25% of Data Breaches Turn Into ID Theft

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.thestreet.com/story/12088972/1/25-of-data-breaches-turn-into-id-theft.html

So you got an email, text or phone call from your bank or credit card
provider that includes the words "data breach."

If those words don't make the hair on the back of your neck stand up, they
should. Once you hear the term, there is a good chance the words you hear
next will be "identity theft."

So says a report from Javelin Research, which estimates that a quarter of
all data breaches related to credit and debit cards lead directly to I.D.
theft.

That means that of 16 million Americans warned that their credit or debit
card had been compromised, about 4.4 million wound up losing money and
fighting the ghosts that come part and parcel with ID theft.

That's no mere inconvenience. Javelin says U.S consumers lost $21 billion
to identity theft last year, and it cost them up to 37 hours to fix the
problem.

In addition:

- 1.26 million Americans notified of a data breach involving their Social
Security numbers were victimized by identity fraud.
- 270,000 Americans notified by a data breach on their online banking
accounts saw fraudulent activity on their checking and savings accounts.
- 324,000 Americans contacted over a data breach involving their regular
checking accounts were victimized by checking and/or savings account fraud.

"By breaching the data stores of businesses in the financial, health care
and retail industries, criminals can obtain the fuel they need to execute
various fraud schemes, and these crimes have crippling consequences," says
Al Pascual, a senior analyst at Javelin.

If you're warned of a data breach involving your payment card, Social
Security number or bank account, take immediate action. Contact any one of
the three major consumer credit bureaus,TransUnion, Experian or Equifax
(EFX_), and request a fraud alert on your account (you only have to contact
one; that firm will relay the fraud alert to the others).

A fraud alert lets potential creditors know not to approve any further
credit in your name while the alert remains active.

Also, generate new passwords for your key financial accounts (if you have
one password for all of your accounts, as many Americans do, it's that much
easier for I.D. thieves to compromise your assets). Also, watch your bank
account and credit card for any suspicious activity -- your bank or credit
card firm will be doing the same thing, ideally, but don't take it for
granted.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.