Data breach alerts linked to increased risk of ID theft

Share this article:
Consumers who have received a data breach notification letter are four times more likely than others to be the victim of identity theft, according to a survey released this week by Javelin Strategy and Research.

Approximately 11 percent of U.S. consumers have received a data breach notification letter in the past 12 months with a third of the breaches involving Social Security numbers and 15 percent involving ATM PINs, according to Javelin's third annual survey of nearly 5,000 U.S. consumers, released Tuesday.

Of those who have received a data breach notification letter in the past year, 19.5 percent said they were the victims of fraud associated with identity theft, compared to 4.3 percent who have not received a notification but were victimized.

“It wasn't just a statistical anomaly,” Robert Vamosi, a Javelin risk fraud and security analyst and the author of the study, told SCMagazineUS.com on Wednesday. “In 2007 and 2006, we saw a similar pattern, so this isn't a blip. This is something that has been going on for a while.”

In 2007, approximately 20 percent of those who received a notification letter said they were the victim of fraud, compared to just 3.6 percent who were victimized but did not receive a letter. And in 2006, 15.8 percent of data breach letter recipients were victimized, compared to just 3.7 percent who never got a letter.

The correlation between receiving a data breach notification letter and the increased risk of suffering identity theft might be due to the fact that many times, alerts are only sent to people that are severely impacted by the breach – such as those whose Social Security numbers or other sensitive information was breached, Vamosi said.

The survey also found that despite the fact that those who received a notification letter were four times more likely to experience fraud, just two percent of identity theft victims attributed the fraud to the data breach, the study found.

Vamosi said that this finding could indicate a “disconnect between breach notification and consumer understanding of the consequences.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.