Custom Search

August 31, 2009

Mixed file case against Equifax settled today!

I reported on a mixed file case against Equifax back in June. The case involved Equifax mixing the credit files of Robyn Mueller and her twin brother Robert Mueller. Unfortunately for Robyn, Robert's credit was not so good. As a result, Equifax's inclusion of her brother's credit on her credit report caused Robyn to be denied credit, including a home loan. The link to my previous report is here -

Shortly before the Altanta Journal-Constitution (and I) reported this story, Robyn's attorney Steve Koval brought me in to help him on the case. I am glad to report that the case settled today for a confidential sum from Equifax, including an apology to Robyn from Equifax's attorney Lewis Perling. The settlement occurred after a six hour court ordered mediation before Magistrate Judge Cole in Gainesville, Georgia.

Equifax was accused of violating 15 U.S.C. 1681e(b)'s requirement to follow reasonable procedures to assure maximum possible accuracy of the credit reports Equifax generated regarding Robyn. Equifax was also accused of failing to perform reasonable investigations of Robyn's disputes, which Equifax was required to perform by 15 U.S.C. 1681i. Amazingly, Equifax's own furnishers repeatedly told Equifax to delete Robert Mueller's accounts from Robyn's credit report, yet Equifax simply failed to delete the erroneous accounts. Also, in the few instances where Equifax did delete the erroneous accounts, Equifax reinserted many of those accounts on Robyn's credit report without informing her of the deleted accounts' reinsertion. Such failure to notify of reinsertion is another violation of 15 U.S.C. 1681i.

If anyone reading this post is a victim of a mixed file (regardless of which credit bureau is doing the mixing), please feel free to contact me for advice or representation. You may contact me by posting a comment to this blog or directly at

Muslim NY cop

Identity theft can affect anyone ... and in many different ways. Here's the story of a NYC cop who just happened to be a Muslim. He also happened to be an identity theft victim which caused him to be the target of Air Marshalls and to lose his gun and badge for more than a year. One of the most amazing things - he wasn't even trying to fly. Here's the story -

"A Muslim NYPD cop is set to sue the city and the feds after he was targeted by air marshals, triggering a year-long probe in which he was stripped of his gun and badge.

Shahin Miah, 32, was eventually cleared of wrongdoing and is back on the job - but the Bangladeshi-born officer says he's tormented by colleagues who call him 'Al Qaeda.'

'I'm a good citizen of this country,' Miah told the Daily News in an exclusive interview.
'All my family are hardworking. We are normal. This only happened because my color is brown and I'm Muslim.'

'Nobody has ever given me an answer - what made them think I was a terrorist?'

The NYPD investigated the rookie because the feds suspected him of overseas money laundering, but it turned out he was the victim of identity theft.

Miah says that's news to him - and insists that if he had not been racially profiled at Kennedy Airport, the entire mess could have been avoided.

It started July 4, 2007, when Miah drove his sisters and nieces to JFK for a flight to London and accompanied them to the British Airways counter.

Two air marshals approached and asked him for ID.

'They laughed at me when I showed my ID, and one guy says, 'I work for the federal, you work for the city - I have more authority than you,'' Miah said. 'He said I looked 'suspicious' and asked me how long I had been in the country.'

They let him leave, then came running in the parking lot and demanded his driver's license, Miah said. He was detained for an hour while they ran his name through databases, he said.
When Miah returned home to Queens, a sergeant from the local precinct showed up and said he'd been notified of the airport stop. The next day, Miah was ordered to turn in his badge and gun while he was investigated.

'It was insulting,' said Miah, whose uncle died working at Windows on the World on 9/11.
Deputy Police Commissioner Paul Browne said the NYPD placed Miah on modified duty because of the feds' suspicions.

'He was modified until it was determined that he was the victim of identity theft, and that someone using his identity was engaged in overseas money laundering,' he said.
A spokesman for the air marshals said racial profiling is not practiced.

Miah immigrated to New York in 1993, served as a police cadet and worked in a youth program for the Queens district attorney before joining the force - his "dream job" - in 2006.
He's assigned to Brooklyn's 75th Precinct and was injured last month capturing a robber.

He intends to sue the city and the Department of Homeland Security for 'the worst nightmare I ever went through in my life,' he said. 'It's like someone on the street making a false allegation against you - but this was the government.'"

New ID theft scam ... using jury duty no less

I just learned of a new identity theft scam that consumers need to watch out for. The New Jersey judiciary is warning consumers about a potential identity theft scam where the identity thieves pose as jury managers to obtain consumers' personal identifying information such as their Social Security numbers.

Apparenlty, these identity thieves pose as officers of the Court and call potential jurors and request their personal identifiers for use in jury duty. They then use this information to steal the consumers' identities.

The New Jersey judiciary warns "'The New Jersey Judiciary does not and has never asked for personal identifiers over the phone, by e-mail or in person,' said Judge Glenn A. Grant, acting administrative director of the courts. 'Furthermore, the Judiciary does not make follow-up phone calls nor send e-mails to jurors. Those contacts are scams. All notifications to potential jurors are conducted through the U.S. Postal Service.'"

Judge Grant's advice is good for consumers everywhere. Watch out for this scam and never, NEVER, give out your Social Security number to anyone that calls you.

August 25, 2009

Ruling on the way in Experian v. LifeLock

In the battle of the titans ... er, I mean, titanic failures of consumer protection, we can expect a ruling soon. This case is like Darth Vader taking on the Witch King from the Lord of the Rings, or Dr. Doom v. The Joker or Dr. Kevorkian v. Michael Jackson's doctor ... bad guy v. bad guy (or, in the case of Experian v. LifeLock, maybe bad guy v. bad buy?) Anyway, word has it that a ruling is on the way ...

From the Arizona Republic at -

"A U.S. District Court judge in the Central District of California is expected to rule this week on competing motions in a legal battle between credit bureau Experian and Tempe-based identity-theft protection firm LifeLock Inc.

Judge Andrew Guilford partially sided with Experian in May when he ruled LifeLock's practice of enrolling consumers in 90-day fraud alerts with the three main credit bureaus violates the Fair Credit Reporting Act. Experian argues that the law does not allow corporations to set the alerts on consumers' behalf.

In response, Experian sought a permanent injunction against LifeLock's practice, and LifeLock asked Guilford to reconsider his initial ruling. A hearing on both motions took place Monday in Santa Ana, Calif."

Doubt the judge will change his mind, but you never know. As for me, I'm siding with Hannibal Lecter ... I mean Experian, since I don't agree with anyone (corporation, person, puppy) placing a fraud alert on their credit report when there is not even a hint of an allegation of fraud.

ATMs vulnerable to ID theft

Those darn identity thieves are getting craftier all the time. Here's the latest from

"Identity theft last year put Citibank-branded ATMs in 7-Eleven stores in jeopardy in the US.

Law enforcement officials have said perpetrators penetrated a network linking 2,200 kiosks inside 7-Eleven stores with Citibank in late 2007/08.While Citibank’s logo was shown on the screen of the ATM’s, the network and machines were owned by Texas-based CardTronics, which took in monthly fees from Citi. A group of fraudsters lifted card and PIN codes from the system while their cohorts manufactured new cards that were used to get about $2m in cash from Citibank ATMs elsewhere.

A set of prepaid iWire cards was also compromised, leading to about $5 million in fraudulent withdrawals, most of which was sent to Russia."

August 22, 2009

Obama almost gets it right

In June, President Obama released a plan to revamp the government's financial regulatory system. The primary feature of the plan is the creation of a new federal agency called the Consumer Financial Protection Agency ("CFPA") whose primary focus will be to enforce consumer protection laws.

Kudos to President Obama for recognizing the problem with the lack of enforcement of the consumer protection laws such as the FCRA. President Bush could have cared less the enforcement (or lack thereof) of the FCRA. So consumers are in much better hands now with President Obama in the White House.

But the key to increasing enforcement of the FCRA is not to switch enforcement agencies from the FTC to the CFPA. The key is to increase the penalties against violators of the FCRA, thereby making it more attractive for the nation's army of attorneys to sue the credit bureaus and furnishers who violate the FCRA. A large percentage of my practice as an attorney is comprised of representing consumers under the FCRA. It is so so so easy to find multiple violations of the FCRA in every case. The problem, though, is that it is very difficult to quantify the damage caused by these violations. IF the FCRA contained automatic damages of sufficient significance for violations of the FCRA, attorneys would flock to these cases and make the credit bureaus and furnishers toe the line or pay the fine.

Wholesale Home Lenders agrees to settle FTC claim

Wholesale Home Lenders has settled a claim filed against it by the FTC for failing to include the mandatory opt out language with its prescreened offers sent to consumers. Here's the facts from

"A home mortgage lender that sent prescreened offers of credit to consumers without properly informing them of their right to opt out of receiving such offers in the future has agreed to settle Federal Trade Commission charges that it violated federal law. The settlement requires the company to pay a $20,000 civil penalty and bars future violations.

Prescreened offers of credit or insurance typically are mailings sent to selected consumers based on information in their credit report indicating that they meet the offering company’s criteria. The Fair Credit Reporting Act (FCRA) permits lenders or insurers to make prescreened offers if the offer clearly and conspicuously discloses that, among other things, the consumer’s credit report was used to make the offer and that the consumer can opt out of receiving such offers in the future. The FTC’s Prescreen Opt-Out Notice Rule (Prescreen Rule) requires that each written solicitation contain a short and a long notice, and it specifies the format, type size, and content in order to make the notices simple and easy for consumers to see and understand.

According to the FTC’s complaint, the company violated the FCRA and the FTC’s Prescreen Rule by not providing opt-out notices that comply with the Rule. In some instances, for example, the notices did not contain a short notice on the front page of the solicitation as required by the Rule, or the notices did not comply with the Rule’s format requirements.

The settlement requires Metropolitan Home Mortgage, Inc., doing business as Wholesale Home Lenders, to pay a $20,000 civil penalty and bars the company from failing to comply with the Prescreen Rule. The settlement also contains record-keeping and reporting provisions to allow the FTC to monitor compliance with the order."

You can read the full article at -

One Tree Hill star is also an identity thief

From Andrew Ramos at

"Antwon Tanner, one of the stars of the CW's 'One Tree Hill,' pleaded guilty in Brooklyn Federal court Friday to illegally selling Social Security numbers for $10,000.The 34-year-old actor who plays Antwon 'Skills' Taylor on the teen drama was arrested and charged back in April after officials said he sold 16 numbers and three fake cards to undercover Immigration and Customs Enforcement officers during a sting operation in Brooklyn.

In court, Tanner told U.S. District Judge Carol Amon that he played a middleman in the identify theft scam and at the time was aware that what he was doing was illegal, because the numbers would be used to fraudulently acquire goods.

The 'One Tree Hill' actor is also under investigation in California, prosecutors revealed in court Friday. The subject of that probe, however, was not identified.

Tanner faces up to a year in prison for his role in the identity theft scam.

The actor has appeared in the prime time drama for five seasons and divides his time between Los Angeles and Wilmington, N.C., where 'One Tree Hill' is filmed. Tanner has also appeared in the movie 'Coach Carter' as well as the TV shows 'Boston Public,' 'CSI' and 'NYPD Blue.'"

$22 million identity theft scam involving AT&T and T-Mobile

Dan Goodin writes about how current and former cell phone dealers accessed the databases of AT&T and T-Mobile and stole the personal identifiers of customers in a four year identity theft scheme. Here's a quote from his article:

"Federal prosecutors have accused eight individuals of fraudulently obtaining $22m worth of wireless devices and services from AT&T and T-Mobile in an elaborate four-year scheme that exploited weaknesses in the cellular providers' network.

Between 2005 and July this year, two of the defendants used their status as current or former authorized cell phone dealers to tap in to databases maintained by AT&T and T-Mobile, according to an indictment unsealed earlier this week in federal court in Brooklyn, New York. They then stole the names, addresses and personally identifying information of cellular customers."

Patient information stolen at John Hopkins

A John Hopkins employee has pled guilty to aggravated identity theft for stealing patients' information. Michelle Courtney Johnson, 31, worked as a patient services coordinator at Johns Hopkins. She has admitted to stealing patients' personal identifiers and selling them to her co-defendant Shanell Bowser. Bowser then allegedly used the information to open credit cards, using those cards to buy electronics, clothes and withdraw cash.

Johnson also faces charges of conspiracy to commit bank fraud, to which she also plead guilty. Bowser has also plead guilty. Both are to be sentenced at a later date.

August 20, 2009

Identity theft arrest leads to high speed chase

"Howard County [Maryland] police have charged four people from Florida in a widespread scheme that involved stealing credit-card information, financial records and personal information from as many as 100 victims in four states, authorities said.

On Aug. 10, police were called to the Best Western hotel in the 6700 block of Dorsey Road in Elkridge after a housekeeper found suspicious documents in a room’s trash can. When police tried to stop one of the room’s occupants as she drove near the hotel, she sped away and later collided with three Howard County police cars. Marie Arendas, 24, also tried to strike an officer with her car, police said.

The others arrested were identified as: Lamisha Loffett, 33, of Fort Lauderdale, Fla.; Jamie Frazier, 32, of Plantation, Fla.; and Wayne Curry, 35, also of Lauderhill."

Thanks to the for this article.

Data breach at the Raddison

From an article on __

"There's been another credit card security breach, this time at the Radisson hotel chain.

Experts have a slew of important information, though, that can help you protect your credit information when you're away from home. At hotel check-in, you're often handing over your name, address, and credit cards – the keys to your identity, given to complete strangers. It's enough to put many travelers on alert.

'We always check our records just in case,' Miami resident Maria Parets said. 'I guess I don't [check my records],' Los Angeles resident Don Pittman said. 'I haven't given a second thought to it.' 'I think people are a bit paranoid about identity theft and all that,' Pierre Corsett, visiting from London, said.

Just as identity theft has risen, so have concerns. On Wednesday, the Radisson hotel chain revealed that a hacker accessed their computer system, nabbing guests personal information and credit card numbers. Customers exposed to the theft stayed at hotels between November 2008 and May 2009.

Of the 400 properties run by Radisson, only hotels in the US and Canada were hacked. While Radisson doesn't know how many customers are affected, they did take an unusual step: taking out large ads in major national newspapers warning customers they could become victims of identity theft."

