Just noticed that PrivacyMatters is promoting its Identity Theft Report service (identity report). I’ve been pushing for greater awareness of the difference between credit monitoring and identity monitoring and I’m glad to see that some are getting the message.

While I strongly recommend credit monitoring (and use it) I’ve also cautioned that credit monitoring on its own is not a total solution to identity theft. For example, while credit monitoring will alert you if someone tries to open a new credit account in your name, it won’t detect if someone uses your name or social security number when they’re arrested – a simple con that could leave you fighting a false criminal record for years.

What most consumers don’t realize is that not all identity theft is about credit card fraud. Thieves will use stolen information simply to hide their own identity, and because it may not appear on your credit report as an alert your identity may be falsely used by others for years without you ever being aware.

Services like the Identity Theft Report go beyond credit reports alone, and monitor thousands of other public databases for any signs that someone else might be using your name, Social Security number, address, or other personal information.

It will also give you a wide view of all the information that exists about you in public databases, and any incorrect information that the public might have access to. I always think that the more you know about what others know about you, the better prepared you are to protect yourself.

Tech magazine eWeek just came out with its 12 Ways To Be A Security Idiot, and I thought for all you folks out there struggling to make your next big security goof, eWeek’s advice might help you along the way.

Their recommendations for achieving a state of idiothood included (and I’m paraphrasing):

- Life is always easier when your firewall is turned off.

- Don’t worry about storing sensitive information unprotected on your laptop. After all, who’s going to want your laptop?

- When a Nigerian prince wants to give you 30% of his father’s $20 million illegal stash plundered from the nation’s oilfields, and all he wants in return is your bank account information, what are you waiting for? He’s a prince, for crying out loud!

- The easiest password to remember is password, and no-one’s going to think you’re dumb enough to use such an obvious password, right?

- Your computer doesn’t need up-to-date virus protection because it’s never been sick a day in its life.

So go out there and keep getting it wrong. Because without you there's no us.

The ghost of Captain Charles Cunningham Boycott still walks, at least according to some interesting new data from research firm Javelin that follows the TJ Maxx data heist.
According to a study just published, consumers believe that retailers are not doing enough to keep their credit or debit card information out of the hands of criminals, with 63% of consumers believing that retailers are the least secure in terms of protecting their account information,

And nearly half of all consumers say that if they found out that their account information had been compromised, retailers would be most likely to blame.
More importantly, and more likely to spur retailers to invest in ever more security, was the finding that only 20% of consumers said they would likely continue shopping at a store if they learned it had a data breach that may have compromised their card account information, while 78% said they would be unlikely to continue to shop there.
Maybe some good will come out of the TJ Maxx data breach after all. Consumers are getting smarter and realizing where to place the blame. They’re also punishing with their pocket books, supporting companies that show a real commitment to security and boycotting companies that don’t.

I hate being right, especially when bad things happen. But most retailers I know are doing the very minimum they can when it comes to security, instead of making it their top priority. I think it was the Irish who invented the whole notion of the boycott (against a troublesome land agent called Captain Charles Cunningham Boycott) and I also think it’s one of the few weapons we as consumers have against businesses that allow our data to leak and our identities to hurt.

Have I not been saying for years that when it comes to data breaches and identity theft, it’s not the immediate losses you have to worry about but the subsequent lawsuits? Not long after retailer TJ Maxx announced the extent of its recent data breach losses the lawsuits began to emerge and many more are possible.

And now we learn that the Texas Attorney General has filed a lawsuit against RadioShack, under the Identity Theft Enforcement and Protection Act enacted a couple of years ago, after it was discovered that RadioShack employees dumped thousands of customer records in a dumpster behind a store in Corpus Christi.

The dumping was believed to have been made around March 21^st and may have included customer credit card information, social security numbers, home addresses and telephone numbers. Some of the customer records recovered went back as far as 1998 and included full credit card numbers despite rules prohibiting the retention of complete customer credit card numbers.

One receipt I have seen included everything a thief would need including the customer’s full name, home address, telephone numbers, credit card number, expiry date, and authorization number.

According to the store it was a once off mistake and while the company claims to have a shredding service in place, for some reason employees at this store didn’t get the memo.

The fines alone could run into millions because under the Business and Commerce Code RadioShack may be fined $500 for each abandoned record in additional to other larger fines.

Late last year RadioShack announced that it was planning to offer online computer classes to its customer. Maybe it’s time the company considered offering online identity theft prevention classes to its employees.