Identity Theft, Data Breaches Becoming a National Epidemic

Photo courtesy of Victor Habbick
Photo courtesy of Victor Habbick

The currency of the digital age is information. Currently the big topic of conversation is the Heartbleed bug. We are just one day past the tax deadline and the IRS is struggling with a massive amount of  identity fraud and fraudulent tax refunds. The foundation of it all is identity theft and data breaches. Identity theft and data breaches are inseparable and becoming a national epidemic. According to a report on Forbes.com one fifth of Americans have been caught up in data breaches and identity theft. No doubt African-Americans are in the mix. Another survey conducted by GfK found that 59% of those surveyed were more concerned about data security than they were a year ago. What is happening and what is being done?

Forbes.com points out a Pew Research report stating that 21% of adults using the Internet say they have suffered an email or social networking account take over without their permission. In addition 18% say they have had personal information such as a social security number, bank account information or credit card information stolen.

But these are small numbers when you consider the numbers that are coming out of Symantec. The company recently published the 2013 Year of the Mega Breach report that claims that as many as 552 million identities were exposed in 2013 compared to 93 million n 2012. These numbers oughta scare the hell out of you! Symantec states that the number of data breaches in 2013 increased by 62%.

Where does it end?

Target Stores reported the lost of as much a 40 million credit card numbers and associated data.  And that is just the tip of the iceberg. Even as you read this post a new data breach is being investigated.  The information breach affects 200 million Americans. A report from LowCards.com indicate that a Vietnamese national was able to pose as a private investigator and gained access to the records of Court Ventures. Court Ventures was acquired by Experian. As a result Experian has become a target of the investigation. Experian has denied its involvement in the breach but that is in serious dispute according to KrebsonSecurity.com. Court Ventures allows its customers to access a database of court records and information on Americans through its partnership with another company known as U.S. Info Services. Once he obtained the information it was sold to two websites that enable identity theft, Supertarget.info and Findget.me.

Data breaches often result in the loss of personally identifiable information. That includes information such as date of birth, home address and PIN numbers. This is often enough to steal an identity.

But the real problem is two fold. First we have no federal standard for releasing information to the public regarding data breaches.  So customers are the last to know when their information is lost. Americans are seeking greater protection for their data and the government is simply failing to respond. The GfK survey revealed that 54% percent of respondents, including baby boomers and older people, believe the U.S. government is not doing enough to protect personal data.

States however continue to pass their own laws that are basically a patchwork of sometimes conflicting laws. Companies, as a matter of practice, can literally pick and choose which laws to obey and which to ignore. Its all about what message they want to spin at their customers.

The second problem is that these companies do not fear retribution for clumsy or careless handling of information. The first thing many of these companies do is offer credit monitoring to those customers affected. It’s their standard fall back position, not something that can really help the customer. Nor do they fear being sued and having to pay for these data breaches. Individual lawsuits over data breaches often fail in the courts. So there is no hammer that strikes fear into companies that lose data. Yes, Target lost a lot of money and customers after their data breach and they fired some people. But the data is still out there in cyberspace. What about the customer who suffers when money is stolen from their bank account or phony charges show up on their credit card bill?

California is currently considering a law that will pass the cost of data breaches back to the retailers who lose your data. State Bill AB 1710 is intended to  force retailers to notify customers of  data breach incidents and hold them liable for reimbursing customer’s financial damages. The retailer would have 15 days to notify the customer. Retailers intend to fight the law. But, yet again, we are faced with a single state law and not a national standard.

Recently Kentucky became the 47th state to pass a data breach law. Alabama, South Dakota and New Mexico are still without data breach laws.

Breaking It Down

It is my opinion that a data breach leads to identity theft and vice versa. Trying to separate one from the other is not simple. A compromised identity can reveal flaws in systems and practices permitting a larger data breach. Black people use mobile banking at a growing rate and we need to be aware of how of data breaches and identity theft occur. This will help African-Americans to understand if we are vulnerable and how. What we really need is a new national standard for identity protection. Eliminate the use of social security numbers as a form of identification. The numbers are too easily obtained. Congress needs to impose a new standard for identification. I suggest the immediate use of the PIN and Chip technology used in Europe. It seems to be coming to the U.S. but not fast enough. A social security card with an encrypted chip where only the owner knows the PIN would be a great step to re-securing the social security numbers of this nation.

So where are we going? I would like to see identity theft handled as a national security issue. Right now the U.S. is the biggest and easiest cyber target in the world. Just ask the Chinese. We need a national effort to audit every social security number in circulation. Americans need to be more forceful when they are asked for their social security number and demand to know how the information will be used. Demand to see privacy policies in writing. Currently we have a situation that is eating at the foundation of our economic might. We need to open the courts up for individual lawsuits to hammer careless information handlers. We need new technology standards that make it extremely or even impossible for hackers to invade networks. It won’t be long before our economy begins to crumble because of the data theft and identity fraud. I think it has already. We are carelessly stumbling through the age of information and if we are not careful it won’t belong before we fall.