TechWeb

Survey Finds Up To 44 Million In U.S. May Be Victims Of ID Crime

Jun 29, 2005 (12:06 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=164903925


The number of Americans who've been victims of identity-related crimes could be as high as 44 million, according to a survey released Wednesday by Deloitte & Touche LLP and the Center for Social and Legal Research. A similar survey conducted two years ago found that 35 million Americans may have been victims.

The survey of 2,322 adults was taken in early May. Twenty percent of those surveyed said they've been victims of ID theft. When extrapolated across the entire U.S. population, the results suggest that 44 million may have been victims.

The survey found a growing awareness of ID-related crimes among the public; 87% of respondents said they've read or heard about consumer data being stolen or disclosed in error. Such stories have dominated the headlines in recent weeks; the latest and potentially the largest was a security breach at CardSystems Solutions Inc. that exposed more than 40 million payment card accounts to theft.

A class-action suit has been filed in California against CardSystems, Visa, and MasterCard seeking a declaration that CardSystems violated due standards of care in its data-security methods and that the card companies failed to provide timely notice of the nature and extent to which credit-card data was compromised.

According to the lawsuit, CardSystems had been alerted "by other entities" late last year that consumer data had been exposed and failed to take prompt remedial action or notify consumers. The suit alleges that CardSystems violated Visa and MasterCard rules against storing consumer information and also violated the Payment Card Industry Data Security standard by improperly storing credit-card and transaction data, failing to maintain a firewall, failing to restrict access to its computers, and failing to encrypt cardholder data.

The suit charges that MasterCard was remiss in not publicly disclosing the breach until June 17, even though it had been informed by CardSystems of the breach in May and had traced fraudulent incidents back to CardSystems in April.

The ID-theft survey found that the revelations of losses of personal data are affecting purchasing decisions: 64% of respondents have decided against making a purchase because they weren't sure how their personal information would be used, and 67% decided not to register at a Web site or shop online because the privacy policy was unclear. Equally telling, 70% of respondents agree that consumers have lost all control over how personal information is collected and used, and 59% said existing laws and company practices fail to provide a reasonable level of protection.