Is ID Theft Rare, or Merely Well Done?

By Peter Piazza

Four widely publicized data breaches resulted in the compromise of around half a million customer names and Social Security numbers. How many of those consumers became victims of identity theft? Almost none—0.098 percent, or less than one in 1,000.

One reason thieves don’t fully exploit their loot may be the time necessary to exploit a huge database: It would take a fraudster working “6.5 hours a day, five days a week, 50 weeks a year” more than 50 years “to fully utilize a breached file of one million consumer identities.”

This finding is from research conducted by ID Analytics, a creator of analytic solutions to prevent identity fraud. Mike Cook, cofounder of the company, says, “The low misuse rate we found in our analysis was initially surprising,” but he adds that it’s not all good news. For example, thieves may be able to benefit from selling, rather than directly exploiting, this data.

It is also important not to become complacent about theft just because this one study shows a low rate of identity theft from the stolen data. “Once thieves have used a breached file for a crime, continued identity monitoring is necessary,” says Cook, even if the probability of being victimized is low.

Moreover, the low-misuse rate did not occur in a vacuum. The report also found that customer notification had some effect on what happened to data that had been stolen. In one breach of consumer information, for example, researchers noticed that once the public had been informed, “thieves slowed their use of data to commit identity theft.”

@ Get more on the ID analytics research at SM Online.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.