Congress considers law to fight problem as companies report more breaches
With more reports of large-scale data-security breaches last week, the identity-theft problem seemed to be spinning out of control. That's prompting Congress to consider a tougher disclosure law and a government-academic cooperative to work on new technologies.
Security-breach disclosures by MasterCard International Inc. and Reed Elsevier Group plc's LexisNexis subsidiary last week, collectively affecting nearly 500,000 consumers, indicate that the extent of the problem may be greater than previously believed. "This may be just the tip of the iceberg," says Sophie Louvel, an analyst at research firm Financial Insights.
HSBC North America is notifying 180,000 customers that their General Motors-branded MasterCard account numbers may have been stolen while making transactions at a U.S. retailer. MasterCard learned of the incident in January and has been working with the retailer--Polo Ralph Lauren--and law enforcement to investigate.
The revelation came on the heels of disclosures last week about the extent of security breaches at LexisNexis. An investigation of the company's Seisint unit showed that as many as 310,000 customers might have had their Social Security and driver's license numbers stolen in fraud incidents going back to January 2003, LexisNexis said. Just last month, the company estimated only about 32,000 customers had their personal data compromised.
LexisNexis' Sanford told a Senate committee that the breach at his company was worse than previously expected.
Photo by Win McNamee/Getty Images
The Senate Judiciary Committee last week took up consideration of a National ID Theft Notification bill, which would require companies to notify consumers when personal-identity data has been compromised. Based on California's Security Breach Information Act, the legislation lets consumers put a seven-year fraud alert on their credit reports.
At a Senate hearing last week, Kurt Sanford, LexisNexis' president and chief executive for U.S. corporate and federal markets, and Douglas Curling, ChoicePoint Inc.'s president and chief operating officer, admitted they didn't tell consumers about security breaches before 2003, when the California law was enacted.
On the technology front, the National Science Foundation last week launched the Team for Research in Ubiquitous Secure Technology, or Trust, an effort involving security specialists from colleges and IT vendors to develop IT that's more secure against cyberattacks. Trust is expected to receive nearly $19 million in NSF funding over five years. Participants include the University of California at Berkeley and Stanford University. Hewlett-Packard, IBM, Microsoft, Sun Microsystems, and Symantec also are affiliated with the project.
On the business front, the Financial Services Roundtable, a group of financial institutions, has made permanent its Identity Theft Assistance Center, which helps ID-theft victims for free. The center has operated on a pilot basis since August and has helped 700 people restore their identities. The center is funded by banks and operated by Intersections Inc., a provider of bank-branded ID-theft-protection services.
The center's rapid-response system shortens the time thieves can take advantage of stolen data and collects evidence to use against them in court. It takes, on average, two to three weeks to restore a victim's credit history once the center is notified. The center wants to reduce that to two to three days through process improvements.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.