Recently reported by the New York Times and the Herald Tribune (Sarasota’s local newspaper), a little bit more than 88% of the 38,500 students in the Sarasota school district had personal information posted on the Internet for nearly two months.

The school district has a contract (for now) with Princeton Review to maintain a database of Sarasota County Planning Tools, to help teachers develop tests and keep track of students’ grades. The information, which contained students’ names and school ID numbers (which in some cases were Social Security numbers) from this database was accidentally posted on the Internet for two months before it was finally removed this past Monday. Along with names and ID numbers the information also included students’: birth dates, sex, ethnicity, disabilities, and standardized test scores. The files were able to be found by using a search engine and Princeton Review claims the files were released when the company recently switched ISPs.

Sarasota students were not the only ones affected by this mistake, Fairfax, VA. students (nearly 74,000 of them) had their information posted on the Internet as well. The company was hired to measure student performance and nearly got 74,000 students’ identities stolen. Hackers could have had a field day with this information–but if we recall correctly from a previous Identity Theft post, it usually takes the Identity Theft victim three months to realize something is wrong. In the case of a young student that has no need to check their credit ratings; it could be even longer.

The article hints around as to who is to blame here. Of course Princeton Review is at fault because the security of their system and website has been compromised and over 100,000 students had their personal information sitting on the Internet for two months. Not to mention that with the world wide web, nothing that has been posted can truly be deleted–some cached record may be sitting on a server with the information.

Is the school board to blame as well? Would they need to compile this massive database of personal information if standardized tests weren’t stressed as the focal point of a student’s education? While I am not trying to start a debate as to the validity of standardized tests, it is just an interesting subject to touch on. What happened to the days where teachers logged the information in their grade books? Is it necessary to have a massive database with every bit of information about a student? These are all questions that the school board will be answering when deciding whether or not to keep Princeton Review’s contract.

In this case I would say protecting personal information trumps the ease of sticking everything on some site to analyze the students performance. It is great for parents, students and teachers to have access to this information so they can all keep track of performance and make sure nothing is wrong. Is the risk of having this happen again worth it? Do students even get and interim reports and report cards anymore? I remember that being a pretty good gauge as to what I needed work on.

While we write blogs and update our site with useful tools and information to protect your Internet privacy, 84 million people a year fall victim to identity theft. With fraud totals reaching $49.3 billion in 2007, it is very important to take the first step and proactively find ways to keep your information private. We provide blogs, articles, and products that protect you, but the 84 million people a year who have fallen victim to identity theft have little help or support.

Many victims find out within three months of the theft…that means the person who stole the identity has had a three month head start on spending your money and opening up false accounts. This fact, along with the fact that the average identity theft victim can spend 330 hours repairing their credit, shows that ID theft is a dangerous crime. 330 hours = roughly 13 full days. That means a person can spend 13 24-hour days (or 41 8-hour work days) trying to fix the damage from ID theft. The FTC has created a section of their website that contains tools and information for the victims of identity theft so they can begin the rebuilding process as quickly as possible.

If you are the victim of identity theft you should do these four steps immediately:

1. Review your credit reports and place a fraud alert (or extended fraud alert) with the credit bureaus.
2. Close the accounts that have been tampered with or opened fraudulently.
3. File a complaint with the FTC.
4. File a police report.

This is the shortened version of the list, but these are the steps you should follow to ensure the situation is dealt with asap. The following tools for victims of identity theft will be useful in conjunction with the four steps:

• You must always keep a log of your actions and findings when gathering information from an identity theft. The FTC has provided a “course of action chart” to help you keep detailed information for your reference.
• FTC ID Theft Complaint form. This form found on the FTC’s Consumer Protection page can be combined with the police report to create an Identity Theft Report, helping victims get the ball rolling sooner and recover quicker. The report is used to block fraudulent information from appearing on your credit report, and prevent companies from collecting debts due to an identity theft.
• ID Theft Affidavit (pdf). This form is less detailed and does not offer as much protection as the Identity Theft Report, but is still a very useful tool to have. The eight page document must be filled out in order to absolve you of any debt incurred due to identity theft, or to gain access to the information a company has on the identity thief they dealt with.
• Victim’s Statement of Rights. This statement details your rights under federal law (and also has a link to state resources).
• You will have to write many letters to credit card companies, banks, and other companies that have been used during your identity theft. The FTC provides a list of sample letters for various purposes that are useful and time saving tools (note: Word documents):
• Requesting fraudulent transactions or account information
• Requesting credit bureaus to block fraudulent information from appearing on your credit report
• Disputing charges on an existing account that has been tampered with
• Disputing charges on an account opened by the identity thief
• Law Enforcement(pdf) cover letter that should be attached with your FTC Identity Theft Complaint

These tools will help the identity theft victim reduce the number of hours and the amount of effort needed to resolve an identity theft. Of course always remember the best offense against an identity theft is a great defense!

