Here’s the gist of it. When Dan Wheeler’s wallet got stolen from his truck 15 years ago, he had no idea that a simple theft would lead to a lifetime of costly and embarrassing misunderstandings. But because the man who took his I.D. and credit cards happened to be a sex offender, and because of a strange quirk in the law, Wheeler will most likely be forever haunted by something out of his control. That is right Dan Wheeler will be labeled a “sex offender” for the rest of his life.

Check out this video interview with Mr. Wheeler:

Please help spread the word for Mr. Wheeler. Hopefully, our efforts will help him clear his good name.

Despite widespread awareness of the impact of cybercrime, cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions. The purpose of this benchmark study was twofold. First, Ponemon, in partnership with ArcSight, wanted to quantify the economic impact of a cyber attack. Second, Ponemon believed a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the institute, in an interview with USA Today.

The study also found:

- The most costly cybercrimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90% of all cybercrime costs per organization on an annual basis.

- Cyberattacks took 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.

The release of the study coincided with the Black Hat Conference happening this week in Las Vegas.

Schools Risk Theft of Social Security Numbers of Children
Schools are putting children at risk of identity fraud by obtaining their Social Security numbers when it is not required by law and often unnecessary, the Social Security Administration’s Office of Inspector General has concluded. Some school systems in at least 26 states collect the nine-digit identifiers when students from kindergarten through high school register for classes, even though the respective state does not require it as a matter of law, according to a report released last week. Read the full Washington Times article here.

Health Net Settles with Connecticut Over Data Breach
California-based Health Net has agreed to pay $250,000 to the state of Connecticut to settle a lawsuit brought by the state’s attorney general, Richard Blumenthal, who sued the company over a large-scale data breach in 2009. Nothing in the settlement addresses protection of physician data specifically, and it’s unclear how much identifying information about network physicians might have been lost along with patient information. Health Net, which sold its Connecticut business to UnitedHealth Group in December 2009, did not admit any wrongdoing but agreed to adopt new security procedures and to pay the state an additional $500,000 if between now and Nov. 30, 2011, it’s determined that the compromised data has been accessed and misused. Read the full American Medical News post here.

Should You Tell Shareholders about Breaches?
Federal law states that health companies have to disclose if they’ve suffered a data breach. Information security group ISACA doesn’t think that’s enough. Considering the reputational risk to enterprise, the association believes mandatory reporting should be included in the company’s regular accounting releases, such as quarterly and annual reports. There has been a lot of conversation about what consumers should know about breaches and what steps should be taken if personal information is at risk. Along that line, I think it is a good idea to keep shareholders informed on the company’s security efforts. Read the full IT Business Edge post here.

Former University of California Employee Pleads Guilty in Identity Theft Scheme
Cam Giang pleaded guilty in federal court today to one count of wire fraud and one count of use of a Social Security number in violation of the laws of the United States, United States Attorney Joseph P Russoniello announced. In pleading guilty, Giang, who was an employee of the University of California San Francisco Medical Center at the time of the offense, admitted that he obtained and used the personal information (i.e ., birthdates and social security numbers) of other UC employees to create accounts on the StayWell Health Management, Inc. website and complete online health surveys on behalf of those individuals without their knowledge or consent. Read the full press release here.

Former Credit Union Employee Arrested for Identity Theft
Mesa police arrested a former credit union employee who they said used a customer’s identity and her own address to apply for credit cards, court records state. An investigation into a reported credit card theft led officers to Esther J. Hulse, a former Arizona Federal Credit Union employee from Phoenix, Wednesday morning, court records state. The victim contacted police on June 22 after she received a call from Bank of America, thanking her for applying for a credit card online. Read the full AZ Central article here.

Between June and July, the ring, comprised of seven low lifes, made 32 separate fake IDs using information stolen from people in Florida, California and other states and showed FBI agents a list of 110 real identities to choose from. Arrested in the sting were the following people: Verne Edward Bell, Michael Angelo Mercado, Ryan Patrick Sullivan, Gregory Charles Lenox, Ileana Martinez, Erlon Abraao Monteiro and Vernon Antonio Taylor.

In a series of meetings between June 14 and July 15, FBI agents paid Mercado and Bell a total of $27,750 for fake IDs. In one instance, Mercado told an FBI agent he worked with a hacker who stole people’s bank account passwords and personal identification numbers for cash machines, and added that he had personal information for 2,700 people that he could use to steal identities.

So, Special Agent Waldo J. Longa, we would like to extend our thanks and gratitude for all the good work you and your team do to stop identity theft. Congratulations, you are the “Best Person of the Week.”

Our sense of trust was broken when we stumbled upon a story of a Daytona Beach police officer who was arrested for using her grandmother’s identification while obtaining an auto loan. Claudia Wright, who has been with the police department for five years, faces a charge of uttering forged instruments, uttering a forged check and criminal use of personal identification information. Officials said she could be facing additional charges as the investigation progresses.

So, Claudia Wright not only breached the trust between an officer and a citizen, she also focused her crime on her own family member. As we have covered before, identity theft against family members is, unfortunately, a very common thing. Congratulation to Claudia. You are officially deemed the “Worst Person of the Week” by the ITAC blog editorial team.

As our readers know, the editorial staff of the ITAC blog is always on the look out for trends, stories of the unusual, and of course, the best and worst folks in identity theft. Well, after hours of dedicated research, we have come to one conclusion: our beloved corporate America is under attack by hackers and thieves. And, we will tell you why.

