There is a sophisticated and efficient market out there for personal identifying information (PII), and the prices go up when the data comes from a target-rich environment like Morgan Stanley. Now think about it: whether youโre an account executive, a messenger, or a clerk in a state bureaucracy itโs easy for you to know that this market exists. You also know that the chances of getting caught are even lower than finding a front row seat to a Lady Gaga concert because the โsecurityโ around those CD-ROMs was virtually nonexistent. Most five-year olds can get around passwords, and there are literally scores of people who could have heisted the discs from the package. Best of all, you know that you never have to meet your โfenceโโitโs not like stealing the Rolex off of the sink in the menโs washroomโyou can transmit the data with complete anonymity, and get paid for it with little, if any, risk of exposure. And you donโt have to be a computer geek; thatโs the real beauty of this sort of โold-fashionedโ brand of identity theft. Hacking or phishing may require certain technical skills, but lifting a CD-ROM can be done by my seven-year-old neice. In a nutshell, weโve just identified the real cause of the pandemic-like problem we are having: if youโd like to become an identity thief, you donโt need to know very much; because security measures are so lax or ineffective, itโs not too difficult; and the very minimal risk is far outweighed by the very tangible and ever-growing rewards. We have managed to create the perfect environment for making crime pay.
So, perhaps you havenโt received โthe letterโ proclaiming your unsolicited membership in the โ500 Million File Clubโ (now that more than 500 million files have been improperly accessed since 2005). I bet youโre probably thinking, โHey, Iโm not a rich guy.โ Or, โI donโt have a brokerage account.โ Or, โI donโt live in the U.S. where there is an established network of data thieves and data buyers.โ โIโm OK. I am under the radar.โ
[Article: 5 Reasons Why Obamaโs Breach Notification Policy Makes Me Grumpy]
Think again.
On November 20, 2007, UK Chancellor of the Exchequer Alistair Darling announced:
โTwo password-protected discs containing a full copy of HMRCโs [the UK equivalent of the IRS] entire data in relation to the payment of child benefit was sent to the NAO [the National Accounting Office] by HMRCโs internal post system operated by the courier TNT. The package was not recorded or registered. It appears the data has failed to reach the address in the NAO.โ
Sounds familiar, doesnโt it?
The lost data involved almost half of the UKโs populationโapproximately 25 million people. The personal data on the missing discs was said to include names, addresses and dates of birth of children receiving Child Benefits, as well as the National Insurance account numbers and the bank account data of their parents.
The BBC detailed the magnitude of the loss as follows:
- 7.25 million adult claimants of Child Benefits for their offspring;
- 15.5 million children entitled to receive those benefits;
- 2.25 million non-parent adult claimants such as unrelated caregivers, and a few thousand others.
This was truly equal-opportunity thievery. And like every other catastrophic breach, reassuranceโhowever meaninglessโquickly followed the announcement. Mr. Darling averred that there was no indication that the details had fallen into the wrong hands, but he advised those affected to monitor their bank accounts nonetheless. He said, โIf someone is the innocent victim of fraud as a result of this incident, people can be assured they have protection under the Banking Code so they will not suffer any financial loss as a result.โ
[Article: Senate Hears Obamaโs Internet Privacy Ideas]
Uh-huh. What about years from now when those kids grow up?
Of course, the UK being the interesting island that it is, there were some colorful reactions to the news, particularly as to the value of the loss to identity thieves. The head of the Liberal Democratic Party estimated that the names were worth approximately one hundred dollars apiece for a total value of approximately $2.5 billion. Scotland Yard unofficially speculated that it was more like four dollars apiece, amounting to a mere $100 million. Me thinks the politician was closer to it than the policeman, but prices have gone up since then anyway. Some identities can trade for several thousands of dollars, particularly if they are usable to evade immigration laws, or if the data comes with a good pedigreeโlike that of a Morgan Stanley investor.
Until we have better laws, stronger security procedures, and a very different attitude toward PII and its value, we will suffer in the swarmโrich or poor. No one will die, but everyone will likely be stung at least once, and possibly many times, and very harmfully. And just like a run through a swarm of bees, some of your attackers can be seen, some cannot, and even the ones who donโt know a keyboard from a keychain can deliver a nasty stingโthe old-fashioned way.
You Might Also Like
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams