Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Privacy Businesses CDA News

Big ID Thefts Not To Be Feared 161

Posted by Zonk from the i-would-still-be-nervous dept.
goldseries writes "A new study released by ID Analytics says that only about 1 out of every 1000 stolen identities are actually used, due to the amount of time it takes to use the identity, limiting a single thief to 250 identities a year. The likelihood that your information will be used increases drastically when the size a the theft is small. So size does not matter, in identity thefts at least; the identity thefts you need to worry about aren't the big ones heard on the news but the small unreported ones." From the article: "While the findings will provide some comfort to consumers whose credit cards are lost or lifted, or whose sensitive information is compromised when, for instance, a laptop is stolen, as recently happened at Chicago-based Boeing, some of ID Analytics' suggestions could be controversial. The company suggests, for instance, that companies shouldn't always notify consumers of data breaches because they may be unnecessarily alarming people who stand little chance of being victimized."
This discussion has been archived. No new comments can be posted.

Big ID Thefts Not To Be Feared More

Big ID Thefts Not To Be Feared

Comments Filter:

  • Of Course You Should Inform Them! (Score:5, Interesting)

    by SeanDuggan ( 732224 ) on Thursday December 08, 2005 @12:10PM (#14210899) Homepage Journal
    Unless the companies who lost the information are willing to be liable for any and all damages caused by the identity theft, not limitted to damaged credit ratings, credibility damage, and all monetary losses, they should definitely inform consumers. That would be like not informing people of airplane safety measures "because very few planes actually crash."
    • And indeed, it seems to me that if you inform someone, they're more likely to take action, so the ID thief gets less of a chance to actually do damage.
      • Their argument for not forcing companies to disclose is that those big companies would be better off spending the money they would use to inform everyone on the people who actually get victimized. What does that even mean exactly? Also, they don't want to needlessly freak people out.

        Sounds like a pretty weak argument to me really. More corporate BS?

        BTW, I beat /. to the story on my ID theft site: Identity Theft Risk Overhyped [bloomshare.com]. Do I get extra points for that, or what?
        • BTW, I beat /. to the story on my ID theft site: Identity Theft Risk Overhyped. Do I get extra points for that, or what?

          Nonono, you have to post it after it gets here on /. and then duplicate it a bunch of times.

          Then you get promoted to Editor.

    • Re:Of Course You Should Inform Them! (Score:5, Insightful)

      by timeOday ( 582209 ) on Thursday December 08, 2005 @12:18PM (#14210981)
      Unless the companies who lost the information are willing to be liable for any and all damages caused by the identity theft, not limitted to damaged credit ratings, credibility damage, and all monetary losses, they should definitely inform consumers.
      I'll go you one further, I think the law should *compel* them fess up. Most of the interest over identity theft has resulted from the California law which does just that. As a result, we started to hear about things that before would have been secret, and it has really blown the issue wide open. For markets to work well, people must have access to relevant information, such as which companies have bad track records for infosec.
    • "Shit. Another 100,000 credit card numbers were jacked? Naw, we don't need to let anyone know. It's the holidays for fuck's sake."

  • Nice whitewash... (Score:5, Insightful)

    by Godeke ( 32895 ) * on Thursday December 08, 2005 @12:10PM (#14210900)
    So those of you that *actually* suffer identity theft... well, you are just a small, inconsequential number of people compared to those who got lucky. Since you are so outnumbered we can safely continue to fail to safeguard your data, and we will use these results to claim it is your fault, not ours, that you suffered identity theft. After all, you are only one in a thousand, right? Heck, losing a tenth of a percentage of our customers won't hurt *us* that much... and all this notification stuff is hurting us *much* more than that.
    • And this is flamebait why?!?
    • Maybe you (or whatever company you are making fun of) doesn't realize is that what you don't know about can hurt you. I won't seek to do business with a company with a poor track-record of safeguarding my identity.
    • And the first thing that I thought of when I read this "it takes too long for a thief to use all the identities" is this:

      1. Steal 1000 identities.
      2. Use 10 identities to buy stuff.
      3. ???
      4. Profit!!!
      5. Sell other 990 identities to other lowlifes.
      6. ???
      7. Profit again!!!

