[Fwd: [Dataloss] CA: Identity Thefts Traced to Graduate Healthcare]

[Arshad Noor <arshad.noor@strongauth.com>]

Identity thieves are taking the theft of personal information to new
levels - filing IRS tax returns in the names of the victims for tax
refunds!  This is the result when business processes (eFiling) are
modified to take advantage of electronic efficiency without taking
security into consideration.

There are thousands of such business processes waiting to be exploited
IMO - credit card numbers are just the tip of the iceberg.  What makes
this especially problematic is that most business processes are not as
standardized as credit card processing, and consequently have many more
vulnerabilities due to their variability.

Companies and government agencies are well advised to start reviewing
their business processes for security - specifically authenticity and
integrity - before issuing any money or benefits.  However, this is
easier said than done - business people and management consultants
don't know enough about security, while security consultants don't know
enough about business processes.  Attackers will be sure to exploit this
gap for some time to come.

Arshad Noor
StrongAuth, Inc.

-------- Original Message --------
Subject: 	[Dataloss] CA: Identity Thefts Traced to Graduate Healthcare
Date: 	Tue, 3 Jun 2008 17:53:35 -0400
From: 	Michael Hill, CITRMS <mhill@idtexperts.com>
Reply-To: 	Michael Hill, CITRMS <mhill@idtexperts.com>
Organization: 	IDT Consultants, LLC
To: 	lyger <lyger@attrition.org>, <dataloss@attrition.org>

http://www.newuniversity.org/main/article?slug=identity_thefts_traced_to156

United Healthcare, the provider for UCI’s Graduate Student Health
Insurance Program, admitted that it was the source of identity thefts of
past and present UCI graduate and medical students on Wednesday, May 28.

Beginning in February, UC Irvine graduate students who attempted to
submit income tax returns electronically were informed by the IRS that
their had already been filed, provoking complaints to the UCI Police
Department to solve the identity thefts. To date, all 155 reported
victims were participants in UCI’s Graduate Student Health Insurance
Program.

UCI is currently making efforts to provide identity theft victims with
sufficient information to solve the problems caused by the situation.
UCIPD sent out the first crime alert on March 20 and has released
periodic updates with more information. In addition, affected students
will also be provided a guide to prevent identity theft and fraud in the
future.

Administration has assured students that data security is their top
priority. IT security teams meet regularly in discussion of security
problems and practices. UCI’s computer safety Web site, located at
security.uci.edu, provides students with information on how to protect
their computers from cyber attacks. The site also discusses recent
security concerns and email scams.

UCI’s financial aid office has set up emergency loans available to
victims of identity theft whose delay in receiving their income tax
refund has affected their financial status.

[...]