by illegal immigrants, but officials never bothered to
tell the taxpayers themselves, the agency's inspector general said in a withering new report released Tuesday [8/30/2016].
Investigators first alerted the IRS to the problem five years ago, but it's still not fixed, the inspector general said, and
a pilot program meant to test a solution was canceled — and fell woefully short anyway.
Your personal information is not safe in Big Brother's hands.
accessed personal info from 200,000 Illinois voters. Illinois election officials say private information from
up to 200,000 registered voters was accessed by hackers during a breach in late June. It's part of a breach under
investigation by the FBI in both Arizona and Illinois. In both cases, the hacks involved online voter registration data.
in 10 States and DC May Have Been Hit by Hackers. An undisclosed number of people who used credit cards at 20
Hyatt, Sheraton, Marriott, Westin and other hotels in 10 states and the District of Columbia may have had their cards
compromised as a result of hack of the hotels' payment system. HEI Hotels & Resorts, which operates just under 60 hotels
and resorts under a variety of brands, said that after being notified by its credit card processor of a potential breach, it
conducted an internal investigation that found malware on its payment processing systems at the 20 properties. The
malware was designed to capture debit and credit card information such as names, card account numbers, card expiration
dates and verification codes, as it flowed through the systems.
billion — at least — lost in bogus tax refunds to ID thieves in 2014. The IRS has a
Taxpayer Protection Program (TPP) that sounds like it should provide security. It does, but not enough to prevent IRS
from paying $30 million to identity theft fraudsters in 2014, based on the 1.6 million screened by the program.
That's just one of the ways Uncle Sam fights identity theft fraud. About 7,200 of them were bogus. In total, IRS
processed more than 150 million individual tax returns in 2015. Overall, the GAO report indicates the IRS does a decent
job of detecting and stopping ID fraud, which is a big business. Crooks attempted to get $25.6 billion from bogus refunds
in 2014. The IRS beat them most of the time, stopping or recovering the theft of $22.5 billion, 88 percent of the
attempted pillage. But in the remaining cases, crooks got the $3.1 billion.
When you have all your personal information stored in the National ID Card system, don't count on the government to keep it confidential.
Taxpayers' Data at Risk
in IRS's Hands, New GAO Report Says. Ignoring past audits and warnings, the Internal Revenue Service (IRS) continues to implement
too few safeguards against computer and physical intrusions into taxpayers' private data records, a government watchdog agency reports. The
U.S. Government Accountability Office (GAO), a nonpartisan government agency providing auditing, evaluation, and investigative services for Congress,
released a new report in April detailing IRS's shortage of information-technology and physical-security measures protecting taxpayers' personal
data. Despite prior documentation and national news stories exposing IRS practices opening taxpayers up to data breaches and other fraudulent
activities from both external and internal threats, the audit found "significant control deficiencies" remain and are preventing the agency from
ensuring the "confidentiality, integrity, and availability of financial and sensitive taxpayer information." GAO says IRS failed to consistently
implement physical security measures in its data centers, allowing unauthorized employees and visitors access to restricted areas. Other failures
cited include using weak or outdated passwords on servers containing sensitive data and allowing multiple employees to share security credentials.
number of successful cyberattacks at one federal agency, report reveals. In 2014, a single U.S. government
agency was hit with a blizzard of more than 1,370 external attacks on its most vital computer systems, with three out of
every eight incidents resulting in a loss of data, according to a new report by the watchdog Government Accountability
Office, suggesting hackers have been far more successful at getting at sensitive government information than previously
disclosed. The highly besieged agency was not named in the report, which was given to government officials in May and
made public last week. GAO officials declined to provide the name of the agency in response to an additional query from
to DNC Claim, Hacked Data Contains a Ton of Personal Donor Information. When the Washington Post
reported Monday [6/13/2016] that the Democratic National Committee's servers had been breached by a team of Russian hackers,
the DNC was quick to claim that nothing pertaining to the party's many supporters had been pilfered. But a new cache of
apparently hacked documents obtained by Gawker contains a wealth of donor information, including e-mail addresses and cell
phone numbers for hundreds of high-profile and wealthy Democratic fundraisers.
fraud feared as hackers target voter records. Since December, hundreds of millions of voters in the U.S., the
Philippines, Turkey and Mexico have had their data discovered on the web in unprotected form. In some instances,
legitimate security researchers found the information, but in others, malicious hackers are suspected of pilfering the data
for criminal purposes. The data breaches are raising questions as the U.S. considers whether to move toward electronic
balloting. More people than ever are using the internet to register to vote and to request mail-in ballots. Some
states have even become vote-by-mail only in recent years. If you can't keep the voter registration records safe, what
makes you think you can keep the votes safe?" asked Pamela Smith, president of election watchdog Verified Voting.
IRS workers steal taxpayer data to plunder the Treasury. The Treasury Department's Inspector General for Tax
Administration said this week that three current and former IRS employees have been caught trying to steal money as taxpayers
try to pay off their tax debts. In one case, former Missouri IRS employee Demetria Brown was sentenced in February
after pleading guilty to wire fraud and identity theft. Her scheme was to obtain people's personal information, like
Social Security Numbers and dates of birth, to file fraudulent federal and state tax returns.
Giving Tax Credits to Illegals Who've Engaged in Identity Theft. In a typical year, April 15 is Tax Day when
hard-working Americans cede over an enormous amount of their income to the federal government so they can redistribute it to
all sorts of special interests and protected classes, including illegal aliens. You heard that right. The IRS has
admitted to knowingly granting refundable tax credits, which work as back door welfare payments, to illegal aliens who break
the law and steal Social Security numbers to obtain employment and file their taxes. During a meeting of the Senate
Finance Committee, IRS Commissioner John Koskinen admitted to Sen. Dan Coats (R-IN) that illegal aliens were stealing
Social Security numbers and using them to receive refundable tax credits through their annual returns. Worse, he felt
it was a good thing they were filing and didn't seem committed to stopping it.
IRS again fails to protect taxpayer information. On 12 April 2016, the Treasury Inspector General for Tax Administration (TIGTA)
released its 28 March 2016 Letter Report describing the IRS's failure to effectively sanitize personal information such as Social Security
numbers from OICs availed for public inspection. This includes inadequate ballpoint pen cross-outs of the information where the Social
Security number is still discernible. [...] The IRS has been on notice since at least as far back as 1979 that identity theft is a problem
warranting its serious attention. This author and others have expounded at length in these pages, quite profusely, on the IRS's
continuing failure to adequately protect the identities of taxpayers who necessarily entrust personal information to it.
Commissioner: 'More Than 1 Million Malicious Attempts' to Access IRS Computers Daily. IRS Commissioner John
Koskinen told the Senate Finance Committee on Tuesday [4/12/2016] that the Internal Revenue Service's computers "withstand
more than 1 million malicious attempts to access them each day.
Er, those 100,000 tax records illegally accessed? Make that over 700,000. The US Internal Revenue Service (IRS)
has admitted that its problem with "Get transcript" scammers is much worse than first thought — over seven times
as bad to be precise. In May of 2015, the IRS reported that around 100,000 people had had their tax returns and income
forms sent out to criminals who gamed its "Get transcript" feature by providing stolen personal information between February and
mid-May that year. In August, that number rose by 220,000 following a further review. On Friday, America's most-disliked
public agency said that number had risen to over 700,000, with another 295,000 attempts to steal taxpayer transcripts.
Data breach affects
80,000 UC Berkeley faculty, students and alumni. A hacker broke into the University of California, Berkeley computer system holding
financial data of 80,000 students, alumni, current and former employees, school officials said Friday [2/26/2016]. The university said that
although there is no evidence that any information has been stolen, it has notified potential victims of the breach so they can watch for signs of
possible misuse of their personal data. Those notified include students and staff who received non-salary payments though electronic fund
transfers, such as financial aid awards and work-related reimbursements. Vendors whose financial information was in the system for payment
purposes are also at risk.
Cyber hackers got info on roughly 700K taxpayers, double earlier estimate. The IRS acknowledged Friday [2/26/2016] that cyber hackers
have stolen Social Security numbers and other information from more than 700,000 taxpayers — roughly double the number the agency previous
estimated. The cyber thieves hacked into the agency's "Get Transcripts" system in which taxpayers get returns and other previous-year
filings. The breach, believed to have been carried out in Russia by a criminal operation, was discovered in May 2015, and the increase was
reported first by The Wall Street Journal. The IRS originally said information was taken from about 113,000 taxpayers.
The IRS Says Identity Thieves Hacked
Its Systems Again. Identity thieves attempted to breach computer systems at the Internal Revenue Service to
file fraudulent tax refunds. The criminals were especially after E-file PINs, which are used by some individuals to
electronically file a return, the agency said in a statement released Tuesday [2/9/2016]. Around 464,000 unique social
security numbers were involved, and of that total, 101,000 SSNs were used to successfully access an E-file PIN. The
thieves used personal taxpayer data that was stolen elsewhere to help generate the PINs, the agency said. No personal
data was compromised or disclosed by IRS systems, and affected taxpayers will be notified by mail of the attack.
