 |
||
|
It seems like every week there’s news of another security breach at a company holding sensitive consumer information, putting more Americans at risk of identity theft. Thousands of companies maintain files with detailed financial and personal information about consumers, including Social Security numbers, birth dates, account numbers, and addresses. This information is the key that crooks can use to get credit in someone else’s name and steal identities. Here are some recent examples of companies and other institutions whose security has been breached and others that have come under fire for failing to maintain strict security practices: Choicepoint, Inc.: In mid-February 2005, ChoicePoint, Inc., an information broker based in Georgia, announced that a fraud ring had gained access to the personal and financial information of an estimated 145,000 consumers from computer databases maintained by the company. ChoicePoint maintains a huge database with billions of records on consumers culled from public records and other documents. It sells access to that information to businesses for a variety of purposes. The ChoicePoint files that were compromised contained such sensitive information as Social Security numbers matched to names and addresses. Subsequent news reports indicated that ChoicePoint had experienced similar security breaches in the past. Bank of America: An estimated 1.2 million federal workers were put at risk of identity theft as result of lost computer tapes maintained by Bank of America. The bank announced in late February the loss of the tapes, which included Social Security numbers, addresses and credit account numbers. A Bank of America spokesperson indicated that the tapes were probably stolen by baggage handlers from a commercial airplane when they were being shipped to a back-up data center. Members of Congress were among those federal workers whose information was put at risk as a result of the lost tapes. Lexis Nexis: In early March 2005, Lexis-Nexis announced that the security of a database maintained by a company it owns had been compromised, leaving another 32,000 people at risk of having their identities stolen and credit ruined. In April, Lexis-Nexis acknowledged that it had underestimated the size of the breach by almost ten times. The company now says that the personal information of 310,000 people was compromised by crooks who obtained passwords from legitimate customers and accessed such information as names, addresses, Social Security numbers, and drivers’ license numbers. The files were part of a database maintained by Seisint, which is owned by Lexis-Nexis. The company sells access to the data to a variety of business and government clients. Westlaw: This Minnesota-based data search company was criticized in early 2005 for maintaining loose security practices that enabled clients who used the firm’s online “People-Find” database to obtain Social Security numbers and other personal information. Private companies subscribe to this service, giving them easy access to sensitive information that can be used to commit identity theft. A Senator exposed the lax security maintained on the web site and called on the company to disable it until better security was established to prevent fraud. Westlaw responded to the complaints by announcing that it would restrict customer access to Social Security numbers. DSW Shoe Warehouse: Retail Ventures, Inc. announced in early March that credit card account numbers and other information about customers of 103 DSW Shoe Warehouse stores had been stolen from a company computer database. DSW initially estimated that about 100,000 records were lost. However, in April, DSW found that the breach was much worse than that: the credit card numbers of about 1.4 million customers, and the driver’s license information of about 96,000 customers, had been accessed by thieves. DSW initially was made aware of the problem by credit card companies that noticed suspicious activity on some of the affected accounts. PayMaxx: This payroll processing company was in the news recently after a computer security expert revealed how easy it was to obtain personal information, including Social Security numbers, from the firm’s web site. Aaron Greenspan of Think Computer Corporation contacted the company when he discovered that a software glitch enabled any user to view the W-2 forms generated for employees of companies that use PayMaxx. The company has since taken action to correct the problem. Ameritrade: Ameritrade Holding Corp., a top online discount broker, announced in April 2005 that it lost a backup tape during shipping between vendors. The tape contained the personal information of about 200,000 current and former customers and may have included Social Security numbers. Ameritrade discovered the loss of the tape in February, when it received a damaged envelope containing backup tapes. An investigation revealed that four tapes were missing, but only three have been recovered. Boston College: In March, Boston College informed 120,000 alumni that a computer containing their addresses and Social Security numbers had been breached by hackers. The breach was discovered by a computer security worker who found that a computer at a phone bank had been compromised. University of California, Berkeley: In October 2004, the University of California announced that the names, addresses, telephone numbers, Social Security numbers and birthdates of an estimated 600,000 people had been compromised. The university obtained the information from the California Department of Social Services’ In-Home Supportive Services program, for the purposes of research. The breach was discovered by the information technology staff at the university, using intrusion-detection software. GeneralMotors Mastercard: In April, HSBC, the bank that issues the GM Rewards Mastercard, notified 180,000 customers that their cards had been used at an anonymous retailer during the period between June 2002 and December 2004. HSBC provided a toll-free number and the investigation is ongoing. Time Warner: On May 2, Time Warner announced the loss of computer backup tapes containing sensitive information about 600,000 current and former employees, including Social Security numbers. Time Warner is the largest media company in the world, and owns American Online, HBO and Warner Brothers. The missing tapes were reportedly unencrypted and include employee information from as far back as 1986. The United States Secret Service is currently investigating this matter. Tougher Identity Theft Protections Needed: Consumers Union is working to enact stronger identity theft protections for consumers, including new laws that would: • Require information brokers to enforce tight security practices to keep consumer data safe; • Mandate that companies notify consumers if their information has been compromised; • Limit the widespread use and display of Social Security numbers that puts consumers at risk of fraud; and • Enable all consumers to place a security freeze on their credit files to prevent crooks from opening new credit accounts in their names. For more information about the identity theft reforms advocated by Consumers Union, see: http://www.consumersunion.org/pub/campaignfinancialprivacynow/002141.html |
||
|
||
|
