One in Four Data Breach Letter Recipients Becomes an Identity Theft Victim

According to the 2013 Identity Fraud Report from Javelin Strategy & Research, 1 in 4 people who received a data breach notification letter in 2012 became a victim of identity fraud. A data breach happens when secure information gets compromised. Sometimes it’s intentional, for example, when a person hacks into a company’s computer files. Other times it may be unintentional, like when a company employee loses their laptop, which contains sensitive information. In either case, the damage from a data breach can be very costly for the consumers’ whose data is stolen.

Identity thieves are increasingly targeting businesses – large and small - because these businesses have millions of consumer records and personal information. In April 2011, 77 million Sony PlaysStation users had their data stolen when the company’s system was hacked. In 2009, Heartland Payment Systems suffered a data breach that compromised more than 130 million cardholder accounts. Even government entities are under attack. In October 2012, the South Carolina Department of Revenue suffered a data breach in which 3.6 million social security numbers and 387,000 credit and debit card numbers were stolen.

Companies that suffer data breaches may be legally required to notify the people whose data has been compromised, but it depends on state law. Some states have no data breach laws. The company may voluntarily inform their customers know about the breach, but some may only do so when required by law.

Whether you become a victim of a data breach may depend on the type of information that’s stolen. In data breaches where social security numbers were compromised, consumers were 5 times more likely to become victim. That’s probably because identity thieves can profit considerably with a person’s social security number. If you’re notified that your credit card information has been stolen, you can have the credit card closed to keep thieves from racking up fraudulent charges. But if your social security number is stolen, there’s no foolproof way to keep thieves from opening accounts or committing other types of identity fraud, like tax fraud for example.

If you receive a data breach notification letter, take it seriously. The letter will typically describe what information was stolen and suggest steps you can take to prevent identity fraud. It may be something as simple as changing the passwords on your account or cancelling your credit card and getting a new one. When social security numbers have been breached, companies often grant several months of free credit monitoring to help victims detect instances of identity theft by alerting you to changes in your credit report, e.g. increased credit card balances or new accounts. However, free credit monitoring may not be enough as it often only covers a single credit bureau.

You’re not safe from data breach identity fraud just because you don’t receive a notification letter. Remember that, in some states, businesses aren’t required to send notification of data breaches. Also, companies send out notifications based on the contact information they have on file. If they don’t the correct contact information for you, you may not receive a notification. Continually monitor your credit throughout the year to watch for instances of identity theft. If you notice suspicious activity, place a fraud alert on your credit report to prevent further damage to your credit.

Source: Javelin Strategy & Research