FBI employee data dumped in hack. A hacker claiming to have downloaded information about thousands of FBI and Department of
Homeland Security employees through a Justice Department computer followed through with a threat to publicly release the information
online Monday [2/8/2016]. The data appears to consist of the names, positions, email addresses and phone numbers of an estimated
9,000 Homeland Security employees and 20,000 FBI employees. The online posts, made separately on Sunday and Monday [2/7-8/2016],
are accompanied by a pro-Palestinian slogans.
29,000 FBI Agents and DHS Staffers Had Their Contact Info Revealed. A
hacker published info of more than 20,000 Federal Bureau of Investigation agents online on Monday [2/8/2016]. A day prior to the leak, the same hacker posted info
of 9,000 Department of Homeland Security officials. The data dumps, which appeared on the website cryptobin.org, included people's names, email addresses, job
titles, and phone numbers.
of Voter Records Posted, and Some Fear Hacker Field Day. First and last names. Recent addresses and phone numbers.
Party affiliation. Voting history and demographics. A database of this information from 191 million voter records was
posted online over the last week, the latest example of voter data becoming freely available, alarming privacy experts who say the
information can be used for phishing attacks, identity theft and extortion. The information is no longer publicly accessible.
191 million US voter
registration records leaked online — report. A security researcher has uncovered a publicly-available
database containing the personal information of 191 million voters on the internet, but it isn't clear who owns it.
Chris Vickery, who shared his findings on DataBreaches.net, disclosed the trove of voter data, which includes names, home addresses,
voter IDs, phone numbers, and birth dates, as well as political affiliations and voting histories since 2000. The database
does not contain financial information or Social Security numbers. The Texas tech support specialist said that he found the
database while looking for information exposed on the internet in an attempt to raise awareness of security breaches.
from Secaucus among a dozen suspects charged in ID fraud ring that stole $3M. The 12 people allegedly involved
have been charged with first-degree money laundering, second-degree theft by unlawful taking and third-degree fraudulent use
of credit cards. Those charged are Naim Tahir, 47, of Clark, Hassan Shahbaz, 42, of Jersey City, Aqeel Ahmed, 60, of
Secaucus, Shama Munir, 49, of Secaucus, Faisal Mushtaq, 37, of Secaucus, Mohammad Shakeel, 46, of Jersey City, Rilvan Junaid,
49, of Spring Valley, N.Y., Shakeela Ahmed, 56, of Secaucus, Aqeel Sheikh, 54, of Secaucus, Mahamed Khan, 53, of Piscataway
and Huda Ahmed, 27, of Secaucus. All have been arrested except Khan, who is being sought as a fugitive, Hoffman said.
When making the arrests, investigators also seized $150,000 in cash and multiple bank accounts containing $320,000.
Policy Labels Illegal-Alien ID Thieves as "Borrowers". Bob Segall, investigative reporter for WTHR Indianapolis,
has released a new two-part report on illegal immigration and the Internal Revenue Service. [...] Segall won the Center's Katz
Award in 2013 for his 11-part series exposing fraud and mismanagement within the IRS that allowed illegal aliens to receive
billions of dollars in improper tax credits and refunds. In his new series, Segall focuses on the IRS policy labeling
illegal aliens who use the Social Security numbers of Americans and legal residents merely as "borrowers" against whom no
action may be taken by IRS employees. The report interviews the victims, IRS whistleblowers, and even the illegal-alien
fraudsters. [Video clip]
Secret IRS policy hides identity theft from victims.
Findings of the [WTHR] 13 Investigates report include:
• The IRS accepts millions of tax returns — and issues tax refunds — even when taxpayer documents show clear warning signs of identity theft
• Confidential IRS policies instruct IRS employees not to tell taxpayers when someone else uses their social security number to earn income
• The IRS allows illegal immigrants to "borrow" social security numbers that do not legally belong to them
• The IRS is discontinuing a program to notify taxpayers when their social security number is used by someone else to gain employment
Malaysia arrests man for
hacking U.S. security data to supply targets for Islamic State. At the request of the United States, Malaysia has
arrested a man on charges of hacking personal data of more than a thousand U.S. officials and handing it to Islamic State militants
in Syria so they could target the individuals.
Charged with Stealing Personal Data on U.S. Troops, Passing It to ISIS. In a landmark cyberwar case, the Justice
Department has accused Ardit Ferizi, a 20-year-old citizen of Kosovo currently detained in Malaysia, as being a hacker and
stealing personal information about U.S. military and government personnel to pass along to ISIS. The so-called "Islamic
State Hacking Division" used this data to encourage terrorist attacks against American personnel and their families.
Thieves Love Millennials. Here's Why. For tech-savvy millennials, the threat of becoming a statistic doesn't
register, even though their behavior makes them more susceptible, says Tim Rohrbaugh, chief information security officer at
Intersections Inc., an identity risk management company. "There's a certain amount of trust inherent with these
systems" by millennials, Rohrbaugh says. "They are digital natives. A lot of stuff, they take for granted."
lost 5.6 million Americans' fingerprint files in cyber hack. More than 5 million Americans' fingerprint files
were stolen from the federal government, the chief human resources agency said Wednesday [9/23/2015], acknowledging the
massive data breach was five times larger than they'd previously admitted. The fingerprint data was stolen in the breach
that saw the government lose the most sensitive information on more than 21 million Americans. Chinese hackers have been
blamed for the breach. The OPM insisted the ability to misuse fingerprint data "is limited," though the agency said as
technology improves, the dangers could grow.
Fortunately, stolen fingerprints are of little value, at present.
million fingerprints stolen in U.S. personnel data hack: government. Hackers who stole security clearance data
on millions of Defense Department and other U.S. government employees got away with about 5.6 million fingerprint records,
some 4.5 million more than initially reported, the government said on Wednesday [9/23/2015].
Remind me again: Why does the Department of Energy exist?
Administration Yawns As Energy Dept. Gets Hacked 159 Times. USA Today obtained federal records showing that the Department
of Energy was successfully hacked 159 times between 2010 and 2014 ) — potentially putting the nation's power grid at
risk and nuclear stockpile at risk. A third of these intrusions were "root compromises," the paper found, which means that the
hackers gained administrative privileges, giving them wide access to the Energy Department network. The USA Today investigation
also found that 19 of the successful attacks involved the National Nuclear Security Administration, which is responsible for managing
the nation's nuclear weapons stockpile.
Millions Of Ashley Madison Passwords [were] Cracked. A group of enthusiast hackers managed to decipher millions
of leaked Ashley Madison passwords, thought to be cryptographically protected using bcrypt. Bcrypt is an algorithm that
makes cracking these passwords almost an impossible task — it was thought the process to crack the 15 million
leaked Ashley Madison passwords would take decades. Instead, almost all of them were broken in less than two weeks.
The group, which goes by the name CynoSure Prime, said they had discovered programming errors that made the passwords easier
to crack. With that knowledge, it took them some 10 days to crack 11 million passwords. They're looking
to crack the remaining four million next.
Hackers Finally Post Stolen Ashley Madison
Data. Hackers who stole sensitive customer information from the cheating site AshleyMadison.com appear to have made good on
their threat to post the data online. [...] AshleyMadison.com claimed to have nearly 40 million users at the time of the breach about
a month ago, all apparently in the market for clandestine hookups.
IRS reveals hack was
worse than thought. A breach of taxpayers' information at the Internal Revenue Service was bigger than initially
disclosed, the agency said Monday [8/17/2015]. Hackers gained access to the information of as many as 220,000 more people
than the 104,000 accounts that IRS Commissioner John Koskinen said in June may have been compromised. The IRS said it is
mailing 220,000 letters notifying people that their information may be compromised. It said that it would also offer free
credit protection and Identity Protection PINs to the victims.
Just like bad unemployment numbers, these figures are being quietly revised upward after a few weeks.
Computer Breach Bigger Than First Thought; 334K Victims. A computer breach at the IRS in which thieves stole
tax information from thousands of taxpayers is much bigger than the agency originally disclosed.
IRS says cyberattacks more
extensive than previously thought. The IRS said in late May the tax return information of about 114,000 U.S. taxpayers
had been illegally accessed by cyber criminals over the preceding four months, with another 111,000 unsuccessful attempts made.
A new review has identified 220,000 additional incidents where data was breached, the tax collection agency said. It identified
another 170,000 suspected failed attempts by third parties to gain access to taxpayer data.
fingerprints, blown spy covers: The risks to national security from the Chinese employee hack. A new
government review of what the Chinese hack of sensitive security clearance files of 21 million people means for
national security is in — and some of the implications are quite grave. Covert intelligence officers
and their operations could be exposed and high-resolution fingerprints could be copied by criminals, the Congressional
Research Service disclosed in an analysis of one of the most harmful cyber thefts in U.S. history.
