Posted on August 6th, 2013 No comments
What is FACTA?
Signed into law on December 4, 2003, the Fair and Accurate Credit Transactions Act (FACTA) is federal legislation aimed at the prevention and penalization of consumer fraud and identity theft. Administered by the Federal Trade Commission (FTC), the FACTA Disposal Rule has been in effect since June 1, 2005. The Disposal Rule puts in place requirements for proper document disposal and destruction, and recognizes the problems that can and do arise when private information is disposed of in an irresponsible manner.
Who is affected by FACTA?
FACTA applies to virtually all persons and businesses in the United States, mandating that “any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
Under FACTA, consumer information is defined as personal identifying materials which extend beyond just a person’s name, including:
- a social security number
- a driver’s license number
- a phone number or e-mail address
- a physical address
To comply with the FACTA Disposal Rule, businesses and individuals must take “reasonable measures” to ensure such information does not fall into the wrong hands. Reasonable measures include the “burning, pulverizing, or shredding” of paper documents, such as the contracting of a third-party engaged in the document destruction business to dispose of confidential information in a manner consistent with the Act.
Failure to abide by FACTA may result in stiff penalties. Victims are entitled to actual damages sustained due to incompliance; they may also seek statutory damages, and, in some cases, file class-action suits. Federal and state authorities are also empowered to bring legal enforcement actions against businesses that violate the Act.
WEST PALM BEACH, Fla. – David Sanders is a victim of identity theft. He told us, “They had made a credit card with my number and name on it.” He says it didn’t take long for him to find out someone was using his identity and spending his money in another state. “I got an email that I had a charge from a Kohl’s in Dallas, Texas of all places, and I was right here in Delray Beach.”
According to the Federal Trade Commission, South Florida is number one on the list for identity theft complaints, which includes Palm Beach County. Port Saint Lucie ranks number 7.
Reggie Montgomery, a retired police officer, has advice on how to protect your identity.
“Make sure that their wallet does not get out of their sight, number one.” He says don’t give out your date of birth or social security number to someone over the phone.
“If you go into your doctor’s office, they don’t need your social security number. You see it on every form in every doctor’s office, they don’t need it. They have your insurance information,” said Montgomery.
When you throw out personal information in the garbage, such as credit cards or canceled checks, shred them.
He says the best shredder is the cross shredder, which makes the paper look like confetti.
Montgomery says “And when you throw the shredding out, put liquid on it so that nobody is going to go through it and try to put it back together.”
You can also protect yourself with the right mailbox. “Have a locking mailbox, make sure that nobody can get into your mailbox, that’s another way people get your information,” he said.
U.S. prosecutors announced fraud and other charges Wednesday against eight alleged members of an international cybercrime ring that the government said hacked into the computers of more than a dozen leading financial institutions and the U.S. military’s payroll service.
Prosecutors said the scheme to steal millions from customer accounts was led by Oleksiy Sharapka, 33, of Kiev, Ukraine, who remained at large along with a second Ukrainian national. The conspiracy is alleged to have begun about the same time Sharapka was deported from the U.S. in 2012 after serving time in federal prison in Massachusetts.
Four of the defendants had been arrested by Wednesday morning, including key associates in New York, Massachusetts and Georgia accused of using stolen identities to try to cash out the hacked accounts, U.S. Attorney Paul Fishman said.
The government said financial institutions whose computer networks were hacked included Aon Hewitt, Automated Data Processing Inc., Citibank, E-Trade, Electronic Payments Inc., Fundtech Holdings LLC, iPayment Inc., JPMorgan Chase Bank, Nordstrom Bank, PayPal, TD Ameritrade, TIAA-CREF, USAA, Veracity Payment Solutions Inc. and the payroll arm of the U.S. Department of Defense.
“Cybercriminals penetrated some of our most trusted financial institutions as part of a global scheme that stole money and identities from people in the United States,” Fishman said.
The ring targeted electronic payment systems of the various institutions in a bid to steal at least $15 million from U.S. customers, prosecutors said.
The criminal complaint notes that some of the efforts to steal funds from customer accounts were blocked.
