In the aftermath of the major security breaches that happened at Target and Neiman Marcus earlier this year, American customers are starting to wake up to a whole new reality: a banal trip to the store can leave them without their most precious asset – their identity.
Identity theft is the number one complaint to the Federal Trade Commission. Annually, more than 11 million U.S. citizens fall victim to credit card fraudsters, reporting an average financial loss of $4,930 per incident. The cost to the economy is also tremendous: a sobering new report from the Bureau of Justice Statistics suggest that identity theft costs the United States $10 billion more than any other property crime. $24.7 billion was the loss caused by identity theft in 2012, while losses for property theft, burglary, and motor vehicle theft totaled only $14 billion.
So whose fault is it after all? Are companies we trust with our credit card information not doing enough to keep it safe? Or are customers the ones who fail at keeping their most important data out of the hands of fraudsters? It turns out, data breaches are no one’s fault – it’s the new normal we can do little about.
The Target Breach
Image source: http://bit.ly/1ldA5kC
Was it a network breach? Or did it look more like an inside job?
Experts’ opinions on what happened to U.S. retailer Target Corp. vary significantly, and the company is not willing to share any details other than confirming it was indeed a major security breach that resulted in compromised credit card information. First estimates suggest that more than 40 million customers shopping at Target between November, 27, and December, 15, are possible identity theft victims.
Right after the incident, a press release reassured customers that,
“Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts,” the retailer says in its statement. “Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.”
Not much is known about the extent of the damage, but company officials have stated that hackers have most likely gained access to clients’ names, credit and debit card information, card expiration dates, PINs, and CVV security codes. Apparently, the PINs are useless in the hands of thieves, given that “they were encrypted with Triple DES at the card reader, and the key for decrypting them was not stored on Target’s system.” Some experts believe that the attackers gained access to the company’s CRM databases, from where they’ve stolen names, addresses, and telephone numbers.
Repercussions of Target’s failure to protect its customers’ data will most likely range from millions of dollars in fines paid to credit card companies and banks that will report any image prejudice to class-action lawsuits filed by customers. At the moment, the company is working with forensics firms to thoroughly investigate the incident and minimize damage.
Who Becomes a Victim?
No matter how hard you try to protect yourself and keep your sensitive data private, the sad reality is you can become a victim of hackers, regardless if you shop online or file your tax returns on paper. The companies and government agencies you put all your trust in know they can only do so much to protect your financial information:
“Every company—no matter how good their security team and no matter how strong their security technology—has something valuable these thieves want, and they will get it,” said Theresa Payton, CEO of the digital security company Fortalice and former White House chief information officer. “It’s not a matter of will they get in. It’s what happens to your data once they get in.”
Estimates suggest that over 1 billion records have been compromised in the last decade. Although there aren’t any measures to guarantee 100% protection of credit card information, there are signs that indicate customers might be the victims of fraud. Here’s how to interpret them:
• If any goods and purchases you know nothing about appear on your statement (regardless of their value), it’s worth checking out.
• Check for errors and anything suspicious on your report. You are entitled to a free credit report from each of the three agencies, so it may help to ask for one every four months and keep track of your expenses.
• If you receive statements for an unknown credit card account, it could be a sign someone else is using your name to apply for credit cards.
• If a new credit card you didn’t apply for suddenly appears in your mail, it could be a mistake, but then again it could be a thief looking to go on a shopping spree in your name. Contact the issuing company immediately.
Tax Identity Theft: The New Crime in Town
Recently, there have been reports of an increase in tax-related identity theft, with thieves stealing Social Security Numbers to claim refunds. According to the Internal Revenue Service (IRS), more than 14.6 million suspicious tax returns have been flagged since 2011 (a 66 percent increase from the previous year), keeping more than $50 billion in fraudulent refunds.
How does this happen? The most common schemes reported by an insightful Forbes article include:
– Financial service representatives working in hospitals and health care centers selling financial information to tax refund fraudsters
– IRS data-entry clerks not entering paper returns into the agency’s computers
– Military personnel serving in combat zones are allowed to postpone filing their return up to 180 days after leaving the combat area, which makes them easy victims to identity thieves
– Tax return preparers using past clients’ financial information to file false tax returns
– Thieves breaking in financial institutions’ offices and stealing tax papers of clients
No matter if you’re at home surfing the internet or at the store buying groceries, it always serves to be extra careful with how you handle your sensitive information. Don’t rely on others – banks, corporations, government agencies – to protect you from fraudsters. It’s time to face the fact that privacy in the age of big data is becoming more of a myth, and take matters into your own hands.
About the Author
Andrew M. Weisberg is a criminal defense attorney in Chicago, Illinois. A former prosecutor in Cook County, Mr. Weisberg is a member of the Capital Litigation Trial Bar, an elite group of criminal attorneys who are certified by the Illinois Supreme Court to try death penalty cases. He is also a member of the Federal Trial Bar. Mr. Weisberg is a sole practitioner at the Law Offices of Andrew M. Weisberg.