Has your personal information ever been stolen during a data security breach? If you answered no, are you sure? Prior well-publicized incidents beginning in 2005 (Choice Point, Lexis/Nexus, Ameritrade and others) that have brought the issue to the forefront of both our minds and those of our legislators, security breaches were rarely reported and victims often went without notification. Because so many of us are unaware that our personal information has been compromised, we are not actively taking the steps necessary to protect our identity.
Fortunately, most states now have laws and guidelines in place that require companies to notify breached individuals when their personal information has been compromised, but just knowing your information has been stolen won't keep your identity from being used by criminals. Without consistently monitoring the use of your personal information, these security breaches can create long-term problems, both financial and non-financial.
As a result of a data breach, identity thieves essentially "hit the jackpot", hacking into and stealing large databases of consumers personal information that can ultimately be used to assume a victim's identity. In the last two years alone, over 100 million consumers have had their personal information compromised during a security breach. Sometimes attempts to use the information will come quickly, but more often, this information will be warehoused or sold for future use.
When the criminal decides it is time to dip into his database and assume your identity the first thing he will likely do is attempt to change the address associated with your personal information. If successful, he can take advantage of your credit and employment history, opening new accounts you will be responsible for paying, obtaining jobs that leave you on the hook for income tax, and even committing sometimes-violent crimes using your identity meaning you could be the one sitting in jail until the situation is straightened out. It takes the typical identity theft victim over 350 hours and 44 months to rectify the situation. Without protection, victims may endure unexpected costs, persistent hassle and permanent damage to their credit.
With the seemingly endless internal and external opportunity (hacking, lost laptops, stealing file folders, internet, email, spyware, etc.) for criminals to get their hands on large quantities of consumer information, it seems as though we will continue to be victimized by data security breaches long-term. Notification by the company or institution involved will help alert us to the potential for a problem, but to truly be protected from identity assumption, we need to take matters into our own hands.
You cannot stop the criminals from attempting to assume your identity, but by staying abreast of changes to your personal information that you did not initiate, you will minimize the time and cost associated with correcting a full-blown identity assumption.