We’ve all heard about Phishing; i.e. getting phony e-mails asking you to give up important personal information. We also all know about scams involving telephone solicitation.

Now we have Smishing which is getting personal information by sending bogus text messages to your phone. According to an article in the Kansas City Star, warning consumers about a new, multifaceted identity theft scam where victims are targeted by phone, text messages and e-mails, we now have to worry about fake text messages.

Here’s my question: “How many of us get text messages from their banking or brokerage firms?” My guess is not many at all. Therefore why would anyone believe a text message could be from their financial institution, especially in this age of ever more clever identity theft criminals?

It is sad that people get taken in by these thieves. However we all must continue to be cautious when we get a suspicious communication regardless of the way it was transmitted. The first step in preventing identity theft is to be skeptical of any communication that asks for personal information. Without willing takers, identity thieves would have a harder time collecting this information.

The front page of Yahoo! News has quite an interesting story about Identity Theft and Privacy. Everyone may know Todd Davis as the creator of LifeLock who has his real Social Security Number displayed for the world to see and guarantees that it will be safe. Well, interestingly enough, his guarantee didn’t stand.

Customers from three different states are suing him because they claim the product doesn’t work, a claim Mr. Davis unfortunately knows all too well, since he was also hacked and had his identity stolen. At least 20 people tried to obtain a driver’s license in his name, and in 87 different attempts to steal his identity one person managed to succeed and get himself a $500 payday loan in Mr. Davis’ name through an online company.

LifeLock charges a monthly fee to monitor your information and set fraud alerts with the credit bureaus. The lawsuit, which is seeking class-action status, will attempt to shed light on how much protection these companies can actually provide.

It is unfortunate that this happened to Mr. Davis, but he didn’t follow the basic rule that everyone learned when they were 12….DON’T GIVE OUT YOUR SOCIAL SECURITY NUMBER. Nobody can guarantee this type of protection and LifeLock proved it. In Friday’s Internet Privacy post, I mentioned that, “You can safely assume that you have zero privacy while surfing the Internet, and privacy protection goes above and beyond the latest Norton update. Privacy on the Internet is not given to you. As an Internet user, you must proactively search ways to protect your Internet Privacy while online.” Well, this is a perfect example…Customers thought that LifeLock would be secure enough that they didn’t have to worry about anything else. While LifeLock is without a doubt an excellent product, common sense must be used at all times.

An article by the Malaysian Star Online recently released an article about protecting yourself while using the internet. The main focus was placed on phishing, trolling, and web bugs. According to the article:

“Phishing refers to Internet scams whereby e-mails are sent purportedly from banks or other companies, asking users for sensitive personal information, which are then used in identity thefts.”

“Trolling is when someone uses specific phrases in a chat group to “bait” and target people who respond in a certain way.”

“Web bugs are tiny image files that contain programmes that install themselves undetected on your computer and transfer information back to the source.”

They also go on to discuss other things such as cyber-stalking. The article discusses how women are at a higher risk for facing these threats, which is discussed in greater detail throughout the rest of the article.

Of course these threats, and many more, affect anyone who uses the internet. Cyber criminals are smarter and more technologically advanced than ever, and are using that to their advantage. About 15 million people are affected by some form of identity theft every year. Those numbers increase every year, most likely because people do not pay attention to the threats facing them while using the internet. Using Norton, or whatever anti-virus program, isn’t enough. Anti-virus programs only protect a fraction of the threats. Proxy servers and other tools are very useful to protect yourself while online.

Some basic tips include:

Protecting your password

Keeping up-to-date records of your accounts/bills

Check your credit report regularly

Do not use debit cards to make online purchases, use credit cards instead.

Do not post or give out prvate information to a website without researching it first (i.e. reading the privacy policy, etc)

Use elaborate, complex passwords.

Come to PrivacyView’s Support/FAQ section for more information on general internet knowledge and ways to protect yourself.