Author: Crown Information Managment

Strict security should be practiced when using smart phones, laptops, iPads . . .

Christopher Chaney, of Jacksonville Florida, has been accused of targeting the entertainment industry, by hacking into the personal e-mail accounts of celebrities. He was arrested after being charged with a range of cyber-related crimes. Investigators believe that Chaney used publicly available sources to mine for data about his victims, all of whom are associated with the entertainment industry.

Once Chaney gained access and control of an e-mail account, he would obtain private information, such as e-mails and file attachments, according to the indictment. In addition, investigators believe that Chaney was led to new victims by accessing the address books of victims whose computers he already controlled. “It’s important to remember that, although these victims appear to have been targeted based on their celebrity, similar methods may be used to illegally access any one of our computers,” said Steven Martinez, Assistant Director in Charge of the FBI’s Los Angeles Field Office. “Strict computer security should be practiced when using smart phones, laptops, desktops, iPads, or any other device that provides Internet access.”

-Associated Press

Affecting an estimated 4.9 million beneficiaries in TRICARE Military Health program . . .

A breach affecting an estimated 4.9 million beneficiaries in the TRICARE military health program, as well as a Nemours children’s health system breach affecting 1.6 million, will soon be added to the Department of Health and Human Services’ Office for Civil Rights’ tally of major breaches. Once the incidents are added it will bring the total number of Americans affected by breaches to a whopping 18.5 million people.

Toys For Tots Campaign Begins . . .

Crown Shredding will serve as a donation drop off for “Toys for Tots”. We

make it even easier for our clients to donate, by picking up any donations you have, at the time of your scheduled service. Last day for pick-up will be December 20th, 2011, so toys can be delivered on time!! Thanks to all the generous hearts, who have donated toys, over the past four years! Without you, this program would not be possible!!

Thieves are using unsecured wireless networks to infiltrate smartphones . . .

Imagine this:  You’ve been invited to deliver a speech, to the United States Treasury Department, on Identity Theft.  The Conference will be held at Disney World, so you take your family along to enjoy the resort and parks.  When you return home you find you have become a victim of identity theft.  Likely, the thief used a smartphone to snap a picture of you purchasing an item, when you pulled out your credit card and ID for verification.

Thieves are also, now using unsecured wireless networks and infiltrating smartphones through Bluetooth technology.  Experts say it is best to have updated virus software, and to encrypt sensitive data and never type passwords or credit card number over an unsecured wireless network.  They also recommend that you keep your phone’s Bluetooth turned off unless you are actively using it and monitoring it, to prevent unauthorized access to the phone.

Info provided by Sarrelson Law

Identity Theft may have reached an all time low!

Crystal Thorne, 23, who worked as a coordinator at the Jewish Community Services of South Florida Office, in North Miami, was arrested on charges of selling “Holocaust Survivors” identity information, for a sum of $1,000. Thorne’s job gave her direct access to the personal information of client’s who regularly seek assistance from the Holocaust Survivor’s Assistance Program.

Information used to open credit cards and bank accounts. . .

Jonathan Morris II, the owner of St. Augustine-based cleaning company Mr. Janitor, was arrested for allegedly stealing personal information from some Eagle Harbor Country Club members.

According to the Clay County Sheriff’s Office, Morris used that information to open credit cards and bank accounts in alleged victims’ names.  Morris is scheduled for a pre-trial hearing in January.  His charge is listed as identity theft of more than twenty persons or $50,000.

Customer account information included in breach . . .

Recently, the records of the large on line store Zappos.com were compromised. This breach affected 24 million customers. Included in the breach was customer account information, including names, email addresses, billing and shipping addresses, phone numbers and the last four digits of credit card numbers and encrypted passwords.

The questioned posed by some would be ” Why was Zappos holding on to this information? If the answer is they needed it , then why wasn’t it stored elsewhere and encrypted rather than stored in plain text, except for the initial passwords for access.”

A professor from Indiana University’s Maurer School of Law urges organizations to carefully review whether they are collecting and storing more data than they need and put a retention schedule in place. The simple rule is this, “The more data you have the more you are responsible for, which exponentially increases your risk.”

HITECH rule an important enforcement tool . . .

BlueCross-BlueShield of Tennessee has agreed to pay a$1.5 million settlement and carry out a corrective action plan in the wake of a 2009 breach that affected more than 1 million individuals. In addition to the $1.5 million payment, the settlement calls for the health insurer to review, revise and maintain its privacy and security policies and procedures; conduct “regular and robust” training for all employees on their responsibilities under the HIPAA privacy and security rules; and perform reviews to ensure compliance with the corrective action plan, according to anHHS announcement.

“This settlement sends an important message that OCR expects health plans and health-care providers to have in place a carefully designed, delivered and monitored HIPAA compliance program,” says Leon Rodriguez, director of the HHS Office for Civil Rights. “The HITECH breach notification rule is an important enforcement tool, and OCR will continue to vigorously protect patients’ right to private and secure health information.”

What to do if you might be a victim of identity theft . . .

Those of us in the information security business talk about identity theft all the time. Identity Theft has risen 13% from 2010 to 2011. We thought it might be a good idea for our clients to have a check list of things to do if you feel you have become a victim. Remember: “THIS IS NOT LEGAL ADVICE”. It’s just a suggestion on where you can start when you feel victimized!

Call the IRS and inform them you believe you are a victim of identity theft. (Often the way you will find out that something is amiss is when you don’t receive your refund check. It may have been issued to the thief who has assumed your identity).

Fill out IRS Form 14039 and fax or mail back to IRS.

Contact the Social Security Administration ( If you go to their website they have an Identity Theft webpage). If you contact them by phone they will tell you to contact the Federal Trade Commission.

Contact the Federal Trade Commission (877-438-4338). After you contact them by phone, you will be sent an Identity Theft Complaint Affidavit.

Contact your local police department and tell them you have been a victim of identity theft. Make sure you get a case number and follow up in a few days to get the full police report. Make sure you put that police report in your Credit bureau file.

Contact one of the three credit bureaus: Equifax at 800-525-6285, Trans Union at 800-680-7289, or Experian at 888-397-3742.Tell them you are entitled to make a victim-of-fraud statement that will be put into your credit history along with your police report.