Identity theft can happen to the best of us; even the chairman of the powerful Federal Reserve Board, had his identity stolen in 2008. While credit card theft and the subsequent fraud linked to it is the basic type of identity theft, there are even more sinister forms of information theft leading to identity fraud.
One large scale form is the stealing of electronic records or stored data from data breaches of private businesses and even government agencies. The Privacy Rights Clearinghouse (PRC), a non-profit consumer advocacy organization, has estimated that well over 350 million electronic records containing sensitive, personal information have gotten into the wrong hands since January of 2005. This number is actually a conservative estimate since they do not count records where they have no idea of the scope of the theft and cannot verify numbers.
Visiting their Web site and checking out the chronology of data breaches is enlightening, but also frightening. Two cases involving mass numbers of personal records provide glaring examples of inadequate security for the electronic storage of records.
Heartland Payment Systems lost 130 million card numbers
In January 2009, Heartland Payment Systems, a payment processing company, disclosed that their computer records had been hacked into and millions of personal records had been exposed to cyber theft. This single incident was the result of global cyber-fraud conducted by mastermind Albert Gonzalez, and two Russian conspirators who admitted later in court that they had stolen more than 130 million credit and debit card numbers from Heartland and one other company, the Hannaford Brothers. They had also stolen electronic records from 7-Eleven and two other national retailers. This may have gone undetected by Heartland if it had not been for Visa and MasterCard alerting the company of suspicious activity involved in card transactions that passed through their system.
Health Net Potentially Lost 1.5 million Records of its Members
Health Net, a regional health plan based in Connecticut, had a portable disk drive disappear last spring. The drive included the personal health records, Social Security numbers, and bank account numbers for all of Health Net’s 446,000 Connecticut patients and possibly all 1.5 million patients nationally (specifically in Arizona, New Jersey and New York). In January of this year, the attorney general of Connecticut sued Health Net for failing to adequately secure patient’s private medical records and financial data. He is also seeking a court order demanding that portable hard drives or other electronic devices be strongly encrypted to prevent future theft.
This is quite scary because an individual can do very little to prevent the theft of their information when companies don’t provide adequate security for electronic storage of records.