Federal authorities are investigating the data breach. If any of you become a victim and need help or advice, remember you can contact me by posting a comment to this blog or by e-mailing me directly at

Is your own computer stealing your identity?

Is a virus or other malicious code on your computer helping identity thieves steal your identity? According to an article on, the chances are good.

"In the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs, part of computer security company Panda Security. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year."

The article went on to say "Panda reports receiving more than 35,000 new malware samples -- viruses, worms, Trojans and the like -- every day. Trojan software designed to steal bank details, credit/debit card numbers, or online account login names and passwords represents 71% of this total. That's up from 51% in 2007.

Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

The methods used to propagate identity theft malware have also become more diverse. Whereas e-mail used to be the primary medium for malware distribution, social sites have become a major attack vector, along with infected Web pages, SMS messages containing Web links, and spyware that attempts to convince users to pay for fake antivirus programs. "

The rest of the article can be found here -

The best defense - good anti-virus and anti-spyware software. That ... and a good consumer attorney.

New FCRA case - Josey v. Sallie Mae, Inc.

A new case came out of the United States District Court for the Southern District of New York (which I am happy to say I have had a case or two in) on August 17, 2009. The case is styled Yolanda Josey v. Sallie Mae, Inc. and U.S. Dept of Education. The case is yet another attempt by a pro se plaintiff that fails miserably. When will people learn not to try to represent themselves.

Josey believed that Sallie Mae imposed an improper interest rate under the Higher Education Act, failed to properly credit Josey's account for payments she has made, falsely and inaccurately reported the loan balance to the big 3 credit bureaus, and violated her rights under the Debt Collection Improvement Act of 1996, her constitutional Due Process rights, right to notice of debtor's rights, and congressionally mandated consumer protections notice of student loan borrowers rights to different payment options and exemptions. I will focus only on the attempt at alleging an FCRA claim but, suffice it say, all the claims failed thanks in part to the lack of legal training of the plaintiff.

Josey would have been well served had she carefully read 15 U.S.C. 1681s-2(b), which requires notice of a dispute to a consumer reporting agency that is then relayed to the furnisher before any duty of the furnisher is triggered under the FCRA.

The Court found that "Josey, however, lacks standing under § 1681s-2(b) because she did not plead in her complaint (or even in her opposition to the instant motion) that Sallie Mae received notification from a consumer reporting agency regarding the accuracy of information furnished by Sallie Mae, as required under the FCRA. See, e.g., Ostrander v. Unifund Corp., 2008 WL 850329 at *3-4 (“[T]he court finds that plaintiff has failed to allege facts to state a plausible claim for relief under FCRA § 1681s-2(b)” because plaintiff did not plead that defendant data furnisher “received notice of the disputed information from a consumer reporting agency.”); Prakash v. Homecomings Fin., 2006 WL 2570900 at *3, 4-5 (“[P]laintiff lacks standing to bring his claims under the Fair Credit Reporting Act” where “nowhere in the complaint or opposition to the instant motion does plaintiff allege that defendant [data furnisher] received notice of the dispute from a credit reporting agency.”).

Furthermore, although Josey alleges that she “sent several notices” and “made phone calls” to Sallie Mae demanding it provide “several copies of documents including the original promissory note, terms and conditions of agreement, payment history and invoices” ... such actions, even if interpreted to constitute receipt of notice of disputed credit information by Sallie Mae, do not establish standing under the FCRA. In order to establish a private right of action under § 1681s-2(b), Josey must allege, which she has not, that a consumer reporting agency notified Sallie Mae."

Josey never disputed the error directly to the credit bureau or, if she had taken this step, she failed to allege that she had taken this step. All it took was an allegation that she had disputed the alleged error to one or more of the credit bureaus (who then would have relayed the dispute to Sallie Mae) to trigger Sallie Mae's duty to perform a reasonable investigation of the dispute pursuant to 15 U.S.C. 1681s-2(b).

Once again, this bad result could have been avoided by some competent representation by an attorney. People, please, if you need representation, send me an e-mail. If you have a decent case, either I will take it or refer you to a consumer attorney in your state who can represent you. I pretty much know a good consumer lawyer in every state, even Hawaii (but not Alaska, at least not yet).

August 19, 2009

Yeah! Phase one of the new credit card law goes into effect tomorrow

The first phase of the new law governing credit card companies goes into effect tomorrow August 20, 2009. The first phase unfortunately does not carry the force of some of the provisions that go into effect later. Here's what the first phase means to you:

1. Currently, credit card companies only have to give you only 14 days from the date the bill is mailed to pay your bill (meaning by the time you get the bill you have maybe 12 days at best left to pay). So if you go out of town for a week vacation, under the old law you were apt to be paying a late fee since you might only have a few days to get your payment in before it is past due. Fortunately, the new law requires that credit card companies mail your bill at least 21 days before payment is due, giving you an extra seven days to pay.

2. Currently, credit card companies must give you 15 days notice before upping your interest rate, lowering your credit limit, or making other significant changes to your credit card agreement. Under the new law, the credit card company must give you 45 days notice.

3. The best part of the first phase of the credit card law is that you have the right to reject major changes to your credit card agreement, including increased interest rates, but you must close the account and agree to pay off the account in five years.

"So (consumers) can effectively convert their balance into a closed-end loan that they can pay down over five years. That's a tool that they didn't have up until now," said Eleni Constantine, the director of the Pew Charitable Trusts Financial Security Portfolio.

The next phase of the law goes into effect in February. The second phase includes a provision that prohibits credit card companies from raising interest rates on existing balances unless the borrower is more than 60 days delinquent. How awesome is that? The second phase also requires a co-signer for any credit card applicant under the age of 21 and prohibits retroactive interest rate increases.

Go President Obama for getting this one passed. The playing field just got a little more level for the little guy.

August 17, 2009

BREAKING NEWS - Largest Identity Theft case ever

What is being billed as the largest identity theft case ever came to light today. Here's the article from Fox News:

"Albert Gonzalez of Miami, 28, is charged with acting with two unnamed conspirators to locate large corporations and steal vital account information in a crime that the Department of Justice calls 'the single largest hacking and identity theft case ever prosecuted.'

Authorities say more than 130 million credit and debit card numbers were stolen in a corporate data breach involving three different corporations and two individuals. The card numbers, along with additional account information, were allegedly stolen from Princeton-based Heartland
Payment Systems; 7-Eleven Inc., a Texas-based convenience store chain and Hannaford Brothers Company, a Maine-based supermarket chain.

The indictment also mentions two other unidentified corporate victims as being hacked by the co-conspirators.

According to the Justice Department, the suspects used a sophisticated hacking technique called an 'SQL injection attack,' which 'seeks to exploit computer networks by finding a way around the network's firewall to steal credit card and debit information.'"

Once again, the media gets "identity theft" confused with "account takeover". If, like this article says, the "identity thieves" were only able to steal credit card numbers and debit card numbers, then the only thing they can do is access (or sell access to) the different accounts. Identity theft is committed when an identity thief uses the personal information of another to, for instance, open a new account. Simply taking over an account already in existence is not identity theft but is instead an account takeover. Account takeovers happen a lot more than identity theft. In fact, I am even a victim of an account takeover. The good thing is that credit card companies are much better about correcting account takeovers than they are about correcting the problems caused by identity theft. In fact, as soon as I alerted Discover that someone had made charges on my account, they removed the charges, changed the account number and issued me a new card. Pretty painless.

Identity theft, on the other hand, is anything but painless. Identity theft victims go through feelings of lost control, of being trapped, thoughts that no one is listening or willing to believe them. Suddenly bankers that they have spent years building a relationship with believe what they read on the credit report over the history they have with customer. And banks, credit card companies and credit bureaus are terrible about correcting the problems caused by identity theft. You are guilty until proven innocent and the person deciding your innocence is not a jury of your peers but the companies that have a reason not to believe you, since you are the only person that they could possibly collect from (identity thieves are notoriously hard to collect from).

Hopefully, the news is right about their facts and not what they are calling the crime and it really is just account takeovers. However, if it is really the "largest identity theft ever prosecuted", then services like mine are going to be in high demand. Any victims of this identity theft that read this post, please contact me when (not if) you need help.

August 15, 2009

Florida police officer sentenced for identity theft

From the Miami Herald - "A Florida officer has been sentenced to eight years in prison for using official databases in an online identity theft scam.

Jonathan E. Kelly even defrauded students and teachers at Boca Raton-area high schools, where he worked for the Palm Beach County School District Police. He was sentenced Thursday after pleading guilty to more than 20 fraud and theft charges.

Kelly admitted using law enforcement and school records to open up fraudulent credit card and eBay accounts in other people's names. He began the scam a year after being hired by the school district in 2002.

The sentence carries a mandatory minimum of three years in prison. Kelly also received 10 years of probation and 1,000 hours community service."

Peer to Peer software puts you at risk for identity theft

Robert Siciliano posted the following article on his blog at

"Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked and have your identity stolen.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and, frankly, the most fun kind of hacking. I’ve seen reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.


I did a story with a Fox News reporter and a local family who had 4 kids, including a 15 year old

with an iPod full of tunes, but no money. I asked dear old dad where she got all her music and he replied 'I have no idea'. What he didn’t know was she had installed P2P on the family PC and was sharing the families data with the world. The reporter asked much personal information I could find on the P2P network in 5 minutes, I responded, 'lets do it in 1 minute'.

There are millions of PCs loaded with P2P software and the parents are clueless their data is in the hands of identity thieves. P2P is the path of least resistance into a persons computer. Make sure your PC isn’t loaded with P2P.

Don’t install P2P software on your computer.

If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.

Set administrative privileges to prevent the installation of new software without your knowledge.

If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.

Get a credit freeze. Go to and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief."
All good points on how to prevent identity theft via a P2P program. You should also know your rights under the FCRA and, when necessary, consult a consumer attorney to protect those rights.

PIs get six months for identity theft in Washington

The Seattle Times reports the following - "A Belfair couple who ran a private investigation firm have been sentenced to six months in prison and two years supervised release for using illegal methods to dig up dirt on people who were involved in court cases or litigation.

Emilio and Brandy Torrella ran BNT Investigations, where workers posed as the people they were investigating to trick the IRS, Social Security and other agencies into releasing sensitive information - from tax returns to medical histories. Prosecutors said they then forwarded that information on to other private eyes, who in turn sold it at a substantial markup to law firms and others.

They were sentenced Friday in Tacoma by U.S. District Judge Ronald Leighton.

The Torrellas previously pleaded guilty to charges of wire fraud, conspiracy and aggravated identity theft.

The Torrellas were among 10 private eyes around the country indicted in the case. They admitted illegally obtaining information on 1,800 people from 2005 to 2007."

Identity thief gets 31 years

From the Associated Press - "An Orange County [California] man has been sentenced to more than 31 years in state prison for identity theft crimes that prosecutors say totaled $2.8 million in fraudulent transactions.

Gene Anthony Franklin was sentenced Friday for buying a home and trying to buy a boat using stolen identities.

Authorities say Franklin also was able to post $1 million in bail and flee to Mexico after he stole the identity of a cellmate who owned many residential properties.

Franklin, 34, was convicted in April of 46 felony counts, including identity theft, resisting arrest, failure to appear on a felony and dissuading a witness. "

Oddly enough, Experian is headquartered in Orange County although their primary operations are out of Allen, Texas (a Dallas suburb).

August 12, 2009

Identity theft as new form of domestic violence

"Today, there are increasing numbers of cases involving identity theft and domestic abuse. Domestic violence and stalking victims often fall prey to a form of identity theft which is often referred to by experts and prosecutors as identity theft as abuse, a subset of cyberstalking.

Identity Theft as Abuse is unique from traditional identity theft because instead of the intent and purpose being for financial gain, domestic abusers utilize these tactics in order to continue to have power and control over their victims.

Domestic violence abusers armed with their victims personal identifying information often apply for credit cards, magazine subscriptions, e-mail accounts, create web sites including myspace and facebook accounts and use the victims identifying information to reek havoc upon their lives-often causing damage to the victims credit and reputation both of which are very difficult to restore once they are lost.

Cases involving identity theft as abuse were often ignored by the courts and law enforcement until now; primarily thanks to the hard work of the prosecutors involved in the Peck case of Wisconsin. The Wisconsin court of appeals affirmed the conviction against Peck providing a new hope for victims of cyberstalking and in particular victims of identity theft as abuse - the majority of which are domestic violence and stalking victims."

I heard a story recently of someone whose identity thief opened a facebook page and made it look like it was the victim's page. The identity thief then posted derogatory and embarrassing information on the page in an attempt to place the victim in a bad light. This type of identity theft will only occur more and more until the social media sites (i.e. myspace, facebook, twitter, etc.) come up with some way to prevent the stealing of their members' identities.

Students at higher risk of identity theft

I thought this article timely as I dropped my daughter off for the first day of second grade today. College students are considered a higher risk that most for identity theft. Here's an article about this subject from

"The U.S. Department of Education, Office of the Inspector General, has outlined tips for college students to protect themselves from identity theft. The report cautions, 'as a student, you may even be more vulnerable to identity theft because of the availability of your personal data and the way many students handle this data.' Listed as some of the main pitfalls are:

Almost half of all college students receive credit card applications on a daily or weekly basis.
Many of these students throw out card applications without destroying them.

Nearly a third of students rarely, if ever, reconcile their credit card and checking account balances.

Almost 50 percent of students have had grades posted by Social Security number.

The problem isn't the student's failure to monitor their balances. The problem is allowing credit card companies to send out unsolicited applications and allowing universities to use the student's SSN for identification. Don't blame the victim - fix the problem."

All good points and advice. The rest of the article can be found here -

FTC nails two companies for FCRA violations

The FTC has settled complaints filed against Quality Terminal Services, LLC and Rail Terminal Services, LLC for allegedly violating the Fair Credit Reporting Act by secretly using consumer reports as the basis for firing employees and rejecting job applicants but not informing the spurned workers and applicants of their rights granted by the FCRA. Here's more about this from

"Two companies that fired workers and rejected job applicants based on background checks without informing them of their rights under the Fair Credit Reporting Act (FCRA) have agreed to settle Federal Trade Commission charges that they violated federal law. The settlements require the defendants to pay $77,000 in civil penalties and bar future FCRA violations.