It does not make clear the number of hacked firms from which the defendants were able to successfully transfer money, or how the defendants were able to hack into the computer networks of so many major financial institutions.
Once inside the computer networks, the defendants and their conspirators sought to divert money from customer accounts to prepaid debit cards that they controlled, prosecutors said. As part of the scheme, cards were obtained in the names of people whose identities had been stolen.
Stolen identities were also used to file fraudulent tax returns with the IRS seeking refunds.
Crews of individuals known as “cashers” were employed in New York, Massachusetts, Georgia, Illinois and elsewhere to withdraw the stolen funds. The government said the majority of the proceeds were distributed to managers, including to leaders of the conspiracy overseas.
The defendants were charged with conspiracy to commit wire fraud, conspiracy to commit money laundering and conspiracy to commit identity theft.
Those under arrest by Wednesday morning were Oleg Pidtergerya, 49, of New York City’s Brooklyn borough; Robert Dubuc, 40, of Malden, Mass.; and Andrey Yarmolitskiy, 41, of Atlanta. They were identified as crew managers. Also arrested was Ilya Ostapyuk, 31, of Brooklyn, who is accused of helping move the proceeds of the fraud.
Ostapyuk and Pidtergerya appeared in federal court in Newark Wednesday afternoon. Ostapyuk was released after putting his home in New York City’s Staten Island borough up as collateral, and Pidtergerya was ordered held.
“My client is innocent,” said Igor Niman, Ostapyuk’s lawyer.
A public defender representing Pidtergerya declined to comment.
Yarmolitskiy was arrested at New York’s John F. Kennedy Airport but fell ill and had surgery Wednesday, authorities said. His court date will be scheduled. Dubuc is scheduled to appear in court in Boston.
Lamar Taylor, 37, of Salem, Mass., and Richard Gunderson, 46, of Brooklyn, were being sought.
The second Ukrainian being sought was identified as Leonid Yanovitsky, 38, also of Kiev, who prosecutors said helped Sharapka.
After stealing the identities of several South Floridians — including a former owner of the New York Mets — Jeffrey Emil Groover made it seem like he was truly sorry for his crimes.
He even testified to a U.S. Senate committee while he was serving a federal prison term in 2004 and offered some helpful suggestions to lawmakers about how to stop people like him from victimizing others.
But on Thursday, Groover admitted that he again used other people’s identities to steal money by claiming the victims had signed over checks to him for pre-paid pest extermination and disinfection services.
Groover, 52, who recently was listed at addresses in West Palm Beach and in Broward County, had no comment after the brief hearing in federal court in Fort Lauderdale. He faces a maximum of 20 years in prison and up to $1 million in fines when he is sentenced in August.
Records show he was released from federal prison in 2006 after serving a four-year term for credit card fraud that involved stealing the identities of several people, including Nelson Doubleday, the wealthy Jupiter Island resident who formerly co-owned the Mets.
Groover went on a yearlong spending spree at the time on lines of credit he obtained under other people’s names. Doubleday tipped off authorities, and when they investigated further, they found Groover also had used Palm Beach philanthropist Donald Burns’ identity to buy a BMW, a Rolex watch and rare coins, according to court records.
Groover also was ordered to pay more than $270,000 in restitution.
While Groover was serving his prison term for those offenses, he addressed the U.S. Senate’s Special Committee on Aging in March 2004, telling senators that he had used the internet to obtain personal information about wealthy targets, open credit card accounts and even tap into his victims’ bank accounts.
“I came here to assist my country, and in some small way to find redemption for what I’ve done,” Groover testified to the committee. “I lost my home, my business, my freedom and most of all my wife and children for what I did. The punishment is severe, and rest assured that I will not do it again. However, that will not stop other people from continuing to do this type of crime due to the ease in which it can be done.”
He went on to outline his suggestions for curtailing such opportunities and apologized to his victims. He blamed the failure of a small internet service provider that he owned in the late 1990s for putting him in financial difficulty and said he resorted to fraud to keep his business going and support his family.
Groover’s more recent crimes came to light when a check-processing service noticed and reported suspicious activity in a merchant account he opened in March 2012. According to court records, Groover had set up a West Palm Beach-based corporation called Affordable Pest Protection Inc., which IRS criminal investigators and federal prosecutors said “purported to be a provider of pest extermination and disinfection services.”
Analysts at the check-processing service became suspicious of Groover’s transactions within days of him opening the account and they notified authorities. Groover had attempted to cash several U.S. Treasury tax refund checks, records show.
When the company asked him to explain the activity, Groover told them he had met with each of the people named on the tax refund checks and they had agreed to turn the proceeds of those checks over to his business.
“Groover further explained that he was trying to mimic automobile dealerships’ promotions by allowing clients to bring him their tax refund checks and apply the refund amounts to pre-paid pest control services,” agents wrote.
When agents tracked down the people identified on the checks, they found that none of them had filed the income tax returns or authorized anyone to use their information.
One of the victims was a man who had died in Broward County in April 2008, and other victims included an Oregon man and women from Tampa and Michigan, according to the criminal complaint.
Groover pleaded guilty Thursday to four counts of making and presenting false claims to the IRS. He reached a plea agreement after learning prosecutors planned to file more charges, including several counts of aggravated identity theft, against him, according to court filings.
Groover admitted he had targeted more than 10 victims and the intended loss was between $200,000 and $400,000, U.S. District Judge Robin Rosenbaum said in court.
A fast-moving identity thief took only 45 minutes to charge more than $1,000 during a shopping spree, and now authorities want to quickly find the identity of the thief.
The Broward Sheriff’s Office Tuesday released surveillance video taken on March 15 at two Target Stores in Hollywood, where detectives say the man used a credit card that was mailed to a Pembroke Park address. He was also seen visiting a Wells Fargo bank the same day.
Investigators say the thief stole the identity information of a 52-year-old Miami Gardens resident in order to obtain the credit card.
The Sheriff’s Office asks anyone with information on the case to contact Detective Phillip Love at 954-964-0534 or Broward Crime Stoppers, anonymously, at 954-493-8477.
It’s not only the glaring sun and the threat of dog bites that South Florida’s mail carriers must contend with as they go door to door delivering the mail — sometimes they come under physical attack from the people who live along their delivery routes. From criminals intent on committing identity fraud to customers with poor anger management skills, letter carriers say they have noticed an increase in such attacks in recent years.
“We have more brazen offenders approaching letter carriers and even threatening them or assaulting them,” said Ivan Ramirez, a U.S. Postal Inspector in Miramar. “A lot of people don’t realize that if you mess with a federal employee, then it’s a federal crime and you could do some serious prison time.”
Among the cases prosecuted in federal court in recent years were a father and son from Oakland Park, Donald and Kevin Lincks, now 64 and 31, who were sentenced to a year in prison for beating a postal worker in June 2009 after he refused to give them their mail on the street because he didn’t know them.
A Palm Beach County man, David Jason Agosto, 36, is serving 8 1/2 years in federal prison for assaulting a postal worker who he believed was flirting with his girlfriend while delivering mail at her workplace, the state Department of Children & Families in Lake Worth in 2008.
And three men are serving lengthy federal prison terms for their roles in the December 2010 murder of postal worker Bruce Parton, 60, of Pembroke Pines, who was shot while being robbed of a master key in north Miami-Dade.
The U.S. Postal Service said it does not keep statistics on such crimes, but trains workers on how to stay safe and pursues criminal charges against offenders.
Assaulting postal employees can have serious consequences — it is a federal crime that is prosecuted under the same law as assaulting an FBI agent. Attacking a federal employee while they’re carrying out their duties carries punishments that range from one to 20 years in prison.
Ramirez said the downturn in the economy and the prevalence of identity thieves, who sometimes target letter carriers because they want to rob master keys that open community mailboxes, have coincided with more attacks on carriers.
