OREGON COMPUTERS STOLEN FROM TAX FIRMTax firm alerts 20,000 clients to data theftTax firm alerts 20,000 clients to data theft
Some customers criticize Fiducial Business Services of Portland for not telling them sooner about a burglary that occurred in June
Wednesday, July 20, 2005
JULIE TRIPP
About 20,000 clients of a Portland tax business are being alerted -- somewhat tardily, some complain -- to possible identity theft after computers containing their personal information were stolen in a break-in last month.

Early in the morning of June 21, thieves broke in the door at Fiducial Business Services, 13909 S.E. Stark St. The Stark Street office was the repository for backup computer information for clients at all of Fiducial's 15 Portland offices. Information on the computers, which is encrypted and requires a password for access, includes client names, addresses, Social Security numbers and other data required for tax preparation.

Fiducial district manager William M. Pound said, "We don't think anyone has been compromised, but we can't be 100 percent sure." He advised customers to place fraud alerts on their credit reports as a precaution. Such alerts last for 90 days and prevent identity thieves from opening new accounts in the victim's name.

The thieves, who left syringes and drug paraphernalia at the scene, took the equipment but no paper files, Pound said. Portland police are investigating.

The 24-day delay between the theft and the customer warning letter was of particular concern to client Steve Bell of Cornelius because, he said, it gave the thieves a long head start if fraud was their intent.

Pound said his East Coast head office outsourced the warning letters, and he didn't know why it took so long for them to reach the 20,000 clients.

Bell said he was told by someone at Fiducial's headquarters that the letters had been accidentally sent by infamously slow bulk mail.

David Mandel, head of Portland Linux/Unix Group and a longtime technology specialist for Oregon universities, said whether the information can be accessed depends on how the data are stored on the computer's hard drive. If a password guards a gateway to information using ordinary text, the chances for access increase. But if a password is used to encrypt the data, cracking the code depends on the sophistication of the software and the cleverness of the hacker.

In this case, the information was both password-protected and encrypted, Pound said.

Nevertheless, Bell, who is a computer installer, fears that the thieves will be able to crack the passwords and data encryption. He's placed the recommended alert on his credit accounts but worries what thieves could do after it expires in 90 days.

"If they access it, they'll have my Social Security number, my work, my address and phone," Bell said.

"Everything is on those computers -- basically, everything you need to become me."

Julie Tripp: 503-221-8208; julietripp@news.oregonian.com