NEWS    RECALLS    COMPLAINT FORM    SCAM ALERTS   RESOURCES  
Small Claims Guide   Class Actions   Lemon Laws   FAQ   Newsletters  
Bookmark and Share


Complain about a product or service

Automotive    Education    Employment    Electronics    Family    Finance    Health    Homeowners    Insurance    Pets    Shopping    Travel     Print This     Email This    



NEWS   Latest |  Archives |  Auto |  Cells, etc. |  Computers |  Financial |  Health |  Homeowners |  Parents |  Privacy |  Scams |  Seniors |  Travel

GAO: Data Breaches Frequent, Effects Unknown





By Martin H. Bosworth
ConsumerAffairs.com

July 5, 2007

Data Theft

68,000 CalOptima Members at Risk in Data Breach
Express Scripts Extortion Scheme Widens
Technology Could Be Key To Stopping Unauthorized Charges
T-Mobile: No Hacking in Data Breach
T-Mobile Confirms Data Breach
Consumers Increasingly Concerned About Online Transactions
Are Identity Theft Services Worth the Cost?
Online Tools Help Spot Financial Fraud
Financial Fraud Hits 7.5 Percent Of Americans In 2008
Feds Charge Mortgage Broker In Potential Data Breach
Millions of Credit Cards Exposed in Data Breach
2008 Data Breach Total Soars
Bank Data Breach Threatens 248,000 in North Carolina
GPS Not Foolproof
Countrywide Warns Millions of Data Breach
Thieves Steal AT&T Laptop with Employee Data
Report: Data Breach Disclosure Laws Don't Affect Identity Theft
Patient Information Exposed in Data Breach at Walter Reed
Supermarket Chain Reports Data Breach
Report: Feds Still Not Doing Enough To Secure Data
Data Thieves Hit Georgetown University Students, Faculty
800,000 Job Seekers At Risk In Gap Data Breach
TJX Data Breach Settlement Has Strings Attached
More ...

Although breaches of data happen with alarming frequency across government and private institutions, the actual evidence of identity theft resulting from these breaches seems to be limited and hard to measure, according to a new report from the Government Accountability Office (GAO).

"Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained, and it may be up to a year or more before stolen data are used to commit a crime," the agency wrote.

"Some studies by private researchers have found little linkage between data breaches and identity theft, although our review found these studies had methodological limitations."

The GAO report supports implementing a "risk-based" standard for determining whether or not to notify affected parties in case of a breach, a position supported by the financial industry and the President's Identity Theft Task Force.

Critics have charged that letting businesses and government agencies set their own "floor" for notification would keep the public ignorant of data breaches that might affect them.

Among the GAO's findings:

• Law enforcement agencies found that identity theft that resulted from data breaches largely consisted of fraud on existing accounts rather than using stolen personal information to create new accounts. However, it was difficult to ascertain exact statistics due to the inability to directly track and link the effects of data breaches to cases of identity theft.

• 18 of the 24 largest breaches reported between 2000 and 2005 had no demonstrable incidents of identity theft as a result, but investigators again acknowledged difficulties in establishing a causal link due to lack of a clear trail between the incident and reported cases.

• Data breaches that did result in clear cases of identity theft and fraud included the 2005 sale of ChoicePoint records to Nigerian criminals, the March 2005 breach of security at the DSW shoe store chain, and the breach of millions of credit and debit card records held by payment processor CardSystems in June 2005.

• Much of the information that law enforcement agencies receive on identity theft, such as through the FTC's Identity Theft Clearinghouse and the Internet Crime Complaint Center (ICCC) is limited to self-reported complaints that can't be used to create accurate statistical pictures of the link between data breaches and identity theft.

Typical cases of identity theft, such as using existing credit or debit accounts to run up new charges, can be easily remedied thanks to federal laws that limit liability for credit card purchases, and banks' own "zero liability" policies for debit cards. But sophisticated hackers and cybercriminals have raised the stakes by selling personal data in the underground economy, and combining stolen card numbers with names, addresses, and Social Security numbers to create "synthetic identities."

These identities can be used to open new accounts and commit fraud of all kinds, and their seeming legitimacy means that the records will be attached to people's existing credit files -- and the victims won't know their information is being misused until they start receiving bills for charges they never made.

The difficulty of verifying synthetic identities versus real ones may account for the lack of accurate data linking breaches to fraud.

Criminals will also take card numbers and encode them on blank cards, such as stolen hotel key cards, and use them for multiple small purchases that do not trigger fraud detection at banks and retailers.

The massive breach of data at the TJX retail store chain was connected to cases of fraud at Wal-Mart stores in Florida.

The criminals used the stolen TJX data to create "clone" credit and debit cards, which they in turn used to purchase gift cards from Wal-Mart, which were then used to purchase high-end consumer electronics and other goods.

The inability to easily track clone cards, combined with the massive amounts of data available for sale on the black market, makes it difficult to establish any perfect trail leading from a data breach to a case of identity theft.



Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F

Sign up now!


Consumer News & Alerts
Every Sunday

Sign up now!

Follow us on Twitter.





CONSUMER NEWS

SAFETY RECALLS

Back to the top |

Advertisement


Custom Search
AUTOMOTIVE
• Dealers
• Manufacturers
• Service
• Extended Warranties
• Lemon Laws
• Recalls
• Tires
• Transporters

FAMILY
• Aging
• Children, Parenting
• Recalls
• Dating
• Education
• Entertainment
• Pets
• Weddings
FINANCE
• Annuities
• Banks
• Credit Cards
• Debt Collection
• Debt Counseling
• Insurance
• Investing
• Loans
• Mortgages
• Payday Loans
• Student Loans
• Tax Prep

HEALTH
• Doctors
• Drugs, Pharmacies
• Health Clubs
• Hearing Care
• Hospitals
• Nursing Homes
• Nutrition, Diets
• Vision Care
• Weight Loss
HOUSE & HOME
• Appliances
• Cookware
• Furniture
• Home Improvements
• Lawn & Garden
• Movers
• Pools & Spas
• Realtors, Rental Agents
• Recalls
• Utilities

ELECTRONICS
• Cable TV/DBS
• Cameras
• Cell Phones
• Computers
• Home Electronics
• Internet Access
• Local Phone Service
• Long Distance
• VoIP
SHOPPING
• In-Home
• Online
• Retail Stores
• Sporting Goods
• Supermarkets
• Telemarketers

TRAVEL
• Airlines
• Bus Lines
• Car Rental
• Cruises
• Hotels
• Travel Agents
• Trains

RESOURCES
• Class Actions
• Complaint Form
• Small Claims Guide
• Lemon Laws
CONSUMER NEWS
• Latest News
• Automotive
• Telecom
• Financial
• Health
• Homeowners
• Scams
• Seniors
• Travel
• More ...

RECALLS
• Automotive
• Children's Products
• Drugs
• Food
• Household Products
• Sporting Goods

ABOUT US
• FAQ
• Privacy Policy
• Advertise With Us
• Newsroom
• Syndication
• Terms of Use

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice.  ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof. 

Copyright © 2010 ConsumerAffairs.com Inc.  All Rights Reserved.    The contents of this site may not be republished, reprinted, rewritten or recirculated without written permission.