Feb 23
0
Identity Theft: 7 of the Uk’s Worst Ever Data Loss Bungles
Posted on Tuesday, February 23, 2010 in Identity theft Knowledge Base
The past few years have seen millions of Brits put at increased risk of identity theft by banks, retailers, and government departments who have failed to effectively secure the personal details of their customers and staff.
1 HM Revenue and Customs was at the centre of the UK’s biggest data breach incident in November 2007. The child benefit records of 25 million people were lost in the post, including names, addresses as well as bank and building society details. The sensitive information had been placed on two computer disks that were destined for the National Audit Office.
2 Nationwide Building Society customers were put at increased risk of identity theft after an employee’s laptop was stolen. The laptop contained details of 11 million of the society’s customers. Money watchdog, the Financial Services Authority took such a dim view of the data loss that it fined the mortgage provider almost £1million.
3 Customers of cut price clothes retailer, TK Maxx, discovered, around the same time, that their credit card details may have fallen into the hands of identity fraudsters over a 4 year period. It was believed criminals had hacked the firm’s computers using wireless technology. It was also estimated that, world-wide, more than 46 million credit card details had been intercepted in the scam. This total included details from the US based retailer’s 210 UK stores.
4 Personal details of three million British learner drivers went missing in 2007 when computer equipment belonging to a third party contractor, working for the Driver and Vehicle Licensing Agency, went missing. The Information Commissioner’s Office deemed the data in this case to be less sensitive than other data loss cases as the records, which had gone missing in Iowa, did not contain financial information, such as bank account numbers.
5 Details of more than one million credit card accounts were contained on a computer disk sold, for less than £100, on Ebay to an Oxfordshire IT manager. The disk was sold in August 2008 and contained the account details of customers from a number of major financial institutions, Natwest, Royal Bank of Scotland, and American Express. Among the customer information reported to be on the disk was account information, signatures, mobile phone numbers and mothers’ maiden names. The disk purchaser, who reported the bungle, said the information would have been obtainable by someone with just basic software knowledge.
6 A junior MOD official was in hot water after a laptop containing details on 600,000 potential military recruits was stolen from a car in Birmingham. The list of information stored on the portable computer was reported to include: names, addresses, bank account information, national insurance numbers as well as passport numbers.
7 HSBC ended up with egg all over its security procedures when it lost the details of 370,000 customers in April 2008. The data, which included names, dates of birth and insurance details of customers, had been placed on a disk and put in the post.
Calls have been made by security experts for UK laws to be tightened to make sure affected people are notified immediately by organisations guilty of losing customers personal information. An influential group of Parliamentarians has also called for data loss to be made a criminal offence to help curb the tide of security breaches putting consumers at increased risk of identity theft.
By: Tristan Dunston
About the Author:
1 HM Revenue and Customs was at the centre of the UK’s biggest data breach incident in November 2007. The child benefit records of 25 million people were lost in the post, including names, addresses as well as bank and building society details. The sensitive information had been placed on two computer disks that were destined for the National Audit Office.
2 Nationwide Building Society customers were put at increased risk of identity theft after an employee’s laptop was stolen. The laptop contained details of 11 million of the society’s customers. Money watchdog, the Financial Services Authority took such a dim view of the data loss that it fined the mortgage provider almost £1million.
3 Customers of cut price clothes retailer, TK Maxx, discovered, around the same time, that their credit card details may have fallen into the hands of identity fraudsters over a 4 year period. It was believed criminals had hacked the firm’s computers using wireless technology. It was also estimated that, world-wide, more than 46 million credit card details had been intercepted in the scam. This total included details from the US based retailer’s 210 UK stores.
4 Personal details of three million British learner drivers went missing in 2007 when computer equipment belonging to a third party contractor, working for the Driver and Vehicle Licensing Agency, went missing. The Information Commissioner’s Office deemed the data in this case to be less sensitive than other data loss cases as the records, which had gone missing in Iowa, did not contain financial information, such as bank account numbers.
5 Details of more than one million credit card accounts were contained on a computer disk sold, for less than £100, on Ebay to an Oxfordshire IT manager. The disk was sold in August 2008 and contained the account details of customers from a number of major financial institutions, Natwest, Royal Bank of Scotland, and American Express. Among the customer information reported to be on the disk was account information, signatures, mobile phone numbers and mothers’ maiden names. The disk purchaser, who reported the bungle, said the information would have been obtainable by someone with just basic software knowledge.
