Home » Magazine Archives » June 2008
Security Technology and Design
Most Read
Most Emailed
E-mail Article
Print Article
Protecting Companies from Identity Theft
Organizations must think company-wide and across public/private barriers to prevent data breachesThe Latest from SIW
Security primer: Outsourcing employee background checks The security week that was: 10/03/08 Research shows how schools adopt access control Loss prevention firm releases results of annual retail theft survey ComNet's George Lichtblau talks fiber optics iPhone application makes phone a biometric checkpoint
By Marleah Blades
Security Technology & Design
A man walking down an empty residential street opens a mailbox and shoves its contents — including a credit card statement containing four convenience checks — into his jacket. A hacker breaks into a corporate database and downloads information on all the company’s 1,200 employees. A group collects social security numbers from a phishing scam that asks e-mail recipients to update their personal information on a sham Web site.
Teenagers watch a retail employee throwing paper transaction logs into a trash bin behind a shopping center and dig them out once she’s gone. An organized gang pays a hospital worker to hand over the medical or insurance information of patients in bulk.
The problem with identity theft is that it is all of these things, and its results include all types of fraud, from credit card and check fraud to medical and government benefits fraud, as well as blackmail. Because identity theft is such a broad and perhaps ill-defined crime category, it is often shrouded in misconceptions, and its potential as a damaging threat is often underestimated.
In most of the above scenarios, the consumer is the immediate intended victim who stands to lose from the information theft. Businesses and organizations — the corporation whose database is breached, the company whose logo is on the phishing e-mail, the retailer whose dumpster is searched, the hospital and the insurance companies that lose patient information — also stand to suffer significant long-term consequences.
A Rampant Problem
There is no way to accurately estimate the number of identity thefts that occur annually. Many companies and organizations track reported cases of various types of identity theft, but few can monitor every method, and since the crime may go undiscovered or unreported for a long time, it is possible that existing estimates are the tip of the iceberg. Several estimates place the number of incidents between 8 and 10 million each year. The Identity Theft Resource Center, which continually catalogues confirmed electronic and paper data breaches, reports 259 breaches in 2008 as of May 13, with nearly 12 million individual records exposed.
More than 4 million of those records are accounted for by a major security breach reported by Hannaford Brothers supermarkets in March. This immense theft of credit and debit card numbers has already led to at least 1,800 confirmed cases of fraud.
It is this type of breach that sends shivers up the spines of retailers, banks and other companies that handle financial data. Whereas other types of identity theft, like the recovery of paper records outside a store, generally impact a limited number of customers and may easily duck attention, the high-level financial data security breach quickly exposes millions of records, making for spectacular headline news.
