Consumers in Virginia were upset that their government was posting public real estate records online without redacting Social Security numbers. The records posted online also had other sensitive information: bank account numbers, dates of birth, mother's maiden name, and more. There is an obvious identity theft risk in having that information posted online, but the consumers were unsuccessful in getting government officials to change the way they were doing business.

In steps Betty Ostergren, who has published the Social Security numbers of public officials on a website of her own. What a clever way to protest a risky policy -- turn things around on the politicians who refuse to protect consumers!

The government tried to fight back by passing a law that attempted to restrict non-government entities from posting Social Security numbers, but that has failed. Last week a federal judge ruled that Ostergren has a First Amendment right to post the Social Security numbers on her website if she chooses to do so.

I just love this story because it is an example of consumers fighting for their rights. No one in their right mind can believe that it made sense for the government to post all these records online without some minimal precautions to protect consumers. I think giving those officials a little taste of their own medicine was a brilliant act of consumerism, and I hope that officials in Virginia rethink their policies about posting sensitive information about consumers online.

Tracy L. Coenen, CPA, MBA, CFE performs fraud examinations and financial investigations for her company Sequence Inc. Forensic Accounting, and is the author of Essentials of Corporate Fraud.

The Identity Theft Resource Center has released its most recent figures on data breaches at businesses, and they're not pretty. 2008 isn't even close to being over, and the number of reported breaches has already surpassed the total for 2007, at 446.

A data breach is simply a situation at a business in which unauthorized outside people get access to computerized confidential information. What are they looking for? Usually credit card numbers and personal data that can be used to commit identity theft.

The 446 data breaches reported here are simply a tabulation of each report of a business experiencing a data breach. They say nothing about the number of records or people exposed in each breach, which can be in the millions. The larger the number of records compromised, the more likely you are to hear about it on the news.

Late last week, a former Countrywide Financial Corp. employee and his pal were arrested by the FBI for stealing and selling personal data of mortgage applicants. They estimate that up to 2 million people's identities were compromised by these clowns over a two year period.

The former employee, Rene Rebollo, was a senior financial analyst in Countrywide's subprime lending division, Full Spectrum Lending. His buddy, Wahid Siddiqi, is the one accused of selling the data at $400 to $500 for each batch of "leads." These so-called leads were sold to agents who would solicit the customers for new loans with other mortgage companies.

How did Rebollo take all the personal information? On Sunday evenings, he would copy information on 20,000 people at a time. And the money the two guys got for the personal information amounted to about 2.5 cents per customer.

The short answer to the question is no. The chance of LifeLock helping you repair your credit after an identity theft is next to none. But of course, the company doesn't want you to think that, or you'd probably never pay for their "service."

One of the reasons LifeLock fans have given for their support of the company and its services is that they'll help you repair your credit. That's simply not the case, unless your identity theft meets one tiny little exception. LifeLock will only help you if you can prove that your identity theft was caused by a "defect" in their service.

Now that's not immediately clear in the marketing materials used by LifeLock. In fact, they say prominently on their website: "If your Identity is stolen while you are a member of LifeLock, we're going to do whatever it takes to recover your good name." The page then goes on to say that there's not much fine print to this guarantee, but that you should read it.

As a small business owner, I never really thought about the possibility of someone "stealing" my corporation and its credit history and selling it to someone else. After all, I control the corporation and the state has me listed as the Registered Agent, so nothing can happen without my approval. Right? Wrong.

A business owner in Las Vegas found out the hard way that it's relatively easy for thieves to make off with your corporation. Richard Krawczyk owns many "shelf corporations." They're business entities registered with the state but not actively operating. He sells these corporations after they've been registered for a few years. Entrepreneurs like buying them and putting their new business operations under the names because the registration of the corporation years earlier makes the business looked "aged," and therefore better in the eyes of lenders.

But recently one of Krawczyk's corporations was hijacked. In a case of corporate identity theft, his company "Corporate Business Services Inc." had its name changed to "Challenger Biz Services Inc." and the president changed to a California man named Ralph Rogue. Rogue says he bought the shelf corporation from a company called "Corporate Credit Association of America Inc." for $10,000, and didn't know that the corporation was essentially stolen.

