Businesses: The Biggest Source Of Data For Identity Thieves
|
A study shows business as both the biggest source and biggest victim of this crime. Businesses are favored by thieves as the best place to steal personal data over family members and friends, strangers' wallets or purses, the mail and the Internet, according to a study released Monday by Utica College's Center for Identity Management and Information Protection. Researchers studied 517 criminal cases closed by the Secret Service between 2000 and 2006. They defined personal data as name, address, social security number and date of birth, but excluded information from credit, debit and other bank cards. Businesses were also victims of identity theft in more than half these cases, more often than individuals. Banks, credit unions, and other financial services companies were 37% of victims and retail businesses another 21%. Individuals were victims about a third of the time. A couple of other interesting facts: In half the cases, thieves used the Internet and/or other technological devices--computers, printers, copiers, cell phones, digital cameras--to commit their crimes. And 20% of them stole data from where they worked. This report fills a hole in another report released last April by the President's Identity Theft Task Force, which did not study offenders and their methods. It is funded by the Bureau of Justice Assistance and can be downloaded here. |
For more IT related content on the blogosphere, check out www.ithub.com
Comments (1)
I can understand why corporations can be the best source for identity thiefs.
A job candidate submits an application to the company that will contain personal data (ss#,dl#,bdate) to the company.
If paper, it will most likely not be kept in a secure location, and disposed correctly.
(Texas AG sued some companies to make a point that companies should not just throw away old applications)
If electronic, good chances that the data is not encrypted and/or locked to a defined few people.
Then for background check and drug testing, HR commonly emails or faxes the private info. Very few companies that do background checks and preemployment verification have solid firewall and/or encrypted databases. (Note, its not in any state regulations or even the industry associations guides to secure the data)
Mailed invoices will likely include the candidates ss#/bdate since that is the primary identifying number between these outside companies.
(imho, background check and preemployment verification companies are the biggest potential for leaks since several that I have talked with are not concerned about privacy since there are no requirements to safeguard the data)
By the time that the employee starts work, their personal data is in the corporate HR database. Very few ERP systems encrypt personal data. Its up to IT to be creative trying to safeguard the data.
It is common today to have your paycheck sent via ACH, so now, your bank#/account# is accessible.
Bummer, if you get hurt on the job, since now your ss#, bdate, etc, is now on just about any paperwork communicated with the state agencies for workers compensation.
Posted by Darwin Collins | October 25, 2007 12:14 PM