Data breaches becoming too common for consumers

Share |
Data breaches becoming too common for consumers

Savvy Consumer > MATTHEW HATHAWAY • mhathaway@post-dispatch.com > 314-340-8121 STLtoday.com | Posted: Saturday, August 28, 2010 12:00 am | Loading…

Font Size:
Default font size
Larger font size
  • Share

For two years, an analyst for Countrywide Financial Group allegedly stole customers' personal financial information and sold batches of data for $500 each. Authorities say the analyst scored $50,000; the full cost to consumers — both in dollars lost through identity theft, and in time spent fixing botched credit reports — may never be known.

Criminal prosecution is ongoing, but civil suits stemming from the data breaches were settled Monday.

Bank of America, which bought Countrywide two years ago, will offer free credit monitoring for up to 17 million consumers whose identities were stolen — or, still might be — as a result of the data breaches.

If that number seems high, it's just the tip of the iceberg, according to the Privacy Rights Clearinghouse. For five years, the group has maintained a roll of shame listing the companies, schools and government offices that have data stolen, misplaced or otherwise made available to identity thieves.

This week, the tally of sensitive records involved in those breaches hit the half-billion mark, the San Diego group reported.

"It might seem like a large number, but it's really quite low," said Beth Givens, director of Privacy Rights Clearinghouse. "Many of the breaches we list involve an unknown number (of records) . . . Five hundred million is, actually, a conservative count."

The group's list is comprised of more than 1,700 data breaches that became public because they made headlines or they were reported to regulators. Because many states don't require data breaches to be reported, and because those that do may use different standards for what constitutes a reportable offense, Privacy Rights Clearinghouse's list remains incomplete.

The list, which is available online at privacyrights.org/data-breach, includes these 2010 entries of local note:

• A hacker penetrated a St. Louis police computer and may have viewed addresses and Social Security numbers of 24 people.

• A Riverview Gardens schools employee left hundreds of documents listing personal student information near an outside trash bin.

• About 1,900 patients of a St. John's Mercy Medical Group doctor were notified that files containing personal and financial data were improperly discarded.

• Mail clerks at the University of Missouri incorrectly folded IRS tax forms sent to students. As a result, Social Security numbers were clearly visible through the plastic-covered address window on envelopes sent to the students. The university couldn't say how many of the 75,000 mailings were affected, according to Privacy Rights Clearinghouse.

Compared with some breaches, those incidents were small potatoes. They don't rival the work of hacker Albert Gonzalez.

Last year, he pleaded guilty of stealing more than 130 million credit and debit card numbers from Heartland Payment Systems and several national retailers.

Givens said that 46 states — including Missouri and Illinois — now have laws on the books requiring companies to notify consumers if there is reason to believe their personal information has been compromised.

There's a push in Congress to pre-empt that regulatory patchwork with a federal notification law. A measure has passed the House; four Senate bills have been submitted with varying degrees of support from industry and privacy advocates.

Notification is important because consumers can't stop data breaches, but properly informed consumers can protect themselves after one occurs.

After being notified of a breach, what consumers should do next depends on the information that was compromised and whether foul play was involved.

If there is something sinister about the breach, consumers should react just as they would if they were burglarized or had their wallets or purses stolen.

(Those old-fashioned crimes, by the way, shouldn't be ignored. In 2009, they led to 76 percent of identity thefts with known causes, according to a study of insurance claims data released by Travelers.)

Consumers who think their information is at risk should obtain credit reports and study them for new accounts and other debts they didn't authorize.

Depending on what they find, they might want to ask credit bureaus to flag their reports with a fraud alert.

They also should scour credit and bank statements — including old ones — for unauthorized spending. And they should be suspicious if bills don't arrive on time.

That's because those who commit fraud sometimes change billing addresses to keep victims in the dark.

Copyright 2012 STLtoday.com. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Posted in Savvy-consumer on Saturday, August 28, 2010 12:00 am Updated: 9:40 pm. | Tags: Savvy Consumer, Matthew Hathaway, Privacy Rights Clearinghouse, Bank Of Amercia, Countrywide, Beth Givens,

Print Email

Sponsored Links

Savvy Consumer

The Savvy Consumer Blog is the place to find tips for saving money and avoiding scams. St. Louis Post-Dispatch consumer reporter Matthew Hathaway keeps you updated on safety recalls, product comparisons and the newest ways to get more for your buck in St. Louis.

most popular