Shock: Identity Theft (Still) Often An Inside Job

from the just-realizing-this-now? dept

For years and years people have been pointing out that all those suggestions on how to avoid having your identity from getting stolen are pretty much useless considering how many ID theft scams are really inside jobs from companies who have access to all your data. So, of course, now that we're seeing all of these massive data leaks (some accidental, some on purpose by inside employees), we're hearing, yet again, that inside employees are one of the biggest issues in identity theft. Of course, if everyone has known this for so many years, how come no one's done anything about it? All of these companies that let minimum wage employees have full access to all your data and trusted them not to be tempted when scammers offer them $10 per report should be held responsible for not putting in place better systems to protect your data. This isn't a new problem by any means, and the fact that these companies chose to ignore it seems like negligence on their part.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    ante_up, 13 Jun 2005 @ 11:23am

    insiders and identity theft is no surprise

    We have access to very 30,000 SS#s and full name/address #s and emails here at work because they are being used as identity #s for pretty much everything at work. A couple of employees in the postal dept. have already been busted for taking out credit cards in student and faculty names. The institution makes us sitting targets.

    link to this | view in chronology ]

  • identicon
    Jim Harper, 13 Jun 2005 @ 12:52pm

    Why, yes, it IS negligence.

    At least a Court of Appeals in Michigan says so.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jun 2005 @ 5:05pm

    No Subject Given

    Our group processes all of the personal income taxes for a large state. Our employees are typically seasonal workers who we hire only during the peak processing season. Most of them are well behaved and take their jobs seriously, but we have had quite a few incidents of people trying to steal SS#, addresses, bank account numbers (direct deposit refunds). Our systems don't protect the data well and management doesn't see a reason to spend development effort to make it harder for an employee to obtain this information.

    BTW, we are an outside contractor, not state employees. I suspect the only way we would improve our system is either by forcing us to accept full liability for any losses incurred or by legistrative changes within the state in question. I suspect neither will happen anytime soon. Especially the former as "losses incurred" is difficult to determine in an identity theft case.

    link to this | view in chronology ]

  • identicon
    Bob, 13 Jun 2005 @ 9:10pm

    On the Choice to Ignore and Negligence..

    Eventually the law will be extended to deter this, imposing fines and/or imprisonment. Although it will take a few high profile thefts to occur to start the legislative ball rolling. Companies will come to be held liable for thefts of their data, even if they occur outside the jurisdiction of the U.S.

    A collector of data will come to be defined as a 'custodian of an instrument', with instrument defined as something that could cause irreparable harm.

    In the way a parent is responsible for leaving a drawer unlocked for a child to take a loaded gun, is the same as a collector leaving the drawer unlocked for a criminal to steal data; both the parent and collector are or should have been aware of the danger, in particular the likelihood of a crime being committed with the instrument, and accountability if a crime is committed with it (either the gun or the data respectively) as in this case both would be used as weapons to commit a crime.

    The fact that the child may not understand what she is doing, whereas the criminal does is irrelevant. The point is the custodian of the instrument understands, and therefore is responsible, and that is what is relevant.

    Bob

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.