BOSTON (1/2/08)--Credit unions won't be surprised to learn that the loss or theft of personal data through data breaches soared to unprecedented levels in 2007. And the trend isn't expected to slow down anytime soon. More than 79 million records were reported compromised in the U.S. through Dec. 18, according to the San Diego-based Identity Theft Resource Center (ITRC). That's almost a fourfold increase from the nearly 20 million records reported compromised for the entire year in 2006 (Associated Press
Dec. 30). On a global scale, more than 162 million records were compromised through Dec. 21 both in the U.S. and overseas, compared with 49 million last year, says Attrition.org. Accounting for half those records was the TJX Cos. data breach, says Attrition. It estimates that 94 million records--estimates given by Visa and MasterCard officials--were exposed in the TJX breach, which affected customers of discount stores including T.J. Maxx and Marshalls. However, ITRC estimates the number of records compromised was closer to 46 million--the number TJX acknowledged. The two data breach monitors say the theft trend won't end soon because hackers are a step ahead of security, laptops with sensitive information disappear, and institutions are collecting even more data than ever. Hackers are savvy to a major vulnerability--wireless data transmission--and are learning to bypass security safeguards to eavesdrop. Both companies also said there is an increasing number of incidents in which employees lose sensitive data, through inadequate handling or keeping laptop computers with Social Security numbers on them. ITRC Founder Linda Foley and Executive Director Jay Foley made several predictions for 2008 about identity theft trends. Among them:
* Thieves are getting younger and view identity theft as a lucrative career path; * ID theft will continue to grow internationally with more sophisticated scams designed to trick consumers into divulging their ID information. * Expect an increase in the number of breaches due to poor information handling policies and practices. * Studies will continue to contradict each other about victims, cause and effect, facts and overall cost of identity theft. This will lead to confusion, misguided legislation and governmental actions. * Businesses will develop and implement better ID authentication methods for applicants, including Internet and telephone applications. * ID theft will get more recognition as a crime by law enforcement, and more reports will be written to assist victims in their recovery rights. * Expect more legislative action on the issue of ID theft, including limiting the use of Social Security numbers; and * States and nonprofits will be in a better position to assist victims at no charge.