ID theft: Florida’s alarming risk with 901 data breaches in 2016

December marks National Identity Theft Prevention and Awareness Month, so be aware of this: Florida ranks as the third riskiest state for identity theft and leads the nation in some categories in a new study.

Wallethub figures only the District of Columbia and California edge Florida for overall ID theft and fraud risk, and Florida ties for first in some categories including ID thefts per capita.

Check out Consumer Federation of America's advice about how to choose an identity theft prevention service.
Check out Consumer Federation of America’s advice about how to choose an identity theft prevention service.

That’s a sobering reminder with more than 900 data breaches and counting in 2016. The year’s still not  over, and in fact the heaviest shopping season is just hitting its stride.

What to do? Monitor accounts closely, be particularly cautious about emails that seek financial information, and consider putting alerts or even a freeze on your credit report.

The metro area including Miami, Fort Lauderdale and West Palm Beach led the country with 316.2 ID theft complaints per 100,000 people, ahead of No. 2 Seattle (207) and No. 3. St. Louis (204.4), The Palm Beach Post reported in 2015. The region still ranked third nationally a year later.

 

 

My company’s had a data breach, now what? Consumer group has advice

Consumer Federation has some advice for companies who have had a data breach.
Consumer Federation has some advice for companies who have had a data breach.

So far this year,  there have been more than 630 data breaches in the U.S., putting 2016 on track to exceed the total of 780 breaches in 2015 and millions of individuals at risk of identity fraud, according to the Identity Theft Resource Center.

When companies, organizations or government agencies experience a data breach that may have exposed people’s personal information, one of the many issues they must address is how to help those affected. Should they offer them identity theft services?

If so, how should they choose the provider and what features should they look for? Consumer Federation of America and its Identity Theft Service Best Practices Working Group, which includes consumer advocates and identity theft service providers, have created a checklist, “My company’s had a data breach, now what? 7 questions to ask when considering identity theft services,” to help breached entities make these decisions.

“Identity theft services may not be necessary for every breach, but if you’re going to offer this kind of service, it is important to make sure that that it provides the information and assistance that best fits the needs of the people who are impacted,” said Susan Grant, Director of Consumer Protection and Privacy at CFA.

One of the questions that the checklist suggests asking is whether the service will provide information to the breach victims about how to reduce the potential damage that may result from the breach – for example, by changing their account numbers and passwords, monitoring their accounts online, and using fraud alerts, security freezes and other tools.

Other general questions include:

Are services available 24/7?

Is there a toll-free number with live operators?

What response times will the provider commit to?

Can the service handle multiple languages?

If monitoring is provided, how quickly are alerts sent?

Are there specially trained personnel to help victims of fraud resulting from the breach, and will that assistance continue for problems that aren’t resolved when the contract ends?

 

 

 

What’s the fastest growing consumer complaint?

Complaints about phony IRS agents and other imposter scams, tax ID theft and energy services were the top three fastest-growing complaints last year, according to a report released Wednesday.

When you answer the phone, how can you be sure the caller is telling you who they really are? (Getty Images)
When you answer the phone, how can you be sure the caller is telling you who they really are? (Getty Images)

Susan Grant, director of consumer protection and privacy at the Consumer Federation of America, said, “Scammers are always changing their pitches and looking for things that work. The IRS phony agent obviously works. It scares the heck out of people.”

The Consumer Federation of America and the North American Consumer Protection Investigators report is based on input from 33 consumer agencies from 21 states, including the Florida Department of Agriculture and Consumer Services.

To read the full report, which provides additional suggestions for new laws as well as descriptions of agencies’ biggest achievements and challenges and tips for how consumers can protect themselves, click here.

Grant said imposter scams of all kinds have really taken off in the last year. She theorizes that a lot of people are behind on paying their taxes and don’t realize that the IRS does not call people asking them to send money.

“There is an alarming trend. It has gotten to the point that if someone is saying they are from a government agency, or your utility, or it’s your boss, you really don’t know whether in fact that is true. You need to be skeptical and check directly with whom they purport to represent before you send any money or give information,” Grant said.

In a new type of imposter scam, crooks infiltrate companies’ or organizations’ email systems and send messages purporting to be from the CEOs to employees with urgent instructions to wire money somewhere.

