BreachExchange mailing list archives
Re: CA: Identity Thefts Traced to Graduate Healthcare
From: Al Mac Wheel <macwheel99 () wowway com>
Date: Wed, 04 Jun 2008 10:56:33 -0500
The fact remains that according to the FTC, one of the largest growing areas of identity theft exploitation is the filing of false tax returns in the name of the identity theft victims. Congress had to hold hearings into how brain dead the IRS has been in dealing with this mess. One of the reasons it is growing so fast, is the IRS is crooked-friendly, in how it handles victims of identity theft. I remember an FTC report that went back further than this one, but now cannot find the link. My memory is that it is now bigger than 10% of id crimes, but 10 years ago it was smaller than 1% of them. In the 2007 FTC statistics (52 pages), which include information gathered from other organizattions, in some categories they compare statistics 2005-2007 * types of id fraud * number of complaints vs. amount of $ stolen * how the money was stolen ** dominated by credit card, wire transfer, debit credit bank card * how people got contacted * age of victims * victimization by geography http://www.ftc.gov/opa/2008/02/fraud.pdf 23 % of id theft was credit card fraud 18 % was utilities fraud 14 % was employment fraud 13 % was bank fraud but if you compare their statistics over many years, you can see some kinds of fraud are growing much more rapidly than others, such as phony income tax returns The metropolitan areas with the highest per capita rates of reported consumer fraud complaints were Albany-Lebanon, Oregon; Greeley, Colorado; and Napa, California. ID Theft tops the list of complaints to the FTC 32 % of complaints for that reason 8 % is the next highest category http://www.consumeraffairs.com/news04/2008/02/id_theft.html There's phishing to get people's IRS info. http://www.irs.gov/individuals/article/0,,id=96596,00.html , Casey, Troy # Atlanta wrote:
Seems to me that to e-file for taxes, you have to provide either a pre-selected PIN or the Adjusted Gross Income (AGI) from the previous year's 1040. Assuming the thieves here did in fact e-file - and not send in paper forms - they would have had to have the AGI for the previous year for each student they filed for. Of course, the university's financial aid department would have that information, but it seems unlikely that United Healthcare would have had that. So it looks to me like the trail would lead back to someone at the University that had (or gained) access to both the health insurance info and the financial aid info, assuming these were in fact e-filed. Just thinking out loud, Troy -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Arshad Noor Sent: Tuesday, June 03, 2008 7:38 PM To: Michael Hill, CITRMS Cc: dataloss () attrition org Subject: Re: [Dataloss] CA: Identity Thefts Traced to Graduate Healthcare Its interesting that identity thieves are taking the theft of personal information to new levels - filing IRS tax returns in the names of the victims for tax refunds! This is the result when business processes (eFiling) are modified to take advantage of electronic efficiency without taking security into consideration. There are thousands of such business processes waiting to be exploited IMO - credit card numbers are just the tip of the iceberg. What makes this especially problematic is that most business processes are not as standardized as credit card processing, and consequently have many more vulnerabilities due to their variability. Companies and government agencies are well advised to start reviewing their business processes for security - specifically authenticity and integrity - before issuing any money or benefits. However, this is easier said than done - business people and management consultants don't know enough about security, while security consultants don't know enough about business processes. Attackers will be sure to exploit this gap for some time to come. Arshad Noor StrongAuth, Inc. Michael Hill, CITRMS wrote:http://www.newuniversity.org/main/article?slug=identity_thefts_traced_ to156 United Healthcare, the provider for UCI's Graduate Student Health Insurance Program, admitted that it was the source of identity thefts of past and present UCI graduate and medical students on Wednesday,May 28.Beginning in February, UC Irvine graduate students who attempted to submit income tax returns electronically were informed by the IRS thattheir had already been filed, provoking complaints to the UCI Police Department to solve the identity thefts. To date, all 155 reported victims were participants in UCI's Graduate Student Health Insurance Program. UCI is currently making efforts to provide identity theft victims withsufficient information to solve the problems caused by the situation. UCIPD sent out the first crime alert on March 20 and has released periodic updates with more information. In addition, affected studentswill also be provided a guide to prevent identity theft and fraud in the future. Administration has assured students that data security is their top priority. IT security teams meet regularly in discussion of security problems and practices. UCI's computer safety Web site, located at security.uci.edu, provides students with information on how to protecttheir computers from cyber attacks. The site also discusses recent security concerns and email scams. UCI's financial aid office has set up emergency loans available to victims of identity theft whose delay in receiving their income tax refund has affected their financial status. [...]_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- CA: Identity Thefts Traced to Graduate Healthcare Michael Hill, CITRMS (Jun 03)
- Re: CA: Identity Thefts Traced to Graduate Healthcare Arshad Noor (Jun 03)
- Re: CA: Identity Thefts Traced to Graduate Healthcare Casey, Troy # Atlanta (Jun 04)
- Message not available
- Re: CA: Identity Thefts Traced to Graduate Healthcare Al Mac Wheel (Jun 04)
- Re: CA: Identity Thefts Traced to Graduate Healthcare Casey, Troy # Atlanta (Jun 04)
- Re: CA: Identity Thefts Traced to Graduate Healthcare Arshad Noor (Jun 03)