The High Cost Of Data Loss - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

07:15 PM

The High Cost Of Data Loss

Sensitive personal data has been misplaced, lost, printed on mailing labels, posted online, and just left around for anyone to see. The situation has become untenable. Here's the ugly truth about how it keeps happening, who's been affected, and what's being done about it.

The Victims
We've lost control over our identities," says Eric Drew, who speaks from experience. Three years ago, while in the hospital battling leukemia, his name, Social Security number, and date of birth were used by another person to ring up $10,000 in fraudulent charges on credit cards opened in Drew's name.

It was an inside job. A lab technician who had tested Drew's blood at the Seattle Cancer Care Alliance gained unauthorized access to the hospital's computer records and used Drew's personal information to open credit card accounts. The technician, Richard Gibson, later turned himself in to the police and pleaded guilty to violating the Health Insurance Portability and Accountability Act. Gibson became the first person charged under HIPAA with misusing a patient's medical information for financial gain.

"It's disturbing that financial institutions issued credit cards without any [due] diligence that the real Eric Drew was in a hospital," Drew says.

Unfortunately, Drew's situation is all too familiar. There have been 8.9 million adult victims of identity fraud in the United States over the past 12 months, according to a report issued earlier this year by Javelin Strategy and Research and the Better Business Bureau. That's down slightly from the 9.3 million victims a year earlier, but not a sign of great progress. The problem "is not lessening significantly," says Beth Givens, director of the Privacy Rights Clearinghouse, a watchdog group that tracks data breaches that could lead to ID theft.

Givens partly blames creditors that are too willing to extend credit to people they don't know well enough and who are sometimes impostors working with false identities. "The credit evaluation process is automated," she says. "They're not looking for obvious red flags."

J. Alex Halderman, a doctoral candidate in computer science at Princeton University, about a year ago received a letter from the University of California, Berkeley, where he had been accepted as a graduate student in 2003, advising him that his personal data had been compromised. A university computer had been stolen that contained files with names and Social Security numbers of applicants and others at the university.

Berkeley warned people affected by the breach to be on the lookout for scam artists who might try to contact them under the pretense of being affiliated with the school. Halderman was shocked that two years after he applied to UC Berkeley, the application remained susceptible to a data breach. "It's amazing that data can be on file for years, even when you think you're finished with it," he says. "There's no way to take it back."

Although there was no evidence that Halderman's personal data was misused, he had a fraud alert placed on his credit file. That service lasted only 90 days, however, and he still worries that his information may fall into the wrong hands.

Lambert gets word that his personal information may have been stolen from ChoicePoint.

Warren Lambert gets word that his personal information may have been stolen from ChoicePoint.

Halderman checks his credit record regularly. The experience has left him feeling that laws do a poor job protecting people from identity theft. "You should be able to put a lock on your credit record that would require you to provide a secret PIN known only to you if you're applying for a loan," he says. Unfortunately, most states let people lock their records only after they've been victimized.

Keith Ernst of Durham, N.C., had his debit card number posted to an Arabic-language bulletin board on the Web in 2004, making it easy to reach through simple search engine queries. Several charges were rung up on his card, including a laptop purchase and an attempted tuition payment. "I got a phone call out of the blue saying that someone is using my debit card," Ernst says.

Ernst doesn't know how his debit card number got on the Web; he suspects it had something to do with a purchase he made on the Internet. He canceled the card and the bank restored the money that came out of his checking account, but Ernst learned a lesson. "I now use credit cards instead of debit cards when I shop online. I also pay a lot more attention to the vendors that I'm buying from," he says. "I would never buy from an unknown vendor."

Consumer confidence suffers at the hands of hackers and ID thieves and lax data protection measures. That means businesses ultimately feel the pain of their own negligence.

-- Elena Malykhina

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
3 of 6
Comment  | 
Print  | 
More Insights
IT Spending Forecast: Unfortunately, It's Going to Hurt
Jessica Davis, Senior Editor, Enterprise Apps,  5/15/2020
Helping Developers and Enterprises Answer the Skills Dilemma
Joao-Pierre S. Ruth, Senior Writer,  5/19/2020
Top 10 Programming Languages in Demand Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  4/28/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll