The Identity Theft Resource Center (ITRC) has published its 5^th annual Aftermath study regarding the effects of identity theft on individuals. Here are a few of the details from the study. Over a five year period, the ITRC reports that 1/3 of identity thefts were perpetrated by someone known to the victim. The next largest number of thefts arose from lost or stolen wallets or PDAs. The cost to a victim of identity theft in 2007 averaged approximately $500 in out-of-pocket expenses for an existing account. If a new account was set up, the average out-of-pocket expenses rose to nearly $1,900. This is a rise of about $500 per victim since 2006. Additionally, only 10 percent of those surveyed discovered they had been a victim of identity theft after being notified by a business.

Click to read more ...

We’ve discussed phishing on this blog in the past, but a recent headline brings the concern back to mind. As expected, identity thieves continue to invent new ways to trick their victims. In this latest attack, phishing is elevated to “whaling” as attackers target executives at large companies. The current scam involves emails with a realistic looking U.S. federal court seal and a link to a subpoena.

Click to read more ...

CNET reports on a global survey conducted by Frost & Sullivan at the behest of the International Information Systems Security Certification Consortium (ISC)² regarding information security. The survey included feedback from approximately 7,500 information security experts and, among its conclusions, reported that 75% of the respondents believe viruses and worms are a top security threat, followed by hackers and inside employees. Additionally, among the top priorities facing information security professionals are protecting a company’s reputation from damage, customer privacy concerns and identity theft. Further, the respondents communicating the most concern for security threats are in the financial sector, including banks and insurance companies.

Of note, the Identity Theft Resource Center reports in the 2008 ITRC Breach Report, as of 3/31/2008, that there were 167 reported breaches for this time period. Of these, approximately 25% were in the educational industry and nearly 14% were in the healthcare field. So, while the financial sector may be focused on security threats, the educational and healthcare industries shouldn’t be far behind. For more on security threats, check out the security section of our blog.

By now, you have probably heard about the Hannaford breach.  Briefly, the supermarket chain suffered a breach of customer credit card data when thieves hacked into its computers to steal credit and debit card data in transit to the bank.  Unlike TJX, Hannaford was found to be in compliance with security standards set by the Payment Card Industry.  Even with this compliance, 4.2 Million records have been exposed and approximately 1,800 cases of fraud have been reported.  In addition, a class action lawsuit has been filed alleging Hannaford’s negligence in failing to maintain the security of customer credit/debit card info.

Click to read more ...

Is coverage for violations of privacy laws and regulations readily available?  The current marketplace does offer a variety of options when it comes to purchasing data privacy and security protections.  So, while you may easily find third party identity theft and security breach protections for your clients, coverage for privacy regulatory-imposed civil fines or penalties can be more difficult to secure. And if you do find it, it may only be available via endorsement.

Click to read more ...

NetworkWorld reports on Gartner’s 10 key predictions for information technology. The IT predictions range from events developing in 2008 to events in 2012. From an insurance perspective, perhaps one of the most interesting predictions is that 50 percent of business travelers will no longer travel with their laptops. The prediction suggests that pocket devices designed for web-based applications could make traveling with a laptop no longer necessary for many. If true, it could impact security risk, as many a case of reported Identity Theft exposure is linked to a lost or stolen laptop. If employees no longer travel with their laptop hard drives loaded with the personal info of customers, then maybe that portion of the ID theft risk could be minimized. Of course accessing applications via the Internet could create more opportunities for information to mistakenly be left publicly accessible online as well as create more interesting opportunities for web hacks. Learn more about security exposures on our blog and for examples of web hacks, visit the Web Hacking Incidents Database.

It’s that time of year when prediction lists for 2008 start appearing. Here’s a summary of a few security-related predictions that caught our eye.

CNet News Blog reports on a prediction made by a VP at Sun Microsystems. The Sun representative predicts that there will be a massive data center failure within a year. The failure is predicted to create just as much havoc as the first computer worm in 1988.

Click to read more ...