The number of records stolen has been reported by UT and local Austin media to range from 55,000 to 59,000. What is especially frightening to me is that the information recently stolen can be used to create fictitious identities, and some of those victims may have a difficult time clearing their credit and criminal records!

According to a statement released by Daniel A. Updegrove, Vice President for Information Technology, at The University of Texas at Austin, “… SSNs that matched selected individuals in a UT database were captured, together with e-mail address, title, department name, department address, department phone number, and names/dates of employee training programs attended. It is important to note that no student grade or academic records, or personal health or insurance information was disclosed.” As of this writing, UT has reported that there has not yet been any evidence of the stolen information being misused. According to his statement, the database in Austin was hacked into several times between February 26 and March 2.

The University of Texas has created a website at www.utexas.edu/datatheft where the latest official information can be located, and more information about this hack attack will be posted. If indeed some of these 55,000+ potential victims were victimized, they would not be alone; according to the Federal Trade Commission, there were an estimated 600,000 to 700,000 cases of identity theft reported in 2000, and the number has been steadily increasing. Currently a federal offense, identity theft is now the most reported federal crime against individuals, according to the FBI.

In addition to information stolen by hackers, personal information has been stolen by a variety of “low tech” means. Some examples of how personal information has been obtained are listed on some federal websites; these methods include information copied from personal checks, credit card applications, charge receipts, medical records, and stolen mail. Victims who have lost or had stolen their wallets or purses may become victims of identity theft if identity thieves obtain their information. The magnetic stripes on credit cards can be illicitly copied by crooked sales clerks, providing another source of victims.

Victims of identity theft often have great difficulty restoring their personal reputations and credit history. The thieves may obtain credit cards and cell phones in the names of the victims, incur significant debts, and never pay them. Often the first time the victim becomes aware that he is a victim is when credit is denied, he is turned down for a job, he is contacted by bill collectors, or a civil suit is served at his home. What may also occur, as has happened on many occasions, is that the identity thief creates a false identity with the information, and then gets a driver’s license and other official identity documents, and then earns a criminal record in the name of the victim. There is even a documented case where an innocent mother in California, with small children in her car, was pulled over by police after a routine traffic violation. When checking his in-car computer, the officer found outstanding warrants for violent felonies, and that she was likely armed and dangerous. Calling for backup, the mother was treated roughly while being arrested. It was not until her fingerprints failed to match the real criminal, that it was found that her identity had been stolen, and that the real perpetrator had given her information and identification when arrested previously.

There is a lot of information available from reputable sources on dealing with identity theft. The federal government has developed a centralized website at www.consumer.gov/idtheft with information, including instructions on how to minimize the risk, what to do if one thinks that he may have become a victim, complaint forms, an affidavit to file if victimized, and a variety of other resources. Other federal websites with relevant information include the Federal Trade Commission, which has a lengthy but comprehensive document available for download and distribution from its website at www.ftc.gov. The Social Security Administration has information available at www.ssa.gov/pubs/idtheft.htm. On this site is information about correcting social security records, as well as other information and links. What is especially sad are cases of retirees who have been victimized by thieves collecting their social security benefits, including death or disability benefits. The US Department of Justice, the parent agency of the FBI, has comprehensive information available at www.usdoj.gov/criminal/fraud/text/idtheft.html. The General Services Administration has available an online copy of its popular brochure “ID Theft: When Bad Things Happen to Your Good Name” at http://www.pueblo.gsa.gov/cic_text/money/id-theft/idtheft.htm.

The Federal Trade Commission has also created a centralized reporting system for victims. The FTC has an “Identity Theft Hotline” at 1-877-IDTHEFT (438-4338). Once notified, the FTC puts the information into a secure consumer fraud database and may possibly share it with other law enforcement agencies in an attempt to both stop the fraud, and prosecute the thieves.

While some may think that the recent data theft at UT may not affect them, or “is no big deal”, think again, and be prepared.

For more information on the Tulsa Computer Society click here