Court records show that at least seven people have faced federal prosecution for assaulting and injuring letter carriers in Broward, Palm Beach and Miami-Dade counties since 2008. Those numbers don’t tell the whole story, officials said, because assailants are also prosecuted for related crimes, like fraud or robbery, and can also face state charges.
In federal court in West Palm Beach last week, U.S. Magistrate Judge Dave Lee Brannon praised prosecutors for their evenhanded approach to a complicated case involving a mentally ill woman who investigators said attacked a letter carrier delivering mail in Lantana in September.
Mailman Bruce Tabano, 60, suffered a concussion, chipped tooth and facial cuts when Donna Rose Angelo, 49, attacked him at his work truck near North Ridge Drive and Flamingo Drive, according to the complaint.
Tabano told investigators Angelo told him to give her the mail, punched him in the face, then came at him again in an aggressive manner.
“The carrier then reached for his dog spray and heard the woman say ‘If you spray me, I’ll f—ing kill you, I’m crazy,'” postal inspectors wrote.
Angelo, who has a history of violent disturbances, told police that she did not understand when they read her legal rights to her, tried to run off and said she didn’t mean to hit the mailman, investigators said.
Her diagnosis was not made public, but her lawyer said Angelo would pursue an insanity defense if formal charges are filed. Experts said she is mentally incompetent and she has spent the past few months being treated in a federal medical prison in Texas.
Prosecutor John McMillan told the judge Wednesday that efforts to restore her to competency have failed. Brannon ordered that she be assessed to see if she poses a danger to the community before deciding what to do next.
“These are not easy cases, these are not easy issues,” Brannon said, adding that he felt prosecutors were looking out for the best interests of the victim, suspect and community.
Mike Gill, the president of Branch 1071 of the National Association of Letter Carriers which represents workers in Miami-Dade, southern Palm Beach and most of Broward, said his members have reported an increase in assaults, though not a dramatic one. Gill said he thinks some of it is linked to the rise in identity theft.
“It’s definitely been more of an issue in recent years and we warn our members that if something doesn’t feel right, they should get out of the area and involve their supervisor and the police,” he said.
Just as mail carriers look out for their customers, alerting authorities when they notice something suspicious, Gill said he hopes people in the community look out for the safety of postal service employees. “Letter carriers are out there six days a week, and we try to be the eyes and ears for the community.”
Ramirez, the postal inspector who investigates crimes, said the postal service has increased its investigative efforts in recent years and introduced programs to make sure employees are looking out for their personal safety.
Debbie Fetterly, a U.S. Postal Service spokeswoman in South Florida, said employee safety is a priority.
“USPS always tells employees that they are our most valuable resource and that we want to deliver them home safely each day,” Fetterly said. Safeguards include special training and awareness programs as well as having a threat assessment team that evaluates and takes action on serious threats made to employees, she said.
Miami resident Cristobal Raul Puig was sentenced to 31 months in federal prison yesterday for his role in a Baptist Health South Florida tax fraud scheme.
According to justice.gov, Puig had previously pled guilty to one count of possessing 15 or more Social Security numbers of other persons that he paired with names and dates of birth for one count of attempting to impersonate another person. Puig had acquired the hospital patient names, dates of birth, social security numbers and addresses from a Baptist Health System’s West Kendall employee.
Puig then used the patient data (he was in possession of a list of 20 total) to file unauthorized income tax returns. He was also arrested in 2012 for theft. The case is being prosecuted by Assistant U.S. Attorney Maurice A. Johnson.
Baptist Health also owns South Miami Hospital, which has experienced its own breach troubles of lately. Florida in general is having serious problems with patient data security and perhaps this sentence will deter would-be hackers and thieves from stealing patient data.
Foundations Recovery Network Breach
Foundations Recovery Network, headquartered in Nashville, Tenn., alerted an unknown number of patients that an employee laptop containing patient names, dates of birth, addresses, telephone numbers and Social Security numbers had been stolen. The device was password-protected but there didn’t appear to be any technical safeguards such as encryption. Here is the organization’s breach notification letter:
I am writing on behalf of Foundations Recovery Network to inform you of a recent privacy incident concerning your personal information. On Saturday, June 15, one of our employees informed us that she had been the victim of a burglary during the early morning hours on June 15 at approximately 2:45 a.m. and that her company laptop had been stolen. The laptop contained certain aspects of patient information which she needed as part of her role with our company. The employee reported the theft immediately to law enforcement authorities. We understand that the theft was one of several that took place in her neighborhood that night, so we do not believe the thief specifically targeted her or the laptop.