Tax and wage-related fraud were the most common forms of identity theft reported to the Federal Trade Commission last year, so it’s no surprise that tax ID theft was one of the fastest-growing complaints to state and local consumer agencies, the report says.

Aggressive sales tactics for solar power and electricity seem to be at the root of energy services comlais.

“Consumers are misled about the potential savings, locked into long-term contracts, and in some cases, discover that their service has been switched to another complaint without their consent,” the report states.

The top 10 complaints received last year by agencies participating in the CFA survey were automotive, home improvement/construction, utilities, credit/debt, retail sales, services, landlord/tenant, household goods, health products/services and Internet sales.

 

More than 1,000 Palm Beach Co. Health Dept. clients’ info breached

 

(Getty Images)
(Getty Images)

More than 1,000 Palm Beach County Health Department clients are victims of a data breach the department learned of in February.

Health Department spokesman Tim O’Connor said Monday that the U.S. Justice Department provided the list and is investigating further. The department had to verify that the individuals were its clients. It contacted them by mail.

Letters have been received by the clients, who are now contacting the department for more information about what they should do. The department already told the clients how to review their credit history and report any suspicious activity to law enforcement.

The list included names, dates of birth, Social Security numbers, Medicaid numbers, phone numbers and medical record numbers of people who were clients of the health department.

O’Connor said its procedures require it to notify the clients before issuing a public notice about the breach.

It’s not the first time health department patients’ personal information has been breached.

On May 15, 2014 a former Palm Beach County Health Department clerk was sentenced to two years in prison for using her job to steal people’s identities to seek fraudulent tax refunds.

Salita St. Simon was a senior clerk in the Department’s Belle Glade office. She admitted to stealing personal information, such as names, dates of birth, Social Security numbers and medical record numbers from roughly 2,800 clients over the course of a year, according to court records.

St. Simon said she provided the data to acquaintances who used it to obtain tax refunds.

It was widely reported in 2012 that 741 income tax returns worth a total of $1.1 million in refunds were filed from a single address in Belle Glade. It is not clear whether there was a connection to St. Simon’s case.

O’Connor said that since St. Simon’s arrest, the  department has conducted more detailed background checks and increased the interview process on people who will have access to records.

Health department officials believe that the clients in this year’s breach are not the same as those in the St. Simon case.

Other Palm Beach County Health Department incidents  of information breaches, but which have not been linked to actual identity theft  include:

In 2005, 6,500 HIV positive patients’ names were on a confidential list that was emailed to 800 people,  O’Connor said.

Also in 2005, 15 pages form a confidential list of HIV-positive patients disappeared from an analysts’ desk.

In 2007 a file cabinet being sold at a surplus auction contained test results of patients who tested positive for various communicable diseases.

If you receive a notice or have been a patient and have questions about the records breach, call the health department at 855-438-2778 from 8 a.m. to 5 p.m. Monday through Friday.

Tips if you think your medical records have been breached

If you believe that you have been a victim of identity theft and provide the credit reporting agency with a valid police report the reporting agency cannot charge you to place, lift or remove a security freeze on your credit reports. In all other cases, a credit reporting agency may charge you up to $5 each time you place temporarily lift or permanently remove a security freeze.

You may also want to place a fraud alert on your credit report. You are entitled to receive a free credit report annually from each of the three credit bureaus. Even if you do not find suspicious activity on your initial credit report, the Federal Trade Commission recommends that you check your credit reports and credit card statement periodically. For more information, go to www.annualcreditreport.com or call 877-322-8228 or contact these agencies:

•TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P. O. Box 6790, Fullerton, CA 92834-6790.
•Equifax: 800-525-6285; www.equifax.com; P. O. Box 740241, Atlanta, GA 30374-0241
•Experian: 888-EXPERIAN (397-3742); www.experian.com; P. O. Box 9554, Allen, TX 75013

In addition, if you believe that you have been the victim of identity theft, you have the right to file a police report and to obtain a copy of that report. Many creditors will require the information from the police report before excusing you from paying for any fraudulent charges or debts.

