ID Theft Liability is a Daily Threat to Business

Identity Theft Liability has become a major business risk. Companies that do not take proactive steps to manage this problem face financial loss due to lawsuits, government fines, loss of customer loyalty, business contracts, employee confidence, employee productivity, and damage to corporate reputation and brand.

Identity Force works every day to help businesses reduce and eliminate their vulnerability to identity theft-related threats. Identity theft is the fastest growing crime in America, and companies that are not prepared learn hard lessons every day – as the news updates below clearly show.

Vulnerability to identity theft comes in many forms – malicious or accidental data breaches, computer theft, lost customer or employee files, rogue workers who steal colleagues’ identities, and even mistakes by company vendors or contractors.

The Story: Framingham, Mass. – 04/02/08 – Identity Force today issued a Tax Season Fraud Alert warning consumers about tax-related scams that can lead to identity theft. With the April 15th income tax filing deadline only two weeks away consumers should be prepared for a wave of e-mail and phone calls from con artists and overseas fraudsters.

The Analysis: Identity Force outlines four major scam operations (and explains that there are actually hundreds of variations) that consumers should be very wary of leading up to the tax filing deadline, and in the months following. In particular, Identity Force warns consumers that fraudsters are using the recently passed “Economic Stimulus Payment” as bait in their efforts to defraud people and to convince them to disclose personal information. Identity Force stresses that consumers should not respond to e-mails or phone calls from con artists. This is a serious threat. More information is available at http://www.identityforce.com.

The Story:  Washington, DC – 2/14/08 – Identity theft topped a list of consumer fraud complaints filed last year with the US Federal Trade Commission (FTC), a report released Wednesday showed. "For the seventh year in a row, identity theft is the number one consumer complaint category," the report said.  Where complainants reported how they had come into contact with the fraudsters, 64 percent said the Internet served as the initial meeting point.

The Analysis:  The FTC report showed an increase in identity theft fraud cases in 2007, and indicated that 32 percent of all consumer fraud was related to ID theft.  Also, the report revealed that the Internet continued to be the leading vehicle for fraudsters.  The increase in fraud, and the ubiquitous use of the Internet and electronic data make it essential for consumers and businesses to protect themselves before fraud occurs.  The FTC collects consumer fraud complaints from more than 125 organizations and makes them available to more than 1,600 civil and criminal law enforcement agencies in the U.S. and abroad. In 2007, the FTC received almost 140,000 more consumer fraud complaints than in 2006.

The Story:  New York, NY – 2/11/08 – (Reuters) - Americans lost $45.3 billion in 2007 due to identity theft, according to Javelin Strategy & Research’s fourth annual study.  8.1 million consumers were victims of fraud in 2007, a slight drop that may indicate a leveling off as businesses and consumers finally begin to protect themselves.  The problem, though, still remains at the top of crime lists.  The average loss was $5,574.

The Analysis:  Javelin Strategy’s study, which was sponsored by Visa, Wells Fargo and CheckFree, shows once again that identity theft and fraud continues to be at the forefront of crime statistics in the United States.  The most controversial part of this year’s report from Javelin is its claim that identity theft is in a slight decline.  While this may be true, we’ll have to see if this is validated in next year’s report.  Another interesting finding, aside from the loss per case statistic, is that consumers on average spent $691 to clear up a fraud, up 24.7% from $554 a year earlier.  Businesses that protect their employees and have identity theft liability plans in place fare better than unprotected firms.

The Story:  Alpharetta, GA – 1/29/08 – Data broker ChoicePoint has agreed to pay $10 million to settle a class-action lawsuit brought against it over the 2004 data breach of 163,000 personal information records. This settlement is in addition to a $15 million fine by the FTC, and a $500,000 settlement with Attorney Generals from 44 states.

The Analysis:  The liability costs for ChoicePoint – $25.5 million in combined legal settlements and federal fines – is a clear indication of the vulnerabilities faced by corporations that do not have plans in place to deal with data breaches. For the past 4 years, ChoicePoint has also spent untold millions in legal fees to defend itself from consumer, federal and state legal actions. Identity Theft Liability Preparedness should be one of the major agenda items for corporations. Quite often it is the legal counsel’s office that understands the financial threat more than other corporate officers – perhaps because they are the ones who end up trying to untangle the legal mess that occurs when companies mismanage identity theft issues.

