Steal your own identity

New software sniffs out personal information before hackers can get to it.

EMAIL  |   PRINT  |   SHARE  |   RSS
 
google my aol my msn my yahoo! netvibes
Paste this link into your favorite RSS desktop reader
See all CNNMoney.com RSS FEEDS (close)

steal_your_own_id.03.jpg
Rule of thumb: Most work PCs contain personal data.
What do you think about the $250 relief payment proposed for seniors?
  • It's a good idea
  • It's not enough
  • It's too much
Pocket books
Netbooks are models of portability. But can you stare at those little screens all day? Our reviewer put three to the test.

(Fortune Small Business) -- Todd Feinman spent more than a decade breaking into the computer systems of Fortune 100 companies. Not for his own nefarious purposes, though. The former director at PricewaterhouseCoopers was paid to test corporate security systems. He succeeded in breaching them 80% of the time.

Each time, he found the same gold mine of data -- Social Security and credit-card numbers, direct-deposit bank account data, addresses, passwords - hiding in the nooks and crannies of employee computers.

"No matter which computers we broke into, there was an unbelievable amount of personal information on them," says Feinman, 35. "Even those of the CEOs."

Bad guys know this. Last year alone, more than 10 million Americans had their identity stolen, according to research firm Javelin Strategy. The total value of stolen personal data will hit $1.6 billion next year, IDC Research projects. Feinman's brainstorm: software that lets you hack into your own machine, mimicking what identity thieves would do and alerting you to the presence of vulnerable data on your hard drive.

In 2006 he launched a company to develop his self-hacking application, which he named Identity Finder. Once it sniffs out sensitive information on your machine, the software lets you decide whether to eliminate it or to encrypt it to protect yourself.

Since then, many of Identity Finder's features have been imitated by dominant IT security players Symantec (SYMC, Fortune 500) and McAfee (MFE). But Identity Finder's key advantage has been its simplicity. An individual user can install and easily run the app, for $10 (per Mac) or $20 (per PC). Feinman also sells an enterprise version that performs data audits on corporate networks and costs up to $500,000.

Justin Klein Keane, a senior information security specialist at the University of Pennsylvania, reviewed competing applications for a year before buying Identity Finder for 2,000 of the university's staff. University campuses tend to be big targets for hackers, Keane says, because they maintain open networks with limited security, transient user bases and plenty of personal information on numerous faculty PCs.

This year thieves stole computers at Northern Kentucky University, taking the Social Security numbers of hundreds of students and faculty.

"Even if just a few numbers get stolen, you are required to notify these people and offer them credit-monitoring services at no charge," Keane says. "It's a very expensive proposition."

Universities drove early sales at 22-employee Identity Finder, based in New York City. Then the recession started to bite. By May of this year Feinman knew he had to change tack. He was in a bidding war with Symantec and McAfee for a university with 28,000 computers -- and was on the verge of losing the sale.

Feinman gathered his key management team for a daylong strategy session. Their solution: tiered pricing for organizations with tight budgets. A stripped-down version of the software would cost 20% less.

It worked. Identity Finder nabbed that key customer. By August it had sealed 45 other deals with universities, government agencies and large businesses. Now Feinman expects 2009 revenues to surpass his $5 million projection and hit $7.5 million -- up nearly 100% since last year.

Experts don't expect the market to shrink anytime soon. Many small businesses save customer credit-card information unencrypted on their PCs.

"People are sloppy when it comes to managing their information," says Kevin Beaver, a consultant for Principle Logic, an Atlanta company that runs security tests for corporations. "They don't know what they have and how it's at risk."

But 43 U.S. states have passed laws requiring companies to notify customers if there's a security breach in which personal information is compromised.

"It's not worth the hazard to your reputation," Feinman says. "We will be distraught the day we see one of our customers in the headlines for a data breach. We're trying to help them stay one step ahead of the criminals."  To top of page

To write a note to the editor about this article, click here.




QMy dream is to launch my own business someday. Now that it's time to choose a major, I'm debating if I should major in entrepreneurial studies or major in engineering to acquire a set of skills first. Is majoring in entrepreneurship a good choice? More
Get Answer
- Spate, Orange, Calif.
Beyond Russia: Geopolitical hot spots in 2015 Investors beware: These 5 global crises are likely to rattle the stock market and world economy. More
These 20 antique guns could fetch big bucks Morphy Auctions in Pennsylvania is putting nearly 1,000 old guns on the block. Here are just a few. More
15 execs who make more than their CEOs Sure, corporate chiefs' pay often is eye-poppingly high. But at some companies, executives lower down the ladder quietly out-earned their CEO bosses. More
Worry about the hackers you don't know 
Crime syndicates and government organizations pose a much greater cyber threat than renegade hacker groups like Anonymous. Play
GE CEO: Bringing jobs back to the U.S. 
Jeff Immelt says the U.S. is a cost competitive market for advanced manufacturing and that GE is bringing jobs back from Mexico. Play
Hamster wheel and wedgie-powered transit 
Red Bull Creation challenges hackers and engineers to invent new modes of transportation. Play

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.