Saturday, February 16, 2008

ID Theft


2007: Another Record Year for Identity Theft
It's a piece of cake for someone to steal your identity. And if a thief manages it, count on spending hours dealing with police, credit bureaus and banks to "prove" you didn't cause the fraud.
You might even face arrest if police believe that you, rather than the actual identity thief, is perpetrating a fraud against a credit card company, merchant, or bank.
All that person needs to do is to get hold of your Social Security number, or a similar identifying number such as your driver's license number or military ID. Armed with this data, an identity thief can find your name, birthday and other identifying information. That's enough for the thief to apply for a credit card in your name and start making purchases.
Stealing your identity wouldn't be so easy if those who maintain your personal data actually guarded it properly. But, unfortunately they don't. For instance, the U.S. Government Accountability Office (GAO) reported in 2006 that state agencies in 41 states and the District of Columbia display social security numbers (SSNs) in at least one type of public record. (Translation: Absolutely anyone can see it.) Most often, social security numbers appear in state and local court files and local property-ownership records.
Increasingly, state and local policymakers post these records on the Internet. And, not surprisingly, research has found that identity thieves regularly visit these websites to harvest SSNs.
At the same time, merchants and government agencies that demand personal identifying data don't bother to safeguard it.
For instance, beginning in 2006, hackers managed to steal nearly 100 million customer records from the retail giant TJX, which owns T.J.Maxx, Marshalls and Bob's Stores. The hackers gained access through the poorly secured wireless network that manages TJX's cash registers and terminals. Banks and other institutions that issued credit cards to the TJX identity thieves are now facing fraud losses approaching US$100 million. And that number is still climbing.
As for the government "safeguarding" your identifying data, look no further than the Veteran's Administration. This group uses veteran's social security numbers as its default ID number for millions of soldiers and patients in its hospital network. In 2006, a VA contractor took home computer disks containing personal records on more than 26.5 million current and former members of the U.S. military. Thieves broke into his home and stole the disks. None of the data was encrypted.
The results are grim. In 2005, security breaches exposed more than 55 million Americans to identity theft. By 2007, that number more than doubled: Last year, 128 million people in the United States had personal data exposed, according to research from the Identity Theft Resource Center.

No comments: