• Credit
• Data Breach
• Fraud
• Identity Theft
• Other News
• Privacy
• Reviews
• Scams
• Tips
• Truston

« Previous Post | Blog Home | Next Post »

The Real Impact of a Data Breach

Posted on Feb 9, 2007 by Tom Fragala

Data breaches make great copy for the media. Journalists write stories to create scapegoats and sell ads, while consultants (or even non-profits) love the stories because they sell data breach "remediation" services. And politicians eat it up because they can call hearings, attract the press, browbeat executives and appear to care about their constituents (until lobbyists change their minds). And just when you think that someone (Congress) might do something about the problem, analysts release reports saying that data breaches are not that big a deal. When the company that caused the breach, or its corproate clients, offer a remedy (i.e. credit monitoring), then it seems the journalists and politicians move onto the next big story.

But something is missing despite all the (soon forgotten) rhetoric and headlines. Someone is left out in the cold after the headlines fade. People. The victims. What is the real impact of a data breach? I wrote about the Towers Perrin laptop theft data breach here. It is a story that seems to have been glossed over by the media. Read the comments of a victim of the TP laptop theft below, however, to get a taste of what it feels like to be on the receiving end. This is just one person's story, there are quite a few more comments on the original blog post.

MY HUSBAND RECEIVED ONE OF THE FORM LETTERS, AND I WAS JUST DUMBFOUNDED. HE IS RETIRED FROM CITIGROUP, AND WE WANT TO KNOW WHY CITIGROUP HAS NOT CONTACTED US AT ALL ABOUT THE SITUATION? —AND ARE THEY STILL DOING BUSINESS WITH TOWERS PERRIN?

I THOUGHT THE LETTER WAS JUST SOME FAKE COMPANY TRYING TO GET PERSONAL INFORMATION, NOW I FIND THAT IT IS TRUE!

TOWERS PERRIN OFFERS 2 YEARS OF FREE CREDIT MONITORING AND ENCLOSED A FORM TO FILL OUT FOR EQUIFAX—AND THE FIRST SET OF BLANKS TO FILL IN ARE FOR MY HUSBAND'S SOCIAL SECURITY NUMBER!! —THAT IS GUARANTEED TO REALLY STIR CONFIDENCE!!

ISN'T THAT A RATHER OBVIOUS ATTEMPT TO GET PEOPLE NOT TO TAKE THEM UP ON THEIR OFFER? (FIRST, LETS MAKE THEM THOROUGHLY PARANIOD ABOUT THEIR SOCIAL SECURITY NUMBER BEING IN UNSAFE HANDS, AND THEN IMMEDIATELY ASK THEM TO SEND IT OUT AGAIN!!)

I THINK TOWERS PERRIN SHOULD BE HELD RESPONSIBLE FINANCIALLY—WHERE IT HURTS!!—AND I THINK THE COMPANIES WHO DEAL WITH TOWERS PERRIN SHOULD LOOK LONG AND HARD AT CONTINUING TO DEAL WITH THEM.

THE LETTER STATED THE STEPS TP IS TAKING TO PREVENT THE PROBLEM FROM RECURRENCE—I DON'T GIVE A DAMN. THAT'S CLOSING THE BARN DOOR AFTER THE HORSE IS GONE! WHAT WILL THEY DO FOR US IF OUR PERSONAL INFORMATION GETS USED TO DAMAGE US FINANCIALLY? —NOT A DAMN THING! —"WE'RE SORRY" WILL NOT HELP WITH THE WORRY, AND WILL NOT HELP WITH THE HEADACHES AND FINANCIAL PROBLEMS WE WILL HAVE IF IT HAPPENS.

I AM SO FRUSTRATED AND ANGRY.

This person's pain also underscores a key reason why credit monitoring and other so-called solutions are fatally flawed. They ask the victim to provide their social security numbers (or even power of attorney!) to some third party. This is why, as a victim advocate, I built our ID theft detection and recovery service so it would not require the user to send Truston their SSN or other sensitive data.