Data Breaches Rarely Lead To Identity Theft
from the hype-and-reality dept
Earlier this year, it seemed like you could hardly go a day or two without hearing about yet another data leak by some company or another and how everyone’s data was at risk. Of course, now some are beginning to realize that very few of those data leaks actually resulted in identity theft scams. Of course, that shouldn’t necessarily make anyone feel better about them. It could just mean that so much private data about people is available that your chances of being “picked” are much slimmer. Safety thanks to the ubiquity of available information just isn’t that comforting.
Comments on “Data Breaches Rarely Lead To Identity Theft”
Your Accounts have been Compromised!
“In 2003, 10 million U.S. residents were the victim of ID theft, according to the FTC … Of all data compromises, only about 2 percent of the accounts that are compromised are ever used fraudulently,” said Rosetta Jones” – Original CNET Story “According to the U.S. Bureau of the Census, the resident population of the United States… is 297,499,005” – US PopClock.
Doing the math, the accounts of the average US citizen are compromised 1 or 2 times per year.
Re: Your Accounts have been Compromised!
Wait a second, if you do the math, you learn that only 3% of all americans had their information compromised in ’03. How does that translate to all of us having our accounts compromised twice annually?
Re: Re: Your Accounts have been Compromised
Only 2% of accounts compromised are ever used fraudulently. We know that this figure refers to real criminal ID theft (not just information leaks) as the article goes on to say “54.1 percent of ID theft victims were able to identify how fraudsters obtained their personal information.” So the 2% must include the the 10 million U.S. residents who were were victims of criminal ID theft (FTC figure).
If 2% of the accounts compromised is over 10 million, then 100% is over 500 million. This is almost twice the resident population of the United States.
The above doesn’t change the fact that you still only have a 2% chance of being defrauded each year. Of course, maybe you plan to live a long time, in which case the odds don’t look so good.
Re: Re: Re: Your Accounts have been Compromised
What that quote says is that 10mil of all american’s data was compromised. That is ~3% of the total population of the USA. Of those ~3% compromised, only 2% are being used. So out of 10 million compromised accounts, only 200,000 are being used. That doesn’t mean that everybody’s information is being compromised. What that means is that with all the breaches that are reported, a very small percentage of us are having our data exposed, and an even smaller percentage are having our data used.
Numbers Misleading
Keep in mind that we don’t know what is required to be considered identity theft or that information being used fraudulently. We have seen approx 20 fraudulent orders in the past two months… all Citi Bank. But what happens when the merchant gets the chargeback for these cards? The merchant pays for it, even though one can prove positive AVS, shipping to billing and proof of delivery, the merchant gets stuck paying for it. And I can almost guarantee you that these transactions would not be included in such reports as it didn’t cost the consumer or the bank a dime.
Re: Numbers Misleading
The FTC’s 10 million figure is actual victims whose information was used for crime, not people whose accounts were compromised: Identity theft occurs when someone else uses your personally identifying information without your knowledge or permission … 9.9 million consumers
This Website details 50 Million Americans affected by data breaches in the 8 months to Oct 15 2005, only including reported computer breaches and not ordinary theft, fraud and wrongly-delivered post etc.
I hope it’s clear that much more than “10mil of all american’s data was compromised”. The main issue with the math is whether you can believe the estimate “only about 2 percent of the accounts that are compromised are ever used fraudulently” from the original article. That’s what makes the total 500 million compromised accounts.
Re: Re: Numbers Misleading
So then your math is based on an assumed error in whether or not the numbers that are being reported are accurate.
Zzzz..
Perhaps.
But information related to an individual’s identity does not expire, it persists indefinitely. The social, maiden name, birth date and other pertinent information could be accessed readily at a later date. The ramifications remain the same 20 years after the theft as to the day it is first stolen. So the amount of time in this case is irrelevant, as is the article.
After reading I found it to be boring, the article’s author spewing off a plethora of facts and figures, but drawing no conclusions from any of it. A rehash of what we’ve heard before.