TodayWatch credit, bank records closely
Print
Share
Email to a friend
Add This
Feeds
Editorial
Article RatingEarlier this month, the Justice Department announced it was charging 11 people around the globe in connection with the largest known theft of consumer data ever. The criminal activity snagged more than 40 million credit card numbers from nine retailers.
Federal officials advised consumers at the time that the nine victimized companies would notify customers if they had been affected.
But the Wall Street Journal reports this week that, despite data breach security notification laws in more than 40 states, only four of those retailers have complied. Two say they are unable to confirm customer data was stolen — despite the government’s assertion — and three refuse to say what they plan to do.
In 2006, Pennsylvania became the 22nd state to enact a data breach disclosure law. It covers not only businesses, but government, non-profits and any entity that handles private data that could enable identity theft.
While opponents argue that such measures cause unnecessary expense for companies and have little effect on reducing identity theft, advocates say they encourage companies to put more security in place to prevent data breaches and help put consumers on their guard.
Part of the problem for any company, of course, is that security breaches can be difficult to detect. Data usually is copied — it doesn’t disappear. Some of the criminal activity described in last week’s indictments was taking place as far back as 2004.
Warning a consumer four years after the fact is less than helpful, and in the commonwealth, at least, events before 2006 don’t fall under the law’s requirements.
And certainly, a suspicion that information might have been intercepted is not enough for most businesses to risk alarming a customer needlessly.
But in light of what the feds disclosed last week, it’s obvious some companies are not doing enough to protect consumer information in the first place.
If, after hearing about the crime, you are picturing high-tech geniuses executing an elaborate scheme to make off with the credit card information, you can think again. Rather, the thieves engaged in a practice called “wardriving.” They cruised major cities looking for open wireless networks at major chain retailers — which they had no trouble finding.
Using the same kind of equipment you could use to find wireless “hot spots” in your neighborhood, they then were able to download software into the vulnerable retailers’ systems that would capture data as credit card transactions took place. In addition to card numbers, they stole PINs, debit card numbers and other account information that was sold and turned into fake ATM cards.
One defendant alone is said to have realized more than $11 million from the stolen data.
What is a consumer to do? The feds and our own state government offer pretty much the same advice — keep a close eye on your bank and credit card accounts, reporting any odd activity to your financial institutions immediately. Note when your bills and statements usually arrive in the mail and be suspicious if they start coming late. And always check your credit report at least once a year to make sure it is in order — it’s free.
Pay attention to the news, too. If you have any reason to suspect you are doing business with a company with shoddy electronic security, let it know you take such matters seriously.
It’s far better to put your efforts into preventing identity theft than trying to mitigate the damage after your personal information has been swiped. The potential for cyber crime brings new urgent meaning to the warning, “Buyer, beware.”