Employers often conduct background checks and seek employees’ and job applicants’ credit records, criminal histories, and other background information from a consumer reporting agency (CRA) such as a credit bureau or background screening company. The FCRA requires that before taking adverse employment actions based on these consumer reports – for example, firing employees or denying job applications – employers must provide the employees or applicants with a copy of the report, identify the CRA that provided it, notify them that the CRA did not make the adverse action decision, and inform them that they have the right to obtain a free copy of the report from the CRA and dispute its accuracy. According to the FTC’s two complaints, both defendants contracted with a CRA to conduct background checks including criminal record reviews for employees and job applicants, and made hiring and firing decisions based on those background checks. The companies allegedly failed to provide the employees and applicants with pre-adverse action notices and adverse action notices as required by the FCRA.

The settlements require Quality Terminal Services, LLC and Rail Terminal Services, LLC to pay $53,000 and $24,000 in civil penalties, respectively, and to provide the FCRA-required notices in the future. The settlements also contain record-keeping and reporting provisions to allow the FTC to monitor compliance. The Center for Democracy and Technology (CDT) filed a petition with the Commission complaining of adverse action notice violations by the defendants. The FTC acknowledges CDT’s invaluable contribution in bringing these matters to the agency’s attention.

The Commission vote to refer the complaints and stipulated final orders to the Department of Justice for filing was 4-0. The action against Rail Terminal Services was filed in the U.S. District Court for the Western District of Washington; the action against Quality Terminal Services was filed in the U.S. District Court for the District of Colorado."

The whole article is here -

August 10, 2009

New FCRA case - Cornock v. Trans Union

New FCRA case out of the United States District Court for the District of New Hampshire - Troy Cornock v. Trans Union, 2009 WL 2252886 (July 29, 2009). The opinion was handed down by District Judge Joseph N. Laplante.

The lawsuit alleged that Troy Cornock was the victim of identity theft by his e-wife. Apparently, Cornock's ex-wife allegedly obtained a credit card from MBNA before their divorce but after Cornock had moved out of the marital home. The ex-wife made various purchases on the alleged fraud account and even made some payments. After the payments stopped, MBNA attempted to collect the amount owed from Cornock. Cornock disputed the account, informing MBNA that he had not opened, used or even knew about the account. MBNA did not believe Cornock and filed an arbitration action against him.

Cornock defended the arbitration by informing the arbiter that he was a victim of his ex-wife's identity theft. The arbiter ordered MBNA to produce documents that Cornock had previously requested to prove his innocence. MBNA conveniently claimed not to be able to produce the documents but said that the documents were not relevant since payments were made in Cornock's name (even though Cornock neither made the payments or knew about them). The arbiter amazingly bought this argument and entered an award against Cornock. The Court called this argument "imaginative". Sounds like a completely pro-business, anti-consumer arbiter to me. But that's what you usually get with arbitration.

MBNA sued Cornock to convert the arbitration award to a enforceable judgment. In the interim, Cornock disputed the MBNA account to Trans Union as a fraud account. Trans Union relayed the fraud dispute to MBNA who verified the account to Trans Union, resulting in its continued inclusion on Cornock's credit report. Trans Union apparently did not perform any investigation of its own.

Cornock successfully defended MBNA's litigation to enforce the "imaginative" arbitration award, resulting in the arbitration award being voided. Cornock then sued MBNA, Trans Union and other CRAs for violations of the FCRA. After being sued, Trans Union removed the fraudulent MBNA account from Cornock's credit report. Cornock settled his claims with all defendants other than Trans Union, who filed a motion for summary judgment.

Cornock's sole claim against Trans Union was that Trans Union violated 1681i of the FCRA by failing to perform a reasonable investigation of his dispute of the fraudulent MBNA account. A necessary prerequisite to a 1681i claim is that the disputed information must be inaccurate.

This Court (I think incorrectly) held that Cornock could not prove an inaccuracy on his credit report because any investigation by Trans Union would not have revealed any inaccuracy. This is in my opinion a terrible decision. Trans Union did no investigation. Instead it chose to rely on MBNA's "investigation" which of course got the wrong answer. Trans Union could have performed its own investigation by requesting MBNA's documents and compared the signatures on the payments and/or receipts to Cornock's true signature. Or it could have checked to see what Cornock was allegedly buying. Instead, Trans Union merely parroted what MBNA said and, as a result, clearly violated 1681i. Yet, unfortunately, the Court did not see it that way and granted Trans Union's motion for summary judgment. Unfortunately for Cornock and other consumers, the Court got it wrong.

August 08, 2009

LifeLock gets $40 million from new investors

LifeLock has bilked investors out of $40 Million, supposedly to expand into new distribution channels, although LifeLock will probably need it for all the lawsuits being filed against it now that its illegal practices have been brought to light. But here's the article from Patrick O'Grady of the Phoenix Business Journal:

"LifeLock Inc. raised $40 million in its latest financing round, bringing aboard software piracy heavyweight Symantec Corp. as one of the investors.

The money will be used to help the company expand into different distribution channels, continue its marketing push and keep up with its infrastructure, which has seen the company grow exponentially in the past two years, said CEO Todd Davis.

'We’ll continue to bring out our product offerings, continue to build our infrastructure,' he said, adding the company needs to make sure it has the equipment needed for its more than 440 employees.

In addition to new investor Symantec, a provider of computer and Internet security programs such as Norton AntiVirus, the funding round included previous investors Goldman Sachs & Co., Kleiner Perkins Caufield & Byers and Bessemer Venture Partners.

Symantec and LifeLock announced a partnership Friday morning in which a free, 30-day subscription to LifeLock’s credit alert system is being made available to purchasers of some Symantec products. The deal opens a broader distribution channel for the Scottsdale-based company, which has about 1.5 million clients paying up to $10 a month to have their credit reports monitored for unusual activity.

Part of the investment also will be used to help LifeLock expand beyond providing credit alerts. The Symantec deal is part of the company’s effort to broaden its appeal to providing security in various areas, Davis said.

The funding round is LifeLock’s fourth and one of the largest this year in Arizona.

'For companies that are demonstrating real growth, there is still money to be had,' Davis said.
LifeLock’s four rounds funding have netted the company a total of about $77 million. The company has been expanding despite a setback in a lawsuit brought against it by credit bureau reporting agency Experian, which alleges its placement of fraud alerts are not allowed under the Fair Credit Reporting Act."

To read my prior posts about LifeLock and the various lawsuits being filed against it, see here -

Symantec teaming up with LifeLock? Time to switch to McAfee!

Symantec, the software company that sells the Norton Anti-Virus software, has now teamed up with LifeLock of all companies! Why a legitimate company like Symantec would team up and invest in a scam of a company like LifeLock is beyond me. Here's the story from the Phoenix Business Journal:

"LifeLock Inc. and computer security specialist Symantec Corp. announced a partnership Friday to help prevent identity theft.

The two companies will package a limited edition of Symantec’s Norton Internet Security or Norton AntiVirus with a free 30-day trial membership to LifeLock, 10 percent off a continued membership and two movie tickets.

Millions of people keep financially and personally identifying paperwork on their computers that can be accessed through simple file-sharing programs.

'Online security is a great first line of defense, but the best offline offense is to guard your identity, your money and your credit with identity theft protection,' said Janice Chaffin, group president of the consumer business unit at Cupertino, Calif.-based Symantec (Nasdaq:SYMC).
'In partnership with LifeLock, we want to provide consumers with the tools they need to better safeguard themselves in both worlds.'

LifeLock is looking to partner with other companies to provide better resources for consumers.

'You, your identity and your financial information are more vulnerable than ever before, and people need to protect themselves and their wallets — no matter if they’re in a crowded public place or shopping online from home,' said Todd Davis, CEO of Tempe-based LifeLock."

Notice they had to throw two movie tickets into the "free" offer from LifeLock to actually be giving consumers something of value. If this is the way Norton protects my computer, its time to switch to McAfee!

New charges of identity theft in Georgia

Three women from Georgia have been charged with identity theft, among other charges. Schnikia Scruggs of Duluth, Georgia, Yolanda Denise Scott of Hampton, Georgia and Atlanta's Germaine Monroe have all been indicted for aggravated identity theft and bank fraud.

According to the indictment, Scott used her employment at Wachovia Bank to funnel information regarding its customers to Scruggs and Monroe. The three allegedly transferred thousands of dollars to their own accounts in 2007.

More about the National Guard data breach

Here's some more detailed information about the risk of identity theft caused by a stolen laptop containing the personal information of some members of the Wisconsin National Guard:

"About 1,700 Wisconsin soldiers are among 131,000 nationally whose personal information was on a laptop computer stolen July 27 from a National Guard Bureau contractor, according to a Wisconsin Army and Air National Guard press release.

The computer contained names, home and e-mail addresses plus Social Security numbers of current and former Army Guard members enrolled in the Army National Guard's Bonus and Incentives program, the release said.

The Wisconsin National Guard is alerting soldiers of the incident and its potential threat while the National Guard Bureau will notify all affected personnel by letter by Saturday, Aug. 15.

The National Guard set up special Web site about the information security breach at In addition, guard members may call toll-free at 1-877-481-4957 from 7 a.m. to 11 p.m."

The rest of the article can be found here -

August 06, 2009

New FCRA case - Wimberly v. Select Portfolio Servicing

I am behind on my reporting about the new court opinions being handed down regarding the FCRA but am going to focus on catching up over the weekend.

One new case that I have not reported on yet is Wimberly v. Select Portfolio Servicing. The opinion is penned by Magistrate Judge Wallace W. Dixon of the United States District Court for the Middle District of North Carolina. Once again, the plaintiffs are representing themselves pro se (meaning without a lawyer) and, once again, the result is the same - a loss for the plaintiffs. Although, I feel less harsh toward these particular pro se plaintiffs since I have looked for local counsel in North Carolina experienced in FCRA litigation and have found none to date. So these plaintiffs may have had no other choice (other than move or hire out of state counsel, which they might not have known they could do).

Anyway, the plaintiffs, a Griggs and Aubrey Wimbley, filed a 93 page amended complaint which the Court described as "disorganized, rambling and at times incoherent". The plaintiffs' main beef with Select Portfolio Servicing ("SPS") appears to center around the manner in which SPS applied payments and otherwise handled the plaintiffs' loan. While the Wimbleys brought multiple claims, I will only discuss their FCRA claims which, unfortunately for the Wimbleys, the Court found were time barred.

Claims under the FCRA must be filed no later than 2 years after the plaintiff discovers a violation or 5 years after the violation even if the plaintiff doesn't even know the violation occurred. It used to be a strict 2 year statute of limitations no matter what, but that changed after Congress amended the FCRA after the first FCRA case to make it to the U.S. Supreme Court, i.e. TRW v. Andrews, which held that the 2 year statute of limitations ran regardless of whether the plaintiff knew about the alleged violation. Congress rightfully did not like this result so it changed the law to eliminate the Supreme Court's interpretation in Andrews.

But I digress. The Court in Wimbley found that the plaintiffs knew about the alleged violations by SPS as early as 2002 and thus claims to recover for those violations were barred by the FCRA's statute of limitations.

Right result in a case that should not have been brought, which is another reason why the plaintiffs were probably representing themselves.

Word of advice to potential pro se plaintiffs: Its one thing to bring a case yourself because you can't find a lawyer competent to represent you. Its another matter entirely when there are plenty of competent attorneys but they all refuse to take your case. In that scenario, its probably because your case is a loser.

Identity theft can happen after you die too

Aleksandra Todorova with pens an article about the 21st century form of grave robbing:

"These days, aNyone with a pulse is susceptible to identity theft. And in many cases, a pulse is optional.

'There’s a huge point of vulnerability when someone dies,' says Adam Levin, co-founder and chairman of Identity Theft 911, a provider of identity-theft prevention and resolution services.

A posthumous identity theft can weigh heavily on the family of the victim. Coping with the loss of a loved one can be difficult, and sorting through a pile of bills that may or may not be legitimately payable by the estate will not soften the grief.

The authorities are doing their part. The Social Security Administration, local Department of Motor Vehicles and credit bureaus register a death as soon as they’re informed. The Social Security Administration’s Death Master file includes the names and Social Security numbers of all deceased individuals. The credit bureaus use the file to update their records periodically, as do DMVs throughout the country.

However, it may take days, weeks or months after a person dies for authorities to include a new death in their databases. Until then, criminals have free reign to open credit cards, get state identification cards and apply for a job using a dead person’s identity, says Jay Foley, the executive director of the Identity Theft Resource Center, a San Diego-based nonprofit organization. And although each organization keeps a record of deceased individuals, their databases don’t always overlap, Foley says.

Danica Ross, a spokeswoman for Experian, says the credit bureau routinely collects Social Security numbers of the deceased as reported by the Social Security Administration. 'However, the Social Security Administration can only report a number as deceased if they are notified and in many cases they are not notified,' she says.

If the person who died never worked or received Social Security benefits – or if a surviving family member becomes eligible for a benefit after the death, then the SSA may not be informed about it, says ITRC’s Foley.

The SSA receives about 2.5 million reports of death each year, spokesman Mark Lassiter wrote in an email. These reports come from a variety of sources, including family members, funeral homes, hospitals, financial institutions, the U.S. Postal Service, Medicare, Veterans Affairs and other state and federal agencies. This means the SSA receives death reports for people who are not necessarily Social Security beneficiaries. 'That is not to suggest that every death is reported, but the vast majority are,' Lassiter wrote.

The American Association of Motor Vehicle Administrators did not return calls seeking comment.

If you want to secure the identity of a deceased family member or friend, you’re better off informing all authorities about their death, so crooks cannot take advantage of your family’s loss.

Here are eight steps to locking a loved one’s identity:

1. Get multiple copies of the death certificate. Most authorities request one to reflect the death in their records.

2. Request a copy of the deceased individual’s credit report from each of the three credit bureaus. The requirements to obtain it may differ according to the bureau, so call them in advance to find out. For example, Equifax requests a copy of the death certificate, a letter of testamentary from the probate court and a copy of a photo ID of the individual receiving the credit report.

3. On the letter you send to the credit bureaus, request that the deceased person’s credit file be suppressed. This means that an annotation will be added to their file stating that the person is deceased and that no one will be able to obtain credit in the person’s name, says Identity Theft 911’s Levin.

