Data Breaches Rarely Lead To Identity Theft

from the hype-and-reality dept

Earlier this year, it seemed like you could hardly go a day or two without hearing about yet another data leak by some company or another and how everyone’s data was at risk. Of course, now some are beginning to realize that very few of those data leaks actually resulted in identity theft scams. Of course, that shouldn’t necessarily make anyone feel better about them. It could just mean that so much private data about people is available that your chances of being “picked” are much slimmer. Safety thanks to the ubiquity of available information just isn’t that comforting.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Data Breaches Rarely Lead To Identity Theft”

Subscribe: RSS Leave a comment
Pete Austin says:

Your Accounts have been Compromised!

“In 2003, 10 million U.S. residents were the victim of ID theft, according to the FTC … Of all data compromises, only about 2 percent of the accounts that are compromised are ever used fraudulently,” said Rosetta Jones” – Original CNET Story “According to the U.S. Bureau of the Census, the resident population of the United States… is 297,499,005” – US PopClock.

Doing the math, the accounts of the average US citizen are compromised 1 or 2 times per year.

Pete Austin says:

Re: Re: Your Accounts have been Compromised

Only 2% of accounts compromised are ever used fraudulently. We know that this figure refers to real criminal ID theft (not just information leaks) as the article goes on to say “54.1 percent of ID theft victims were able to identify how fraudsters obtained their personal information.” So the 2% must include the the 10 million U.S. residents who were were victims of criminal ID theft (FTC figure).

If 2% of the accounts compromised is over 10 million, then 100% is over 500 million. This is almost twice the resident population of the United States.

The above doesn’t change the fact that you still only have a 2% chance of being defrauded each year. Of course, maybe you plan to live a long time, in which case the odds don’t look so good.

Anonymous Coward says:

Re: Re: Re: Your Accounts have been Compromised

What that quote says is that 10mil of all american’s data was compromised. That is ~3% of the total population of the USA. Of those ~3% compromised, only 2% are being used. So out of 10 million compromised accounts, only 200,000 are being used. That doesn’t mean that everybody’s information is being compromised. What that means is that with all the breaches that are reported, a very small percentage of us are having our data exposed, and an even smaller percentage are having our data used.

Merchant says:

Numbers Misleading

Keep in mind that we don’t know what is required to be considered identity theft or that information being used fraudulently. We have seen approx 20 fraudulent orders in the past two months… all Citi Bank. But what happens when the merchant gets the chargeback for these cards? The merchant pays for it, even though one can prove positive AVS, shipping to billing and proof of delivery, the merchant gets stuck paying for it. And I can almost guarantee you that these transactions would not be included in such reports as it didn’t cost the consumer or the bank a dime.

Pete Austin says:

Re: Numbers Misleading

The FTC’s 10 million figure is actual victims whose information was used for crime, not people whose accounts were compromised: Identity theft occurs when someone else uses your personally identifying information without your knowledge or permission … 9.9 million consumers

This Website details 50 Million Americans affected by data breaches in the 8 months to Oct 15 2005, only including reported computer breaches and not ordinary theft, fraud and wrongly-delivered post etc.

I hope it’s clear that much more than “10mil of all american’s data was compromised”. The main issue with the math is whether you can believe the estimate “only about 2 percent of the accounts that are compromised are ever used fraudulently” from the original article. That’s what makes the total 500 million compromised accounts.

Bob says:



But information related to an individual’s identity does not expire, it persists indefinitely. The social, maiden name, birth date and other pertinent information could be accessed readily at a later date. The ramifications remain the same 20 years after the theft as to the day it is first stolen. So the amount of time in this case is irrelevant, as is the article.

After reading I found it to be boring, the article’s author spewing off a plethora of facts and figures, but drawing no conclusions from any of it. A rehash of what we’ve heard before.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...