6 A junior MOD official was in hot water after a laptop containing details on 600,000 potential military recruits was stolen from a car in Birmingham. The list of information stored on the portable computer was reported to include: names, addresses, bank account information, national insurance numbers as well as passport numbers.
7 HSBC ended up with egg all over its security procedures when it lost the details of 370,000 customers in April 2008. The data, which included names, dates of birth and insurance details of customers, had been placed on a disk and put in the post.
Calls have been made by security experts for UK laws to be tightened to make sure affected people are notified immediately by organisations guilty of losing customers personal information. An influential group of Parliamentarians has also called for data loss to be made a criminal offence to help curb the tide of security breaches putting consumers at increased risk of identity theft.
By: Tristan Dunston
About the Author:
Tristan Dunston is an independent public relations consultant specialising in finance and privacy matters. He loves whitewater kayaking and photography
Mar 7
Direct Mail Marketing Goes Rogue - Offline Identity Theft Tactics
Posted on Saturday, March 7, 2009 in Identity Scams, Identity Theft, Identity Theft Prevention, Identity Theft Protection
Direct Mail marketing tactics are being effectively used by fraudsters to trick individuals into revealing confidential information and resulting in identity theft.
Identity theft is an increasing problem both offline and online. So when I received a letter informing me of the “fabulous news” that I had won £5,000 and I saw it as an opportunity to take a more in-depth look at the tactics fraudsters are using.
I looked for a phone number - absent. I then looked at the return address - Canada. Yet, the letter had been posted in the UK. Strange. I did a Google search for company name.
At number 2 was a link to an article in the Mirror titled “Rogue Mail”. This slick scam was apparently netting the operators millions of pounds because to claim your prize you had to pay £20.
So here’s a look at some of the tactics adopted by this company, which if used legitimately could improve the effectiveness of your Direct Mail campaigns.
1. Delivery Envelope
The envelope displayed the company’s name and under the company name were the words “Cash Release Documents”. Over the window of the envelope were the words “Final Notice For:” which implied a sense of urgency. To the right of the envelope were the words “OPEN AT ONCE” - i.e. a strong call to action.
2. Response Envelope
Including an addressed reply envelope generally increases the response rate and a reply envelope was dutifully included in this case. Some Direct Mail marketers use FREEPOST envelopes but the problem with this is that it can increase the response rate of junk mail.
3. Main Letter
The main letter was well-presented and looked official. The letter had been folded in three and the body of the letter was laid out in such a way that the information above the first fold was compelling as well as the information between the folds and at the bottom of the letter.
We tend to scan letters reading the headline, sub-headers and footers first and taking in any other striking information so this was a clever marketing tactic. In fact, the headline is critical to the success of the Direct Mail campaign. Given our short attention span, some attribute 90% of the success of a Direct Mail campaign to using a captivating headline.
In this case, above the fold and in italics there was a short paragraph preceded by the word “Attention” and containing the word “CONGRATULATIONS” notifying me that I had won a prize and it was “ready for dispensation”. The prize would be held for me until I responded (by post) according to the terms of the letter. Then there was another “call to action”.
The letter went onto to say that, as soon as I responded, my cheque would be dispatched to me using a registered courier service. This was a subtle reminder that I had to act quickly to take advantage of this offer.
The middle section gave details about the prize and an option to have the money released in one lump sum or to have four equal payments. A no-brainer proposition when you think about it but what this copy did was reinforce that there was money at stake.
4. Signature
The scanned signature was legible and in blue. Believe it or not this is another important feature of Direct Mail letters. Signatures should be legible and research has shown that the best colours for your signature are “process” or “reflex” blue. The rest of the text should be black against, ideally, a white, off-white or pale yellow background.
5. Post Script
All strong sales letters will contain a strong postscript to end such as reminding potential customers of the key benefits of the item being sold or of the steps to take. In this case, the reader was reminded that they could spend the money any way they liked encouraging those who had been lured to this point to imagine how they would spend their unexpected windfall.
