June 21, 2006

Hacker ID Theft Overrated

Way back in 1986, if you were to describe a world in 20 years in which people had their identity information stored on computers, and many of those people had fallen prey to identity thieves, the image of a probable culprit would have sprung to mind.

That image would be of th super-smart, but socially maladjusted computer hacker! With a phone call and some little electronic device he’d built himself, he could hack into any local network and suck out the identities. Soon he’d just transfer money into his bank account and live the high life! Such was our vision of the future.

Here in 2006, there certainly are hackers who break into networks and steal identities. But how does most identity information get lost? Through hacking? No.

Ninety-one percent of the data was lifted via physical theft, where crooks stole tapes, printed records, or computer gear… especially laptops. In fact, over 30.5 million records skipped out via laptop. That’s 73% of the records lost through physical means.

And, by a factor of 5, government incompetence accounts for the majority of social security number losses.

On a side note, I saw this story on an interesting site called Email Battles. It’s a computer security news site/blog. Here’s another interesting story on the site regarding why the vast majority of physicians won’t correspond with patients via email.

Posted by James at June 21, 2006 7:41 AM
Create Social Bookmark Links
Comments

A friend of mine recently pointed out that the term "identity theft" has been diluted recently (by the media, I assume). Originally, it was when someone took your SSN or other personal info and used it to create new financial accounts or divert bank statements, etc. The result was your credit was ruined.

But, more recently, it has been used to describe virtually any kind of financial fraud. For example, credit card fraud is lumped under identity theft sometimes now. But, credit card fraud has been around for decades and most people are protected from it by their credit card providers. So, it's really not the same thing.

Yet, statistics quoted in the media often lump it in there. So, now it's hard to tell just how bad identity theft really is.

Posted by: Bill Marrs at June 21, 2006 8:52 AM

I concur - I had "true" identity theft happen and accounts opened with my SSN, and the tale of someone's credit card was used to buy something online does not nearly match what I had to go through to straighten out my situation.

Mine, too, was a non-hacker event; nearest I can figure was paper with my name and SSN was lying around for an opportunistic person to take, and I even feel fairly certain as to where this paper was left lying around, given the accounts that were opened. Of course this was in 1998, and neither my local nor the fraud location's police wanted to hear anything about the problem. At the time, identity theft was just coming to the public's attention, and the police told me I was not a victim of anything - instead, the companies that offered credit and were not repaid would have to be the ones to file the complaints, which they never did to my knowledge. So at least there's been *some* progress.

Posted by: mjfrombuffalo at June 21, 2006 3:47 PM

Yes - there are degrees of severity in being a victim of fraud. And different types of fraud. ID theft, specifically, is a lot more nasty than just having your credit card misused.

Being subject to any sort of fraud is unpleasant and something to be avoided. Still, for some purposes, it makes sense to refer to this continuum of fraud in a lump.

This article, of course, talks about the information leaks rather than the possible identity theft that could result from that information falling into the hands of identity thieves.

Posted by: James at June 21, 2006 4:10 PM

Copyright © 1999-2007 James P. Burke. All Rights Reserved