The Identity Theft Resource Center (ITRC) has published its 5^th annual Aftermath study regarding the effects of identity theft on individuals. Here are a few of the details from the study. Over a five year period, the ITRC reports that 1/3 of identity thefts were perpetrated by someone known to the victim. The next largest number of thefts arose from lost or stolen wallets or PDAs. The cost to a victim of identity theft in 2007 averaged approximately $500 in out-of-pocket expenses for an existing account. If a new account was set up, the average out-of-pocket expenses rose to nearly $1,900. This is a rise of about $500 per victim since 2006. Additionally, only 10 percent of those surveyed discovered they had been a victim of identity theft after being notified by a business.

Click to read more ...

The 2008 State Liability Systems Ranking Study conducted for the U.S. Chamber Institute for Legal Reform has been released. The purpose of the study is to evaluate the fairness and reasonableness of the U.S. tort liability system. The states ranking the best were Delaware, Nebraska and Maine. Some of the worst-ranked states include West Virginia, Louisiana, Mississippi, Alabama and Illinois. Additionally, Los Angeles-California and Cook County, Chicago-Illinois were identified as the worst jurisdictions. The overall rating of the system measured primarily fair/poor but the margin was not vast as 41% of those polled ranked the state court liability system in America as only fair or poor and 55% ranked it as excellent or pretty good. The overall rating for 2008 is very similar to the findings in the 2007 study. Both 2007 and 2008 are markedly better than the overall rating in 2006. For more about earlier studies and worst courtroom data, see our previous posts.

We’ve discussed phishing on this blog in the past, but a recent headline brings the concern back to mind. As expected, identity thieves continue to invent new ways to trick their victims. In this latest attack, phishing is elevated to “whaling” as attackers target executives at large companies. The current scam involves emails with a realistic looking U.S. federal court seal and a link to a subpoena.

Click to read more ...

CNET reports on a global survey conducted by Frost & Sullivan at the behest of the International Information Systems Security Certification Consortium (ISC)² regarding information security. The survey included feedback from approximately 7,500 information security experts and, among its conclusions, reported that 75% of the respondents believe viruses and worms are a top security threat, followed by hackers and inside employees. Additionally, among the top priorities facing information security professionals are protecting a company’s reputation from damage, customer privacy concerns and identity theft. Further, the respondents communicating the most concern for security threats are in the financial sector, including banks and insurance companies.

Of note, the Identity Theft Resource Center reports in the 2008 ITRC Breach Report, as of 3/31/2008, that there were 167 reported breaches for this time period. Of these, approximately 25% were in the educational industry and nearly 14% were in the healthcare field. So, while the financial sector may be focused on security threats, the educational and healthcare industries shouldn’t be far behind. For more on security threats, check out the security section of our blog.

By now, you have probably heard about the Hannaford breach.  Briefly, the supermarket chain suffered a breach of customer credit card data when thieves hacked into its computers to steal credit and debit card data in transit to the bank.  Unlike TJX, Hannaford was found to be in compliance with security standards set by the Payment Card Industry.  Even with this compliance, 4.2 Million records have been exposed and approximately 1,800 cases of fraud have been reported.  In addition, a class action lawsuit has been filed alleging Hannaford’s negligence in failing to maintain the security of customer credit/debit card info.

Click to read more ...

We’ve covered confidential source exposures on our blog in the past, but a recent case brings a particularly difficult aspect of confidential source protection to light. The case involves a USA Today reporter and her 2003 story regarding the letters poisoned with anthrax that were sent after 9/11 and resulted in 5 deaths. A federal judge has ordered the reporter to reveal her sources for that story to aid in a case against the government. The case was brought by one of the individuals named as a potential suspect in the anthrax letters investigation. The plaintiff was never charged with a crime but feels his privacy has been violated by the Justice Department’s and FBI’s disclosure of confidential info about him to reporters.

Click to read more ...