Establishing Digital Trust: Don't Sacrifice Security for Convenience
But even before representatives could haul the first Fortune 500 executive in front of a microphone on Thursday, media conglomerate Time Warner announced the mysterious disappearance of 600,000 names and Social Security numbers of workers dating back to 1986.
And the list of companies reporting breaches reads like a 'Who's Who' of industry. The most notable of the recent mishaps includes the disappearance of backup tapes containing the credit card information of 1.2 million federal workers by Bank of America, the theft of more than 300,000 customers' personal information at Reed Elsevier, a subsidiary of data broker LexisNexis, and the loss of transaction data belonging to around 180,000 customers of fashion house Polo Ralph Lauren.
A string of universities also has fallen victim to breakdowns in the past few months.At best, these occurrences appear to have increased because of recent full disclosure laws, security experts say.
At worst, experts believe criminals consider identity theft an easy mark. It's a way to make a lot of money by taking advantage of an imperfect system -- one in which no one ever thought there was a problem.
Now, thieves continue to snatch Social Security numbers at will and are becoming more aware of the enticing targets.
''That seems beyond comprehension to me that that happened with one of the biggest banks in the country,'' said Senator Jim Bunning (R-Ky.).
His comments came in mid-March and, as reported by internetnews.com, he was grilling Barbara Desoer, a Bank of America executive vice president, in a Senate Banking Committee hearing.
''Five, maybe 10, but 1.2 million [accounts]?''
Maureen Kelly, director of product marketing at data-loss prevention firm Vontu, believes a combination of actions have created this perfect storm, setting forth an unprecedented amount of theft and media coverage and creating an image of the business community in disarray.
''The black market for this type of information is there and continues to grow,'' she said, ''and criminals are realizing what they can do quickly with the information.''
The breach disclosure bill making its way through the House and Senate is based on California's legislation, which requires a business or government agency to notify an individual in writing or by e-mail when it is believed that unencrypted personal information has been compromised.
And those numbers are huge. Nearly 10 million Americans were victims of ID theft last year, according to the Better Business Bureau.
Marcie D Terman, director of business development at DataFort, says that is just the tip of the iceberg, and warns that more SMBs are failing to cope with this issue. And it isn't just on a technological level.