Security

The year of the missing identity

2007 seems to have been the year of the missing identity. Most recently, the Globe and Mail reported that a computer tape is missing from Iron Mountain, a data storage company. The tape is believed to have information on 650,000 credit card holders, including customers of J.C. Penney and up to 100 other retailers.

2007 seems to have been the year of the missing identity. Most recently, the Globe and Mail reported that a computer tape is missing from Iron Mountain, a data storage company. The tape is believed to have information on 650,000 credit card holders, including customers of J.C. Penney and up to 100 other retailers.

From The Globe and Mail:

GE Money, which handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people.

The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage company, and was never checked out but can't be found either, said Richard C. Jones, a spokesman for GE Money, part of General Electric Capital Corp.

According to the Identity Theft Resource Center, six times the number of records reported were compromised in the United States alone. The breach report covers only the United States, and it includes only those breaches that are confirmed by a credible source. The 2007 report identifies 448 breaches, with a total of 127,718,335 records exposed. This number does not include ball-park figures for breaches that could not confirm the number of records exposed. The actual number is likely to be higher.

Jones said GE Money was paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape.

Credit card fraud is generally easy to spot. The customer’s liability is capped at $50, which is frequently waived by the creditor. But identity theft can take months and even years to find out about and resolve. This, in addition to the increase in breached information, is causing a slight increase in privacy concerns, according to a survey from the University of Southern California’s Center for the Digital Future.

From MSNBC:

Privacy concerns stemming from online shopping rose in 2007, a new study finds, as the loss or theft of credit card information and other personal data soared to unprecedented levels.

Sixty-one percent of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47 percent in 2006. Before last year, that figure had largely been dropping since 2001.

Security will continue to be a concern for everyone. Unfortunately, the greatest threat to an individual’s security is often themselves. But as J.C. Penney has proven again, even the most careful of us can be compromised.

How do you protect yourself from fraud and identity theft?

8 comments
sgthomas
sgthomas

The best bet out there so far is PayPal's temporary credit card creator...

Tig2
Tig2

Given the number of breaches in the United States, fraud or Identity Theft is not a matter of "if" so much as a matter of "when". What are the steps you take to protect yourself?

boxfiddler
boxfiddler

I shred everything. We keep 1 credit card with a small maximum credit line for online shopping. When given the option I don't allow online retailers to keep my information. When not given the option I don't shop there. I don't keep any sensitive information in my computer. While I do bank electronically, I don't allow for automatic electronic deduction of payments by the payee from our bank account. I don't use a debit card. I sit behind a hardware and software firewall. I use the strongest passwords I can come up with. I use a land line for confirming sensitive transactions. I never open an email and click on a link from someone I don't know. I save attachments to the desktop and scan them before opening when they come from a known source. I don't believe for a minute that my bank, credit card company, ISP, etc., is going to contact me by email for sensitive info. And I spend a regular bit of time reading about the latest threats and how to [hopefully] avoid them. Unfortunately, this may or may not be enough. Guess I will find out as life is lived. edit to add: I don't allow any automated updating either. Too much of MS stuff I don't need or want just screws up the machine. When it comes to antivirus and the like, if Windows is getting corrupt, the automatic updater may or may not be working but thinks it is and I am left unprotected. I do twice a week manual updating and then weekly scans.

NaughtyMonkey
NaughtyMonkey

have horrible credit so they can't do anything with your identity anyway.

DMambo
DMambo

In today's society, it almost doesn't matter how well you protect yourself. Chances are that identity theft well be the result of occurrences in places you have no control over. State gov't laptops containing databases with SSN's stolen, retailers systems with CC numbers hacked, etc. I protect my systems and control the papers on my desk, but what can other organizations with my data provide? A couple of years of free monitoring after their systems are compromised? That's ain't worth squat!

Tig2
Tig2

What penalties should be in place when an organization DOES lose your information? Keep in mind that paying some penalties, if not backed by something else, might be considered "the cost of doing business". How do we communicate to those corporations that the loss of information will not be tolerated?

JCitizen
JCitizen

which on this subject I haven't like I have other subjects. Many state's attorneys general are our only first line of defense if the identity is already compromised. If we would treat the subject as a priority; our congressmen would too. Consumers Union is forming a lobby group with online activism in this area; and I am a member so this is finally becoming a reality for me. This is the same organization that publishes "Consumer's Report" so they are long standing and very legitimate.