Karen Tucker, of Pittsburgh, was arrested this week and charged with one count of wire fraud and one count of aggravated identity theft. What did she do? Federal authorities say that she defrauded hundreds of wedding-industry vendors who registered for a heavily advertised bridal show. Tucker and an uncharged co-conspirator pretended to be a company called The Boston 411 that heavily promoted a bridal show that was supposed to take place on the weekend of March 5. Tucker and her co-conspirator claimed in advertisements that thousands of would-be brides and grooms planned to attend the show, which was a lie.

While Tucker did not directly target brides to be with this scam, the fact that she tried to dupe many companies involved in the wedding industry made us want to elevate her to the “worst person of the week.”

So, to you Karen Tucker, while you are serving jail time (up to 20 years), you can comfort yourself in knowing that you are the “wost person” of the week. Congratulations.

Despite widespread awareness of the impact of cybercrime, cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions. The purpose of this benchmark study was twofold. First, Ponemon, in partnership with ArcSight, wanted to quantify the economic impact of a cyber attack. Second, Ponemon believed a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the institute, in an interview with USA Today.

The study also found:

- The most costly cybercrimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90% of all cybercrime costs per organization on an annual basis.

- Cyberattacks took 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.

The release of the study coincided with the Black Hat Conference happening this week in Las Vegas.

Schools Risk Theft of Social Security Numbers of Children
Schools are putting children at risk of identity fraud by obtaining their Social Security numbers when it is not required by law and often unnecessary, the Social Security Administration’s Office of Inspector General has concluded. Some school systems in at least 26 states collect the nine-digit identifiers when students from kindergarten through high school register for classes, even though the respective state does not require it as a matter of law, according to a report released last week. Read the full Washington Times article here.

Health Net Settles with Connecticut Over Data Breach
California-based Health Net has agreed to pay $250,000 to the state of Connecticut to settle a lawsuit brought by the state’s attorney general, Richard Blumenthal, who sued the company over a large-scale data breach in 2009. Nothing in the settlement addresses protection of physician data specifically, and it’s unclear how much identifying information about network physicians might have been lost along with patient information. Health Net, which sold its Connecticut business to UnitedHealth Group in December 2009, did not admit any wrongdoing but agreed to adopt new security procedures and to pay the state an additional $500,000 if between now and Nov. 30, 2011, it’s determined that the compromised data has been accessed and misused. Read the full American Medical News post here.

Should You Tell Shareholders about Breaches?
Federal law states that health companies have to disclose if they’ve suffered a data breach. Information security group ISACA doesn’t think that’s enough. Considering the reputational risk to enterprise, the association believes mandatory reporting should be included in the company’s regular accounting releases, such as quarterly and annual reports. There has been a lot of conversation about what consumers should know about breaches and what steps should be taken if personal information is at risk. Along that line, I think it is a good idea to keep shareholders informed on the company’s security efforts. Read the full IT Business Edge post here.

Former University of California Employee Pleads Guilty in Identity Theft Scheme
Cam Giang pleaded guilty in federal court today to one count of wire fraud and one count of use of a Social Security number in violation of the laws of the United States, United States Attorney Joseph P Russoniello announced. In pleading guilty, Giang, who was an employee of the University of California San Francisco Medical Center at the time of the offense, admitted that he obtained and used the personal information (i.e ., birthdates and social security numbers) of other UC employees to create accounts on the StayWell Health Management, Inc. website and complete online health surveys on behalf of those individuals without their knowledge or consent. Read the full press release here.

Former Credit Union Employee Arrested for Identity Theft
Mesa police arrested a former credit union employee who they said used a customer’s identity and her own address to apply for credit cards, court records state. An investigation into a reported credit card theft led officers to Esther J. Hulse, a former Arizona Federal Credit Union employee from Phoenix, Wednesday morning, court records state. The victim contacted police on June 22 after she received a call from Bank of America, thanking her for applying for a credit card online. Read the full AZ Central article here.

Between June and July, the ring, comprised of seven low lifes, made 32 separate fake IDs using information stolen from people in Florida, California and other states and showed FBI agents a list of 110 real identities to choose from. Arrested in the sting were the following people: Verne Edward Bell, Michael Angelo Mercado, Ryan Patrick Sullivan, Gregory Charles Lenox, Ileana Martinez, Erlon Abraao Monteiro and Vernon Antonio Taylor.

In a series of meetings between June 14 and July 15, FBI agents paid Mercado and Bell a total of $27,750 for fake IDs. In one instance, Mercado told an FBI agent he worked with a hacker who stole people’s bank account passwords and personal identification numbers for cash machines, and added that he had personal information for 2,700 people that he could use to steal identities.

So, Special Agent Waldo J. Longa, we would like to extend our thanks and gratitude for all the good work you and your team do to stop identity theft. Congratulations, you are the “Best Person of the Week.”