US national security system possibly compromised by year-long cyber-assault. The
prolonged hacking into the White House Office of Personnel Management, which put the personal
information of at least some 21.5 million past and current federal employees in jeopardy, is only
the beginning of the security threat to the Obama Administration and its successors, a number of top-level
experts in cybersecurity have told Fox News. The attack has been frequently sourced as coming from China.
Fears Data Stolen by Chinese Hacker Could Identify Spies. American officials are
concerned that the Chinese government could use the stolen records of millions of federal workers
and contractors to piece together the identities of intelligence officers secretly posted in China
over the years. The potential exposure of the intelligence officers could prevent a large cadre
of American spies from ever being posted abroad again, current and former intelligence officials
said. It would be a significant setback for intelligence agencies already concerned that a recent
data breach at the Office of Personnel Management is a major windfall for Chinese espionage efforts.
Plame: OPM breach is 'absolutely catastrophic' to security. "Information is power,"
said Plame, who worked to stop the spread of nuclear weapons as a CIA agent and serves on the
advisory board for Global Data Sentinel, a cyber security firm. "When you have access to
information about the friends, family members and health issues of someone who works for the U.S.
government, you can use that to try to get close to that person and gather intelligence," she said.
"To my mind, the OPM breach is absolutely catastrophic for our national security."
This is only slightly off-topic:
shares tank after FTC says it doesn't protect consumers data as it claimed. LifeLock,
the company that aggressively advertises its identify theft protection service, came under fire from
the federal government Tuesday [7/21/2015] for failing to protect the data of its customers —
once again. Shares of the company cratered nearly 50 percent after the government announced
its finding, closing at about $8 a share. The Federal Trade Commission said LifeLock has been
falsely promising that it would protect personal data such as Social Security numbers, credit card
numbers and bank accounts.
Hack Part of Large-Scale Cyber Attack On Personal Data. Nine major cyber attacks
targeting the personal data of millions of Americans were carried out against federal and private
computer networks in the past year, according to an internal report by the Department of Homeland
Security. The July 2 report by the department's National Cybersecurity and Communications
Integration Center stated that two of the incidents involved "millions" and "hundreds of thousands"
of stolen personal records respectively in what appears to be a coordinated campaign of bulk personal
data theft. A U.S. defense contractor was also hit by the data breaches. The report did not
identify the hackers behind the attacks, but stated that they were conducted by sophisticated attackers.
The Editor says...
Naturally they'll say they were the victims of "sophisticated attackers." What else could they
say? We were successfully attacked by amateurs?
Expert: Obama 'Almost Criminally Negligent' on OPM Hack. A former adviser to four
presidents on national security said on Sunday [7/12/2015] that the Obama administration was guilty of "almost
criminal negligence" for its response to China's massive cyber attack on the U.S. government. "I
don't blame the Chinese," Richard Clarke said on ABC's Face the Nation. "This is what intelligence
agencies do. This is what the United States does. We steal this sort of information. I blame the
Obama administration for taking this issue not seriously enough. This is almost criminal negligence."
hack shows what happens when governments get too big. The hack at the Office of
Personnel Management shows what happens when lax security gets combined with organizations or
governments getting too big. CNN has a pretty interesting rundown on how the hackers may have found
a way to get into OPM servers. One way involves figuring out which agency hasn't had their servers
updated in some time.
For The Massive OPM Hack Belongs To Obama. "When I am president," said Barack Obama
back in 2008, "the days of dysfunction and cronyism in Washington will be over." Tell that to the
22 million government workers whose personal data are now in the hands of Chinese hackers.
Archuleta ousted as OPM director after massive data hack. Katherine Archuleta, the
chief human resources officer who oversaw arguably the worst data breach in federal history, was
ousted Friday [7/10/2015], just a day after she insisted she was staying in for the long haul.
She caved to bipartisan pressure from members of Congress who said they'd lost all confidence in her
ability to clean up after hackers stole what amount to complete biographies of more than 21 million
Americans from the Office of Personnel Management computer systems last year.
Hacking Makes Clueless Obama Most Transparent Ever. President Obama has finally, if
unwittingly, kept a powerful campaign promise. During August of 2007, in a press release, Barack the
candidate pledged "the most transparent... administration in history". The big time hacking of
his Office of Personnel Management has moved that ball forward in a hurry. With this historically
unprecedented cyber security breach of federal employees, and those with whom they may be connected,
Obama kept his vow. Congratulations! CNN reported, "The personal data of an estimated
18 million current, former, and prospective federal employees were affected by a cyber breach
at the Office of Personnel Management — more than 4 times the 4.2 million the agency has
publicly acknowledged. The number is expected to grow, according to U.S. officials briefed
in the investigation."
of OPM databases compromised 22.1 million people, federal authorities say. Two major
breaches last year of U.S. government databases holding personnel records and security-clearance
files exposed sensitive information about at least 22.1 million people, including not only federal
employees and contractors but their families and friends, U.S. officials said Thursday [7/9/2015].
The total vastly exceeds all previous estimates, and marks the most detailed accounting by the Office of
Personnel Management of how many people were affected by cyber intrusions that U.S. officials have
privately said were traced to the Chinese government.
ObamaCare Enrollees Have Their Data Stolen, Too? In the case of OPM, they had been
repeatedly warned that their networks were vulnerable to cyberattacks, yet did little to improve
security. As a result, private data on more than 21 million people, some of whom were applying for
federal security clearances, are in the hands of hackers believed to be from China. At least all
of these people were current or former employees of the federal government. Healthcare.gov, on
the other hand, now collects information on millions of private citizens who apply for ObamaCare
coverage at this federal exchange, and operates a data hub that connects a multitude of other government
databases. It, too, appears to suffer from the same indifference to cybersecurity as OPM.
God help us all.
Erin Kelly and David Jackson of USA Today report that "the massive hack of background check records at
the Office of Personnel Management compromised the data of 21.5 million people — five times more
than were affected by an initial breach, the agency announced Thursday [7/9/2015]." The details of everyone
who has applied to the Federal Government in the last 15 years have been taken.
Director Katherine Archuleta Quits. Katherine Archuleta, the director of the Office of
Personnel Management, has resigned from her post amid a cascading scandal over her handling of a
massive breach of federal employee data. Archuleta, who has been at the helm of OPM since
November 2013, submitted her resignation Friday morning [7/10/2015]. OPM announced Thursday that
the size of a hack that began last year led to the pilfering of sensitive personal information of
21.5 million former and current employees. That admission, following weeks of scrutiny on Capitol
Hill after OPM acknowledged a separate data breach that affected 4.2 million, led to a rush of lawmakers
who called for her ousting, including the top three House Republicans and Democratic Sen. Mark Warner, who
sits on the Senate Intelligence Committee.
Archuleta, Director of Office of Personnel Management, Resigns. Katherine Archuleta,
the director of the Office of Personnel Management, resigned under pressure on Friday [7/10/2015], one day after
the government revealed that two sweeping cyberintrusions at the agency had resulted in the theft of the personal
information of more than 22 million people, including those who had applied for sensitive security clearances.
Ms. Archuleta went to the White House on Friday morning to inform President Obama that she was stepping down immediately.
She said later in a statement that she felt new leadership was needed at the federal personnel agency to enable it to "move
beyond the current challenges."
under Obama and his team are incompetent.
Cyber Security Failure Creates a Greater Threat than ISIS. The most recent hacking of
the Office of Personnel Management (OPM) should concern us all. First, the scale is staggering;
important information about some 18 million government workers was stolen. Second, the
government was dishonest about the intrusions — revealing only the hacking of personnel files
at first, and then admitting eight days later what they had known all along that the thieves had also
made off with highly classified materials related to security clearances. Third, it turns out
that the system being used to protect government data has cost hundreds of millions of dollars, and is
OPM Hack and Obama's Politicization of the Federal Bureacracy. How does a government
failure so consequential — a foreign power accessing 18 million confidential records,
including the intimate personal details of federal workers' infidelity, drug abuse, and personal
debts uncovered during the background-check process for security clearances — happen?
For many Obama critics on and off the Hill, the answer lies in a troubling pattern of incompetent
management from Obama appointees selected more for their political loyalty than for their expertise,
skill, or leadership abilities.
lawmakers call on Obama to fire OPM chief after massive data breach. Echoing
statements he recently made at a House hearing, [House Oversight and Government Reform Committee
Chairman Jason] Chaffetz and the other lawmakers blamed Katherine Archuleta, director of the Office
of Personnel Management, for the breach that's been described as one of the worst in U.S. history.
Chief Information Officer Donna Seymour should also be dismissed, a letter to Obama states.
"Simply put, the recent breach was entirely foreseeable, and Director Archuleta and CIO Donna
Seymour failed to take steps to prevent it from happening despite repeated warnings," the two-page
Behind Closed Doors, Senators Aren't Getting Their OPM-Hack Questions Answered. After
weeks of revelations about cyberattacks that may have exposed the personal information of as many as
18 million federal workers, Katherine Archuleta, the director of the Office of Personnel Management,
gave senators a classified briefing Tuesday to try to put lawmakers' questions to rest. But
senators from both sides of the aisle say they were far from satisfied with what they learned behind
U.S. data hack may be 4
times larger than the government originally said. The personal data of an estimated
18 million current, former and prospective federal employees were affected by a cyber breach
at the Office of Personnel Management — more than four times the 4.2 million the agency has
publicly acknowledged. The number is expected to grow, according to U.S. officials briefed
on the investigation. FBI Director James Comey gave the 18 million estimate in a closed-door
briefing to Senators in recent weeks, using the OPM's own internal data, according to U.S. officials
briefed on the matter. Those affected could include people who applied for government jobs, but
never actually ended up working for the government.
Hack Include Files of CIA and Military Personnel? OPM Director: 'I Would be Glad to Discuss That in
a Classified Setting'. When Office of Personnel Management Director Katherine
Archuleta testified in the House Oversight and Government Reform Committee last week she said that
the personnel records of about 4.2 million current and former federal employees had been
"compromised" by a "cyber intrusion" into the OPM's computer systems. She also said that "an
additional OPM system was compromised." "These systems included information based on the
background investigations of current, former and prospective federal government employees, as well
as other individuals," Archuleta told the committee under oath.
Leap of Faith.
More details have emerged about the theft by Chinese hackers of millions of records from the Office
of Personnel Management. A team from the New York Times says that "undetected for nearly a year, the
Chinese intruders executed a sophisticated attack that gave them 'administrator privileges' into the
computer networks at the Office of Personnel Management, mimicking the credentials of people who run
the agency's systems."
Revelations Suggest Chinese Hackers Had Inside Help. Heading into the weekend, we
learned the Chinese hackers who hit the Office of Personnel Management had a whole year to root
around in the security clearance database. Now we find out they were "root" while they were doing
it. The New York Times delivers news that will chill the bones of anyone who knows
anything about system administration: [...]
One of OPM's IT Contractors Was Located In Mainland China. During Tuesday's [6/16/2015] House Oversight
hearing probe on the Office of Personnel Management (OPM) hack, Director Katherine Archuleta was repeatedly asked by
Chairman Jason Chaffetz why the systems had not been protected with encryption prior to the discovery of the breach.
Archuleta hemmed and hawed, finally answering that "[i]t is not feasible to implement on networks that are too old" but adding
that the agency is now working to encrypt data within its networks. According to ARS Technica, encryption wouldn't
have made much difference. Why? Because the attackers may have been accessing the system from within.
Roughly 4 weeks pass before gov't reveals hacking. The Obama administration is increasingly confident that China's government,
not criminal hackers, was responsible for the extraordinary theft of personal information about as many as 14 million current and former
federal employees and others, The Associated Press has learned.
Obama Know There's a Cyberwar Going On? Chinese hackers apparently stole far more data
on more federal employees than first suspected, creating a huge national security problem. Worse,
the Obama administration knew this database was being targeted.
Administration Incompetence Subjects Millions of Americans to Cyber Hackers. Millions
of American government employees, former employees, contractors and more have had their most
personal and private information breached by hackers, because the government failed to take the
necessary steps to protect those records. [...] It is an outrageous and unacceptable breach of
trust. The federal government, through the Office of Personnel Management (OPM), interviews everyone
who requires any sort of security clearance, and asks the most detailed and personal questions about
past associations, indiscretions and behavior, to make sure nothing in their past could subject them
to blackmail or subversion. The interviews extend to friends and associates of those being vetted,
and those people are also in the databases that have been breached. But now it has come to light
that OPM failed to hold up the Obama administration's end of the bargain by not doing everything
they could to protect those records.
Also posted on the lengthy page
about Obama's incompetence.
Panic' Spreads Among Federal Employees Over OPM Hack. The first reports of the massive
penetration of Office of Personnel Management files and security clearance applications —
apparently by Chinese hackers most likely working for, or with, that country's military intelligence
apparatus — included grumbles from the affected employees that the administration didn't
handle the situation very well. Those early grumbles were but the snap responses of a few
individual employees the media chose at random. Now that the millions of people potentially affected
by the hack have been given a few days to digest the news and consider the Administration's response,
their attitude has soured into what government employees described to BuzzFeed as "collective panic."
of personnel info rips hole in espionage defenses. An Office of Personnel Management
investigative official said Tuesday [6/16/2015] the agency entrusted with millions of personnel
records has a history of failing to meet basic computer network security requirements.
Irony alert: Password-storing
company is hacked. No one's safe from hackers — not even LastPass, a
company that stores people's passwords.
Government Fails Again to Protect Sensitive Information. While most people were watching the debate
over the NSA's "metadata" collection program, a potentially more serious event occurred. Under the rules of
metadata, personal information, including the contents of phone calls, is inaccessible; only the general outlines
of phone numbers and duration are available. That, one might say, is bad enough — and U.S. courts,
backed by Congress, agreed. But the personal information of approximately four million Federal employees
was compromised in April as a result of someone hacking into the database of the Office of Personnel Management (OPM).
The No Scandal Administration.
There is a severe void of information from our government concerning the massive hack into the Office of Personnel
Management that is only now coming out in various media reports, including some from ABC News and The Hill.
The Terrible Scale of the Chinese
Cyber-Pearl Harbor Attack. The scale of a massive cyber-attack on America's governmental infrastructure that was
revealed last week is still coming to light. As is the case with virtually all preemptive strikes, hackers believed to be
linked to the People's Republic of China have executed an attack so comprehensive and sophisticated that it could only have
one aim: the preventative neutering of America's defensive capabilities. Along with others, I dubbed this the nation's
cyber-Pearl Harbor last week, and that characterization looks only more apt today. In concert with the debilitating effect
of Edward Snowden's revelations while in Russian custody, this attack may seriously hinder America's ability to secure and respond
to more conventional threats to its interests.
Hack Far Deeper Than Publicly Acknowledged, Went Undetected For More Than A Year, Sources Say. The
massive hack into federal systems announced last week was far deeper and potentially more problematic than publicly
acknowledged, with hackers believed to be from China moving through government databases undetected for more than
a year, sources briefed on the matter told ABC News. "If [only] they knew the full extent of it," one U.S.
official said about those affected by the intrusion into the Office of Personnel Management's information systems.
The OPM Hacking
Scandal Just Got Worse. The bad news keeps piling up with this story, including reports that
OPM records may have appeared, for sale, on the "darknet." Moreover, OPM seems to have initially
low-balled just how serious the breach actually was. Even more disturbing, if predictable, is a new
report in the New York Times that case "investigators believe that the Chinese hackers who attacked
the databases of the Office of Personnel Management may have obtained the names of Chinese relatives,
friends and frequent associates of American diplomats and other government officials, information that
Beijing could use for blackmail or retaliation."
Much Worse Can the China Data Hacking Get? First, as John Schindler, a Naval War College professor
and former NSA employee, explains, it's gradually being revealed that the Chinese hackers who broke into the federal
government's Office of Personnel Management got more than just, say, the Social Security numbers of federal employees.
The Times reports that intelligence officials are now telling members of Congress that huge swaths of data on federal
employees, including information like contacts with foreign nationals (ahem, including Chinese nationals) disclosed on
background-investigation forms, was probably stolen.
Wow — The
Federal Cyber Breach Was Not Discovered By U.S. Govt., Was Discovered By Private Company During
Product Demo. A remarkable twist in the story of the biggest data breach in U.S.
history. The Office of Personnel and Management (OPM) previously said they discovered the breach
when it had "undertaken an aggressive effort to update its cybersecurity posture". However, that
"update" claim is somewhat disingenuous. The hack was actually discovered by a cyber software
company as it was running a product demo on the system. The company discovered embedded malware
that existed inside the OPM for over a year.
news dump': And the suspected Chinese hacking scandal just got worse. So it looks like
the hack of government personal records just got a whole lot worse. Now it's not just civilian
employee records that were hacked, but information related to security clearances for members of the
military and intelligence community as well.
Hackers have personnel data on every federal employee. Hackers stole personnel data
and Social Security numbers for every federal employee, a government worker union said Thursday [6/11/2015],
charging that the cyberattack on U.S. employee data is far worse than the Obama administration has acknowledged.
Response to Data Breach: 'New Systems and New Infrastructure'. "Part of the problem is that we've got very old
systems," President Obama said on Monday, in a response to a question about the recent hack attack on U.S. government computers.
He said making U.S. cyberspace more secure is "going to be a big project," requiring "new systems and new infrastructure."
The intrusion involving the Office of Personnel Management apparently compromised the personal, identifying information of four
million current and former federal employees.
