As reported by CityWire, the latest set of statistics on fraud in the UK, for the whole of 2011, are now available. And they don’t make very pleasant reading.

The UK’s Fraud Prevention Service, CIFAS, provides regular updates to indicate the extent to which different types of fraud, including identity fraud, are taking place in the UK. The latest bulletin confirms what we have suspected from the interim updates issued during 2011. There was a rise of over 10% compared with the previous year, with over 113,000 reported cases of identity fraud throughout 2011.

We have now seen that the number of identity fraud cases in the UK has breached the 100,000 mark in all of the last three full calendar years (2009 – 2011), and although there have been quarters where the number of cases has plateaued or fallen slightly, the overall trend is still very worrying indeed.

Also, as has been the case for several years, identity fraud cases still accounted for almost half (48%) of all fraud cases during 2011.

To avoid becoming part of the next set of identity fraud statistics, you can discover more about the identity fraud prevention service offered by Identity Alarm, by clicking here to view our main website.

[Source: CityWire]

We’re only just into 2012, but it hasn’t taken long for a very high profile news story involving the loss of personal details of hundreds of thousands of people.

The Mirror website has reported the loss of personal data from over 1.4 million customers of Shopacheck, which helps to provides loans to people, many of whom struggle to obtain credit elsewhere or who already have poor credit ratings or County Court Judgments.

As we have seen in the past, these high profile data loss incidents often do not involve any financial data, but due to the nature of Shopacheck’s relationships with its customers, it is believed that the payment history details of over 600,000 customers is among the lost information.

Shopacheck’s MD has already written to customers to highlight the increased risk of identity fraud, and a freephone helpline: 0800 8406 563, has also been set up for current or past Shopacheck customers who may still have concerns.

[Source: Mirror]

Firstly, we would like to wish all Identity Alarm members, and other readers of this blog, a very happy new year.

The start of January is traditionally a time for people to make New Year’s resolutions, whether it’s giving up a vice or doing something positive in your life like trying to lose weight, it is a sad fact of life that these good intentions often do not last.

One alternative resolution that you could consider, and which may be a more achievable target, is to be more identity aware in 2012 by ensuring that you do not do anything to adversely risk or expose your personal information. However, despite positive steps taken by governments and other organisations identity fraud remains a very real danger in 2012.

There are loads of tips about what you can do to safeguard your identity in our previous blog articles, as well as the content on the main Identity Alarm website, so why not make a resolution to do more to protect your identity in 2012?

With just a couple of days remaining until Christmas Day, we would like to take this opportunity to pass on season’s greetings to all Identity Alarm members and blog readers.

We hope that you have found this blog informative over the past twelve months, and that you will choose to visit us again for more articles in the new year.

We aim to continue bringing you a mix of news articles and tips throughout 2012, in order to keep you up to speed with all that is happening in relation to the big identity fraud stories that are out there.

So, from all of us here, have a very festive Christmas and a happy and prosperous new year!

Despite a series of high profile incidents involving serious data losses, the Information Commissioner’s Office (ICO), which is an independent authority that exists to uphold information rights, has not used its powers as much as some experienced industry commentators would like.

However, one case recently, as reported by BBC News, has resulted in a record fine of £130,000. The fine was levied against Powys Council for a breach involving a child protection case, and perhaps is the start of a more stringent regime for the organisation that exists to protect data privacy for individuals in the UK.

We have written on a regular basis about cases in which councils have neglected their duty of care by mis-handling sensitive data, and it is encouraging that the ICO now appears more willing to use additional powers granted to it in April 2010. Admittedly, some of the cases that we have reported during 2011 originally took place much longer ago, meaning that current powers could not be used, but hopefully we will now see renewed efforts to get tough on all organisations that do not take their data protection responsibilities seriously.

In the meantime, if you are concerned about Identity Fraud, and you don’t already have the peace of mind that is provided by Identity Alarm’s identity fraud protection service , then you can find out more by visiting our main website.

[Source: BBC News]

We published an article back in June of this year, entitled “Local Councils Can Seriously Damage Your Identity”, in which the sheer volume of data security lapses from local councils was highlighted. Following on from those revelations, it now appears that there is yet another area in which some local councils are playing fast and loose with personal data.

The Bureau Of Investigative Journalism has highlighted instances in which councils have published sensitive personal information for a type of application known as a Temporary Event Notice. Specific examples have included the full publication of applicants’ name, date of birth, postcode, National Insurance number and signature.

Access to this information may be sufficient for a fraudster to commit identity fraud, that could leave the reputation and finances of the victim in a state of disarray for months or years afterwards.

The sensible approach in such situations, where a degree of openness is a requirement, would be to publish redacted versions of the documents with selected information blacked out to protect the data security of the individuals involved. However, there have been several instances of the information being published it its full un-edited form. The named and shamed councils are: Crawley, East Hertfordshire, Kettering, Bridgend and Fenland, so residents in these areas should be particularly cautious when entrusting these local councils with any applications that may later be published.