Yesterday, electronics and electrical engineering titan Siemens has identified a new virus that, according to security experts, seems to be targeting the systems of manufacturing and utility companies. IDG News Service reported that the apparent purpose of the highly sophisticated virus is to steal top-secret and competitive information. This is straight our of the 2009 movie “Duplicity” where two corporations battle it out via spying only to get duped by two competitive corporate spies (Julia Roberts and Clive Owen) who are in cahoots. Life does imitates art.

While the virus identified by Siemens is shall we say “higher in the virus food chain,” a new form of corporate fraud is emerging where bad guys forge false business identities to make fraudulent purchases. Colorado’s Secretary of State and other officials are warning the state’s 800,000 or so registered businesses to watch out for these types of scammers who are making fraudulent purchases from several big-box retailers. So far, at least 35 businesses in the state have had their corporate identities misused to open fraudulent credit accounts at retailers such as Home Depot, Lowe’s, Office Depot, Apple and Dell.

Why do the bad guys target corporate America? Yes, this is a rhetorical question. Corporate America is both loved and hated and is the machine that has a great big bulls eye on its back. And, this bulls eye keeps getting bigger and bigger.

Child-Identity Theft Increases
Imagine applying for that first job, that first exciting credit card, that freshman-year college loan. Now, don’t. For more young adults, plans and hopes are being dashed because they are unwitting victims of identity theft at the hands of someone they know, usually their parents. It often happens when victims are too young to do anything about it, so it’s a crime that can go undetected for years. Read the full AJC story here.

Conn. AG Wants Teachers Board to Explain Lost Data
Connecticut Attorney General Richard Blumenthal says the state Teachers’ Retirement Board owes its members identity theft protection and an explanation after waiting six months to inform them of a lost flash drive containing retirement data. Blumenthal said Wednesday he is urging the board to give more than 58,000 members identity theft protection for two years and more details of how the drive vanished and exactly what information it contained. Read the full AP story here.

Bill Would Target Data Breaches
Two Senate lawmakers introduced a bill last Wednesday that would require financial institutions, retailers, federal agencies and others to do more to safeguard sensitive information and to investigate security breaches. The bill offered by Sens. Tom Carper, D-Del., and Robert Bennett, R-Utah also would require these entities to notify consumers when there is a “substantial” risk of identity theft or fraud becauase of a security breach involving their sensitive information. It would apply to retailers who take credit card information, data brokers who compile private information and government agencies that hold nonpublic personal information, according to a news release. Read the full National Journal article here.

AMR Breach Puts 79,000 Employees at Risk
In one of the largest data breaches in recent months, AMR, the parent company of American Airlines, said it’s in the process of notifying more than 79,000 current, former and retired employees that a hard drive containing their most sensitive personal information was stolen from its corporate headquarters in Fort Worth, Texas. The Associated Press reported the breach earlier this month. AMR (NYSE: AMR) officials told the AP that the purloined drive contained images of microfilm files that stored data such as employees’ names, address, birth dates, Social Security numbers and what it described as “limited” bank account information. Read the full eSecurity Planet article here.

Happy Monday!

The bad guys hate perfect, so we should be working with consumers to stop them.

I deal with the ugly aftermath of one type of cybercrime, helping consumers recover from identity theft. As a result, I am passionate about letting consumers know about online and real world sources of the crime.
Organizations like mine are joining forces to recruit consumers – who are also your customers and employees – in the fight against cybercrime. Expect to see major public education outreach in October as National Cyber Security Week, an initiative of the National Cyber Security Alliance, a month that also features Protect Your Identity Week, a coalition spearheaded by the National Consumer Counseling Association.

There are also professional organizations, like the Anti-Phishing Working Group and the Online Trust Alliance, that develop ideas and solutions to educate and arm consumers.

The obstacles to engaging consumers in the fight against cyber crime are enormous – more about that next time – but we ignore consumers at our peril. I encourage you to consider joining professional organizations like these. In this fight, it takes an army.

According to Computerworld, among those expected at the meeting are Homeland Security Secretary Janet Napolitano, and Gary Locke, Secretary of Commerce and several industry representatives, including some from electric utility companies and the vendor community. President Obama is expected to “briefly” attend the meeting.

Well, it seems that the timing is right for such a meeting. They should have had this meeting several months ago? Why? The GAO recently slammed the White House Office of Science and Technology Policy for failing to live up to its responsibility to coordinate a national cybersecurity R&D agenda. As a result (according to the GAO Report), the U.S risks falling behind other countries on cybersecurity matters, and being unable to adequately protect its interests in cyberspace.

So here we go. We all know that getting your child into the right preschool can be a competitive and pressure-filled activity — especially for those who believe that the right pre-school will put a child on the path to the Ivy Leagues. Did anyone see the documentary Nursery University? We think you get the point.

Well in the UK, a devious mother posed as another parent in an attempt to remove a rival child’s name from a school waiting list. The woman created a fraudulent Gmail account to fool school authorities at the “outstanding” Coleridge primary school in Crouch End, London. Using this fake account and quoting the name and correct date of birth of the child, she wrote to education officials at Haringey council and told them to remove the four year-old girl from the list. Which they did. The ruse unraveled when the victim’s mother phoned to inquire about the progress of her child’s application.

Again, all we can say is “wow.” Read more from the Register here.