October is National Cyber Security Awareness Month, and I'd like to bring up an example of how NOT to handle cyber security. A number of cities are putting a critical amount of information about their employees online, releasing their full names, titles, salary ranges, ages, and other information.
This is often defended by saying that the information is released in the interest of government transparency, but lunacy might be a better term for it. While it's important for any government to be accountable to its people, this sort of "accountability" can easily put the listed employees at real risk for identity theft. We teach our children that every action has a reaction. We warn them not to publish too much information online. In fact, over and over we advise kids, and individuals of all ages: don't put anything online you wouldn't want plastered on a billboard or the front page of a newspaper. That's great advice --but it appears some cities may not be taking it seriously.
Some have been publishing too much information online and that practice may be putting some city employees at risk for fraud. One such state is Florida --a state that consistently rank # 1 for various types of fraud.
Identity theft is skyrocketing in South Florida
According to today's Sun Sentinel, fraud in FL is a far bigger problem than anyone wants to admit. The latest stats show that during the first half of this year, more than 20,000 cases of identity theft were reported in Florida -nearly as much as all of 2010. And half of the reports came from S Florida cities. And that is what is unsettling to some S Florida city employees who recently learned their full names, age, title, salary and pension details were published in their local newspaper. In fact a link to the "City Pensions Database" was pinned on the front page of their paper's online edition making it easy for anyone to find their info by simply typing in the name of the city. Florida is not alone when it comes to publishing TMI.
Other cities and states have moved to publish similar databases.
Officials in many states have launched their own city or state databases claiming they are designed to "increase transparency of county government operations". They may have good intentions but are they overlooking the risks? Some of these cities lie in states with some of the highest rates of identity theft in the country?
Cyber security is a shared responsibility and everyone has a role in protecting cyberspace. Identity thieves steal more than your credit, cash and personal data; they steal your very sense of security. And as more and more information makes its way online -more and more individuals will continue to be needlessly placed at risk for fraud.
Think about this for a moment:
If identity thieves can learn the name, age, place of employment and title of a civil servant then they're that much closer to being able to establish credit lines in their names or otherwise assume their identity. Even with only a name and age they can narrow down online searches and social media profiles to find out more and more about their target. With enough information from one database --they can set their sights on public info, and then they don't need a Social Security Number, since they can guess the answers to security questions and bypass online account passwords.
ID theft manipulation, and professional ID theft ringleaders are trained to use tiny bits of data and turn them into a goldmine. And in today's world, thieves consider data more valuable than cash itself. If you wonder why, think about this: Data, unlike cash or other stolen items, can be sold multiple times --to multiple thieves and that means greater revenue for them and great headaches for victims.
As an example of what can happen when identity thieves learn too much about you, let's look at Bob Levy.
Levy is a Plantation, Florida City Councilman and the Town Manager for Pembroke Park, Florida. A few weeks ago he was alerted to suspicious activity in his bank account in the form of charges coming from Texas; he was having lunch in a neighboring city, Davie, Florida at the time when his bank called him.
Identity thieves wiped out all of his accounts, leaving him with nothing but cash in his pocket and a few retirement accounts that he wouldn't be able to access for years.
The bank told him it would take five business days to investigate the mess and return money to his account. Until then, that left Mr. Levy with the challenge of trying to make ends meet with the $25 cash he had in his wallet. Mr. Levy still doesn't know how the thieves stole his identity and gained access to his accounts -and he may never know. Without that knowledge, how can he be certain his SSN or other identifiable info isn't being used to commit other id theft related crimes? He can't.
Broward County Sheriff Al Lamberti told the Sun Sentinel that he personally knows of over 30 cases of law enforcement officers whose identities were stolen when thieves submitted fraudulent tax returns. Nobody is immune from the dangers of identity theft and placing a large amount of information about civil servants online only makes them easier targets.
As you think about the potential repercussions of cities putting the personal and financial information of their employees online, stop for a moment and consider how much information YOU are publishing online.
Facebook and other social networking sites let all of your friends know when your birthday's coming up, and if you fill out your profile completely then you've likely got your email address, favorite activities, and other information online that could be used to break into your online accounts. People post their activities, phone numbers, addresses, and a lot of other information that really shouldn't be made public without a thought to the danger that doing so can pose.
As National Cyber Security Awareness Month continues, think about what type of info you are sharing and whether you're crossing the line into TMI
Read the full Sun Sentinel story to learn more about Florida's statistics, including the zip-codes with highest reported incidents of fraud.
