In my last blog I introduced the newly released annual Identity Fraud Report, co-sponsored by Intersections and Citi, and conducted for the 10th year by the authoritative Javelin Strategy & Research organization.
I believe that two of its key findings need to be examined more closely because both are important to understand.
Javelin concluded based on the 5,249 responses from consumers that:
- 1 in 4 data breach notification recipients became a victim of identity fraud — this year, almost 1 in 4 consumers that received a data breach letter became a victim of identity theft, which is the highest rate since 2010. This underscores the need for consumers to take all notifications seriously. Not all breaches are created equal. The study found consumers who had their Social Security number compromised in a data breach were 5 times more likely to be a fraud victim than an average consumer.
- Fraudsters misuse information fewer days than before — Consumer information was misused for an average of 48 days in 2012, down from 55 days in 2011 and 95 days in 2010. Misuse time was down for all types of fraud including fraud on cards, loans, bank accounts, mobile phone bills and other types of fraud due to consumer and industry action. More than 50 percent of victims were actively detecting fraud using financial alerts, credit monitoring or identity protection services and by monitoring their accounts.
As I've noted in previous blogs, data breaches have become almost a daily occurrence. According to the Verizon RISK Team's Data Breach Investigations Report for 2012, done in partnership with the U.S. Secret Service, there were 855 incidents and 174 million compromised records last year.
These "breaches" ranged in size from the hack of the South Carolina Department of Revenue databases containing the Social Security numbers of 3.8 million state taxpayers plus credit card and bank account data, the March, 2012 incident when hackers gained entry into a Utah Department of Technology Services (DTS) server and stole 280,000 Social Security numbers as well as less sensitive personal information of another 500,000 people; down to the over 57,000 breaches involving fewer than 500 records have been disclosed, as required by law, to HHS by the health care industry since its breach notification rule went into effect in 2010.
Typically, when these types of breaches occur a letter will be sent to all whose information might be involved warning them of the incident and probably advising them to be on guard.
What the Javelin study reveals is that 25 percent of persons interviewed who received such a letter became a victim of identity theft. This is a very high percentage and it shows in pretty stark terms that anyone receiving such a letter should act immediately to protect themselves.
Then too, the Javelin research shows a change in the pattern of how a stolen identity is used. It used to be when a fraudster stole an identity they used it for as long as they could, opening up accounts and running up debts until the accounts and cards were maxed out and then they moved on probably to a new stolen identity. But Javelin found that identity theft is becoming more and more a hit-and-run proposition. The thieves get what they want and then get out. The "misuse" time continues to decline.
There is good and bad in this fact for victims. The good news is the fraudster will get out more quickly and the victim is left with somewhat less of a mess to contend with. But it is bad news because in many cases by the time the victim realizes he or she is a victim, the thief has come and gone.
That is all the more reason to act quickly if you suspect you might be a victim of identity theft.
In my next blog I'll look at some recommendations Javelin has come up with to avoid and to respond to identity theft.