The malicious theft and consequent misuse of someone else’s identity to commit a crime. Identity theft often involves cracking into a system to obtain personal information, such as credit card numbers, birth dates, and social insurance or Social Security numbers of targets and then using this information in an illegal manner, such as buying items with the stolen identity or pretending to be someone else of higher professional status in order to gain special privileges. Identity theft is one of the fastest-growing crimes in the United States and elsewhere around the globe.
On February 21, 2005, ChoicePoint Inc., a data warehouser having 17,000 business customers, had its massive database of client personal information cracked. Consequently, the company said that about 145,000 consumers across the United States may have been adversely impacted by the breach of the company’s credentialing process. The company said that the criminals who obtained access used stolen identities to create what seemed to be legitimate businesses wanting ChoicePoint accounts. The cybercriminals then opened 50 accounts and received abundant personal data on consumers, including their names, addresses, credit histories, and Social Security numbers.
As a result of this case as well as of similar 2005 breaches at the LexisNexis Group (affecting 310,000 clients) and at the Bank of America (affecting about 1.2 million federal employees with this charge card), Discount ShoeWarehouse (affecting about 1.2 million clients), and more than 300,000 identities stolen from universities since January 2005, U.S. politicians, including two U.S. Senators, called for hearings and ramped-up regulations to protect consumers against identity theft. Moreover, the U.S. states are collectively proposing more than 150 bills to regulate online security standards, increased identity theft and fraud protection, increased data broker limitations, increased limits on data sharing or use or sales, and better security breach notification.
On March 4, 2005, White Hat hackers surfed the Web at Seattle University with the intent of harvesting Social Security Numbers and credit card numbers. In less than 60 minutes, they found millions of names, birth dates, and Social Security and credit card numbers using just one Internet search engine, Google. They warned that the use of the right kind of sophisticated search terms could even find data deleted from company or government Websites but temporarily cached in Google’s extraordinarily large data warehouse. The problem did not lie with Google, they affirmed, but with companies allowing Google to enter into the public segment of their networks (called the DMZ) and index all the data contained there. Although Google does not need to be repaired, said the White Hats, companies and government agencies need to understand that they are exposing themselves and their clients by posting sensitive data in public places.
Associated Press. Data Brokerages: LexisNexis Database Hit by ID Thieves. The Globe and Mail, March 10, 2005, p. B13; McAlearney, S. Privacy: How Much Regulation Is Too Much? [Online, May 2, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/ originalContent/0,289142,sid14_gci1083916,00.html?track=NL-358&ad=513148; Shukovsky, P. Good Guys Show Just How Easy It Is to Steal ID. [Online, March 5, 2005.] Seattle Post-Intelligencer Website. http://seattlepi.newsource.com/local/214663_googlehack05.html; Weber, H.R. Criminals Access ChoicePoint’s Information Data. The Globe and Mail, February 22, 2005, p. B15.