Isakson on Stolen IRS Data: 'More Personally Identifying' and 'More Dangerous' Than What NSA
Does. Senator Johnny Isakson (R-Ga.) said the confidential taxpayer information that
104,000 Americans had stolen at the Internal Revenue Service (IRS) was "a lot more private, a lot
more personally identifying, and a lot more dangerous" than "whatever the NSA ever does," the
National Security Agency.
Top cybersecurity architect slams for Obama for blaming Congress. Former Rep. Mike
Rogers, a top cybersecurity champion in Congress before he retired last year, blasted the White
House on Friday [6/5/2015] for trying to blame Congress for inaction on cyber issues, after it was
forced to acknowledge a massive government data breach one day earlier. President Obama, he
said, not only opposed cybersecurity legislation for years, but he threatened to veto it at a critical
moment in 2014 when it had passed the House with bipartisan support, and senators were weighing whether
to support it.
game: White House deflects on data breach, blasts Congress for inaction. One day after
acknowledging a massive security breach at the Office of Personnel Management, the White House on
Friday [6/5/2015] defended President Obama's record on data security, and tried to turn it around
on Congress by saying members have failed to pass a cybersecurity bill.
Hackers Easily Defeated Secret US Government Security System. The news about the
massive data breach of the Office of Personnel Management, and other federal agencies, by Chinese
hackers just keeps getting worse. Estimates of the scope of the breach have increased since the
initial reports on Friday [6/5/2015], while the ability of the attackers to bypass state-of-the-art
defensive software is frightening. Even so, some experts are saying the damage could have been
contained if the government had taken better precautions to protect the pilfered data.
'Cybersecurity Czar' Is MIA As Hackers Run Wild. In two weeks, we've learned that
offshore hackers managed to steal 100,000 tax filings and personnel data on millions of federal
workers. Who, exactly, is in charge of cybersecurity in this administration?
Millions of US government workers hit
by data breach. Chinese hackers are suspected of carrying out a "massive breach" of the
personal data of nearly four million US government workers, officials said. The Office of Personnel
Management (OPM) confirmed that both current and past employees had been affected. The breach could
potentially affect every federal agency, officials said.
Day of Massive Data Breach, Hillary Clinton Advocates Voter Registration Enabled by 'Technology'.
Democratic presidential candidate Hillary Clinton on Thursday [6/4/2015] called for "universal, automatic voter
registration" enabled by "technology." Coincidentally, but notable nevertheless, the federal government
announced the largest data breach in its history just hours after Clinton told a crowd in Texas that Oregon is
"already leading the way" in modernizing its voter registration system — "and the rest of the country
should follow," she said. "The technology is here," Clinton said — on a day when that technology
appeared particularly vulnerable.
IRS failed to upgrade security ahead of cyberattack. The IRS failed to implement dozens of security
upgrades to its computer systems, some of which could have made it more difficult for hackers to use an IRS website
to steal tax information from 104,000 taxpayers, a government investigator told Congress Tuesday [6/2/2015].
for Slackers, Part III. [T]he federal government is under daily attack by cyber thieves and cyber
spies, government officials warn. Just last week, cyber thieves believed to be from Russia broke into the
IRS via an online service for taxpayers and stole personal tax information for 104,000 individuals in order to
get fraudulent tax refunds, now estimated at $50 million. Due to concern over the rise in cyber-attacks,
the Dept. of Homeland Security and U.S. Customs and Immigration Enforcement have blocked personal webmail accounts
on government computers. But the federal union has demanded collective bargaining on the policy change.
of federal workers at risk after data breach. The Office of Personnel Management announced Thursday
[6/4/2015] that it is investigating a massive theft of federal employee data that could affect millions of both
current and former employees. By Thursday night, CNN was reporting that some officials believe they can trace
the source of the giant hack to the Chinese government. OPM said it detected a "cyber-intrusion" in April,
and said that intrusion predated the adoption of tighter security controls. OPM, essentially the government's
human resources department, said it is working with the FBI and the Department of Homeland Security to assess the
"full impact to federal personnel," but said millions may have been affected.
hack of federal gov't spurs critical concerns. China-based hackers are suspected of
breaking into the computer networks of the U.S. government personnel office and stealing identifying
information of at least 4 million current and former federal workers, American officials said.
hacking at OPM went undetected for at least four months. White House press secretary Josh Earnest said
officials at the Office of Personnel Management uncovered the hacking at least four months after it occurred, as they
were upgrading the agency's computer defenses against such attacks. "Based on what we know now, this intrusion
into the OPM system occurred in December," Mr. Earnest said. "The OPM detected this particular intrusion in
April. It wasn't until May that they were able to determine that some data may have been compromised and
administration scrambles to contain damage from 'massive data breach'. The Obama administration was scrambling
Friday [6/5/2015] to contain the damage from a massive cyber-breach which may have put the entire federal workforce at risk,
as officials began to point the finger at China-based hackers. The Department of Homeland Security issued a statement
confirming the breach, saying that it had concluded at the beginning of May that data from the Office of Personnel Management
(OPM) and the Interior Department had been compromised.
Massive Breach of Federal Personnel Data. The Obama administration is scrambling to
assess the impact of a massive data breach, suspected to have originated in China, involving the
agency that handles security clearances and employee records, U.S. officials said Thursday
[6/4/2015]. U.S. officials told NBC News that, so far, the breach doesn't appear to be the
"worst-case scenario" — compromise and disclosure of the identities of the covert CIA
agents. But they said the breach — which exploited a "zero day" vulnerability, meaning
one that was previously unknown — could be the biggest cyberattack in U.S. history,
potentially affecting every agency of the U.S. government.
hit by cyberattack, thousands of taxpayers' information stolen. Thieves managed to
steal information on more than 100,000 taxpayers from the IRS, Commissioner John Koskinen said
Tuesday — though he insisted the breach didn't affect most average taxpayers and the
information they file in their annual returns. Thousands of fraudulent returns were filed under
the attack, and final details about the amount the criminals stole is not available, though Mr.
Koskinen predicted it will be less than $50 million.
woman arrested for identity theft has lived under 74 aliases. Cathryn Parker, 72, was
arrested in March after she gave a deputy a false name when she was pulled over for a traffic
violation, Lt. Slade Carrizosa said. Upon learning where Parker lived, detectives larned she was
using a fake name there as well. Officials also said Parker paid utilities under false names
and acquired credit cards with other people's financial information.
Should We Kill
the Social Security Number? While tax season is still producing eye twitches around
the nation, it's time to face the music about tax-related identity theft. Experts project the 2014
tax year will be a bad one. The Anthem breach alone exposed 80 million Social Security numbers,
and then was quickly followed by the Premera breach that exposed yet another 11 million Americans'
SSNs. The question now: Why are we still using Social Security numbers to identify taxpayers?
flouting post-9/11 ID law, giving cards to illegal immigrants that mirror licenses.
After the 9/11 attacks, Congress passed the REAL ID Act to prevent foreign nationals from
fraudulently obtaining a U.S. driver's license — by requiring that any ID issued based on
unverifiable foreign documents look different in "design or color" from an official driver's
license. That way, TSA and other law enforcement would know the ID holder might not be who they
say they are. But more than a decade later, several state and local governments are openly
flouting the law, issuing ID cards that are barely distinguishable from a bona fide driver's license.
Driving Dead? N.J. driver's licenses issued to hundreds after they died. The dead
apparently can get driver's licenses, registrations and other motor vehicle documents in New Jersey.
A state audit found that documents were obtained from the state Motor Vehicle Commission, using
social security numbers of more than 300 people after the date that the federal Social Security
Administration listed them as being officially deceased. The audit of state Motor Vehicle
Commission data security also found that 32 lucky people were issued documents with no expiration dates.
Dominican Charged in
Scheme to Sell Massachusetts' Driver Licenses to Illegal Aliens. A Massachusetts'
illegal alien has been arrested on a complaint charging conspiracy to fraudulently issue
identification documents. Edwin Amaurys Parra Suarez (Parra), 37, was arrested in connection with
a scheme to produce false identification documents. The complaint affidavit alleges that from
December 2012 through January 2013, Parra bribed an employee of the Revere office of the Massachusetts
Registry of Motor Vehicles (RMV) in connection with a scheme to issue Massachusetts driver's licenses
to individuals who were not eligible to obtain such documentation.
says breach affects 1.2M cards. Staples on Friday [12/19/2014] said cyber criminals
may have compromised 1.2 million customer cards. On Friday [12/19/2014], Staples gave an update to a data
breach announced in October, saying criminals deployed malware to point-of-sale systems at 115 of its more than 1,400
U.S. retail stores. Staples said its investigation revealed that the malware may have allowed the criminals access
to transaction data "including cardholder names, payment card numbers, expiration dates, and card verification codes."
of more than 40,000 federal workers breached in cyberattack. The computer files of more than 40,000
federal workers may have been compromised by a cyberattack at federal contractor KeyPoint Government Solutions, the
second breach this year at a major firm handling national security background investigations of workers at federal
agencies, the government confirmed Thursday [12/18/2014]. Concerned that some data might have been exposed, the Office of
Personnel Management has begun notifying the workers that their files were in jeopardy. Nathalie Arriola,
speaking for the personnel office, said it will offer credit monitoring at no cost to those affected by the breach.