      As if the person who did the theft is the only one who's going to use the identities they stole. What were they smoking when they did this study?! Admittedly I didn't RTFA, but come on! It's obvious what could easily happen to the other inf
    • Comment removed based on user account deletion

  • Nonsense Quote (Score:3, Insightful)

    by LostCluster ( 625375 ) * on Thursday December 08, 2005 @12:13PM (#14210929)
    "As far as notifications, we think there are certain instances where businesses might want to notify consumers and certain instances where they might not to inform them," Cook said.

    When would there ever be an instant that a business would want to disclose a leak? There are instances were businesses should be required to inform customers.
    • "When would there ever be an instant that a business would want to disclose a leak?"

      If a company negligently allows access to sensitive information on thousands of their clients, their liability in the end might be less if they notify all the clients exposed, since the actual harm done would (hopefully) be less.

      So the conditions are:

      1) Legal liability for the leak
      2) Announcing the leak will help prevent damages
    • Companies are profit-maximizing entities. They will only bother to secure their data when it costs them too much if they don't.

      Notifying everyone when there is a big breach costs money. That's not a bug, it's a feature. Companies that don't want to spend the money need to secure their data better.

  • The company suggests, for instance, that companies shouldn't always notify consumers of data breaches because they may be unnecessarily alarming people who stand little chance of being victimized."

    Well, 250 informed consumers is much, much better then 250 uninformed consumers who don't know their identity was stolen until their credit card bill comes in.

  • Luke: I won't fail you. I'm not afraid.
    Yoda: You will be. You will be.

    Just because statistically you will not have your ID used after being stolen, it is still a terrible feeling - as if millions of voices suddenly cried out in terror and were suddenly silenced.

  • Every 35 hours (Score:2, Insightful)

    by amrust ( 686727 )
    ...limiting a single thief to 250 identities a year...

    Still, to the web economy, that's *almost* like them becoming a completely different person, every 35 hrs. Per thief. Pretty amazing/scary when you stop to think about it.

    • A couple of years ago they broke a ring here in Denver which was cracking banks (card issuers), forwarding the data to Montreal where it was forwarded to New York and some guys with a lot of vowels in their last names. The entire premise that this is 250 names a year per cracker is simply not relevant to the business of stealing ID's: it is not just one guy with the names and info, and you have a machine in place to get a hell of a lot more out of it than one guy could get. These guys are maximizing their
      • True, true. Those machines multiply their "effficiency".

        This is also the time of year where people are out shopping, in a rush to get home where it's warm, and may not think to check out the "ATM" they're swiping their MAC card through. Just a reminder to everyone to be mindful of what they do with their cards this holiday season. Check out those machines carefully before putting your card in.
    • More like every 24 hours. Even identity theives take the weekend off ;-)

      J.

  • Not a big deal??? (Score:5, Insightful)

    by gasmonso ( 929871 ) on Thursday December 08, 2005 @12:14PM (#14210951) Homepage

    Tell that to the thousands of people who had their lives turned upside down. The effects of identity theft can be devastating and long lasting. If your data is stolen, you have every right to know about it. This is just an attempt for companies to downplay their incompetence and lack of security. I'd like to see how they would react if their information was stolen.

    gasmonso http://religiousfreaks.com/ [religiousfreaks.com]
    • No kidding. My friend went through this, and spent well over 200 hours fixing all the problems it caused him.

      • I'm not, personally, too worried about having my identity deliberately stolen. I take reasonable precautions, and key places like banks and employers tend to be wise to obvious and seriously damaging identity theft and how to deal with it these days. Relative to the odds of it happening, I have more serious things to worry about...

        ...like incompetence, for example. All it took was one government staffer mistyping my NI number (roughly the UK equivalent of a US SSN) into a database, out of probably thousan



    • It's nothing different than many large companies that would rather settle a claim for wrongdoing out of court (and out of the public eye), because it's actually cheaper than making the necessary changes to fix the problem. Only when someone is held accountable, do things start to change- this is one reason you see such huge damage awards for some injury cases...often times it's to penalize a company for a history of willful disregard for the well-being of others. They'll probably change their tune after los

  • Stupid (Score:3, Informative)

    by pubjames ( 468013 ) on Thursday December 08, 2005 @12:15PM (#14210956)
    This is the most stupid thing I've read recently.

    If a criminal gets his hands on a million records, and he can only use a few hundred a year, what do you think he is going to do, throw all the others away?

    No, he's going to sell them to other criminals or pass them on as favours.

  • overblown my ass! (ewww, nasty image) (Score:4, Insightful)

    by BushCheney08 ( 917605 ) on Thursday December 08, 2005 @12:16PM (#14210958)
    As a former victim of identity theft, I have to tell these people to go to hell. Sure, my case was a fairly small one -- two lines of credit opened in my name totalling about $5000 (On one of the applications, there wasn't even a SSN. They opened the account simply by listing my name and an address that I've never lived at). Getting the crap cleaned up was an absolute nightmare. And don't expect the 3 credit reporting agencies to be any help, either. They don't want to deal with you. After all, you're not their customer - their customers are the ones buying your information from them. One of the agencies still sends mail to my old address, 6 months after moving. This is despite me sending a letter notifying them of my change in address along with all of the information they requested in order to do so. Basically, any company dealing in personal information brokerage is on my shitlist...
    • If identity theft were limited to single individuals then I'd say these guys have something of a point (though, as with all statistical analyses of bad things, it don't make a victim feel much better). However, my big concern would be organized crime getting into the game. At that point, a far greater fraction of stolen identities could be used. This strikes me as being one of those "don't worry, be happy" reports, sort of like "ah, that amount of benzine in your drinking water won't hurt you at all".

  • Credit reporting companies fault (Score:3, Insightful)

    by Lumpy ( 12016 ) on Thursday December 08, 2005 @12:16PM (#14210966) Homepage

    If they would stop being Asshats and allow you to "LOCK" your credit reports then this would be a non issue.

    If I could call and place my credit reports in a locked status so no credit reports can be pulled then this would be a much smaller issue. But they refuse to because it would significantly impact the revinue stream they get from the tens ofthousands of illigimate requests they get an hour for people's credit. I wont even go into the issue that their data is horribly inaccureate anyways but they should allow me to lock it down until I release that lock.

    • Some places, you can get this (called a freeze). In California, Louisiana, Nevada, Connecticut, Illinois, Maine and Colorado anyone can put a freeze on their account, which prevents anyone from pulling your credit, unless you've explicitly authorized it by contacting the reporting agency. In Texas, Vermont, and Washington, you can get a freeze if you've been a victim of identity theft.

  • Even if this is completely without error, it sets the stage for future problems. What they're saying is that currently this is the situation. However, let's say a group of identity thieves become more organized and start making more efficient use of the big thefts. Setting procedure based on the current thinking would leave us unprepared for future "improvements" made by criminals. This is the same kind of thinking that left us with the 640k wall. As far as I'm concerned, if my identity information was lea

  • I just got a 20 page background check fax in error (Score:5, Insightful)

    by gelfling ( 6534 ) on Thursday December 08, 2005 @12:19PM (#14210986) Homepage Journal
    My home fax machine is one digit off from that of an headhunter. Two nights ago I got a 20 page fax detailing the background check results for a candidate including:

    Name
    SSN
    Address
    Bank account numbers
    Credit score
    Arrest/conviction records: Federal State Local
    Urinanalysis results

    There was never a I never received a followup fax to check up on it - clearly they didn't have my phone number so they couldn't speak to me, but they already had a record of the fax number.

    And if that wasn't dumb consider this.

    My home phone number is one digit off from the States depart of Revenue unclaimed funds division. I routinely get calls from people asking "Is this the money line???" I get people leaving their name, address, SSN and phone number on my voice mail, unasked and please remember that the outbound message states the phone number and nothing else to indicate what the number is for. I get calls from people in state, out of state, out of the country, from prisons from other branches of the government.

    Security is bullshit as long as people act retarded.

  • "Identity Theft Over-Reported" (Score:3, Insightful)

    by lysander ( 31017 ) on Thursday December 08, 2005 @12:19PM (#14210988)
    I recommend also reading a post in Schneier's blog about identity theft being over-reported and confused with fraud [schneier.com].


  • ..due to the amount of time it takes to use the identity, limiting a single thief to 250 identities a year...

    This is based upon the typical thief work-week, with 2 weeks holiday annually in Cancun.
  • Got extra IDs you can't use right away? I'd be willing to bet that there are people that would pay for some handy identities... Sure, you'd have to trust the seller to an extent, but I'm sure there's a market for it.

  • And when the thief resells the info? (Score:2, Insightful)

    by Anonymous Coward

    250 per year per thief. What about when one company is breached, 1 million IDs are stolen, and the one thief (who specializes in security penetration) then resells these to hundreds of other thieves (who specialize in id theft) online? 'Cyber criminals' are more organized and more specialized these days. We're not dealing with script kiddies any more.

    The company suggests, for instance, that companies shouldn't always notify consumers of data breaches because they may be unnecessarily alarming people who

  • This will probably get modded flamebait, but...

    The people who paid for this study should be fired for wasting money. Only the small ones matter? One thief can only use 250 a year?

    So, if we have a hundred thieves in the US.... that's 250,000 a year? And that's no big deal.

    You know what this is? This is a study, funded by someone with a vested interest, that will be used when large companies are SUED for allowing large scale identity theft. It will be referenced, cross referenced etc.

    Walk down
    • One thief can only use 250 a year? So, if we have a hundred thieves in the US.... that's 250,000 a year? And that's no big deal.

      Check your math. I think you mena a thousand thieves.

      And yes, I know. There are a lot more than a thousand in the U.S.

  • It doesn't matter then right?

    My name, address, phone number, credit card number, pin number and social security number are as follows...

  • What about the people in the call centers? (Score:4, Insightful)

    by rolypolyman ( 933130 ) on Thursday December 08, 2005 @12:23PM (#14211021)
    What concerns me lately is some of the faceless/nameless droids working in the call centers. After we called our Texas power company to transfer our service to a new address, we found out some time later that they added on another house in Dallas, as part of the same work order. Assigned my wife's social security number to the account, too. It's not just the databases that concern me, but the trustworthiness of the people taking my call.
  • what happens when you throw away those enormous Publisher's Clearing House checks? Someone goes through the trash, finds a cancelled check that's 3'x6', now they have your account #... next thing you know...

  • Not in the hospital setting (Score:4, Interesting)

    by PIPBoy3000 ( 619296 ) on Thursday December 08, 2005 @12:25PM (#14211045)
    I work for a healthcare organization and one of the applications I support is this system for merging multiple medical records into a single one. We have a team of people whose sole purpose is to take multiple accounts and turn them into one. This extra accounts can be created accidentally, such as when a Jane Doe comes into the ER and their identity is later established. It can happen on accident, such as when a registration person creates a new account instead of finding the old one.

    In the last couple years, identity theft and identity fraud have resulted in huge inputs to the system. Where we once had to merge up to three identities, the system now supports merging up to ten. What happens is that a single individual will steal a bunch of different identities and then use them all, typically to get drugs.

