by Mike Masnick

Shock: Identity Theft (Still) Often An Inside Job

from the just-realizing-this-now? dept

For years and years people have been pointing out that all those suggestions on how to avoid having your identity from getting stolen are pretty much useless considering how many ID theft scams are really inside jobs from companies who have access to all your data. So, of course, now that we're seeing all of these massive data leaks (some accidental, some on purpose by inside employees), we're hearing, yet again, that inside employees are one of the biggest issues in identity theft. Of course, if everyone has known this for so many years, how come no one's done anything about it? All of these companies that let minimum wage employees have full access to all your data and trusted them not to be tempted when scammers offer them $10 per report should be held responsible for not putting in place better systems to protect your data. This isn't a new problem by any means, and the fact that these companies chose to ignore it seems like negligence on their part.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    ante_up, 13 Jun 2005 @ 11:23am

    insiders and identity theft is no surprise

    We have access to very 30,000 SS#s and full name/address #s and emails here at work because they are being used as identity #s for pretty much everything at work. A couple of employees in the postal dept. have already been busted for taking out credit cards in student and faculty names. The institution makes us sitting targets.

    reply to this | link to this | view in chronology ]

  • identicon
    Jim Harper, 13 Jun 2005 @ 12:52pm

    Why, yes, it IS negligence.

    At least a Court of Appeals in Michigan says so.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jun 2005 @ 5:05pm

    No Subject Given

    Our group processes all of the personal income taxes for a large state. Our employees are typically seasonal workers who we hire only during the peak processing season. Most of them are well behaved and take their jobs seriously, but we have had quite a few incidents of people trying to steal SS#, addresses, bank account numbers (direct deposit refunds). Our systems don't protect the data well and management doesn't see a reason to spend development effort to make it harder for an employee to obtain this information.

    BTW, we are an outside contractor, not state employees. I suspect the only way we would improve our system is either by forcing us to accept full liability for any losses incurred or by legistrative changes within the state in question. I suspect neither will happen anytime soon. Especially the former as "losses incurred" is difficult to determine in an identity theft case.

    reply to this | link to this | view in chronology ]

  • identicon
    Bob, 13 Jun 2005 @ 9:10pm

    On the Choice to Ignore and Negligence..

    Eventually the law will be extended to deter this, imposing fines and/or imprisonment. Although it will take a few high profile thefts to occur to start the legislative ball rolling. Companies will come to be held liable for thefts of their data, even if they occur outside the jurisdiction of the U.S.

    A collector of data will come to be defined as a 'custodian of an instrument', with instrument defined as something that could cause irreparable harm.

    In the way a parent is responsible for leaving a drawer unlocked for a child to take a loaded gun, is the same as a collector leaving the drawer unlocked for a criminal to steal data; both the parent and collector are or should have been aware of the danger, in particular the likelihood of a crime being committed with the instrument, and accountability if a crime is committed with it (either the gun or the data respectively) as in this case both would be used as weapons to commit a crime.

    The fact that the child may not understand what she is doing, whereas the criminal does is irrelevant. The point is the custodian of the instrument understands, and therefore is responsible, and that is what is relevant.


    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.