You can also file a complaint with the Federal Trade commission at http://www.ftc.gov or at 811- ID-Theft (877-438-4338).

Here are some things that could help you determine that your medical information may have been uses by someone else:

•Getting a bill for medical services you didn’t receive.
•Being contacted by a debt collector about medical debt you don’t owe.
•Seeing medical collection notices on your credit report that you do not recognize.
•Attempting to make a legitimate insurance claim and being told by your health plan that you’vereached your limit on benefits.
•Being denied insurance because your medical record shows a condition you don’t have.
•Noticing on a statement from your health plan that the health plan paid claims for care you did no receive.

If you believe someone else may have used your medical information, you may wish to consider taking additional steps which are outline on the Federal Trade commission’s website at www.ftc.gov.

Source: Federal Trade Commission

Florida ranks first in fraud-related complaints filed with the FTC

Florida ranked first in fraud complaints in 2015, followed by Georgia and Michigan.
Florida ranked first in fraud complaints in 2015, followed by Georgia and Michigan.

Florida ranked first in the nation in the number of fraud-related and other consumer complaints filed with the Federal Trade Commission last year, with 306,133 complaints, amounting to 1,510 per 100,000 people.

The top category for Florida was debt collection, followed by telephone and mobile services, impostor scams, banks and lenders; prizes, sweepstakes and lotteries; auto-related complaints, shop-at-home and catalog sales, television and electronic media; credit bureaus and credit cards.

The state ranked third in the number of identity theft complaints filed with the FTC, at 44,063, or 217 per 100,000 people.

Among metropolitan areas, Miami-Fort Lauderdale-West Palm Beach ranked third in identity theft complaints, with 17,832, or 300 per 100,000 people.

The FTC received more than 3 million complaints in 2015. That’s up from 2.5 million in 2014.

Debt collection, identity theft and imposter scams were the most common categories of consumer complaints received by the Federal Trade Commission’s Consumer Sentinel Network in 2015, according to the agency’s new data book.

Some of the increase can be attributed to the fact that more people know to complain to the FTC about bad business practices, frauds and scams. Technology helped, too — more complaints are reaching the FTC through the convenience of mobile apps.

While debt collection complaints rose to the top spot among complaint categories, the report notes that this was due in large part to a surge in complaints contributed by a data contributor who collects complaints via a mobile app. This change caused a spike in complaints related to unwanted debt collection mobile phone calls.

Identity theft complaints were the second most reported, increasing more than 47 percent percent from 2014 on the back of a massive jump in complaints about tax identity theft from consumers. Identity theft complaints had been the top category for the previous 15 years. Imposter scams – in which scammers impersonate someone else to commit fraud – remained the third-most common complaint in 2015.

“We recognize that identity theft and unlawful debt collection practices continue to cause significant harm to many consumers,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Steps like the recent upgrade to IdentityTheft.gov and our leadership of a nationwide initiative to combat unlawful debt collection practices are critical to our ongoing work to protect consumers from these harms.”

In January 2016, the FTC announced the new version of IdentityTheft.gov, which now allows consumers the ability to create a personalized identity theft recovery plan.

 

 

 

Consumer Federation adds companies to Identity Theft working group

Check out Consumer Federation of America's advice about how to choose an identity theft prevention service.
Check out Consumer Federation of America’s advice about how to choose an identity theft prevention service.

Consumer Federation of America  has added Equifax, ID Watchdog and Worldwide Benefit Services’ ID Theft Assist to the list of companies that are part of CFA’s Identity Theft Service Best Practices Working Group.

The working group, which also includes consumer advocates, helped to develop and recently revise CFA’s Best Practices for Identity Theft Services.

“We are pleased to have these companies in our working group,” said Susan Grant, Director of Consumer Protection and Privacy at CFA. “Working group members are committed to promoting responsible practices in the identity theft service industry and helping to educate the public about identity theft.”

CFA’s Identity Theft Service Best Practices Working Group has embarked on a new project to develop a checklist with questions that businesses, organizations and government agencies should ask when they are considering providing identity theft services to data breach victims. Advice for consumers, including Nine things to Check When Shopping for Identity Theft Services

Other resources are available on CFA’s www.IDTheftInfo.org website.