Hacking Nightmare Gets Worse: Employees Medical Records Revealed. Documents stolen from Sony Corp. by hackers
include detailed and identifiable health information on more than three dozen employees, their children or spouses —
a sign of how much information employers have on their workers and how easily it can become public. One memo by a human
resources executive, addressed to the company's benefits committee, disclosed details on an employee's child with special needs,
including the diagnosis and the type of treatment the child was receiving. The memo discussed the employee's appeal of
thousands of dollars in medical claims denied by the insurance company.
Amnesty as Feds Bust Illegal Aliens That Got $7.2 Mil from IRS with Stolen IDs. In the
same week that President Obama issued his administrative amnesty sparing millions from deportation,
the feds busted a criminal ring of illegal immigrants that used stolen identities to defraud the
U.S. government out of $7.2 million in tax refunds. The mastermind of this sophisticated
operation is a resourceful delinquent in Frankfurt, Delaware who runs a landscaping and cleaning business
called "Las Tres Mujeres" (the three women). Her name is Linda Avila and she's admitted in federal
court that she filed more than 1,700 fraudulent tax returns with the Internal Revenue Service (IRS)
using stolen identities assigned to migrant workers — mostly from Mexico —
living in the U.S. illegally.
Texas Police Chief
Gets 5 Years for Selling Green Cards to Illegal Aliens. According to court records,
individuals unconnected to the City of Jarrell and its Police Department introduced Gutierrez to
undocumented aliens who had money to pay for immigration benefits. Gutierrez or the individuals who
made the introductions, or both, then met with the aliens and explained the benefits they could
receive if they paid certain amounts of money. They lied to the aliens, telling them that the
Jarrell Police Department would receive the money and use it to pay for law enforcement operations.
They also told the aliens that they would provide information or assistance to the Jarrell Police
Department, for use in criminal investigations, in return for the immigration benefits.
warn 500 million financial records hacked. Federal officials warned companies Monday
that hackers have stolen more than 500 million financial records over the past 12 months,
essentially breaking into banks without ever entering a building. "We're in a day when a person
can commit about 15,000 bank robberies sitting in their basement," said Robert Anderson, executive
assistant director of the FBI's Criminal Cyber Response and Services Branch.
passwords leaked with 5 million account details exposed on Russian website. Millions
of Gmail users are being advised to change their passwords after a database with usernames and
passwords was hacked and exposed on an internet site. Hackers revealed nearly 5 million Gmail
account details and passwords on Bitcoin Security — a popular Russian website devoted to
cryptocurrency. The leak became known after a user posted a link to the log-in credentials on
Reddit frequented by hackers, professional and aspiring.
IRS Leaves Millions
Vulnerable to Identity Theft. The IRS has put millions of taxpayers at risk of identity theft by failing
to perform background checks on contractors, according to a new inspector general report. An IG audit performed
by the Treasury Department, which oversees the IRS, found that several contractors who are responsible for handling
sensitive taxpayer information do not perform any criminal or credit background checks on their employees. The
agency provided millions of Social Security numbers to one contractor without any screening process in place, according
to the report.
Health Systems says personal data stolen in cyber attack. Community Health Systems Inc
(CYH.N), one of the biggest U.S. hospital groups, said on Monday [8/18/2014] it was the victim of a cyber attack
from China, resulting in the theft of Social Security numbers and other personal data belonging to
4.5 million patients. Security experts said the hacking group, known as "APT 18,"
may have links to the Chinese government.
hacked, 4.5 million records stolen. Community Health Systems, which operates 206
hospitals across the United States, announced on Monday [8/18/2014] that hackers recently broke into its
computers and stole data on 4.5 million patients. Hackers have gained access to their names,
Social Security numbers, physical addresses, birthdays and telephone numbers.
warns: Change passwords after Russian hackers strike. After a ring of Russian hackers
obtained 1.2 billion user names and passwords this week, the Federal Trade Commission warned
consumers to be vigilant with their online accounts, The Hill reported. In a blog post, Maneesha
Mithal, leader of the agency's privacy and identity protection division, urged users to update passwords
for bank accounts, email addresses and other online accounts containing private information.
Gang Amasses Over a Billion Internet Passwords. A Russian crime ring has amassed the
largest known collection of stolen Internet credentials, including 1.2 billion user name and
password combinations and more than 500 million email addresses, security researchers say.
The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered
from 420,000 websites, including household names, and small Internet sites. Hold Security has a
history of uncovering significant hacks, including the theft last year of tens of millions of records
from Adobe Systems.
to Invent a Person Online. On April 8, 2013, I received an envelope in the mail from a
nonexistent return address in Toledo, Ohio. Inside was a blank thank-you note and an Ohio state
driver's license. The ID belonged to a 28-year-old man called Aaron Brown — 6 feet
tall and 160 pounds with a round face, scruffy brown hair, a thin beard, and green eyes. His
most defining feature, however, was that he didn't exist. I know that because I created him.
Breaches of Personal Information at Federal Agencies More than Doubles Since 2009. Millions of
individuals who recently entrusted personal, medical, and financial information to the federal government while
enrolling in Obamacare via Healthcare.gov may find a recent trend reported by the Government Accountability Office
(GAO) rather unsettling. The number of security breaches involving Personally Identifiable Information (PII)
at federal agencies more than doubled in recent years, increasing from 10,481 in 2009 to 25,566 in 2013.
Perhaps even more disturbing, the GOA found that "none of the seven agencies [in a related study] consistently
documented lessons learned from PII breaches."
Coca-Cola: Stolen laptops had personal
information of 74,000. Coca-Cola Co. said on Friday [1/24/2014] that personal information on as many as 74,000 employees, contractors
and suppliers were on laptops that it said were temporarily stolen from its Atlanta headquarters. The beverage giant told its U.S. and Canadian
employees the data on the laptops, which wasn't encrypted, included names, Social Security numbers and addresses, as well as details like financial
compensation and ethnicity.
Despite MVC improvements, some drivers still can't get real names on licenses. At most Motor Vehicle Commission agencies,
wait times are down significantly and customer service is better. That's all good. [... But] MVC computers can't handle certain
names on driver's licenses. That means New Jerseyans with two-word first names (Mary Ann) or last names (Price Mueller), or those
who use an apostrophe (D'Egidio) or a hyphen (Smith-Jones), can't have driver's licenses that match their other legal documentation, such
as passports and birth certificates.
containing Social Security numbers of South Carolina Health Insurance Pool members stolen in October. Officials with the South
Carolina Health Insurance Pool are investigating the theft of a laptop that contained Social Security numbers and names of people participating in
the program, which provides insurance to people with pre-existing conditions. In a news release provided Sunday to the Associated Press, an
attorney said the laptop was stolen in October from a car belonging to an employee of the program's independent auditor. The attorney
says the insurance pool hasn't uncovered evidence the data has been accessed.
hackers DID steal encrypted PINs. The hackers who attacked Target Corp and compromised more than 40 million credit
cards and debit cards also managed to steal encrypted personal identification numbers, according to a senior payments executive familiar
with the situation. One major U.S. bank fears that the thieves would be able to crack the encryption code and make fraudulent
withdrawals from consumer bank accounts, said the executive, who spoke on the condition of anonymity because the data breach is still
under investigation. Target spokeswoman Molly Snyder said 'no unencrypted PIN data was accessed' and there was no evidence that
PIN data has been 'compromised'.
Hiding the Hacking at HealthCare.gov.
Christmas shoppers were stunned to learn last Thursday [12/19/2013] that computer hackers had made off with the names and other personal info of some
40 million Target customers. [...] But at least Target informed its customers of the security breach, as it is required by federal law to do.
HealthCare.gov faces no such requirement; it need never notify customers that their personal information has been hacked or possibly compromised.
Weak U.S. card
security made Target a juicy target. The U.S. is the juiciest target for hackers hunting credit card information.
Duo Hooked Up 300 Illegal Immigrants with Photo ID; WashPost Buries Story on B8. A former DMV clerk, Maria Cavallaro, and her accomplice,
Jose Calderon, pleaded guilty in federal court yesterday to helping roughly 300 individuals "most of them illegal immigrants" to obtain Virginia-issued
"driver's licenses, learner's permits and identification cards for those... [who] were not eligible for them," Washington Post staffer Matt Zapotosky
reported in the November 7 paper. Suffice it to say, such a pervasive criminal conspiracy merits prime real estate in a major metropolitan
newspaper, but Post editors seem to disagree, placing the 14-paragraph story on page B8 of Thursday's [11/7/2013] paper, the very back page of
the Metro section.