At this time, we do not know whether the information on the laptop has been accessed. It is important to note that the information is password protected. However, because the safety and security of your information is our utmost priority, we wanted to contact you out of an abundance of caution and make you aware of the situation. The potentially disclosed information may include your personal information (such as name, date of birth, address, telephone number and social security number) and medical information (such as diagnosis — the majority of which were listed in numeric medical code only, level of care, date of service, and health insurance information). We sincerely regret that this incident occurred.
Even though we have no reason to believe that your information has been accessed by anyone outside our organization at this time, and we do not believe any of your financial information is included on the stolen laptop, we want to make sure you are aware of the incident and have resources available to protect your personal information. Therefore, we have contracted with Experian to provide to you a free one year membership in Experian’ se ProtectMyIDe Alert. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. You may sign up for this service by following the instructions on the last page of this letter in Attachment B. You will be able to access this offer at no cost to you until October 31, 2013. See the attachments to this letter for more information regarding enrollment in Experian’ se ProtectMyIDe Alert and other measures you may want to take.
Again, maintaining the integrity of confidential information is extremely important to us. We sincerely apologize for any inconvenience this incident has caused for you. Please be assured that we will keep you informed of any developments in the investigation that may be of importance to you. If you have any questions, please do not hesitate to contact us at 888-312-3310.
Information from PHIPrivacy.net was used in this report.
Posted on May 3rd, 2013 No comments
At some point between the time she disembarked from a recent cruise in Miami and returned to Carmel, Ind., someone decided to go shopping with Jody Tzucker’s credit card. “They bought cigars and other odd things in Miami,” says Tzucker, a retired manager for a nonprofit association.
She suspects that the criminals may have skimmed her Visa account information while she was filling up her gas tank in South Florida. Or maybe not. Nowadays, hackers don’t even have to see your credit card to access the information on it. They can scan it from a safe distance.
One of the latest threats against travelers is invisible and silent: wireless attacks that siphon your credit card number, personal information and passwords. Anything with a radio-frequency identification (RFID) chip, including your passport or a credit card, can be read from afar. Thieves can also mine valuable data from your smartphone when it automatically logs on to a WiFi network.
Fortunately, there are a few simple ways to thwart these wireless assaults, including new luggage products and common-sense steps that protect your devices and credit cards.
As it turned out, Tzucker’s card didn’t have an RFID chip. And she was lucky. Before the cigar-loving thieves could finish their shopping excursion, her bank’s fraud detection algorithm tagged her purchases as suspicious, disabled her account and refunded the fraudulent transactions. And that may be one of the most effective solutions — having a bank that can stop fraud quickly and cover any losses. After the incident, Tzucker also switched to using a prepaid debit card when she traveled, which contains no personal information.
But others haven’t been so fortunate. Nearly half of all travelers use their smartphones to access the Internet when they’re on vacation, according to a recent survey by security firm Kaspersky Lab. One-third of phone users store their passwords to online accounts, including bank and social networks, on their devices. While any phone can be a target, the most vulnerable wireless devices run on the Android operating system, according to Kaspersky.
The luggage industry offers one possible solution: new backpacks and suitcases with protective linings to shield your IDs and wireless devices.
This month, luggage manufacturer Briggs & Riley, based in Hauppage, N.Y., will add RFID-blocking pockets to its new @work briefcase and bag collection. The models offer two pockets with electromagnetic shielding, one for IDs and passports, the other for a smartphone or a tablet computer. The black ballistic nylon cases, priced from $129 to $479, are designed to appeal to privacy-conscious business travelers.
Richard Krulik, Briggs & Riley’s chief executive, says that his company is constantly adapting to the concerns and demands of travelers, something he refers to as “reality engineering.”
