Indiana is using a new law and more services to protect residents from identity theft. According to the Chicago Tribune, a new state law creates the crime of synthetic identity theft to specify that combining parts of the identities of into a hybrid, fictional person in order to commit fraud is a felony punishable by six months to three years.

“With the downturn in the economy, criminals have become relentless in their efforts to steal the identities of consumers and fraudulently open lines of credit,” Attorney General Greg Zoeller said. “Identity theft is devastating to victims and can take months or years to untangle.”

The law also allows victims of identity theft to go to court and get a declaratory judgment, a legal document that says the person was an innocent victim, to help correct their records.

The law that took effect July 1 also increases the penalties for database owners who discard consumers’ personal data, such as Social Security numbers, in a way that could subject them to identity theft – such as not shredding, blacking out or incinerating them first. Authorities can now seek penalties of $5,000 per incident. Database owners also are now required to notify the attorney general’s office, as well as consumers, if a security breach occurs.

SC Magazine reports that a temporary employee at a Chicago-area AT&T office allegedly stole the personal information of 2,100 AT&T employees.

Two other people were indicted and charged with stealing $70,000 by applying for “payday loans” using stolen confidential data, according to an indictment.

The three women, Cassandra Walls, Jermaine Jones, and Deedra Massey, forged driver’s licenses bearing the names of victims, using photos of random people, and faxed them as part of the loan applications. They set up bank accounts and had the loan money wired to them, according to the indictment. The three are charged with five counts each of federal wire fraud and identity theft.
A company called PayDay One took information for the loan applications over the internet, for 130 victims – except that the applications were allegedly made “without the knowledge or consent” of the victims.

The Daily Telegraph reports that proposed laws in Australia targeting the use of social networking sites for identity theft may put cybercriminals in jail if they use social networking sites to victimize people.
If the laws pass, police will, for the first time, be able to arrest and charge online fraudsters for improperly accessing or using information without having to wait for them to steal money.

The move, which is backed by Attorney-General John Hatzistergos, is an effort to ensure the law keeps pace with new technology that is being embraced by young people and exploited by criminals.

“Identity thieves who use emerging technology to perpetrate fraud are responsible for a crime wave that is costing Australians approximately $1 billion a year,” he said.

The proposed offences, which will be released for public consultation, would make it a crime to use or trade any information that identified a person, such as their name or address, driver’s license number, PIN or password for the purpose of committing a secondary offence. It would also be an offence to use devices such as printers and laminators to produce fake identity documents to commit crimes.

As unemployment rates continue to grow, scammers are setting up fake Web sites or posing as recruiters to trick job seekers into giving up sensitive personal information, according to Business Week.

Some scammers build fake sites purporting to be PayPal or other financial-services firms to dupe Web surfers into giving up data. Now they’re using false job-listing sites to get the same results.

In some cases, criminals sell data on legitimate job seekers to illegal immigrants, who need the data to get jobs. Of the roughly 313,000 cases of consumers registering complaints of identity theft to the U.S. Federal Trade Commission in 2008, about 15% said thieves had perpetrated employment-related fraud with their stolen identities, according to a February 2009 report by the commission. That’s up from 14% of 259,266 identity-theft complaints in 2007.

In another popular scam, perpetrators pose as recruiters ready to extend an offer who request Social Security numbers or other personal information to do background checks. “We’ve even heard cases of fraudsters posing as potential employers, asking for bank account numbers,” says Jeremy Miller, director of operations at Kroll’s Fraud Solutions Practice. “They’re using the fact that a person is looking for a job and has that need, and counting on the fact that they’ll do anything to get that job.”

According to a study by the Ponemon Institute, chief executives of companies value cybersecurity but often underestimate the frequency of cyberthreats their organization faces.

Forbes published the results of the survey, which was funded by cybersecurity firm Ounce Labs, and asked 213 senior executives about their perceptions of data breach risks. Among those respondents, just 17% of CEOs said their company faced attempts by cybercriminals to steal data at least once every hour, compared with 33% of other executives. By contrast, nearly 50% of CEOs said their company experienced an attack “rarely”–less than once a week–while only 32% percent of other executives reported the same frequency of cyberthreats.

The survey’s researchers suspect that CEOs’ staffs may not tell them the full extent of a company’s data risks. “Even in the most transparent of companies, there’s a bit of hesitance to give the CEO a report of vulnerabilities or even small breaches,” says Ponemon. “We don’t know how much filtering of bad news happens that keeps CEOs from hearing some of the darker secrets.”