6. Order Form
Naturally, Direct Mail Marketing campaigns contain an order form. The order form should stand out from the main letter. One way to achieve this is to print it on paper of a different colour such as blue or pink. Another marketing tactic is to give the order form a different title because most people are averse to form-filling. In this case, the order form was headed “Cheque Release Form” where the first two words neutralised any negative impact the word “form” might have had.
These tactics can all contribute towards generating high-income earning legitimate Direct Mail campaigns. The letter I received was slick but there were several errors or irregularities.
Unfortunately, there will always be vulnerable or easily influenced individuals who will fall prey to companies such as “Global Escrow Services” and become another casualty of identity theft.
By: Nickolove Lovemore
About the Author:
Identity theft is an increasing problem both offline and online. So when I received a letter informing me of the “fabulous news” that I had won £5,000 and I saw it as an opportunity to take a more in-depth look at the tactics fraudsters are using.
I looked for a phone number - absent. I then looked at the return address - Canada. Yet, the letter had been posted in the UK. Strange. I did a Google search for company name.
At number 2 was a link to an article in the Mirror titled “Rogue Mail”. This slick scam was apparently netting the operators millions of pounds because to claim your prize you had to pay £20.
So here’s a look at some of the tactics adopted by this company, which if used legitimately could improve the effectiveness of your Direct Mail campaigns.
1. Delivery Envelope
The envelope displayed the company’s name and under the company name were the words “Cash Release Documents”. Over the window of the envelope were the words “Final Notice For:” which implied a sense of urgency. To the right of the envelope were the words “OPEN AT ONCE” - i.e. a strong call to action.
2. Response Envelope
Including an addressed reply envelope generally increases the response rate and a reply envelope was dutifully included in this case. Some Direct Mail marketers use FREEPOST envelopes but the problem with this is that it can increase the response rate of junk mail.
3. Main Letter
The main letter was well-presented and looked official. The letter had been folded in three and the body of the letter was laid out in such a way that the information above the first fold was compelling as well as the information between the folds and at the bottom of the letter.
We tend to scan letters reading the headline, sub-headers and footers first and taking in any other striking information so this was a clever marketing tactic. In fact, the headline is critical to the success of the Direct Mail campaign. Given our short attention span, some attribute 90% of the success of a Direct Mail campaign to using a captivating headline.
In this case, above the fold and in italics there was a short paragraph preceded by the word “Attention” and containing the word “CONGRATULATIONS” notifying me that I had won a prize and it was “ready for dispensation”. The prize would be held for me until I responded (by post) according to the terms of the letter. Then there was another “call to action”.
The letter went onto to say that, as soon as I responded, my cheque would be dispatched to me using a registered courier service. This was a subtle reminder that I had to act quickly to take advantage of this offer.
The middle section gave details about the prize and an option to have the money released in one lump sum or to have four equal payments. A no-brainer proposition when you think about it but what this copy did was reinforce that there was money at stake.
4. Signature
The scanned signature was legible and in blue. Believe it or not this is another important feature of Direct Mail letters. Signatures should be legible and research has shown that the best colours for your signature are “process” or “reflex” blue. The rest of the text should be black against, ideally, a white, off-white or pale yellow background.
5. Post Script
All strong sales letters will contain a strong postscript to end such as reminding potential customers of the key benefits of the item being sold or of the steps to take. In this case, the reader was reminded that they could spend the money any way they liked encouraging those who had been lured to this point to imagine how they would spend their unexpected windfall.
6. Order Form
Naturally, Direct Mail Marketing campaigns contain an order form. The order form should stand out from the main letter. One way to achieve this is to print it on paper of a different colour such as blue or pink. Another marketing tactic is to give the order form a different title because most people are averse to form-filling. In this case, the order form was headed “Cheque Release Form” where the first two words neutralised any negative impact the word “form” might have had.
These tactics can all contribute towards generating high-income earning legitimate Direct Mail campaigns. The letter I received was slick but there were several errors or irregularities.
Unfortunately, there will always be vulnerable or easily influenced individuals who will fall prey to companies such as “Global Escrow Services” and become another casualty of identity theft.
By: Nickolove Lovemore
About the Author:
Identity theft is the fastest growing crime in the US and the UK. Be proactive to prevent yourself from becoming a victim to this emotionally and financially costly crime. Visit Identity Theft - Stop Now for more information on effective solutions to identity fraud.