    So, while the risk of your credit card being stolen and used may be low in certain cases, don't lose your other "proof of identity" stuff: driver's licenses, insurance cards, and your social security number.
    • This happened to me a few months ago -- I had a couple visits to the physical therapist and then started receiving bills for numerous drugs that I had no clue about. I had to call, write letters and complain to the hospital billing department for six months for them to fix it. The crazy part is that they didn't know how it happened, they just claimed that it was fixed...

      Do you know anything more about this sort of medical identify theft? If so, please reply to this or email me at i_love_junk_email@yahoo. [mailto]
      • Under the new HIPPA regulations, you have more rights about what happens to your medical record. I'm not an expert, but I believe you can contact them and ask to see your medical record as well as suggest corrections to it.

        I highly recommend everyone review their own medical record. I work in the healthcare industry for the web services team. We all dutifully checked them and nearly every one had errors. In once case, a test had been done during an ER visit that required follow-up. It wasn't done at
  • Well, the idea of witholding information "for people's own good" alarms the hell out of me.

  • President Bush has increased next year's budget for the Department of Homeland Security by $37.4 billion to fight identity theft, or as he calls it "the war on identity." "We must be vigilant," he opines, "lest our American values be compromised by this new and dangerous enemy. Victory is a certainty if we are a steadfast and brave as our soldiers in Iraq. Otherwise our citizens could be overcome by a mushroom cloud of debt."

    When asked what identity theft had to do with Iraq, Bush angrily replied that

  • Flaw in this (Score:3, Insightful)

    by isotope23 ( 210590 ) on Thursday December 08, 2005 @12:28PM (#14211078) Homepage Journal
    A new study released by ID Analytics says that only about 1 out of every 1000 stolen identities are actually used, due to the amount of time it takes to use the identity, limiting a single thief to 250 identities a year.

    Major flaw in thinking here...

    If this is true, then said computer criminal could just sell his/her stolen
    info in batches of 250 to multiple criminals. I can see all kinds of possible
    "value" add ins for the data thief as well. Items such as:

    Data mining for likely high income identities.
    Data mining for identies which match the buyers profile (e.g. white male mid 30's)

    • Re:Flaw in this (Score:3, Insightful)

      by lysander ( 31017 )
      Exactly. It's not like stolen identities go stale all that quickly, either. I'd want to know my infomation was compromised regardless if it was stolen in a batch of 100 or in a batch of one million. A company worrying about whether they're "unnecessarily alarming people" should also be taking proactive steps to avoid and minimalize the damage of such thefts.
  • "...only about 1 out of every 1000 stolen identities are actually used" I'm very excited about the news! Hopefully they (theives / criminals) will not take the time to become more efficient in their activities. Perhaps even 1 out of every 100 is also acceptable. 1 out of 10? That too sounds ok to me.
  • Looks like Baghdad Bob has a new venue for employment...

    "The criminals are commiting suicide outside the gates of your personal information! There is no ID theft in the city, not at all! We are victorious!"
  • The U.S. FTC ID Theft website [consumer.gov] suggests putting a "fraud alert" [consumer.gov] on your credit reporting files if you think you are or could be a victim of identity theft (e.g., your wallet was stolen, data breached, mail pilfered, phished, etc.). In theory it alerts companies not to open new accounts in your name without further verification (a potential minor hassle).

    Given all the data floating around out there and the lack of data theft reporting laws, one can argue that everyone "could" be a victim. I've heard that

    • In my experience, the fraud alert doesn't do anything.

      My wife's wallet was stolen, containing a credit card, our debit card, and her driver's license. We cancelled/re-issued the cards and she had her DL# changed. We called experian, equifax, and transunion to have a fraud alert set on our credit reports.

