Data breach alerts linked to increased risk of ID theft

Share this article:
Consumers who have received a data breach notification letter are four times more likely than others to be the victim of identity theft, according to a survey released this week by Javelin Strategy and Research.

Approximately 11 percent of U.S. consumers have received a data breach notification letter in the past 12 months with a third of the breaches involving Social Security numbers and 15 percent involving ATM PINs, according to Javelin's third annual survey of nearly 5,000 U.S. consumers, released Tuesday.

Of those who have received a data breach notification letter in the past year, 19.5 percent said they were the victims of fraud associated with identity theft, compared to 4.3 percent who have not received a notification but were victimized.

“It wasn't just a statistical anomaly,” Robert Vamosi, a Javelin risk fraud and security analyst and the author of the study, told SCMagazineUS.com on Wednesday. “In 2007 and 2006, we saw a similar pattern, so this isn't a blip. This is something that has been going on for a while.”

In 2007, approximately 20 percent of those who received a notification letter said they were the victim of fraud, compared to just 3.6 percent who were victimized but did not receive a letter. And in 2006, 15.8 percent of data breach letter recipients were victimized, compared to just 3.7 percent who never got a letter.

The correlation between receiving a data breach notification letter and the increased risk of suffering identity theft might be due to the fact that many times, alerts are only sent to people that are severely impacted by the breach – such as those whose Social Security numbers or other sensitive information was breached, Vamosi said.

The survey also found that despite the fact that those who received a notification letter were four times more likely to experience fraud, just two percent of identity theft victims attributed the fraud to the data breach, the study found.

Vamosi said that this finding could indicate a “disconnect between breach notification and consumer understanding of the consequences.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.