Search This Blog

Wednesday, March 11, 2009


I was rummaging through some older material on identity theft and found an article from the Coalition for Data Security that must have reassured those who think it will never happen to them. First off, I tried to find their Web site but was always directed to a Go Daddy site that does talk about information security, but no coalition. I was shocked to read these three headlines from their article:

• Data security breaches almost never result in identity theft
• Data is often unusable due to encryption
• Consumers are not liable for fraudulent charges

If I were a lay person reading these headlines, I would feel reasonably comfortable that my personal data was completely secure. Of course it isn’t. They even reference Javelin Strategy & Research in the piece; my following comments will also use Javelin in disputing this nonsense. To start, although the article appears to have been done in late 2006 or early 2007, Javelin reported 8.9 million ID theft victims in 2006.

Speaking directly to the three headlines now…

• “Data security breaches almost never result in identity theft” – tell that to the 1,089,000 identity theft victims in 2008 whose data was stolen through data breaches. And that was a 22 percent increase over 2007.

• “Data is often unusable due to encryption” – according to an Identity Theft Resource Center report, only 2.4 percent of 2008 breaches had encryption. Further, Information Security Magazine says that only 22 percent of those recently surveyed by the online magazine planned on including encryption in their budget. Only two states—Nevada and Massachusetts—have laws requiring encryption, but other states have similar measures in the works.

• “Consumers are not liable for fraudulent charges” – sometimes they aren’t, but when they are it is $496 out of their pocket, plus 30 hard hours clearing up their credit problem. Victims’ O-of-P costs in 2008 totaled $4,910,400,000, $540,144,000 for those from data breaches. This also does not include any attorney fees if it is necessary to hire one.

There are other “cutesy” headlines like “The ’Don’t Lose Sleep Over It’ Breach,” which refers to information over which you have no control. Things like your telephone number, your name and address, and public records such as your home value, etc. Actually it won’t do much good to lose sleep over this kind of sensitive data because it is available everywhere. This is due primarily because the junk mail industry realized its value years ago and has since compiled it in to huge databases.

Unfortunately, certain manipulations like adding a date of birth to your name and address can produce disastrous results when it comes to stealing your identity. So, maybe you won’t lose sleep in large part due to the fact that you will check your credit report regularly for fraud. Since you have one free report from each of the credit bureaus—Equifax, TransUnion, Experian—pull one every four months. You’ll be glad you did.

No comments: