Steal your own identity

New software sniffs out personal information before hackers can get to it.

EMAIL  |   PRINT  |   SHARE  |   RSS
 
google my aol my msn my yahoo! netvibes
Paste this link into your favorite RSS desktop reader
See all CNNMoney.com RSS FEEDS (close)

steal_your_own_id.03.jpg
Rule of thumb: Most work PCs contain personal data.
What do you think about the $250 relief payment proposed for seniors?
  • It's a good idea
  • It's not enough
  • It's too much
Pocket books
Netbooks are models of portability. But can you stare at those little screens all day? Our reviewer put three to the test.

(Fortune Small Business) -- Todd Feinman spent more than a decade breaking into the computer systems of Fortune 100 companies. Not for his own nefarious purposes, though. The former director at PricewaterhouseCoopers was paid to test corporate security systems. He succeeded in breaching them 80% of the time.

Each time, he found the same gold mine of data -- Social Security and credit-card numbers, direct-deposit bank account data, addresses, passwords - hiding in the nooks and crannies of employee computers.

"No matter which computers we broke into, there was an unbelievable amount of personal information on them," says Feinman, 35. "Even those of the CEOs."

Bad guys know this. Last year alone, more than 10 million Americans had their identity stolen, according to research firm Javelin Strategy. The total value of stolen personal data will hit $1.6 billion next year, IDC Research projects. Feinman's brainstorm: software that lets you hack into your own machine, mimicking what identity thieves would do and alerting you to the presence of vulnerable data on your hard drive.

In 2006 he launched a company to develop his self-hacking application, which he named Identity Finder. Once it sniffs out sensitive information on your machine, the software lets you decide whether to eliminate it or to encrypt it to protect yourself.

Since then, many of Identity Finder's features have been imitated by dominant IT security players Symantec (SYMC, Fortune 500) and McAfee (MFE). But Identity Finder's key advantage has been its simplicity. An individual user can install and easily run the app, for $10 (per Mac) or $20 (per PC). Feinman also sells an enterprise version that performs data audits on corporate networks and costs up to $500,000.

Justin Klein Keane, a senior information security specialist at the University of Pennsylvania, reviewed competing applications for a year before buying Identity Finder for 2,000 of the university's staff. University campuses tend to be big targets for hackers, Keane says, because they maintain open networks with limited security, transient user bases and plenty of personal information on numerous faculty PCs.

This year thieves stole computers at Northern Kentucky University, taking the Social Security numbers of hundreds of students and faculty.

"Even if just a few numbers get stolen, you are required to notify these people and offer them credit-monitoring services at no charge," Keane says. "It's a very expensive proposition."

Universities drove early sales at 22-employee Identity Finder, based in New York City. Then the recession started to bite. By May of this year Feinman knew he had to change tack. He was in a bidding war with Symantec and McAfee for a university with 28,000 computers -- and was on the verge of losing the sale.

Feinman gathered his key management team for a daylong strategy session. Their solution: tiered pricing for organizations with tight budgets. A stripped-down version of the software would cost 20% less.

It worked. Identity Finder nabbed that key customer. By August it had sealed 45 other deals with universities, government agencies and large businesses. Now Feinman expects 2009 revenues to surpass his $5 million projection and hit $7.5 million -- up nearly 100% since last year.

Experts don't expect the market to shrink anytime soon. Many small businesses save customer credit-card information unencrypted on their PCs.

"People are sloppy when it comes to managing their information," says Kevin Beaver, a consultant for Principle Logic, an Atlanta company that runs security tests for corporations. "They don't know what they have and how it's at risk."

But 43 U.S. states have passed laws requiring companies to notify customers if there's a security breach in which personal information is compromised.

"It's not worth the hazard to your reputation," Feinman says. "We will be distraught the day we see one of our customers in the headlines for a data breach. We're trying to help them stay one step ahead of the criminals."  To top of page

To write a note to the editor about this article, click here.




QMy dream is to launch my own business someday. Now that it's time to choose a major, I'm debating if I should major in entrepreneurial studies or major in engineering to acquire a set of skills first. Is majoring in entrepreneurship a good choice? More
Get Answer
- Spate, Orange, Calif.
Sponsors
50 years of the Ford Mustang Take a drive down memory lane with our favorite photos of the car through the years. More
Cool cars from the New York Auto Show These are some of the most interesting new models and concept vehicles from the Big Apple's car show. More
8 CEOs who took a pay cut in 2013 Median CEO pay inched up 9% in 2013 to $13.9 million. But not everyone got a bump last year. Here are eight CEOs who missed out. More
Worry about the hackers you don't know 
Crime syndicates and government organizations pose a much greater cyber threat than renegade hacker groups like Anonymous. Play
GE CEO: Bringing jobs back to the U.S. 
Jeff Immelt says the U.S. is a cost competitive market for advanced manufacturing and that GE is bringing jobs back from Mexico. Play
Hamster wheel and wedgie-powered transit 
Red Bull Creation challenges hackers and engineers to invent new modes of transportation. Play

Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.