Karen Tucker, of Pittsburgh, was arrested this week and charged with one count of wire fraud and one count of aggravated identity theft. What did she do? Federal authorities say that she defrauded hundreds of wedding-industry vendors who registered for a heavily advertised bridal show. Tucker and an uncharged co-conspirator pretended to be a company called The Boston 411 that heavily promoted a bridal show that was supposed to take place on the weekend of March 5. Tucker and her co-conspirator claimed in advertisements that thousands of would-be brides and grooms planned to attend the show, which was a lie.

While Tucker did not directly target brides to be with this scam, the fact that she tried to dupe many companies involved in the wedding industry made us want to elevate her to the “worst person of the week.”

So, to you Karen Tucker, while you are serving jail time (up to 20 years), you can comfort yourself in knowing that you are the “wost person” of the week. Congratulations.

Despite widespread awareness of the impact of cybercrime, cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions. The purpose of this benchmark study was twofold. First, Ponemon, in partnership with ArcSight, wanted to quantify the economic impact of a cyber attack. Second, Ponemon believed a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the institute, in an interview with USA Today.

The study also found:

- The most costly cybercrimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90% of all cybercrime costs per organization on an annual basis.

- Cyberattacks took 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.

The release of the study coincided with the Black Hat Conference happening this week in Las Vegas.

Schools Risk Theft of Social Security Numbers of Children
Schools are putting children at risk of identity fraud by obtaining their Social Security numbers when it is not required by law and often unnecessary, the Social Security Administration’s Office of Inspector General has concluded. Some school systems in at least 26 states collect the nine-digit identifiers when students from kindergarten through high school register for classes, even though the respective state does not require it as a matter of law, according to a report released last week. Read the full Washington Times article here.

Health Net Settles with Connecticut Over Data Breach
California-based Health Net has agreed to pay $250,000 to the state of Connecticut to settle a lawsuit brought by the state’s attorney general, Richard Blumenthal, who sued the company over a large-scale data breach in 2009. Nothing in the settlement addresses protection of physician data specifically, and it’s unclear how much identifying information about network physicians might have been lost along with patient information. Health Net, which sold its Connecticut business to UnitedHealth Group in December 2009, did not admit any wrongdoing but agreed to adopt new security procedures and to pay the state an additional $500,000 if between now and Nov. 30, 2011, it’s determined that the compromised data has been accessed and misused. Read the full American Medical News post here.

Should You Tell Shareholders about Breaches?
Federal law states that health companies have to disclose if they’ve suffered a data breach. Information security group ISACA doesn’t think that’s enough. Considering the reputational risk to enterprise, the association believes mandatory reporting should be included in the company’s regular accounting releases, such as quarterly and annual reports. There has been a lot of conversation about what consumers should know about breaches and what steps should be taken if personal information is at risk. Along that line, I think it is a good idea to keep shareholders informed on the company’s security efforts. Read the full IT Business Edge post here.

Former University of California Employee Pleads Guilty in Identity Theft Scheme
Cam Giang pleaded guilty in federal court today to one count of wire fraud and one count of use of a Social Security number in violation of the laws of the United States, United States Attorney Joseph P Russoniello announced. In pleading guilty, Giang, who was an employee of the University of California San Francisco Medical Center at the time of the offense, admitted that he obtained and used the personal information (i.e ., birthdates and social security numbers) of other UC employees to create accounts on the StayWell Health Management, Inc. website and complete online health surveys on behalf of those individuals without their knowledge or consent. Read the full press release here.

Former Credit Union Employee Arrested for Identity Theft
Mesa police arrested a former credit union employee who they said used a customer’s identity and her own address to apply for credit cards, court records state. An investigation into a reported credit card theft led officers to Esther J. Hulse, a former Arizona Federal Credit Union employee from Phoenix, Wednesday morning, court records state. The victim contacted police on June 22 after she received a call from Bank of America, thanking her for applying for a credit card online. Read the full AZ Central article here.

Intersections Inc. Offers Advice For Travelers To Avoid Identity Theft When Traveling For Business Or Pleasure
Intersections Inc., a leading provider of consumer and corporate identity theft risk management services, and ITAC, the Identity Theft Assistance Center, a national advocate for recognized identity theft prevention and recovery, advises leisure and business travelers to be aware of their increased exposure on the road and to learn how to protect themselves from becoming the next victim of identity theft. According to the U.S. Travel Association, 2.3 percent more vacation travel is expected this year than in 2009. Read the full press release here.

Feds Announce Charges In Airline Ticket Scam
Federal prosecutors said a scam has cost the major airlines at least $20 million in lost airfares. In a complicated conspiracy, black market travel agents bought stolen credit card numbers and used them to buy airline tickets for other people, selling the tickets at a deep discount, prosecutors said. “Any advertising was minimal,” said Beth Phillips, United States Attorney for Western Missouri. “The majority of the times, the scheme was communicated by word of mouth.” Phillips announced charges against 38 people on Friday in an identity theft scam that crossed the nation. It was a scam that she said was first discovered in the Kansas City area. Read more here.

Identity Theft Protection Impossible With Blizzard’s New Policy?
Gamer Worldwide are up in arms with Activision Blizzard Inc’s. new policy which will make identity theft protection a mere fantasy. Blizzard, publisher of well known RPGs (Role Playing Games) “World of Warcraft”, “Diablo” and “Starcraft”, announced that forum posters will be required to reveal their real identities immediately after the launch of their newest Starcraft series on July 27. They rationalized that this policy is necessary to limit the amount of trolling and other forms of cyber harassment in their forums. They also argued that the Real ID system is widely used in such social networking sites as Facebook and Twitter. This move will also allow gamers to better interact with their friends. Since their own staff who will serve as forum moderators will also use their real names, better customer service will be provided and complaints will be easily addressed. Read the full All247 News post here.

NSA “Perfect Citizen” Program is Only One Piece of Cyber Security Puzzle
It is the job of the National Security Agency (NSA) to protect US national security systems, which includes the critical infrastructure–whether public or private sector–that forms the backbone of national defense and commerce for the country. The NSA “Perfect Citizen” initiative is only one step, though, in a larger cyber security process that must involve private sector information security professionals to be effective. Read more from PC World here.

GAO Slams White House for Failing to Lead on Cybersecurity
The White House Office of Science and Technology Policy has so far failed to live up to its responsibility to coordinate a national cybersecurity R&D agenda, the Government Accountability Office (GAO) said in a report released this week. As a result, the U.S risks falling behind other countries on cybersecurity matters, and being unable to adequately protect its interests in cyberspace, the 36-page report warned. The GAO report was prepared at the behest of the House Committee on Homeland Security, and called on the OSTP to show more leadership in pulling together a focused and prioritized short, medium- and long-term R&D strategy for cybersecurity. Read the full ComputerWorld article here.

Biometric Solutions to Identity Theft Crimes
Many experts believe the future of preventing identity theft lies with biometrics. Biometric technologies can include, but aren’t limited to: iris scans, as well as those for fingerprints, palm, skin, voice and face patterns. While biometric technology itself is still in its fundamental stages compared to what its potential could hold, some businesses are already beginning to use the technology. For example, Albertson’s, which is the number two supermarket chain, is one of numerous retailers testing biometric payment systems. These systems allow customers to pay for purchases with a simple swipe of their finger. The way the system works is that customers register their fingerprints and link that information with their bank account to pay for their purchases. The transactions are then processed through service providers, with the main ones being Pay By Touch and BioPay. Read the full Helium blog post here.

IT Protects the Network, But Who Protects the Network from IT?
Businesses have gigabytes upon gigabytes of sensitive and confidential data archived on servers, storage arrays, or backup media. Those companies rely on the expertise of information security professionals to protect that data and prevent unauthorized access. The question, though, is “who is protecting the sensitive and confidential data from the information security professionals?” Cyber-Ark Software has compiled its fourth annual “Trust, Security and Passwords” survey and has uncovered unsettling statistics that companies may find concerning. The survey–conducted with 400 IT administrators and information security professionals at Infosecurity Europe 2010 and RSA USA 2010–found that those entrusted to protect the data may be one of the bigger threats to it. Read the full PC World article here.

The esteemed winner of the “Worst Person” moniker is Julia Robinson, a 30-year old elderly caregiver, who was arraigned on two felony counts: one count of false statement of identity to obtain a financial transaction device, a four-year felony, and a second count of possession of personal information with intent to commit identify theft, a five-year felony.

The definition of a caregiver is simply someone who provides care to those who need it. While this is a most commendable profession, Robinson has sunk to a new low. Hurting the elderly, children and animals is a big “no-no” in our book. Also, in case you missed it, check out our podcast about financial services companies taking steps to protect the elderly from fraud. ITAC was also featured in a Washington Post story on this very topic as well.

So, Julia Robinson, congratulations. You are officially the “Worst Person of the Week.”

FedEx Loses 138,000 Patient Records
New York City Lincoln Hospital has suspended sending CDs via courier after a package containing seven containing detailed patient data was lost en route from its bill processing supplier Siemens Medical Solutions to the hospital. Siemens notified the hospital in early April that the package had gone missing some time between 16 and 24 March. Siemens said it was attempting to locate the CDs, which had been sent via FedEx and was lost while in its possession. Read the full IT News article here.

Cyber Threats Command Congressional Attention
mid amplifying alarms that the U.S. is unprepared for a cyberattack that could cripple electricity grids, shut down water and sewage systems or freeze up the financial system, momentum is building in Congress to pass major legislation to boost the country’s cyber defenses. But as lawmakers appear poised to act within months, privacy advocates are concerned about how much control a new law would vest in the federal government to monitor communications over private networks or to control the Internet in the event of an attack. Yet with CIA Director Leon Panetta recently calling a potential cyberattack one of the most underappreciated national security dangers, the need to do something is not in dispute. “A full-scale cyberattack,” Sen. Joe Lieberman, chairman of the Senate Homeland Security and Governmental Affairs Committee, said at a June hearing, “could lead to the death and injury of thousands of people, and could cost our economy billions of dollars.” Read the full San Jose Mercury News article here.

Ten Arrested in Multi-Million Dollar Mortgage Fraud and Identity Theft Enterprise
Attorney General Bill McCollum and the Florida Department of Law Enforcement (FDLE) Commissioner Gerald Bailey today announce the arrest of 10 members of a criminal mortgage fraud and identity theft operation. The group is charged with defrauding numerous financial institutions out of more than $8 million, and using the identities of unsuspecting individuals as part of the conspiracy to obtain the mortgages and properties. The arrests are the result of a four-year investigation conducted by FDLE’s Miami Regional Operations Center and the Attorney General’s Office of Statewide Prosecution. The individuals arrested face charges including racketeering, conspiracy to commit racketeering, grand theft, and title insurance fraud. Read the full RealEstateRama post here.

UPDATE: Connecticut Investigating Data Breach At Insurer WellPoint
Connecticut Attorney General Richard Blumenthal announced Friday his office is investigating an online security breach that may have exposed personal information about nearly 500,000 WellPoint Inc. (WLP) customers, including thousands in his state. A Democratic candidate to succeed Sen. Chris Dodd (D., Conn.), Blumenthal is requesting details about the breach and steps the largest health insurer in the U.S. by members has taken to protect the affected people and prevent future breaches. He also wants WellPoint to provide at least two years of credit monitoring and $25,000 in identity theft insurance to each person while saying they should be allowed to place a “security freeze” on their credit reports and be able to remove them at WellPoint’s expense. Read the full WSJ post here.

Security Breach Exposes Sensitive University of Maine Student Data
Hackers have compromised two University of Maine servers, hosting personal and clinical information of 4,585 students who received counseling services in the last eight years. The university plans to offer all affected individuals at least twelve months of credit monitoring services. The first server was breached at the beginning of March, the intruders using the newly gained access to compromise the second one shortly thereafter. The methods employed to carry out the attacks successfully have not been disclosed due to an ongoing investigation led by the University of Maine police department. Read the full Softpedia post here.

Margot Sommerville (not her in the photo – that’s Estelle Getty from Golden Girls!) had her purse stolen in June 2006 in California. Five months later, while visiting family members in Wheat Ridge, she noticed that $20,000 was missing from her account. She reported the issue to police and, in an odd twist, became a suspect in a massive identity theft ring. In 2008, she was arrested at her home and spent one night in jail. Over a four-year period, Sommerville would spend close to $60,000 trying to clear her name.

Grandma gets $20,000 stolen from her, gets arrested for running a sophisticated identity theft ring, and spends $60,000 trying clear her name. If anyone needs a little bit of support and accolades these days it is Margot Sommerville. Congrats, you are the “Best Person of the Week.”

So, we have to admit that we were pretty shocked when we stumbled upon a story of a Trenton, NJ-based credit counselor who actually stole the identities of those he counseled. Wayne Bessant, former operator of BNB Credit Counseling is now being charged with identity theft, attempted theft by deception, wrongful impersonation, fraudulent use of credit cards and computer theft via accessing and disclosing data. So what did he buy with his ill-gained access to his clients’ credit? He bought a 2009 Cadillac Escolade and a 2007 Mercedes Benz, and he changed mortgage account mailings to Trenton addresses.

According to the Trentonian newspaper, Bessant is also under indictment for two counts of theft by unlawful taking from a prosecutor’s office’s ECU investigation during the fall of 2008 where he allegedly stole $200,000 from Commerce (Now TD) Bank through fraudulent fund transfers. He is on supervised release for a 2001 drug conviction, and is currently in jail on $300,000 bail on those alleged crimes.

So, congratulations Wayne Bessant. You get the dubious honor of being the “Worst Person of the Week.”

Anthem Blue Cross Cops to Massive Data Breach
A sloppy website upgrade is being blamed this week for a data breach that left the most sensitive personal information of more than 230,000 Anthem Blue Cross members exposed for more than five months. Anthem officials said its corporate website had been revamped in October by a third-party vendor that, according to the health insurer, failed to secure sections of the site to ensure visitors couldn’t access members’ medical records and Social Security numbers. “We were told by a third-party vendor that all security measures were in place,” Cynthia Sanders, an Anthem spokeswoman, said in a statement. As it turns out, visitors were able to access the personal information of the more than 230,000 people who had pending insurance applications in the Anthem system. Read the full eSecurity Planet article here.

700-Plus Credit Cards Stolen from Hotel
Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests’ credit card information, Texas police officials told ABC News today. Destination Hotels & Resorts had its computer system hacked and the credit card data of more than 700 guests across the country was stolen, according to Austin, Texas, police. The Englewood, Colo., company manages more than 30 upscale hotels, resorts and conference centers in places such as Washington, D.C., Denver , San Diego, Santa Fe, Aspen, Colo., Los Angeles , Palm Springs, Calif., Houston and Lake Tahoe. Read the full ABC News story here.

FTC Says Current Privacy Laws Aren’t Working
A U.S. Federal Trade Commission representative delivered a stern indictment of current privacy laws last week, saying they fail to protect American consumers and instead place too much of a “burden” on them. The existing constellation of privacy laws, which relies heavily on disclosure of data collection and use practices and on informed consumer choice, “in some very basic sense isn’t working,” said Kathryn Ratte, a senior attorney in the FTC’s consumer protection bureau. “We’ve put too much burden on the consumers to understand these policies,” Ratte said here at an event organized by Canada’s privacy commissioner. “To compare the privacy policies of two companies is an almost impossible task.” Read the full CNET article here.

Twitter Settles F.T.C. Privacy Case
Twitter has settled a Federal Trade Commission investigation into the security and privacy protections it offers users, Brad Stone reports in The New York Times. For the last 11 months, the F.T.C. has been looking into two security breaches at Twitter in 2009 in which a hacker got access to the accounts of several prominent members, including Barack Obama, then the president-elect, and was able to read their private Twitter messages and send out fake messages from their accounts. The F.T.C.’s punishment was not severe. Twitter, based in San Francisco, agreed to set up a security program that will be audited by an outside company, and, according to the F.T.C.’s news release on the case, “will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information.” Read the full NY Times post here.

Puerto Ricans Targeted in Massive ID Theft Schemes
Born in a U.S. territory where he has lived all his life, Jose Marrero Rivera didn’t know his name and social security number were racking up thousands of dollars in unpaid charges in Chicago and Miami. The snack bar worker is one of thousands of Puerto Ricans caught up in a lucrative document-fraud scheme to hide illegal immigrants in the United States. They’re American citizens with Hispanic surnames. And their records — kept loosely in schools or church rectories, where they are easy to steal — draw as much as $6,000 on the black market. Only when police showed up at Marrero’s San Juan airport food stand to arrest him for car theft did he realize that identity thieves were upending his life. Read the full AP story here.