Sunday, February 26, 2006

Every minute a sucker is born, with a one in two chance of being robbed of his identity


Privacy activist Privacy Rights Clearinghouse (PRC, ot to confuse with People's Republic of China) has done justice to its name by attempting a complete chronology of personal data breaches over the last year or so.

They find a staggering 53.4 million compromised personal records in 12 months' time. That's an average 100 per minute, which gives a whole new meaning to the saying 'every minute a sucker is born.'

It's probably also the tip of the iceberg. PRC chooses as a starting point February 15th, 2005, when credit information provider ChoicePoint reported that criminal hackers accessed 145,000 (later increased to 160,000) of its consumer records. ChoicePoint was only forced to disclose the incident because there were Californian residents among the victims, who are covered by the State of California's 2003 disclosure law (see "Next time you break into our database, could you please leave the Californians alone?")

The bulk of privacy breaches in PRC's chronology is caused by hackers forcing access to databases of financial services providers such as credit card companies, and financial information providers like ChoicePoint. Apparently criminal hackers intending identity theft or wanting to raid credit card accounts constitute the biggest danger. By far the largest breach was CardSystems' June 16th, 2005, disclosure that hackers compromised the security of no fewer than 40 million credit card holders, mostly MasterCard and Visa.

In the ChoicePoint affair 800 out of 160,000 breaches led to financial loss. If that's a benchmark, more than a quarter million Americans were robbed last year as a result of database holders' carelessness.

That's one identity theft robbery every two minutes.