One of the most famous fraudsters ever, Frank Abagnale, offers up some tips to help consumers avoid becoming victims of check fraud. He's notorious for traveling the world and cashing $2.5 million in bad checks in the 1960. His story was the inspiration for the movie Catch Me If You Can.

Today in the mail, I received a new credit card from Discover. But the question is why. I didn't open a new account. My card hadn't expired. I didn't get a new account number. I hadn't lost the card. I didn't request a second card.

There was no documentation with the card other than the standard "here's your card" notice and the sticker on the front of the card saying it must be activated by calling from your home phone. Except I already have a card with the exact same numbers on the front and the back that's already activated. No activation needed for this card I received today... the card number is already up and running.

Each time a credit card company sends out a credit card, isn't there a certain amount of risk that goes along with it? The envelope could get lost and the card could end up in the wrong hands. The card could be stolen by someone who's a part of the mailing process. At the very least, someone could get the numbers off the card and try to use them online.

If you're a customer of Bank of New York Mellon, your personal data may have been compromised and you might be at greater risk of identity theft. In February, the bank lost a box of backup tapes that contained data on 4 million customers.

And now, months later, they're getting around to telling you. The bank started informing customers about six weeks ago. But that's not very prompt to me! At the very least, the lost data includes Social Security numbers and names and addresses. At the worst, it also includes account numbers and financial details.

Bank of New York is offering those affected "free" credit monitoring service for a year. Yahoo! If someone opens a credit account in your name and using the details supplied by Bank of New York, you will be notified!!! Good luck cleaning up that mess.

Todd Davis, the CEO of the oft-criticized LifeLock identity theft service, appeared on the Today Show to discuss the current lawsuit his company is facing. Todd claims that the hundred or so LifeLock customers who have been victims of identity theft, are huge fans of LifeLock since the service helped them recover from the theft. Tracy Coenen has been tracking the LifeLock debacle for a few weeks now reported yesterday that the lawyers for the class action lawsuit have a much different view of the million dollar guarantee, arguing it isn't even worth the paper it is printed on.

I don't think I am quite ready to sign up for a service which the CEO says is "pretty good" especially when it comes to identity theft. Especially when the company blames any failure on another company's failure to follow protocol, claiming no one can protect against that. Isn't that exactly what identity theft is, someone exploiting a failure somewhere in the system to make off with your identity? I think I'll take my chances with a paper shredder, e-billing and my own credit monitoring for now.

My favorite part of the video was Matt Lauer reporting that someone had taken out a drivers license with Todd Davis' social security number under the name Jabba T. Hutt!

More news reports have surfaced about the apparent identity theft using the information of Todd Davis, the CEO of LifeLock. Why is his identity theft newsworthy? Because his Social Security number has been blasted in LifeLock's advertising campaigns, in an attempt to give consumers the impression that the LifeLock service is so effective, he doesn't care if anyone knows his social security number.

A couple of weeks ago I posted an article here questioning whether the service works, or if it's really just a scam, bilking consumers out of their money and their trust.

The more recent news reports say that people have applied for driver's licenses using Todd Davis's Social Security number at least 20 times. And they say that Davis even admitted in an interview with The Associated Press that there have been at least 87 attempts to steal his identity, with one of them in Texas being successful. The conclusion that some draw from this? The LifeLock services don't really protect consumers.

Recently we discussed the LifeLock identity theft protection services, and whether or not the services offered are nothing more than a scam. Our readers have varying opinions, and I ultimately came to the conclusion that what LifeLock sells is not worth the money. There's very little actual protection, and the company's "guarantee" doesn't seem to be worth the paper it's printed on.

Now Lifelock has announced two new service offerings. The company says it is approaching one million "members" and these services "... will further secure LifeLock's position as the industry leader in identity theft protection." The new "eRecon" service is billed as a technology solution that monitors over 10,000 websites, bulletin boards and chat rooms used by criminals to sell and trade identities. If your information is found, the company say it will call and tell you. The "TrueAddress" service is billed as a technology solution that monitors address databases and notifies you if your address is changed in one of them.

