Data Breaches Rarely Lead To Identity Theft

from the hype-and-reality dept

Earlier this year, it seemed like you could hardly go a day or two without hearing about yet another data leak by some company or another and how everyone's data was at risk. Of course, now some are beginning to realize that very few of those data leaks actually resulted in identity theft scams. Of course, that shouldn't necessarily make anyone feel better about them. It could just mean that so much private data about people is available that your chances of being "picked" are much slimmer. Safety thanks to the ubiquity of available information just isn't that comforting.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Pete Austin, 24 Oct 2005 @ 6:55am

    Your Accounts have been Compromised!

    "In 2003, 10 million U.S. residents were the victim of ID theft, according to the FTC ... Of all data compromises, only about 2 percent of the accounts that are compromised are ever used fraudulently," said Rosetta Jones" - Original CNET Story "According to the U.S. Bureau of the Census, the resident population of the United States... is 297,499,005" - US PopClock.

    Doing the math, the accounts of the average US citizen are compromised 1 or 2 times per year.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2005 @ 8:39am

      Re: Your Accounts have been Compromised!

      Wait a second, if you do the math, you learn that only 3% of all americans had their information compromised in '03. How does that translate to all of us having our accounts compromised twice annually?

      link to this | view in chronology ]

      • identicon
        Pete Austin, 24 Oct 2005 @ 9:22am

        Re: Your Accounts have been Compromised

        Only 2% of accounts compromised are ever used fraudulently. We know that this figure refers to real criminal ID theft (not just information leaks) as the article goes on to say "54.1 percent of ID theft victims were able to identify how fraudsters obtained their personal information." So the 2% must include the the 10 million U.S. residents who were were victims of criminal ID theft (FTC figure).

        If 2% of the accounts compromised is over 10 million, then 100% is over 500 million. This is almost twice the resident population of the United States.

        The above doesn't change the fact that you still only have a 2% chance of being defrauded each year. Of course, maybe you plan to live a long time, in which case the odds don't look so good.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 24 Oct 2005 @ 9:41am

          Re: Your Accounts have been Compromised

          What that quote says is that 10mil of all american's data was compromised. That is ~3% of the total population of the USA. Of those ~3% compromised, only 2% are being used. So out of 10 million compromised accounts, only 200,000 are being used. That doesn't mean that everybody's information is being compromised. What that means is that with all the breaches that are reported, a very small percentage of us are having our data exposed, and an even smaller percentage are having our data used.

          link to this | view in chronology ]

  • identicon
    Merchant, 24 Oct 2005 @ 10:54am

    Numbers Misleading

    Keep in mind that we don't know what is required to be considered identity theft or that information being used fraudulently. We have seen approx 20 fraudulent orders in the past two months... all Citi Bank. But what happens when the merchant gets the chargeback for these cards? The merchant pays for it, even though one can prove positive AVS, shipping to billing and proof of delivery, the merchant gets stuck paying for it. And I can almost guarantee you that these transactions would not be included in such reports as it didn't cost the consumer or the bank a dime.

    link to this | view in chronology ]

    • identicon
      Pete Austin, 24 Oct 2005 @ 11:54am

      Re: Numbers Misleading

      The FTC's 10 million figure is actual victims whose information was used for crime, not people whose accounts were compromised: Identity theft occurs when someone else uses your personally identifying information without your knowledge or permission ... 9.9 million consumers

      This Website details 50 Million Americans affected by data breaches in the 8 months to Oct 15 2005, only including reported computer breaches and not ordinary theft, fraud and wrongly-delivered post etc.

      I hope it's clear that much more than "10mil of all american's data was compromised". The main issue with the math is whether you can believe the estimate "only about 2 percent of the accounts that are compromised are ever used fraudulently" from the original article. That's what makes the total 500 million compromised accounts.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2005 @ 12:01pm

        Re: Numbers Misleading

        So then your math is based on an assumed error in whether or not the numbers that are being reported are accurate.

        link to this | view in chronology ]

  • identicon
    Bob, 25 Oct 2005 @ 12:25am

    Zzzz..

    Perhaps.

    But information related to an individual's identity does not expire, it persists indefinitely. The social, maiden name, birth date and other pertinent information could be accessed readily at a later date. The ramifications remain the same 20 years after the theft as to the day it is first stolen. So the amount of time in this case is irrelevant, as is the article.

    After reading I found it to be boring, the article's author spewing off a plethora of facts and figures, but drawing no conclusions from any of it. A rehash of what we've heard before.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.