This is often defended by saying that the information is released in the interest of government transparency, but lunacy might be a better term for it. While it's important for any government to be accountable to its people, this sort of "accountability" can easily put the listed employees at real risk for identity theft. We teach our children that every action has a reaction. We warn them not to publish too much information online. In fact, over and over we advise kids, and individuals of all ages: don't put anything online you wouldn't want plastered on a billboard or the front page of a newspaper. That's great advice --but it appears some cities may not be taking it seriously.
Some have been publishing too much information online and that practice may be putting some city employees at risk for fraud. One such state is Florida --a state that consistently rank # 1 for various types of fraud.
Identity theft is skyrocketing in South Florida
According to today's Sun Sentinel, fraud in FL is a far bigger problem than anyone wants to admit. The latest stats show that during the first half of this year, more than 20,000 cases of identity theft were reported in Florida -nearly as much as all of 2010. And half of the reports came from S Florida cities. And that is what is unsettling to some S Florida city employees who recently learned their full names, age, title, salary and pension details were published in their local newspaper. In fact a link to the "City Pensions Database" was pinned on the front page of their paper's online edition making it easy for anyone to find their info by simply typing in the name of the city. Florida is not alone when it comes to publishing TMI.
Other cities and states have moved to publish similar databases.
Officials in many states have launched their own city or state databases claiming they are designed to "increase transparency of county government operations". They may have good intentions but are they overlooking the risks? Some of these cities lie in states with some of the highest rates of identity theft in the country?
Cyber security is a shared responsibility and everyone has a role in protecting cyberspace. Identity thieves steal more than your credit, cash and personal data; they steal your very sense of security. And as more and more information makes its way online -more and more individuals will continue to be needlessly placed at risk for fraud.
Think about this for a moment:
If identity thieves can learn the name, age, place of employment and title of a civil servant then they're that much closer to being able to establish credit lines in their names or otherwise assume their identity. Even with only a name and age they can narrow down online searches and social media profiles to find out more and more about their target. With enough information from one database --they can set their sights on public info, and then they don't need a Social Security Number, since they can guess the answers to security questions and bypass online account passwords.
ID theft manipulation, and professional ID theft ringleaders are trained to use tiny bits of data and turn them into a goldmine. And in today's world, thieves consider data more valuable than cash itself. If you wonder why, think about this: Data, unlike cash or other stolen items, can be sold multiple times --to multiple thieves and that means greater revenue for them and great headaches for victims.
As an example of what can happen when identity thieves learn too much about you, let's look at Bob Levy.
Levy is a Plantation, Florida City Councilman and the Town Manager for Pembroke Park, Florida. A few weeks ago he was alerted to suspicious activity in his bank account in the form of charges coming from Texas; he was having lunch in a neighboring city, Davie, Florida at the time when his bank called him.
Identity thieves wiped out all of his accounts, leaving him with nothing but cash in his pocket and a few retirement accounts that he wouldn't be able to access for years.
The bank told him it would take five business days to investigate the mess and return money to his account. Until then, that left Mr. Levy with the challenge of trying to make ends meet with the $25 cash he had in his wallet. Mr. Levy still doesn't know how the thieves stole his identity and gained access to his accounts -and he may never know. Without that knowledge, how can he be certain his SSN or other identifiable info isn't being used to commit other id theft related crimes? He can't.
Broward County Sheriff Al Lamberti told the Sun Sentinel that he personally knows of over 30 cases of law enforcement officers whose identities were stolen when thieves submitted fraudulent tax returns. Nobody is immune from the dangers of identity theft and placing a large amount of information about civil servants online only makes them easier targets.
As you think about the potential repercussions of cities putting the personal and financial information of their employees online, stop for a moment and consider how much information YOU are publishing online.
Facebook and other social networking sites let all of your friends know when your birthday's coming up, and if you fill out your profile completely then you've likely got your email address, favorite activities, and other information online that could be used to break into your online accounts. People post their activities, phone numbers, addresses, and a lot of other information that really shouldn't be made public without a thought to the danger that doing so can pose.
As National Cyber Security Awareness Month continues, think about what type of info you are sharing and whether you're crossing the line into TMI
Read the full Sun Sentinel story to learn more about Florida's statistics, including the zip-codes with highest reported incidents of fraud.
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Nice website and content. To be sure, ID theft is a real problem and just in the news, in NY they arrested a purported ID theft ring of more than 100 people involved with stolen credit cards. On the other side of the coin I have experienced creditors, for instance, utility companies and debt collectors attributing their bad behavior to ID Theft. In other words, a creditor is accused of bad reporting, wrong account on wrong credit report, or in the case of a debt collector, sloppily, irresponsibly, assign a debt to the wrong person, but when push comes to shove they convince the consumer to fill out a FTC identity theft package prior to correcting their reporting. This practice is on a large scale, and for this reason I believe ID theft is largely overstated.