Thursday, July 5, 2007

GAO: Breaches and ID Theft

Since Congress is considering - and many states have enacted - legislation requiring notification of breaches of sensitive personal data, the GAO studied the issue of resulting ID theft.

Although more than 570 data breaches were reported to media from January 2005 through December 2006, very few resulted in ID theft. In reviewing the 24 largest breaches reported from January 2000 through June 2005, GAO found 3 with evidence of resulting fraud on existing accounts, 1 of unauthorized creation of new accounts, 18 with no clear linking evidence between the database theft and the ID theft and 2 without sufficient info to make a determination of cause.

While noting the opportunity that breach notification gives to consumers, the GAO notes: 1) increased costs to make notifications and 2) the creation of a "crying wolf" syndrome.

No comments:

Post a Comment