Data breach alerts linked to increased risk of ID theftConsumers who have received a data breach notification letter are four times more likely than others to be the victim of identity theft, according to a survey released this week by Javelin Strategy and Research.
Approximately 11 percent of U.S. consumers have received a data breach notification letter in the past 12 months with a third of the breaches involving Social Security numbers and 15 percent involving ATM PINs, according to Javelin's third annual survey of nearly 5,000 U.S. consumers, released Tuesday.
Of those who have received a data breach notification letter in the past year, 19.5 percent said they were the victims of fraud associated with identity theft, compared to 4.3 percent who have not received a notification but were victimized.“It wasn't just a statistical anomaly,” Robert Vamosi, a Javelin risk fraud and security analyst and the author of the study, told SCMagazineUS.com on Wednesday. “In 2007 and 2006, we saw a similar pattern, so this isn't a blip. This is something that has been going on for a while.”
In 2007, approximately 20 percent of those who received a notification letter said they were the victim of fraud, compared to just 3.6 percent who were victimized but did not receive a letter. And in 2006, 15.8 percent of data breach letter recipients were victimized, compared to just 3.7 percent who never got a letter.
The correlation between receiving a data breach notification letter and the increased risk of suffering identity theft might be due to the fact that many times, alerts are only sent to people that are severely impacted by the breach – such as those whose Social Security numbers or other sensitive information was breached, Vamosi said.
The survey also found that despite the fact that those who received a notification letter were four times more likely to experience fraud, just two percent of identity theft victims attributed the fraud to the data breach, the study found.
Vamosi said that this finding could indicate a “disconnect between breach notification and consumer understanding of the consequences.”