US INFORMATION WEEK ARTICLE ON DATA BREACHES AND THE FALLOUTInformationWeek > Customer Data > Breach Of Trust > May 3, 2004Data breaches are a constant threat and put companies in danger of losing their most valuable asset: customer trust
By George V. Hulme



When Christina Guilbert got a call from her bank in March about an attempt to steal money from her account, she was alarmed--and suspicious. How could someone access her account from an automated teller machine in England when her ATM card was in her home in Boston? Was the caller really a bank representative or a thief fabricating a story in an attempt to get account information from her? "With all of the scams on the Internet, I knew they could try the same thing using the phone," Guilbert says.
Guilbert had the bank rep confirm his identity by providing information on a recent transaction on her account. The bank blocked the attempted withdrawal, but Guilbert, who works at a public-relations firm, still doesn't know how the overseas thief got her account information. Guilbert's faith in doing any kind of business online has been destroyed. "I was concerned about shopping online before; now I won't shop online at all," she says.

The shift to Internet-based customer transactions and electronic storage of customer data provides huge improvements in speed and convenience for consumers and efficiency for retailers and service providers. But it's also creating new opportunities for criminals. With so many ways for personal data to leak out, from a hacker attack to a stolen company laptop, and identity thieves increasingly effective at quickly exploiting any breach, companies are struggling to hang on to their most precious asset: customer trust.

A scan of news headlines in recent months illustrates the problem, and they represent only the breaches the public learns about. On March 12, GMAC Insurance, a division of GMAC Financial Services, informed about 200,000 customers that personal data, such as Social Security numbers, home addresses, and credit scores, was contained on two laptops stolen from an employee's car near Atlanta. One GMAC customer, who requested anonymity, says he placed a credit alert on his credit file with three reporting agencies so he'll know of any suspicious activity. But GMAC has already lost his trust. "I'm moving my business and requesting my information be purged from their database," he says via E-mail.

Also in March, more than 1,400 Canadians were notified by credit-reporting agency Equifax Canada Inc. that a data-security breach had exposed their personal information. In November, computer systems containing customer information were stolen from the offices of a consultant doing work for Wells Fargo & Co.