CALIFORNIA HOLES EXIST IN DATABASE SOCIETY http://www.contracostatimes.com/mld/cctimes/news/local/states/california/14654290.htm

In February, consumer data broker ChoicePoint put the personal information of 145,000 people at risk by providing their data to bogus businesses.

Lesson learned? Apparently not.

Since then, security breaches and mishaps have compromised the identities of more than 81.8 million people.

Driving up that number was Tuesday's report that 26.5 million veterans are at risk after an electronic file with their personal data was stolen.

It was the seventh security breach this month to occur with a database in this country.

Also at risk are 300,000 alumni from Ohio University and 60,000 at the university's Hudson Health Center after computers were hacked.

An unknown number of Georgia residents and Idaho Power Co. employees are susceptible to identity theft after the state and company, respectively, forgot to wipe hard-drives before selling their computers.

A stolen computer or laptop have left vulnerable an unknown number of Wells Fargo customers in San Francisco and 48,000 customers at Mercantile Potomac Bank in Maryland.

Why has compromised data become an unstoppable trend?

"It's happening," said Jay Foley, executive director of Identity Theft Resource Center, "because information exists."

Robert Siciliano, chief executive of IDTheftSecurity.com, calls it the reality of living in a database society.

Personal information remains unsecured in databases on desktop computers, laptops, virtual networks and in file cabinets, Siciliano said. He blames the companies, universities and governments that maintain those databases.

"They haven't gone through the process of encrypting or password protecting it," he said. "Until that day comes, and in my opinion it will never come, breaches will keep occurring."

Stolen or misplaced laptops and computers, as well as computer hackers, accounted for more than 75 percent of those breaches since February 2005. Although breaches don't always lead to identity theft, victims are still vulnerable for months and years to come.

They could be further protected if all personal information was encrypted -- scrambled with a code used to decipher it -- said Paul Stephens, policy analyst for San Diego-based Privacy Rights Clearinghouse.

"Short of asking legislators to require encryption, there's not a lot that can be done to protect people," Stephens said. "And I think it's unlikely the federal government is going to pass a law that requires itself to encrypt all data."

A person's name and Social Security number are often all that's needed to open accounts and apply for credit cards and loans.

Last year, almost 10 million Americans were victims of identity theft, at an average cost of $5,000 each, according to the Federal Trade Commission.

And the risk keeps increasing.

The Internal Revenue Service is considering rule changes that may help tax preparers share their clients' tax filings with corporations. These preparers would gain a client's consent to share their tax information with financial services.

Advocacy groups fear consumers will not understand just how freely their personal information could be shared. The more databases containing the information, the more susceptible it is, said California Public Interest Research Group, which is lobbying the IRS to abandon its proposal.

The risk is too high already, said Siciliano. He would like to see a more secure system for identity protection established.

"Even today, in this technological age, we still use a signature as authentication," he said. "To get a line of credit, all you need are nine numbers and your signature, which is just a squiggly line on paper. That's not security."
Reach Ann Tatko-Peterson at atatko@cctimes.com or 925-952-2614.

IDENTITY THEFT

Here are some tips if you suspect you're in immediate risk or you want to further protect yourself from identity theft:
Immediate risk:

• Place a fraud alert on your credit report. You need to contact only one of the following consumer reporting bureau to activate a fraud alert at all three. This entitles you to free copies of credit reports from all three agencies.
Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013
TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

• Close any account that has been tampered with or opened fraudulently.

• File a police report. You will need the report number to submit to your creditors.

• File a complaint with the Federal Trade Commission. Forms are available at www.ftc.gov

Further protection:

• Check your credit at least once a year. Consumers can receive a free copy of their credit report once every 12 months from each of the three major national credit bureaus, listed above. Paul Stephens of Privacy Rights Clearinghouse suggests staggering those reports so you receive one every four months.

• Add yourself to Direct Marketing Association's do-not-mail list. This will help stop unwanted credit card applications from arriving in the mail. For details, go to www.the-dma.org/cgi/offmailinglist.

• For at-risk individuals, subscribe to a credit report monitoring service. For a monthly fee, these services will notify you whenever a new account is opened or credit inquiries are made. Most also reimburse $20,000 or more for identity theft. For details and a comparison of three companies, visit www.fightidentitytheft.com/credit-monitoring.html.

• For added security, get a credit freeze. Most businesses won't open a credit account without checking a consumer's credit history. A credit freeze prevents the opening of a new account, even if your name and Social Security number are provided. The service is free for identity theft victims. For all others, it costs $10 per credit reporting bureau ($30 total).