identity theft hit record high in 2008

Many commentators worry that the worsening economic situation will increase computer crime, with identity theft at the top of crooks' wish list. Identity theft hit all all-time peak last year in the US, according to the Identity Theft Resource Center (ITSC). It says that there were 656 reported breaches in 2008, which was a substantial increase of 47% over the previous year’s total of 446

Breaches vary between sectors and ITSC has segmented organizations into financial services, health, government, education, and business. Identity theft occurred most frequently in the 'business' sector, with 240 incidents in 2008. The financial industry experienced the fewest breaches at 78, but contributed over half of all records exposed, by putting a staggering 18 million customers at risk. A large portion of these (12.5 million) were exposed in a BNY Mellon Shareowner Services breach, when unencrypted backup tapes meant for archival were stolen.

Details of all identity theft breaches are reported in this document, and incidents range from laptop theft to card skimming and computer hacking. Electronic breaches make up the vast bulk (82.3%) of identity theft. Insider thefts has doubled over the last year and now makes up 15.7% of all breaches. Data on the move and accidental exposure – human error in essence – makes up 35.2% of all breaches, but this is thankfully going down.

Accompanying the report, the ITSC offers seven rules to help businesses minimize identity theft:

  1. Minimize personnel with access to personal identifying information;
  2. Require all mobile data storage devices that contain identifying information encrypt sensitive data;
  3. Limit the number of people who may take information out of the workplace, and set into policy safe procedures for storage and transport;
  4. When sending data or back-up records from one location to another, encrypt all data before it leaves the sender and create secure methods for storage of the information, whether electronic or paper;
  5. Properly destroy all paper documents prior to disposal. If they are in a storage unit that is relinquished, ensure that all documents are removed;
  6. Verify that your server and/or any PC with sensitive information is secure at all times. In addition to physical security, you must update anti-virus, spyware and malware software at least once a week and allow your software to update as necessary in between regular maintenance dates;
  7. Train employees on safe information handling until it becomes second nature.
Anthony Plewes

After a Masters in Computer Science, I decided that I preferred writing about IT rather than programming. My 20-year writing career has taken me to Hong Kong and London where I've edited and written for IT, business and electronics publications. In 2002 I co-founded Futurity Media with Stewart Baines where I continue to write about a range of topics such as unified communications, cloud computing and enterprise applications.