      A few days later we got letters from all three indicating the fraud alert was set. According to the letters, we shouldn't be receiving any pre-approved credit offers in the mail for 90 days. Any query ag

      • Credit Alerts and Cashiers (Score:4, Informative)

        by SeanDuggan ( 732224 ) on Thursday December 08, 2005 @01:28PM (#14211656) Homepage Journal
        Bottom line, using the fraud alert didn't really do anything, positive or negative. I expected to get a request for some additional ID from the CSR at Home Depot, but instead she just said "You've been approved" after a couple of minutes and handed me my temporary credit info.
        "Never attribute to malice what can be attributed to human stupidity." It's also possible that the cashier ignored or bypassed the message. Her pay isn't likely to be influenced either way by it and if multiple people are putting on "fraud alert" alarms on their credit records, it's entirely possible she gets so many bogus alerts that she doesn't even think twice before dismissing the dialogue. *grumble* I really wish I had the URL to that study someone posted on Slashdot... they were ostensibly heavily involved with the "photo ID on a credit card" concept at its first inception and he posted a nice long summary of his results. Basically, it didn't matter what the picture looked like; the cashiers passed the card. They even tried people of the wrong gender and it didn't make a difference. They then tried adding alerts, first a notification that popped up to ask the cashier to check the picture, then a dialogue which asked them to call into the credit agency, which required using a bypass key to dismiss. The rates of checking the picture were actually lower because the dialogue would get automatically dismissed without thinking about it.

        Come to think of it, I think that article was in something about biometrics... someone was publishing instructions on how to fake fingerprints using gelatin and he was commenting on other failed security features.

        • Her pay isn't likely to be influenced either way by it

          I believe that a lot of places pay commission for selling these credit cards.
        • The cashier may actually get a bonus on their paycheck for signing up X number of people in a month. Extended warranties work the same way.

          So it is likely against their self interest to care if there is a fraud alert, as opposed to being simply indifferent.
  • If it was their sensitive trade secrets that went missing... like the blend of secret herbs and spices or that syrup mixture. If anyone has the recipies for that let me know
  • The study cited sure doesn't make me feel more secure. The hack who ends up with 500K customer records may not be able to or even want to do anything with that info. If he's smart, though, the list is broken into smaller chunks and sold off. Repeat this a few times and you have a lot of thieves with a lot of small sets of info. There was a big scam locally where old DMV records were being found on CDs in possession of ID thieves. Digital data is incredibly easy to duplicate and distribute. If 500,000
  • I would rather be informed and it be a false alarm that not know at all and be caught with my pants down. VISA called me the other day, to check if I was responsible for a series of purchases in a few different countries in the past hour (which I was). I was very happy to see they checked up. While they do this for their protection, it is also my protection that is assured at the same time. So, if my personal information gets compromised due to a data breach, I better be informed as soon as they know,
  • I'd love to read it.

    A news blurb is little substitute for "study" from a commecrial entity with a vested interest.
  • Thanks for posting this. I feel so much safer now.
  • is to ruin your credit rating to the point where theives beg you to take your identity back!
  • The likelihood that your information will be used increases drastically when the size a the theft is small. So size does not matter

    So if the likelihood of my information being used increases drastically when the theft is small, doesn't size matter? It might be inversely proportional to the size of the theft, but it still matters.
  • It's a given that the sophistication behind criminal operations will mature. Right now, only a small percentage of stolen IDs might be put to detrimental use, but similar to the way that marketing firms aggregate, filter, and categorize the viewing/buying/consumption patterns of consumers, you can expect that criminals will do the same. This will lead to a future in which stolen ID aggregators comb through IDs and categorize them into specialized lists, sold to the criminal organizations that could benefi

  • ID Sweatshops (Score:3, Insightful)

    by ZachPruckowski ( 918562 ) <zachary.pruckowski@gmail.com> on Thursday December 08, 2005 @12:48PM (#14211254)
    Here's how I'd do it if I were an ID thief (obviously I'm not).

    1) Steal a hundred thousand IDs.
    2) Hire a pile of cheap workers somewhere
    3) Get them to mine the money for a 10-20% commission.
    4) Move to Vegas and/or the Bahamas and, um, get to know the locals...

    I mean, seriously, when you're dealing with a lot of money, when has manpower ever been an issue?