The report stated that: “A critical element of a robust cybersecurity strategy is having the right people at every level to identify, build, and staff the defenses and responses. And that is, by many accounts, the area where we are the weakest.”

According to InformationWeek, others are like Jim Gosler, a fellow at Sandia National Laboratory, National Security Agency visiting scientist, and the founding director of the CIA’s clandestine information technology office, fully agree with CSIS’s study. Gosler has previously estimated that the United States requires 10,000 to 30,000 people who are highly skilled at cybersecurity but that currently, only about 1,000 are available.

That is a massive talent gap that bodes well for those qualified folks looking for careers in cyber security. The bigger issue — and this is really no surprise — our nation is in a very weak position when it comes to cyber security. Let’s hope this talent gaps gets filled up quickly…

Our sense of trust was broken when we stumbled upon a story of a Daytona Beach police officer who was arrested for using her grandmother’s identification while obtaining an auto loan. Claudia Wright, who has been with the police department for five years, faces a charge of uttering forged instruments, uttering a forged check and criminal use of personal identification information. Officials said she could be facing additional charges as the investigation progresses.

So, Claudia Wright not only breached the trust between an officer and a citizen, she also focused her crime on her own family member. As we have covered before, identity theft against family members is, unfortunately, a very common thing. Congratulation to Claudia. You are officially deemed the “Worst Person of the Week” by the ITAC blog editorial team.

As our readers know, the editorial staff of the ITAC blog is always on the look out for trends, stories of the unusual, and of course, the best and worst folks in identity theft. Well, after hours of dedicated research, we have come to one conclusion: our beloved corporate America is under attack by hackers and thieves. And, we will tell you why.

Yesterday, electronics and electrical engineering titan Siemens has identified a new virus that, according to security experts, seems to be targeting the systems of manufacturing and utility companies. IDG News Service reported that the apparent purpose of the highly sophisticated virus is to steal top-secret and competitive information. This is straight our of the 2009 movie “Duplicity” where two corporations battle it out via spying only to get duped by two competitive corporate spies (Julia Roberts and Clive Owen) who are in cahoots. Life does imitates art.

While the virus identified by Siemens is shall we say “higher in the virus food chain,” a new form of corporate fraud is emerging where bad guys forge false business identities to make fraudulent purchases. Colorado’s Secretary of State and other officials are warning the state’s 800,000 or so registered businesses to watch out for these types of scammers who are making fraudulent purchases from several big-box retailers. So far, at least 35 businesses in the state have had their corporate identities misused to open fraudulent credit accounts at retailers such as Home Depot, Lowe’s, Office Depot, Apple and Dell.

Why do the bad guys target corporate America? Yes, this is a rhetorical question. Corporate America is both loved and hated and is the machine that has a great big bulls eye on its back. And, this bulls eye keeps getting bigger and bigger.

Child-Identity Theft Increases
Imagine applying for that first job, that first exciting credit card, that freshman-year college loan. Now, don’t. For more young adults, plans and hopes are being dashed because they are unwitting victims of identity theft at the hands of someone they know, usually their parents. It often happens when victims are too young to do anything about it, so it’s a crime that can go undetected for years. Read the full AJC story here.

Conn. AG Wants Teachers Board to Explain Lost Data
Connecticut Attorney General Richard Blumenthal says the state Teachers’ Retirement Board owes its members identity theft protection and an explanation after waiting six months to inform them of a lost flash drive containing retirement data. Blumenthal said Wednesday he is urging the board to give more than 58,000 members identity theft protection for two years and more details of how the drive vanished and exactly what information it contained. Read the full AP story here.

Bill Would Target Data Breaches
Two Senate lawmakers introduced a bill last Wednesday that would require financial institutions, retailers, federal agencies and others to do more to safeguard sensitive information and to investigate security breaches. The bill offered by Sens. Tom Carper, D-Del., and Robert Bennett, R-Utah also would require these entities to notify consumers when there is a “substantial” risk of identity theft or fraud becauase of a security breach involving their sensitive information. It would apply to retailers who take credit card information, data brokers who compile private information and government agencies that hold nonpublic personal information, according to a news release. Read the full National Journal article here.

AMR Breach Puts 79,000 Employees at Risk
In one of the largest data breaches in recent months, AMR, the parent company of American Airlines, said it’s in the process of notifying more than 79,000 current, former and retired employees that a hard drive containing their most sensitive personal information was stolen from its corporate headquarters in Fort Worth, Texas. The Associated Press reported the breach earlier this month. AMR (NYSE: AMR) officials told the AP that the purloined drive contained images of microfilm files that stored data such as employees’ names, address, birth dates, Social Security numbers and what it described as “limited” bank account information. Read the full eSecurity Planet article here.

Happy Monday!

So here we go. We all know that getting your child into the right preschool can be a competitive and pressure-filled activity — especially for those who believe that the right pre-school will put a child on the path to the Ivy Leagues. Did anyone see the documentary Nursery University? We think you get the point.

Well in the UK, a devious mother posed as another parent in an attempt to remove a rival child’s name from a school waiting list. The woman created a fraudulent Gmail account to fool school authorities at the “outstanding” Coleridge primary school in Crouch End, London. Using this fake account and quoting the name and correct date of birth of the child, she wrote to education officials at Haringey council and told them to remove the four year-old girl from the list. Which they did. The ruse unraveled when the victim’s mother phoned to inquire about the progress of her child’s application.

Again, all we can say is “wow.” Read more from the Register here.

Intersections Inc. Offers Advice For Travelers To Avoid Identity Theft When Traveling For Business Or Pleasure
Intersections Inc., a leading provider of consumer and corporate identity theft risk management services, and ITAC, the Identity Theft Assistance Center, a national advocate for recognized identity theft prevention and recovery, advises leisure and business travelers to be aware of their increased exposure on the road and to learn how to protect themselves from becoming the next victim of identity theft. According to the U.S. Travel Association, 2.3 percent more vacation travel is expected this year than in 2009. Read the full press release here.

Feds Announce Charges In Airline Ticket Scam
Federal prosecutors said a scam has cost the major airlines at least $20 million in lost airfares. In a complicated conspiracy, black market travel agents bought stolen credit card numbers and used them to buy airline tickets for other people, selling the tickets at a deep discount, prosecutors said. “Any advertising was minimal,” said Beth Phillips, United States Attorney for Western Missouri. “The majority of the times, the scheme was communicated by word of mouth.” Phillips announced charges against 38 people on Friday in an identity theft scam that crossed the nation. It was a scam that she said was first discovered in the Kansas City area. Read more here.

Identity Theft Protection Impossible With Blizzard’s New Policy?
Gamer Worldwide are up in arms with Activision Blizzard Inc’s. new policy which will make identity theft protection a mere fantasy. Blizzard, publisher of well known RPGs (Role Playing Games) “World of Warcraft”, “Diablo” and “Starcraft”, announced that forum posters will be required to reveal their real identities immediately after the launch of their newest Starcraft series on July 27. They rationalized that this policy is necessary to limit the amount of trolling and other forms of cyber harassment in their forums. They also argued that the Real ID system is widely used in such social networking sites as Facebook and Twitter. This move will also allow gamers to better interact with their friends. Since their own staff who will serve as forum moderators will also use their real names, better customer service will be provided and complaints will be easily addressed. Read the full All247 News post here.

NSA “Perfect Citizen” Program is Only One Piece of Cyber Security Puzzle
It is the job of the National Security Agency (NSA) to protect US national security systems, which includes the critical infrastructure–whether public or private sector–that forms the backbone of national defense and commerce for the country. The NSA “Perfect Citizen” initiative is only one step, though, in a larger cyber security process that must involve private sector information security professionals to be effective. Read more from PC World here.

GAO Slams White House for Failing to Lead on Cybersecurity
The White House Office of Science and Technology Policy has so far failed to live up to its responsibility to coordinate a national cybersecurity R&D agenda, the Government Accountability Office (GAO) said in a report released this week. As a result, the U.S risks falling behind other countries on cybersecurity matters, and being unable to adequately protect its interests in cyberspace, the 36-page report warned. The GAO report was prepared at the behest of the House Committee on Homeland Security, and called on the OSTP to show more leadership in pulling together a focused and prioritized short, medium- and long-term R&D strategy for cybersecurity. Read the full ComputerWorld article here.

Biometric Solutions to Identity Theft Crimes
Many experts believe the future of preventing identity theft lies with biometrics. Biometric technologies can include, but aren’t limited to: iris scans, as well as those for fingerprints, palm, skin, voice and face patterns. While biometric technology itself is still in its fundamental stages compared to what its potential could hold, some businesses are already beginning to use the technology. For example, Albertson’s, which is the number two supermarket chain, is one of numerous retailers testing biometric payment systems. These systems allow customers to pay for purchases with a simple swipe of their finger. The way the system works is that customers register their fingerprints and link that information with their bank account to pay for their purchases. The transactions are then processed through service providers, with the main ones being Pay By Touch and BioPay. Read the full Helium blog post here.

IT Protects the Network, But Who Protects the Network from IT?
Businesses have gigabytes upon gigabytes of sensitive and confidential data archived on servers, storage arrays, or backup media. Those companies rely on the expertise of information security professionals to protect that data and prevent unauthorized access. The question, though, is “who is protecting the sensitive and confidential data from the information security professionals?” Cyber-Ark Software has compiled its fourth annual “Trust, Security and Passwords” survey and has uncovered unsettling statistics that companies may find concerning. The survey–conducted with 400 IT administrators and information security professionals at Infosecurity Europe 2010 and RSA USA 2010–found that those entrusted to protect the data may be one of the bigger threats to it. Read the full PC World article here.