4. Notify all creditors of the person’s death by sending a copy of the death certificate. (Get a list of creditors from the person’s credit reports.)

5. Call the Social Security Administration and request a benefits statement for review. This will help ensure that no one is using your relative’s name or Social Security number to work, Levin says.

6. Cancel their driver’s license and any other group membership or affiliation that offers an identification card, such as their AAA membership or health insurance (or Medicare/ Medicaid).

7. Make sure all documents that contain the SSN of the deceased person are securely stored.

8. Don’t share too many details about your loved one in any public announcement of their death. Crooks often comb through obituaries for information that could help inform their efforts to steal a person’s identity, Levin says."

The full article is here -

National Guard members at risk for identity theft

Members of the Wisconsin National Guard may be at risk of identity theft due to a stolen laptop. Here's the article from Madison, Wisconsin's

"The Army National Guard said today some of its members could be subject to possible identity theft after a laptop containing their personal data was stolen.

The affected members will be notified by official letter.

'I immediately requested a list of any Wisconsin soldiers that may be affected,' wrote Brig. Gen. Don Dunbar, Adjutant General of Wisconsin and commander of the Wisconsin National Guard, in an email message to reporters. 'We are working closely with National Guard Bureau to identify soldiers and minimize associated risks.'

The Army Guard reports 131,000 former and current members could be affected by the data loss. A personal laptop used by a contractor was stolen at the end of July.
The Army Guard will inform those Guard members who are determined to be impacted by this incident by mailing a letter to them, Noller said.

The National Guard Bureau has set up a special Web page at, and the Army Guard will have a toll-free call center available from 7 a.m. to 11 p.m., Monday through Friday beginning Aug. 5. The number is 877-481-4957. Each features up-to-date news and information on the data compromise."

Does a bad credit report necessarily equate to a bad employee?

Nancy Schuman wrote a great article today about the impact of the recession on good employees' credit scores and how financial hardship does not make a good employee bad.

"This economy has no doubt impacted the personal finances of many individuals in terms of mortgage payments, car payments, credit card balances, childcare and medical costs. Combine these struggles with a job layoff or pay cut and it’s hard to keep your head above water. Here you are conducting a job search so that you can improve your financial situation and suddenly you learn that your personal finances may prevent you from getting the job offer! It’s a vicious cycle currently faced by job hunters nationwide, and it can move a top candidate to the bottom of the pile.

Today, more and more employers are running credit checks on candidates and it’s no longer just for positions with access to money such as cashiers, tellers and financial professionals. Industry reports indicate that more than 40 percent of employers are running pre-hire credit reports as part of their due diligence process. Some companies believe they can deduce how a person will handle their job responsibilities based on how they handle their personal finances. Others use the information to gauge how long a person might stay in a position if their debt load is higher than a position pays. It is also used to verify employment history and a social security number.

There is no clear connection between a credit history and job performance, and many job seekers consider it to be an unfair way of screening candidates, however, no Federal discrimination law specifically prohibits employment discrimination on the basis of a bad credit report. The Fair Credit Reporting Act (FCRA) and state credit laws help to regulate how an employer can obtain and use their findings. An employer must gain your consent in writing to do a credit check and the report they receive is different than one viewed by a credit agency or an individual. Full account numbers are not revealed and they won’t see a credit score, but they will be able to see late payments, collections and bankruptcies. If you are actually denied employment because of your credit report, the company must notify you so that you may view the report on which the decision was based.

The bottom line is that if you are currently interviewing or are about to do so, view your own credit report so that you know what it says so that you can run interference on something that may appear damaging."

Nancy then gives contact information for each of the credit bureaus so her readers can get their free annual credit report. However, I have not reprinted this part of Nancy's article since that's not the way to go about getting your free credit reports. The best (and only) way to get your annual free credit reports is to visit and either request them online or via their pdf form that you can print out and mail.

The article ends with the following:

"According to, consumers find 13 million inaccuracies on their credit reports each year, so it is worth your time to investigate, review and dispute if necessary. Since an employer must alert you if they plan to run a credit check, you can certainly ask how the information will be used to judge your suitability for employment. If you suspect that something on your record could hurt your chance of an offer, you might want to deflect this in advance by letting the interviewer know that there may be some late payments, etc., but that in no way impacts your abilities. You might state that since your recent layoff, current economic challenges have made it necessary for you to stretch your dollars and prioritize needs.

In the meantime, a House bill introduced last month would prohibit employers from using credit report details for their hiring decisions. The Equal Employment for All Act, if passed, will keep credit worthiness (with some exceptions for financial firms and government agencies) out of the employment process so that getting credit at work will make it more about performance than payments."

I have posted about the proposed Equal Employment for All Act. My prior post can be found here -

Nancy Schuman's full article can be found here -

New lawsuit against Lifelock

Consumers have now filed a new lawsuit against LifeLock seeking, among other things, a court order requiring LifeLock to comply with a previous court order and halt fraud alerts. Here's the article:

"LifeLock, the Tempe, Arizona-based company that touts identity-theft-prevention services is the target of a consolidated lawsuit claiming that the company misrepresented its product, illegally sold insurance and breached its contracts with customers.

The new consolidated complaint combines 13 lawsuits filed against LifeLock in various jurisdictions and expands the claims against LifeLock, according to Rob Carey, a partner at Hagens Berman Sobol Shapiro and interim lead counsel for the consolidated case.

The lawsuit claims the company defrauds customers by offering services it cannot legally perform and by touting a $1 million guarantee that consumers claim is virtually worthless.

One of the key components of the lawsuit relates to whether LifeLock can lawfully place fraud alerts for consumers. As interim lead counsel for the case, Carey demanded that LifeLock cease placing fraud alerts and advise consumers that the company cannot legally place fraud alerts.

'A federal judge has already confirmed that LifeLock cannot legally place fraud alerts,' said Carey. 'It's time the company shows some respect for the law, stops placing these alerts and transitions into a more legitimate business model.'

The ruling on fraud alerts arose from a suit brought against LifeLock in February 2008 by Experian, one of the major credit reporting agencies. At that time, the agency stopped accepting and renewing requests from LifeLock to place fraud alerts. However, LifeLock continued to collect monthly payments from customers for services, which included fraud alert protection with Experian.

'We intend to show the court that LifeLock's refusal to notify customers of its activities or change its practices violates state and federal laws and demonstrates a clear disregard for its customers,' said Leonard Aragon, another HBSS attorney on the case.

Many of the new allegations in the consolidated complaint are related to what the plaintiff's claim is LifeLock's refusal to comply with the Fair Credit Reporting Act (FCRA). The FCRA says that only an individual can place a fraud alert and the Act's language clearly excludes corporations, such as LifeLock from doing so, the complaint states.

'The consolidated complaint is a call for LifeLock to change its business practices to comply with federal law,' said Carey. 'LifeLock's customers will no longer stand for business as usual.'

The suit claims another legal issue with LifeLock is that the $1 million guarantee is an insurance product that must comply with Arizona Insurance Code, but LifeLock fails to even attempt to comply with the Insurance Code's rules and regulations.

The master complaint represents current or past customers of LifeLock, with the exception of those living in Maryland or West Virginia.

The lawsuit names several counts against LifeLock, including, violation of the Arizona Consumer Fraud Act, false and misleading advertising of an insurance product, unjust enrichment and breach of contract."

If you have been reading this blog, you know that I have a particular disdain for LifeLock (almost as much as I have for Experian, Equifax and Trans Union). My prior posts about what I contend are LifeLock's illegal practices can be found here - This new lawsuit bears watching. If any of you out there know any more details about this or other lawsuits against LifeLock, I'd love to hear them.

August 05, 2009

Another ID theft conviction

From the AP - "A 33-year-old Columbia Falls (Montana) woman has been sentenced to two years in prison and ordered to pay more than $18,700 in restitution for her role in an identity theft case.

Andrea Mackowiak, who earlier pleaded guilty to aggravated identity theft, was sentenced Friday by U.S. District Judge Donald Molloy in Missoula.

Prosecutors say Mackowiak took names, Social Security numbers and dates of birth from patient account records at a clinic and gave the information to a person in Washington state. That person used the information to set up Qwest telephone accounts that were used by prison inmates.

Court records say that from August through December 2006, inmates used the accounts to obtain phone services from Qwest without paying."

If any of you victims of Mackowiak need help, let me know. I have a couple of cases in Montana, one of which was in Polson, Montana, which is not that far from Missoula. Love the area and would like to have a reason to go back.

An article with good advice about your credit score

Here's an article from Nurido English News about improving your credit score. The article even mentions what I call mixed file cases, where the credit bureaus put the credit accounts of one person on another person's credit report, sometimes with disastrous results. Unfortunately the article oversimplifies how hard it is to get the credit bureaus to fix their errors. Here's the article:

"A common question that we get asked a lot is how to improve a credit score. I tend to challenge the notion that we need a good credit score in the first place, since the way it is calculated really makes it an ‘I love debt score’. The FICO score is based on such things as the amount of debt outstanding, the available credit outstanding, payments history, etc.

I do believe however that it is important to check your credit report at least once per year and verify the accuracy of the report. I don’t know how many times I’ve coached a Bob Johnson that has an error on his report which it turns out in the end, was for another Bob Johnson. This type of error actually happens more than the industry will admit, but there are steps that you can take to remove the errors.

At least once per year everyone should visit to view a free copy of their personal credit report. Since there are 3 reporting agencies (Equifax, TransUnion and Experion) I visit the website every 4 months to receive a free credit report from one of the companies.

It is important to point out that you will only receive your free report from AnnualCreditReport. You do not need to sign up for a free offer or enter your credit card to view your report.
Once you receive your report, make sure to review it for accuracy both in amounts of credit, as well as the correct accounts. As I mentioned before, account information is incorrectly reported many times.

If you find an error on your report, the Federal Fair Credit Reporting Act provides direction on what can be done to have it changed. Depending on the 3 credit reporting companies, many times you are able to dispute the error on their website by filling out a simple form. Once the error is pointed out, the agency has 30 days to investigate. At the completion of the investigation there are 3 possible outcomes.

1) You are found liable for the debt and it was reported correctly. In this case the information will remain on the report.

2) The information was found inaccurate and the agency is required to remove it.

3) If no information can be found to either prove or disprove the information, it must also be removed by the agency."

[There is a fourth option - i.e. where the information is wrong but because neither the credit bureau nor the furnisher are willing to perform a reasonable investigation, the erroneous information stays on your credit report ... until you hire me that is.]

"The main reason we do suggest checking your credit report is to hopefully stop would be identity thieves early in their tracks, as well as to make sure that someone else is not getting reported on your report. If there is a serious error on your report or the agency does not allow you to report the error on its website, you will need to send a letter to them. In the letter, make sure to state the error and explain why it does not pertain to you. Send it return receipt requested so you have a record of them receiving it, and the 30-day countdown begins.

If you’re wondering how to actually improve your credit score, well, that will happen naturally if you do the things we teach, such as pay your bills on time and eliminate your debt."

August 01, 2009

Toronto man uses over 100 stolen identities... and now faces nearly 200 charges of identity theft

From Madeleine White with the Toronto Star:

"A Toronto man faces almost 200 charges relating to identity theft after he used more 100 fraudulent identities to steal money.

The suspect allegedy acquired personal information through a variety of methods including stealing people's mail, said RCMP Insp. Art Pittman.

'As we become more technologically oriented as a society, the ability to commit fraud through the use of someone's personal information increases, and so the threat (of identity theft) increases,' said Pittman.

During the investigation, the RCMP discovered more than 100 sets of identification documents, ranging from counterfeit Canadian citizenship cards to Ontario drivers' licenses, credit and debit cards.

Investigators also seized a list of names, social insurance numbers and birthdays, which they suspect was intended for future targets.

Most of the victims in this case are residents of the GTA or the U.S., however, some identities are simply made up, said Pittman.

The RCMP will need to figure out which identities belong to real people and which ones are fictitious.

Charged is Shakiru Olasunkanmi Ajibola, 47, with 170 charges relating to identity theft, mail theft and possession of stolen credit card data.

Ajibola remained in police custody after his Thursday court appearance."

Attempted identity theft of U.S. Representative

Even the members of Congress are at risk for identity theft. Here's an article about a Ghana man's attempted extortion of U.S. Representative Robert Wexler:

"A man is being held in Ghana on charges of attempted extortion and identity theft against U.S. Rep. Robert Wexler, D-Boca Raton, the U.S. Secret Service said. Eric Kwame Agbosu, 27, was arrested on July 15 by authorities in the West African nation, Secret Service spokesman Ed Donovan said. Donovan declined to reveal other details of the case, including whether any other public figures were victimized.

A person familiar with the investigation said Wexler was contacted several weeks ago by a man from Ghana who had Wexler’s Social Security number and other information and threatened to turn the data over to identity theft specialists if Wexler didn’t pay him. The source said the man also had similar information on other public figures. The source said Wexler refused to pay and contacted the U.S. Capitol Police. Since Wexler was contacted by the man in Ghana, the source said, unauthorized attempts have been made to gain access to Wexler’s personal bank account and to use his credit cards.

President Obama visited Ghana this month. The Secret Service said there did not appear to be any relationship between the presidential visit and the timing of the alleged extortion of Wexler. Wexler’s office referred questions to an attorney, Pamela Marple, who issued this statement: 'Congressman Wexler greatly appreciates the professionalism and ongoing assistance of the United States Secret Service and Capitol Police regarding a matter where he was targeted as a Member of Congress and was the victim of crime involving extortion and attempted identity theft. This remains an ongoing legal matter that will be closely monitored.'"

Congressman Wexler, if you need any assistance clearing this mess up, please contact me.

University of Minnesota Duluth student pleads guilty to identity theft

Sometimes identity theft is not about opening credit accounts using the identity of another. For instance, a University of Minnesota Duluth student named Phillip Dzik plead guilty yesterday to identity theft. But his form of identity theft was different. He hacked into his cousin's chat account to download and transmit nude pictures of her. He then used the nude pictures to threaten her.

I assume the identity theft happened when he impersonated her to gain access to her yahoo account, but the story that I found on this is not clear. If anyone knows the details, please let us know via a comment or e-mail me directly at