  • Only 250? Thank God crime isn't organized. (Score:3, Interesting)

    by shotgunefx ( 239460 ) on Thursday December 08, 2005 @12:52PM (#14211298) Journal
    These people are idiots. All it would take is a little organization to increase the efficiency.

    Of course with a larger number of potential victims, fewer percentage-wise will be hit. But they also contradict themselves.

    They say...

    ID Analytics said it discovered that identity thieves have a hard time using a stolen credit cards to hijack the identity of cardholders. That's because the cards are usually quickly canceled and because piecing together an identity based on the information on the card is hard work. Not one of the card breaches it studied resulted in a subsequent identity takeover.

    Now if credit card companies don't report it, who says the cards will be canceled?

    I can't remember which company it was, but I remember a breach a couple years ago, the initial numbers where in the tens of thousands, after the FBI got involved the true number was over a million IIRC.

    They should never be able to hide their culpability. If they can, they will always minimize their liability.
  • And just who paid for this report?

  • So...... (Score:3, Funny)

    by ShyGuy91284 ( 701108 ) on Thursday December 08, 2005 @01:01PM (#14211390)
    The next time I golf, and I see my ball heading towards a large crowd of people, I shouldn't alert them about it since it will probably only hit one person (assuming no rebound)?
  • Nothing to worry about, folks! Except that your ID is stolen FOREVER, and the thieves are certainly working on ways of automating the process.
  • 1 out of every 1000 stolen identities are actually used, due to the amount of time it takes to use the identity, limiting a single thief to 250 identities a year
    That means that a single thief averages 250000/year? How many thieves are there?

    Whether or not the identities are used makes no difference. It's plainly obvious that someone isn't doing anything at all to secure their data.
  • Opening up charge cards isn't the only harm that an identity thief can use -- they can use it to impersonate you in other ways.

    Using information gleaned from bank, insurance & credit records, one could easily obtain driver's licenses, purchase controlled substances like perscription drugs and weapons or obtain a passport, get a marriage license or register to vote -- using your data.

    The potential for abuse by "the terrorists", organized crime or even bigamists is obvious to anyone.
  • The management would like to remind the herd that safety is our highest priority. Remember, the safest place for an individual herd member to stand is near the center of the herd. Each member will be expected to remain as close to the center herd as possible at all times. Management is not responsible for any loss of life or limb which may occur to individuals who fail to remain in at the center of the herd. Management is not responsible for any random shifts in the location of the center of the herd.

    Th
  • This article assumes that the phisher/thief is the one who is going to use the information. This is an incorrect assumption. They are only one piece of a criminal enterprise. They sell the information to thugs who put it to use. This creates a layer of insulation from the source of the information to the street level criminal who actually puts it to use. There may even be another layer, the scammer who takes the info from the thief and uses it to obtain the credit card or whatever may then actually sel
  • And you know that this study is going to be cited, very quietly, to senators and others every time an information security admission type act comes across the table.
    "Ethics? What are those? Ethics don't buy me a mansion in Maui. What do you mean I'm paying for it by screwing over the rest of America? Screw 'em. I've got mine."
  • It is stupid and irresponsible not to warn consumers and I can't see any way it doesn't add to the liability of a company to fail to disclose this information.

    My step-mother was the victim of ID theft, and this was about 20 years ago, before the internet. She spent over a decade dealing with it. The responsible party was never found and every year or two, a new thing would pop up on her credit history. It was an absolute nightmare. This, from a person who never carried a debt on her credit cards and had an

  • If someone hacks a system and grabs hold of a database with 1 million identities, and if by selling the database to a single identity thief only 250 identities can get stolen, that makes the potential market for the database is 4,000 identity thieves!

    Of course, one guy finding 4,000 identity thieves to sell to is kind of hard, but there's no reason they can't turn it over to larger criminal enterprises that can maximize returns on this kind of investment.

    If stealing one identity means profit, stealing a

Slashdot Top Deals

To do nothing is to be nothing.

Close