3 Identity Theft Horror Stories That Will Make Your Toes
Curl. Identity theft is a scary phenomenon. It's unnerving to think your identity could be out there somewhere [...] wreaking
unfathomable havoc on your reputation and credit score. But in the hands of a nefarious fraudster, that's exactly what your digital identity
could be doing. Unfortunately, it's becoming more and more likely that you could fall prey to these thieves.
Stolen laptops have health
information on thousands of patients. Medical information about 729,000 patients has been compromised by the theft of two laptops belonging to a California
hospital group, company officials say.
IRS dumps up to 100,000 Social
Security numbers on the Internet. We're in the very best of hands, aren't we? Just wait until the people who slipped up and
posted up to 100,000 Social Security numbers onto a website are in charge of your health care information.
IRS mistakenly posted thousands of Social Security numbers on website. The IRS mistakenly posted the Social Security
numbers of tens of thousands of Americans on a government website, the agency confirmed Monday night. One estimate put the
figure as high as 100,000 names. The numbers were posted to an IRS database for tax-exempt political groups known as
Authorities investigate personal info data breach
at DMV. Fox 13 News has learned authorities are investigating a data breach of personal information at the Utah Department of Motor Vehicles.
Investigators are accusing a former employee at the DMV of taking people's information and passing it to others, who would then go out and commit crimes.
But state officials acknowledge they may have no way of knowing how widespread the problem is.
2 sentenced in NJ driver's
license scheme. Two more people were sentenced to jail Thursday [3/21/2013] in connection with a black market license
scheme in New Jersey.
Government Gave 4,317
Aliens two Social Security Numbers Apiece. A report from the Social Security Administration Inspector General (IG)
found 4,317 instances where a non-citizen was able to obtain two Social Security numbers, including 542 instances that happened
since 2001. "We identified 4,317 instances where the Numident record of 2 SSNs assigned to noncitizens contained matching
first, middle, and last names; dates and places of birth; gender; and fathers' and mothers' names," the IG reported on Dec. 10,
Registry worker accused of
promising illegals licenses for cash. A Registry of Motor Vehicles employee who police say promised illegal immigrants driver's licenses at $2,000 a
pop and claimed she could their delay deportation proceedings through an inside source at Immigration and Customs Enforcement now faces a 27-count indictment after
her arrest today at the registry's Watertown branch, authorities said.
South Carolina: 'The
mother of all data breaches'. In a nation where hackers steal personal data from computer systems on a near-daily basis, the cyberattack
on the South Carolina Department of Revenue stands out as the largest breach against a state tax agency in the nation. "From a state point of
view, this is kind of the mother of all data breaches thus far," said Larry Ponemon, chairman of The Ponemon Institute, which researches privacy and
3.6 million Social Security numbers
hacked in S.C. The U.S. Secret Service detected a security breach at the S.C. Department of Revenue on Oct. 10,
but it took state officials 10 days to close the attacker's access and another six days to inform the public that 3.6 million
Social Security numbers had been compromised.
Military heroes' ID numbers
posted online. The Social Security numbers of some of the nation's most highly decorated Army war heroes from Iraq
and Afghanistan were posted this week by a civilian contractor on a publicly available website. The Army has launched an
investigation to find out how the privacy of its heroes was violated. Of more than 500 names and profiles on the
site, 31 contain Social Security numbers.
94 Million Exposed: The Government's Epic
Fail on Privacy. Believe it or not, this number — which was just revealed in the latest report from tech security firm
Rapid7 — is only the most conservative estimate. When you take into account the difference between reported data breaches, which is what
this report measures, and actual incidents, you are talking about a much, much bigger number. As bad as the numbers are, it gets worse.
States make fake IDs quick and easy.
Federal investigators were able to get fraudulent driver's licenses in all three states where they tried, according to a report released Friday [9/21/2012]
that shows continued problems with states' ID programs more than 11 years after the Sept. 11 terrorist attacks highlighted the problem.
States are particularly flummoxed by out-of-state documents, according to investigators from the Government Accountability Office who conducted the
audit. The investigators used forged birth certificates purportedly issued by Ohio and New York, and successfully submitted them in three
Hackers claim 12 million Apple IDs
from FBI. A hacker group has claimed to have obtained personal data from 12 million Apple iPhone and iPad users by
breaching an FBI computer, raising concerns about government tracking.
workers arrested in Phoenix for using fake I.D.s. After a search of employment records, deputies say they determined that some of the
20 employees at the business were using false identification to gain employment there.
Possible fraud involving 24,000
Minnesota driver's licenses. The state of Minnesota has found nearly 24,000 possible cases of fraud involving
driver's licenses issued in the state, Fox Minneapolis reports. A facial recognition scan of the state's 11 million
photo database found nearly 1.3 million duplicates.
One hour and $260 can
get you phony green card, soc. security and license. In just one hour, The [New York] Post was able
to buy a phony green card, Social Security card and New York state driver's license from a stranger on a
corner — all of which could serve as a gateway to obtain legitimate IDs. The cards are
frighteningly real — convincing enough to fool creditors, potential employers and security at
buildings and even the airport.
Security wrongly declares 14,000 people dead each year. Of the approximately 2.8 million death
reports the Social Security Administration receives per year, about 14,000 — or one in every
200 deaths — are incorrectly entered into its Death Master File, which contains the Social
Security numbers, names, birth dates, death dates, zip codes and last-known residences of more than 87 million
deceased Americans. That averages out to 38 life-altering mistakes a day.
questions Illinois rate of false deaths. U.S. Sen. Dick Durbin (D-Ill.) has asked the
Social Security Administration why its Death Master File lists so many Illinoisans as dead when they
are still alive. ... Illinois has the third-highest rate of such mistakes in the country, according to a
Scripps Howard News Service report. Nationally, about 14,000 of these errors occur every year.
Personal info of 3.5 million Texans
exposed online. The Texas attorney general and the FBI are reviewing a breach in Internet
security at the state comptroller's office that exposed the personal information, including Social Security
numbers, of 3.5 million Texans for more than a year.
You might as well ask for a new set of fingerprints.
Social Security Denies ID Theft
Victim New Number. A 23-year-old Brighton man has been fighting five years to replace a
Social Security number that has been fraudulently used by a suspected illegal immigrant since 2003,
according to police and state tax officials. The Social Security Administration has twice denied his
request for a new number, saying his credit has not been damaged by the identify thief...
officer busted for I.D. theft. Members of the Wisconsin Professional Police Association (MPPA)
have chosen sides with their public sector union comrades against the hard-working taxpaying citizens of their
state, the very people who pay the salaries of those who are sworn to uphold the law. The Journal
Sentinel brings us a story about one of Milwaukee's finest. Five year police veteran (and WPPA member)
Lymon L. Taylor was in court Wednesday [3/16/2011] facing charges of felony identity theft. The
33 year-old officer has been charged with stealing the Social Security number of a 7 year-old Racine boy
and using it to purchase a 2007 Mercedes-Benz S550.
dead' on eNaTIS. "You can't renew your car's licence because you are deceased." This is
the message a Stellenbosch businessman received when he recently tried to renew one of his cars'
licences. ... According to the eNaTIS (National Traffic Information System) database, he's one of the
approximately 70,000 other "living dead" South Africans.
Fake ID business is booming.
North Carolina officials are reporting an alarming growth in the size and sophistication of the fake identification
business, which has graduated from nuisance industry to national security threat. At the end of October, the
Department of Motor Vehicles had recorded 373 arrests for driver's license fraud, which includes both
manufacturing and possessing the bogus IDs. That's a larger number in 10 months than the 294 arrests
made during all of last year.
Sometimes important information is lost -- in huge quantities!
Medical diagnoses for 130,000
people vanish into thin air. New York-based Lincoln Medical and Mental Health Center has
become one of the latest medical providers to expose highly sensitive patient data after CDs containing
unencrypted data sent by FedEx never made it to their destination.
national ID card cloned in 12 minutes. Using a Nokia mobile phone and a laptop computer, [Adam]
Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes. He then
created a cloned card, and with help from another technology expert, changed all the data on the new card.
This included the physical details of the bearer, name, fingerprints and other information. He then
rewrote data on the card, reversing the bearer's status from "not entitled to benefits" to "entitled to
benefits". He then added fresh content that would be visible to any police officer or security
official who scanned the card, saying, "I am a terrorist — shoot on sight."
Police wants handheld ID card readers. A tender notice published in the Official Journal of the
EU said the Met was looking to award a three-year framework agreement to supply, support and integrate
handheld mobile identification units (MIUs).
spends £140,000 to keep ID card review secret. The Office of Government Commerce has spent
at least £140,000 on legal fees to keep secret two early Gateway reviews on the national ID cards scheme.
Costs will rise further if government lawyers appeal against a new order by the Information Tribunal to
disclose the reviews.
