Be careful who you hire and who you fire – from regular employees to temps, who you let have access to data can turn into an identity theft nightmare for your customers and clients.
In July 2009 a temporary employee of a Chicago area AT&T office was indicted for identity theft. Apparently she and two other women were using stolen, confidential data acquired through her employment at AT&T and using that information along with random photos to create an identity. The trio was able to steal approximately $70,000.00 through “payday loans” before being caught.
How did they make money temporarily?
After stealing personal data from some 2,100 employees of AT&T, random photos were used to create fake driver’s licenses. Then individual bank accounts were established for the alleged 130 victims and payday loan request were made through the internet. The money was transferred into the bank accounts. Victims became aware of the scam when they were contacted by collection agencies when the loans were not paid back.
Penalties for wire fraud and identity theft are anything but “temporary”
If convicted, these women will have to forfeit the $70,000.00 and their computer equipment. They could be sentenced to time in a federal prison, since wire fraud is one of the included crimes. Each count of wire fraud carries a maximum of 20 years in prison, and a $250,000 fine.
Temporary Employee at a Doctor’s office exposes patients to identity theft
Normally you think that a visit to the doctor’s office for a flu shot is to help you remain safe and healthy. Not so for some patients of a doctor in Charleston, West Virginia. Patients there had their personal information included, names, and date of birth, social security number and credit card information stolen by a temporary employee “helping” out during flu season. The Charleston Gazette reported,
“The Kanawha-Charleston Health Department is sending 1,000 letters to people who received flu shots from the agency between Oct. 1 and Dec. 31, warning them that their personal information might have been stolen by a former department temporary worker. Jameelah Jossiah, 24, a former flu clinic medical billing clerk, was charged with computer fraud after allegedly making a $400 purchase at the South Charleston Wal-Mart with a credit card obtained illegally under the name of a woman who received a flu shot from the Health Department last fall.”
Temporary employees aren’t the only ones who are cashing in on access to data while they work. In May, 2009, 18 people were indicted for identity theft and bank fraud after “harvesting” data from unscrupulous bank tellers regarding approximately 500 intended victims. Through a bank tellers willing assistance from several Manhattan area banks, information such as names, social security numbers, bank account numbers and bank balances. This information was used to create counterfeit checks and checking accounts and then accomplices to this ring of thieves would cash the counterfeit check and split the money between them.
In a recent survey by Symantec and Poneman Institute, 59% of the 945 people surveyed admitted to stealing data and information from their employer when leaving employment, whether willingly or through termination. According to this survey email lists and contacts were those most susceptible to theft. The survey also found that far too often companies were “slow” to revoke an ex-employees access to the computer systems.
In an interview with SC Magazine, Mike Spinney, senior privacy analyst at the Ponemon Institute, told SCMagazineUS.com Tuesday in an email that the economic crisis plays a role in these findings.
“As news reports and rumors swirl related to a falling economy and job-loss anxiety grows, people feel greater pressure to make rash decisions based on a fear of finding themselves in dire financial circumstances,” Spinney said.
In times of economic hardship, people are tempted to do things they normally wouldn’t do, and that includes stealing confidential data, Phil Neray, vice president of strategy for database security company Guardium, told SCMagazineUS.com Tuesday.
Protect your clients and customers through; examining boxes before they leave the office, they may contain more than your employees personal information, and provide data protection by revoking access immediately to computer systems, and carefully deciding which employees have access to what information.
These instances of identity theft just go to show you can’t be too careful who you hire, and who you fire.