“Increasingly, travelers are coming to rely on their luggage to keep more than their belongings safe,” he adds. “They need protection for their personal information and data.”
Escape the Wolf, a travel security company based in Virginia Beach, is also introducing a product this month, aimed at leisure travelers and called the Zero Trace Two-Day Backpack. It offers a large interior compartment to store any electronics you want to protect from prying eyes or scans. The $199 backpack, which will be part of Escape the Wolf’s line of security-enhancing luggage, is minimalist on the outside but sophisticated on the inside for a reason, says Clinton Emerson, the company’s chief executive.
“Fancy gets you mugged,” he says. “Fancy gets stolen.”
A closer look at this technology suggests that the best strategy for preventing data theft when you’re on the road is a combination of electromagnetic shields and common sense. A series of tests conducted in 2011 by Consumer Reports concludes that products with electronic shielding can partially block the signal from a chip in a credit card.
Only credit cards with RFID chips — so-called “chip and signature” or “chip and PIN” cards — are vulnerable to scans. Most credit cards in the United States don’t use this technology at present, although it’s gaining some traction, particularly among corporate travelers.
Wireless devices left in the pouches would run down the battery searching for a signal, and security experts say that an equally effective way to prevent someone from accessing them is to power down the device and remove the battery. However, that’s not an option with the most popular wireless devices, such as Apple’s iPhone and iPad, which don’t have an easily removable battery.
Experts say that making sure the WiFi settings on your smartphone or tablet are set so that they don’t automatically connect to any wireless network, and not storing passwords or credit card numbers on your phone, is an equally effective way to make sure hackers don’t access your data and steal your identity, or your money.
But luggage with electromagnetic shielding can’t hurt, either. It makes your information a less desirable mark. Hackers and ID thieves prefer easy targets, which come from unprotected wireless devices and credit cards emitting a clear, easy-to-intercept signal.
In a world of invisible and often unknown security threats, the new bags may make travelers such as Linda Snow feel a little safer. Snow, an actress who lives in Denver, says that many of her friends have had their identities stolen, some of them while traveling. “I’m more careful with how I handle my ID and phone,” she says. Now she’s thinking of upgrading her luggage, too.
Posted on May 2nd, 2013 No comments
TALLAHASSEE, Fla. — It will be illegal to possess without permission other people’s personal information like social security numbers and credit cards if Gov. Rick Scott signs a bill that passed the Legislature.
The House unanimously passed the bill (HB 691) on Thursday. The Senate unanimously passed it two weeks ago.
The measure would make it a first-degree misdemeanor to possess other people’s Social Security numbers, driver’s licenses, medical records, passports, bank account numbers, credit cards and Medicaid or food assistance account numbers unless they have authorization. Violators could face a year in jail.
It would be a third-degree felony punishable by up to five years in prison to possess personal information from more than five people.
Posted on May 1st, 2013 No comments
Agents confiscated more than $780,000
A 52-year-old Pompano Beach man was convicted of identity theft and tax refund fraud, U.S. Attorney Wifredo A. Ferrer announced Thursday.
Nael Dawud Sammour was found guilty of the identity theft charges after a three-day jury trial in Fort Lauderdale federal court. Before the trial, he pleaded guilty to the eight tax refund fraud counts, prosecutors said.
Undercover IRS agents posed as Sammour’s refund check cashers. They seized 75 U.S. Treasury tax refund checks totaling $750,369 and another $30,128 in cash from Sammour during his arrest, according to court records.
Several unknown suspects used stolen identification — including the names, birth dates, and the social security numbers of unsuspecting taxpayers — to fraudulently apply for and receive U.S. tax refunds. Sammour received many of these refund checks and later gave them, along with counterfeit driver’s licenses and Social Security cards, to the undercover IRS agents who were expected to cash them, according to trial evidence and testimony.
Sammour faces up to 10 years in prison on each of the eight tax refund fraud counts, as well as mandatory two year consecutive terms on the aggravated identity theft charges when sentenced July 1, prosecutors said.