Shock: Identity Theft (Still) Often An Inside Job

from the just-realizing-this-now? dept

For years and years people have been pointing out that all those suggestions on how to avoid having your identity from getting stolen are pretty much useless considering how many ID theft scams are really inside jobs from companies who have access to all your data. So, of course, now that we’re seeing all of these massive data leaks (some accidental, some on purpose by inside employees), we’re hearing, yet again, that inside employees are one of the biggest issues in identity theft. Of course, if everyone has known this for so many years, how come no one’s done anything about it? All of these companies that let minimum wage employees have full access to all your data and trusted them not to be tempted when scammers offer them $10 per report should be held responsible for not putting in place better systems to protect your data. This isn’t a new problem by any means, and the fact that these companies chose to ignore it seems like negligence on their part.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Shock: Identity Theft (Still) Often An Inside Job”

Subscribe: RSS Leave a comment
ante_up (user link) says:

insiders and identity theft is no surprise

We have access to very 30,000 SS#s and full name/address #s and emails here at work because they are being used as identity #s for pretty much everything at work. A couple of employees in the postal dept. have already been busted for taking out credit cards in student and faculty names. The institution makes us sitting targets.

Anonymous Coward says:

No Subject Given

Our group processes all of the personal income taxes for a large state. Our employees are typically seasonal workers who we hire only during the peak processing season. Most of them are well behaved and take their jobs seriously, but we have had quite a few incidents of people trying to steal SS#, addresses, bank account numbers (direct deposit refunds). Our systems don’t protect the data well and management doesn’t see a reason to spend development effort to make it harder for an employee to obtain this information.

BTW, we are an outside contractor, not state employees. I suspect the only way we would improve our system is either by forcing us to accept full liability for any losses incurred or by legistrative changes within the state in question. I suspect neither will happen anytime soon. Especially the former as “losses incurred” is difficult to determine in an identity theft case.

Bob says:

On the Choice to Ignore and Negligence..

Eventually the law will be extended to deter this, imposing fines and/or imprisonment. Although it will take a few high profile thefts to occur to start the legislative ball rolling. Companies will come to be held liable for thefts of their data, even if they occur outside the jurisdiction of the U.S.

A collector of data will come to be defined as a ‘custodian of an instrument’, with instrument defined as something that could cause irreparable harm.

In the way a parent is responsible for leaving a drawer unlocked for a child to take a loaded gun, is the same as a collector leaving the drawer unlocked for a criminal to steal data; both the parent and collector are or should have been aware of the danger, in particular the likelihood of a crime being committed with the instrument, and accountability if a crime is committed with it (either the gun or the data respectively) as in this case both would be used as weapons to commit a crime.

The fact that the child may not understand what she is doing, whereas the criminal does is irrelevant. The point is the custodian of the instrument understands, and therefore is responsible, and that is what is relevant.


Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...