Sounds like a lot of hype and little substance. What do you think the chances are that they're going to find valuable information about you with either of these tools? Would you really pay for the miniscule chance that they might find someone in a chat room talking about your identity? The effectiveness of these services has to be sketchy. I don't know how much they're going to charge for them, but I sure wouldn't buy them.

Tracy L. Coenen, CPA, MBA, CFE performs fraud examinations and financial investigations for her company Sequence Inc. Forensic Accounting, and is the author of Essentials of Corporate Fraud.

You have to give this guy credit for being very good at what he did. My mom always told me, "If you're going to bother to do something, make sure you do it well." I bet James Hartman's mom is super proud of him. He stole his brother's identity and spent over $3 million in 3 months with it. On his list of goodies purchased via his brother's identity: A $48,000 pickup truck, a $49,000 pickup truck, two Dodge Durangos for $77,000, a Dodge Viper for $94,000, two ATVs, two houses, and some land. The grand total: $3.2 million.

James Hartman stole Ed Hartman's identity with his social security number and a photocopy of his driver's license. James says his brother approved of all the purchases. Ed says he knew nothing of it until someone called him because they were suspicious of the copy of the driver's license, being used to purchase another toy.

What a wonderful way to honor and love one's family. I've often theorized that family members steal more from their kin than they would from complete strangers. I don't know why, but it's sick. (Yes, this post is dedicated to my "Uncle Louie".)

Tracy L. Coenen, CPA, MBA, CFE performs fraud examinations and financial investigations for her company Sequence Inc. Forensic Accounting, and is the author of Essentials of Corporate Fraud.

When I first heard about LifeLock last year, I was very intrigued by its service. I was especially interested in how it advertised the services: With the company's CEO telling everyone his social security number.

The company "guarantees" that your identity will never be stolen, and it offers a "$1,000,000 Service Guarantee." If you sign up for LifeLock, it will set up fraud alerts for you with each of the three credit bureaus. It will also have your name removed from pre-approved credit card offers and junk mail lists, and it has the credit bureaus each send you a credit report once a year.

LifeLock has a WalletLock service to help you if you lose your wallet. It will help cancel accounts and help you if your credit cards are used fraudulently. And if your identity is ever stolen while you're using LifeLock, it says it will hire lawyers and investigators to help "recover your good name."

Sounds good, right?

This weekend I read in our local paper about an individual who almost got caught up in a scam to drain her bank account. The scammer was using the upcoming economic stimulus package to solicit personal and bank account info under the guise of the IRS.

Even though she had already provided the information she was lucky enough to change her bank account info before any funds were drained. The local IRS contact warned individuals that the IRS will not make contact via email and that scams like this are a common occurrence.

WalletPop producer Amey Stone had warned of the tax rebate scams before congress had even approved the stimulus package, but as May 2 approaches, the frequency of attempted rip-offs will only increase. The IRS already spent $42 million letting citizens know that the checks are coming, and the only requirement is to fill out a 2007 tax return. Despite the Super Bowl-sized campaign and nonstop news coverage it seems individuals are still falling for these scams.

I don't think I can put this any nicer, don't give out your personal information online! It is really that simple, if everyone stops answering these "demands" for banking info, the spammers and con artists will at the least have to move to a new medium. I understand that at times the emails appear to be legit now that the bad guys hired an English major to write them, but just delete it.

Identity theft using the social security numbers of deceased people is not at all uncommon. Sadly, it's can be easy to do successfully because there is usually no one actively monitoring the credit records of those who have died.

The danger of this type of crime was brought to light this week when a woman in Southern California was charged in federal court with aggravated identity theft and other fraud-related crimes. Tracy Kirkland is accused of using internet resources to get personal data of dead people, and then calling credit card companies to find out if they had any active accounts.

She used a genealogy website, Rootsweb.com, to find information on dead people. Such websites are often a treasure trove of private information for identity thieves. The website allows users to free access to the Social Security Administration's Death Index, which lists people's birthdates and social security numbers. And that is virtually all that is needed to get information out of a credit card company.

When Kirkland found a credit card company that had an account in the dead person's name, she would allegedly convince then to change the mailing address to a box she controlled. In more than one instance, she'd even get her own name added as an authorized user. Kirkland is accused of doing this to at least 100 deceased people, with the scheme dating back to October 2005.