As well as Temporary Event Notices, there have also been similar breaches that have been discovered involving the more common area of planning applications, and so on the basis of these latest revelations it may be wise to check up on the specific policy of your local council.

[Source: The Bureau Of Investigative Journalism]

Earlier in the year we reported that there were plans to change the way in which the UK Government intends to combat organised crime, including the specific threats of online crime and online fraud.

Following on from the initial reports of planned changes, there has recently been a specific announcement of a new Cyber Security Policy. This new policy is intended to make significant improvements in the way that the fightback against cyber crime can occur in a more co-ordinated and organised manner.

One of the key strands of the new policy involves greater association with, and involvement of, the private sector. In addition, the overall strategy is intended to increase the levels of co-operation between a variety of different organisations and businesses to help to reduce the amount that is lost each year to the various different types of cyber crime.

To underpin the planned organisational and structural changes, a significant investment of over £650m over four years is also being made available. This may sound like a lot of money, but when consideration is given to the proportion of the UK economy that is wholly reliant on the Internet (estimated at 6% and rising) and the hundreds of thousands of jobs that are directly and indirectly affected, then there is a clear case for ensuring that this important part of ‘UK Plc’ can continue to operate effectively by taking positive steps to limit the damage that sustained cyber crime is able to achieve.

It is to be hoped that the available funds are used effectively alongside the structural changes and spirit of co-operation with industry, to ensure that this area of the economy can continue to flourish, without being held back by criminal activity.

As consumers, there will hopefully also be the added benefit of a reduction in the incidence of fraud, including identity fraud, although as ever it may take some time for the impact of these changes to be fully apparent.

[Source: Cabinet Office]

Southwark Council is the latest in a long succession of local councils to be found to be in serious breach of data protection regulations by the ICO (Information Commission Office), as has been reported recently.

The original incident dates back to late 2009, although it was only earlier in 2011 that the missing data was eventually discovered again. Although the incident involved the details of over 7,000 individuals on an lost Apple Macbook, the council has been able to avoid a fine on a technicality.

The ICO now has increased powers to impose fines and other measures against organisations that breach data protection regulations, but as the data loss dates back to 2009, when its powers were much more limited, there was no option but to be lenient. Any councils that act in a similarly irresponsible way in the future will most likely not be as fortunate.

As we have reported time and time again, it is exactly this type of data loss that can increase the risk of identity fraud to individuals whose data has been lost through no fault of their own.

[Source: CBR]

In our view, identity fraud is a fairly abhorrent crime at any time, but when it also involves the use of a birth certificate of a dead infant, it is all the more reprehensible.

We have reported in this blog in the past about cases where identity fraud has been made possible by a fraudster stealing the identity of a child that died at a very young age by using the birth certificate to forge themselves a new identity with the details.

The very high profile case of John Darwin, who faked his own death in a mock canoeing accident, was one such occasion where this vile tactic was used, although numerous similar frauds have been reported over the years.

It has long been argued that changes in the law were required to ensure that additional safeguards could be put in place to ensure that fraudsters are not able to create themselves a new identity in this way. A recent article on the Mirror website now appears to suggest that there are likely to be increased efforts to finally close this loophole and stamp out this practice once and for all.

It has been suggested that by allowing for specific annotations to be made to birth certificates, when the child has died shortly afterwards, would mean that it would no longer be possible to use the birth certificate of a dead child to commit identity fraud. However, there are still several legal hurdles to overcome to ensure that the necessary changes can be made.

We firmly hope that efforts continue to try and close this loophole and prevent the parents of bereaved children from being put through further turmoil at the hands of heartless identity fraudsters.

[Source: Mirror Group Newspapers]

Over the past few years, we have often reported on high profile incidents that involve significant data breaches by organisations including public sector departments and private companies.

Recently another breach came to light that involved the office of a high profile politician, namely Vince Cable, who is the Liberal Democrat MP for Twickenham and the current Business Secretary in the coalition government.

An article in the local press details the story, in which a concerned constituent noticed see-through bags outside Mr Cable constituency office that clearly contained documents that should have been disposed of safely via shredding or other secure means.

Although we should really be grateful to this individual for bringing the matter to light, it is perhaps questionable that they continued to gather evidence over a period of nine months and only then took the information to the press. This means that there is some debate over the intentions of the individual who may have been looking to gain some further political advantage or cause maximum embarrassment, when the best course of action may have been to report the issue straight away. However, there is no getting away from the potential risks that were posed to individuals whose details had been inadequately disposed of by Mr Cable’s office.

Of course, now that the issue has made it into the media, Mr Cable has issued a full apology, and will now be anxiously awaiting the response of the Data Protection Registrar, who may elect to issue a significant fine or other sanctions.

We suspect that the vast majority of MPs across the country deal with personal data in the proper way, but this story proves yet again that no matter how careful you are with your data there is always a risk that there may be other ways that your personal data can get into the wrong hands. This is exactly how identity fraud occurs in a significant proportion of cases that are discovered.

[Source: Richmond & Twickenham Times]