Social Security number code cracked,
study claims. For people born after 1988 — when the government began issuing numbers at
birth — the researchers were able to identify, in a single attempt, the first five Social Security digits for
44 percent of individuals. And they got all nine digits for 8.5 percent of those people in fewer
than 1,000 attempts. For smaller states their accuracy was considerably higher than in larger ones.
gets busy shifting the wealth. Don't be surprised if someday soon you're asked to punch in your
Social Security number when you swipe your credit card at the gasoline pump. Why? So your income
tax files can be checked to determine how much you'll pay per-gallon — the more you make, the higher
The hazards of a cashless society are very clear to those who will observe.
charged $23,148,855,308,184,500 for one pack of cigarettes. A New Hampshire man says he swiped
his debit card at a gas station to buy a pack of cigarettes and was charged over 23 quadrillion dollars.
The Editor says...
First of all, how is a pre-paid debit card capable of incurring a 23 quadrillion dollar charge? And
secondly, if the customer had been charged $23 instead of $23 quadrillion, what are the chances that he
could have recovered his money?
Glitch hits Visa users with more than
$23 quadrillion charge. A technical snafu left some Visa prepaid cardholders stunned and
horrified Monday to see a $23,148,855,308,184,500 charge on their statements. That's about 2,007 times
the size of the national debt.
The Editor says...
Even at the end of Obama's term as president, that will still be at least twice as much as the
Beach bureau was one-stop shop for illegal driver licenses. Five women who worked at the Delray Beach
driver's license office and a Delray Beach man have been charged in connection with a scheme to provide hundreds, if
not thousands, of illegal immigrants with valid driver's licenses.
Hackers' discount — stolen card
details for 8 cents. The theft of personal information by hackers is so prevalent — and
efficient — that stolen credit card details now sell for as little as eight cents a card, a report by
one of the world's biggest computer security companies says.
Undercover Agent Obtained Passport with
Fraudulent IDs; Passed Airport Security. Carrying a fake New York birth certificate and a phony Florida
driver's license, an investigator walked into a Maryland post office in December to apply for a U.S. passport, filling
out documents with the Social Security number of a man who died in 1965. In four days, the investigator received
Good or bad, this was an unintended consequence:
A REAL Problem for
Obama. On his second day in office, President Obama issued an executive order to shutter the
Guantanamo Bay detention camp within one year — without any plan for how to dispose of the 241 detainees
held there. With the clock ticking, the president is discovering that closing Guantanamo is more easily
said than done, especially now that his own party in Congress has deserted him. ... His greatest obstacle
could be a national security law — and one that he voted for. The REAL ID Act of 2005
prohibits anyone affiliated with terrorist activity from entering and living in the United States.
Fake documents swamp Houston.
Illegal immigrants fearful of being caught in stepped-up workplace raids are fueling a growing market in
Houston for phony immigration and work documents. The result, experts say, is a glut of false, altered
and counterfeit documents that are easily obtained at Houston-area flea markets, businesses and clandestine
printing shops set up in homes and apartments.
Crime 'franchise' hub in
Denver. Federal and state authorities are working to permanently close a metro Denver
counterfeit documents ring allegedly masterminded by a Mexico-based crime family they believe operates
in at least 33 states, churning out tens of millions of dollars worth of fake IDs.
official quits amid probes. The State Department official in charge of U.S. passport services
stepped down yesterday [4/4/2008] amid investigations into security breaches in the document records and overcharges for
blank passports. In the latest blow against the agency, court documents show a State Department employee
provided personal information from passport applications for use in a credit-card fraud scheme.
Faults IRS Computer Security. Two new IRS computer systems that will eventually cost taxpayers
almost $2 billion are being put into service despite known security and privacy vulnerabilities, a
Treasury watchdog said in a report coming out Thursday [10/16/2008]. The office of the Treasury Inspector General
for Tax Administration said Internal Revenue Service officials failed to ensure that identified weaknesses
had been addressed before putting the new systems into use.
State Department warns of possible
identity theft. The State Department said Friday it has warned nearly 400 passport applicants of a
security breach in its records system that may have left them open to identity theft. The department has so
far notified 383 people — most of them in the Washington, D.C. area — that their passport
applications containing personal information, including Social Security numbers, may have been illegally accessed
and used to open fraudulent credit card accounts, spokesman Sean McCormack said.
School ID Rule Has Some
Seeing Red. Hall passes just don't cut it anymore at a Missouri high
school. Now the staff and 1,300 students have to wear IDs when they roam the halls.
You Want Pancakes? Show Your
Driver's License First. In Quincy Mass, an International House of Pancakes (IHOP) was requiring
driver's licenses before you got your food. It was apparently an attempt at stopping people from
skipping out on their bill.
theft linked to illegal immigration. Nobody likes getting a letter from the IRS. So imagine
Amanda Bien's reaction last Valentine's Day when the agency wrote to demand $3,300 in back taxes. For
jobs she never worked. Five of them. In multiple states.
Someone, somewhere, got Bien's
name and Social Security number and gave it a workout.
Private details of EVERY family in Britain 'lost'
by taxman. Alistair Darling had to make an emergency statement to the Commons revealing
that records of 7.2 million bank accounts of all parents or guardians who claim child benefits had gone
missing. ... A total of 25 million people's names [addresses, bank numbers and National Insurance
numbers] are on the discs, potentially leaving them all at risk of identity fraud.
UK Government disks were not well encrypted.
There are electronic connections on multiple security levels between those departments -- there was
really no need at all for that data to travel physically. And this lot wants the population to
agree to a central IDcard scheme?
Election Computers Stolen in Tennessee.
Thieves stole laptop computers containing the names and social security numbers of every registered voter in the
city from election commission offices over the Christmas holiday. The computers also contain voters'
addresses and phone numbers.
Data loss shakes
voter trust. The Metro Nashville building from which thieves stole two computers containing
sensitive voter data does not have security guards on duty for half of the day on weekends, and it has no
alarm system or video surveillance. The Metro Office Building on Second Avenue South has had one guard
on duty 12 hours a day on Saturdays, Sundays and holidays for about 10 years, said Velvet Hunter,
Metro General Services' assistant director for administration. She declined to specify the hours
ID Cards Contain RFIDs. Parents in a northern California public school
district and civil liberties groups are urging a school district to terminate the
mandatory use of Radio Frequency Identification tags by students. A letter was
sent today [2/8/2005] expressing alarm at the Brittan School District's use of mandatory
ID badges that include a RFID device that tracks the students' movements. The
device transmits private information to a computer on campus whenever a student passes under
one of the scanners. The ID badges also include the student's name, photo, grade, school
name, class year and the four-digit school ID number. Students are required to prominently
display the badges by wearing them around the neck at all times.
protest radio ID tags for students. The only grade school in this rural
town is requiring students to wear radio frequency identification badges that can track
their every move. Some parents are outraged, fearing it will rob their children
(More about RFID issues.)
Ordering a Pizza Could be Complicated by Your National
ID Card. A Shockwave satire, presented by the ACLU, which makes some interesting points about the
privacy-destroying potential of the National ID Card. I'm no fan of the ACLU, but at least they can see
where this road is headed.
Are new passports an identity-theft
risk? Privacy advocates warn data chips can be "seen" by anyone with reader.
REAL ID: The
REAL ID Act requires driver's licenses to include a "common machine-readable
technology." This will, of course, make identity theft
easier. … It actually doesn't matter how well the states and federal
government protect the data on driver's licenses, as there will be parallel
commercial databases with the same information.
Identity Theft by Terrorists and Criminals: A statement by
Congressman Ron Paul: "It is long-past time we recognized the
ways in which Congress' transformation of the Social Security number into
a de facto uniform identifier facilitates identity crimes.
Cards: Big Brother's Little Helpers. Smart cards will be able to generate
records of the date, time and location of all movements on public and private transport
systems, along with details of all goods purchased, telephone use, car parking, attendance
at the cinema, and any other activities paid for by smart cards. These records will also
be processed and stored in central databases, where they will be used to create
detailed customer profiles.
Theft Diminishes Military Capability. The crux of identity theft is interactive
databases. Once false information is entered, it results in a geometric progression similar
to a computer virus. This can result in false warrants, arrest records, default judgments,
tax problems and ruined credit.
You Prevent Identity Theft? The best approach is to be proactive and take
steps to avoid being a victim. Here are a few of the suggestions.
Number of Identity Theft
Complaints Double Last Year. Complaints about identity theft soar as the fast-growing crime tops
the government's list of consumer frauds for a third consecutive year.
Privacy advocates sue over national IDs: A
privacy group says it has filed a lawsuit against the federal Office of Homeland Security in an attempt to gain
access to information about a proposed national identification system.
Anonymity in America: Does National Security
Preclude It? Anonymous speech has proud roots stretching to the origins of America.
Gentlemen calling themselves "Publius" wrote the Federalist Papers. Thomas Paine's Common Sense was
signed by "An Englishman." Today, computer programs that allow us to encrypt emails – to
scramble them such that only the intended "key-holding" recipient can decipher the message — represent
perhaps the newest incarnation of the old tradition of speaking both freely and anonymously.
Note: There is more
on this page about identity theft and