Online exposure of financial records leads to local arrests

[someonesomewhere]

http://www.komotv.com/news/6624247.html

Story Published: Mar 21, 2007 at 4:55 PM PST

Story Updated: Mar 21, 2007 at 10:54 PM PST

By KOMO StaffWatch the storySEATTLE - On Tuesday, we reported about a viewer who stumbled onto a huge list of personal information stored online for anyone to see. The list included names, Social Security numbers, credit card numbers, addresses and more.

The 276-page list contained financial information from consumers across the country, including Washington state.

We notified the banking industry and law enforcement officials who were able to get the site shut down. But that didn't mean the information was gone.

As we continued investigating the story we found another large list of personal financial information online.

Many of the credit card numbers had expired, but the list contained thousands of names and their associated Social Security numbers, credit card numbers, and banking information. This second list included many passwords and even checking account routing numbers.

Marian Merritt, a security expert with Symantec Corp., saw the list and said even if the card numbers were expired there was plenty of information for an identity thief to open up new accounts and ruin the credit of those on the lists.

Investigators say the list contains IDs that thieves have been buying and selling for years. The lists are probably compiled from a number of sources -- disgruntled employees, security breaches, stolen property, phishing scams and human error.

A police source said many of these lists are believed to be coming out of Eastern Europe, where scammers are working an underground economy based on stolen identification.

"A whole criminal group has come together, and they're gathering this information," said Merrit. "They're selling it to each other. They're lifting it off your name, your social security number. There's real value there for them."

Each name has a street value of about $15.

While there are likely thousands of other such lists and web sites dealing in stolen personal information, the two large lists and dozens of smaller sites we found on Wednesday illustrate the difficulty of reigning in your personal information once it has been stolen.

The sites where the large lists we found were originally posted have been taken down, but the information is still available to anyone with an Internet connection. The Google search engine copied the pages into its massive cache that mirrors every page the search engine includes in its index.

So even though authorities managed to get the original sites shut down, the lists of personal info were still online.

Google spokesman Barry Schnitt said that when sites are removed from the web, the Google cache will also remove the site from Google's servers, but the automated process can sometimes take a few weeks.

When web site owners or law enforcement agencies contact the company, Google can manually remove cached pages from its servers, he said.

Seattle resident Mark Mayer's personal financial information was one the first list we found.

"It's got everything, yeah, bank numbers," he said. Mark was still getting over the shock when he was shown his personal information that was posted online. The list even had his driver's license number and mother's maiden name.

Local Arrests

While the lists were posted on sites hosted in other countries, it didn't take long for the information to make its way into the hands of local criminals.

On March 6, a Puyallup police officer stopped a car that had a tail light out. Inside the car, the officer found credit information on 300 people with more than 60 of them in our area.

Investigators say much of the information came from the same list that we found through Google's caching system.

"It's quite frightening," said Det. Sgt. Ryan Portmann. "As we started to investigate the case a little more thoroughly we noticed we had victims not only all over the United States, but all over the globe."

Det. Michel Lewis said they didn't know where the list came from until they saw KOMO's report Tuesday evening.

"I was watching the 6:00 News and I saw Connie Thompson's report on the ID theft and I realized this was exactly what we were investigating the last two weeks," Lewis said.

Arrested were Steven Ross, Jillian Hammond and Trevor Lucas. The trio allegedly used the stolen information to bilk thousands of dollars from the victims whose information was stolen.

The three were booked for investigation of identity theft and unlawful possession of financial records.

Puyallup Police say the case is much bigger than they can handle by themselves.

"We're hoping that we can get some federal help on this with the FBI or the Social Security agency," Lewis said.

FBI officials say the problem is so huge that it's almost impossible to keep such information off the internet. When one site is shut down, another pops up.

Tips To Protect Yourself

The people on these lists likely have no idea they're on there, and may not find out until someone starts stealing from them. That's why it's so important to check your credit card and other financial statement on a regular basis. You want to look for anything that doesn't seem right.

There's nothing you can do to that guarantees your personal information won't wind up on a list like this. But there are some things you can do that will make it harder for the identity thief to snag it:

Always do financial transactions on a trusted computer -- basically that means your home machine.

Change your online passwords several times a year and make them complicated -- use letters and numbers and symbols.

Never respond to an e-mail or phone call asking for personal information -- no matter how dire the message.