Your data's less safe today than two years ago

Computerworld - Today's electronic world is a risky place for your personal data -- and it's not getting any safer. More than 158 million data records of U.S. residents have been exposed as a result of security breaches since January 2005, according to The Privacy Rights Clearing House, a nonprofit consumer rights organization. 

As fast as banks, merchants and consumers add new layers of security to their storage systems and network, say security analysts, new technologies -- or simply careless users -- create new security holes that aggressive and sophisticated identity thieves eagerly exploit. The result, says Avivah Litan, a vice president and distinguished analyst at Gartner Inc., is that "things will get worse before they get better."

Clever Crooks

Attacks against both consumers and retailers have "really grown in the last couple of years," says Litan, who cites a Gartner survey showing that approximately 15 million Americans were victims of identity-theft related fraud in the 12 months ending in the middle of 2006. According to Gartner, that's a 50% increase since 2003, and the average loss per incident was $3,257, more than twice the level for the same period a year earlier, according to the survey.

The number of companies whose customers were targeted by phishing attacks -- a fake e-mail asking for sensitive information -- grew by 20% in the second quarter of 2007, says Terry Gudaitis, cyberintelligence director at Cyveillance Inc., an Arlington, Va.-based firm that monitors the Internet for malware and other threats. While such attacks used to target customers of only a few large banks, they now impersonate "credit unions, hotel chains, insurance companies -- it's all over the board," says Todd Bransford, vice president of marketing at Cyveillance.

During the same period, Cyveillance also identified more than 2 million URLs that distribute malicious downloads to site visitors without their knowledge, as well as 2.5 million stolen credit card numbers online.

Criminals are also getting smarter. Larry Ponemon, chairman and founder of Ponemon Institute, which conducts research on privacy and security issues, calls it "inverted customer relationship management," in which criminals target the wealthiest individuals for their attacks.

Some are even buying marketing lists to piece together profiles of "who's got the Platinum [American Express card] and who's got the account with Merrill Lynch and who doesn't," says Litan.

"Hackers are exploiting Internet auctions, nonregulated money transmittal systems and the ability to impersonate lottery and sweepstakes contests," among other scams, wrote Litan in a February 2007 research report.

Theft and fraud?

Hard figures on identity theft and identity fraud (using stolen data to commit a crime) are difficult to come by. A June 2007 report from the Government Accountability Office said that of 24 large data breaches reported in the media between January 2000 and January 2005, only three "appeared to have resulted in fraud on existing accounts, and one breach appeared to have resulted in the unauthorized creation of new accounts."