The Story:  Worcester, MA – 1/24/08 – A computer containing personal information on nearly 30,000 patients of Fallon Community Health Plan has been stolen, the insurer announced Thursday.  The Worcester-based HMO said Thursday that the laptop computer contains personal information including names, dates of birth, diagnostic information and medical ID numbers -- some of which may be based on Social Security numbers. The company’s response, nearly a month after the theft, was to provide credit report monitoring to the individuals involved.

The Analysis:  Credit report monitoring is actually the weakest, most ineffective response this HMO provider could have taken.  Credit report monitoring by itself has no ability to stop identity theft from occurring, it only lets people know AFTER they become victims of fraud.  True protection includes services such as fraud alerts, identity theft insurance, social security number monitoring, credit card number monitoring, public record deletion, and identity and credit restoration services.  Interestingly, services that could combat health care identity fraud were not provided to the victims either.

The Story:  Mundys Corner, PA – 1/22/08 – A Mineral Point woman was placed in Cambria County Prison after Jackson Township police said she had used customer credit-card accounts to make $6,700 in charges via the Internet.

The Analysis:  Many businesses – Pizza Hut in this case – give employees direct access to confidential information that belongs to customers and co-workers.  Unfortunately, there are people who take advantage of this access to commit fraud.  This is a significant problem that causes ill will and severe hardship for the victims involved.  Businesses with identity theft liability plans in place that include services such as credit card monitoring are able to move very quickly to mitigate damage and repair situations like these.

The Story:  Boston, MA and Stamford, CT – 1/19/08 – Iron Mountain can't find a backup tape belonging to GE Money that contains information on customers of J.C. Penney and about 100 other retailers.  650,000 records, including 150,000 with social security numbers are missing.

The Analysis:  This data breach is significant for two reasons.  First, GE Money discovered there is a major difference between records management and data breach preparedness.  A company’s identity theft liability management plan must include a strategy for how to respond even when the breach isn’t your own fault.  Second, Iron Mountain’s attempt to downplay the fact that it misplaced or lost 650,000 records indicates that company officials still don’t understand the concept of identity theft liability.  At some point Harry Truman’s “The Buck Stops Here” mantra will begin to take hold, until that time regulators and lawsuits will drive corporate adoption of data breach policies.

The Story:  Dahlgren, VA – 1/16/08 – As many as 10,000 present and former federal employees connected to the Navy's Dahlgren Division in King George County may be in danger of identity theft.  One of the suspects arrested while trying to purchase goods with a fraudulent credit card had 2 pages of a lengthy employment report in his possession.

The Analysis:  The documents in the thief’s possession were part of the "Naval Surface Warfare Center Employment Verification Report" from July 7, 1994. That report contained names, Social Security numbers, birth dates, job titles, salary and employment information. Employers’ sensitive HR reports, whether they are in digital or hard copy format, are treasure troves for fraudsters.  Employers who do not have protections in place for their employees face a myriad of problems.

The Story: WASHINGTON, DC. – 1/13/08 – Washington Post reporter Nancy Trejos was recently notified that her debit card information was stolen, and that the thief was attempting to pick up over $800 in merchandise at a local store.

The Analysis: America’s #1 crime wave hit home for a reporter, and as she dealt with the situation she discovered that debit card fraud holds even higher exposure than credit card fraud. In fact, According to the Electronic Fund Transfer Act, your liability is capped at $50 if you notify your bank in the first two business days. After that, you could lose up to $500. If you wait 60 days, you could lose it all. Being prepared is essential.

The Story: MADISON, Wis. -- 1/9/08 -- People whose Social Security numbers were wrongly included on a recent mailing faced long waits or busy signals Wednesday when calling a state hot line for help with the security breach.

The Analysis: The state of Wisconsin and the data company EDS are under fire for a data breach that exposed the social security numbers of 260,000 residents. This is a high-level breach, and reveals what happens when corporations or government agencies are unprepared. If these parties had plans in place, the financial security of these victims would have been protected.

The Story: San Jose, CA -- 1/5/08 -- ID Theft, At a Glance - Some numbers help explain the scope of the identity theft problem in the U.S.: More than 8 million U.S. residents were victims of identity theft in 2006.

The Analysis: This quick recap of statistics by the San Jose Mercury News shows that the mainstream media is taking stock of the overall size of the identity theft issue. Most media coverage focuses on small local cases or huge data breaches, but the press is finally beginning to look at this as a major problem for businesses.