MICHIGAN PERSONAL DATA LOSS GROWS Personal data loss grows but actual victims are few:

Personal data loss grows but actual victims are few

Potential for crime is still there, authorities warn, with nearly 73M people missing records.

Steve Lohr / New York Times

In the past year or so, the personal records of nearly 73 million people, from Social Security numbers to credit-card accounts, have been lost orstolen. The total is the equivalent of nearly one in four Americans.

But while high-profile data breaches are common, there is no evidence of a surge in identity theft or financial fraud as a result. In fact, there is scant evidence that identity theft and financial fraud have increased at all. Even when computer networks are cracked into, and troves of personal information intentionally stolen, fraudsters can typically exploit only a tiny fraction of it.

Credit-card fraud is the most common crime of identity thieves, accounting for about two-thirds of cases. Banks and credit-card systems like Visa and MasterCard say they have seen surprisingly little fraud traceable to incidents ofcomputer data lost or stolen.

"The threat of identity theft from data losses is being greatly exaggerated," said Fred H. Cate, the director of the Center for Applied Cybersecurity Research at Indiana University in Bloomington. "And that's because a lot of people have fallen into the trap of equating data loss with identitytheft."

There may be a longer-than-expected lag between data breaches and online crime, law enforcement authorities concede.

But all the personal information lost or stolen, they warn, is an ominous development. "We don't have the correlation to crime yet, but the potential is certainly there," said Raul Roldan, an FBI agent and section chief at the government's Internet Crime Complaint Center.

"Look at the crime on the Internet," Roldan said. "Most all of it is initiated by misusing identity information to disguise, mislead or impersonate someone else" -- from pornography to phishing, a fraud that usually involves using phony e-mail messages or Web sites to get a person's bank account or credit-card numbers.

One explanation as to why there has not been more crime, some computer security experts say, is that the volume of personal information lost or stolen might not have increased much over the past year or two. What has changed, they contend, is the attention given to data breaches.

"What's happened in the last 18 months is not an explosion in data loss and data theft," said Mark Rasch, a former Justice Department prosecutor who is now a legal consultant in Bethesda, Md., specializing in computer security. "It's an explosion of laws requiring notification of data loss."

Identity theft is not predominantly a computer crime, at least not yet. The most common forms of data loss, surveys say, are lost or stolen credit cards, wallets or checkbooks. In most cases, identity thieves are family members, relatives, neighbors and co-workers. It seems that toxic social networks -- not leaky computer networks -- are the real hazard.

"Even if you solve the data breach problem, you will solve only a small part of the identity theft problem," said Mike Cook, a co-founder of ID Analytics, a San Diego company that provides fraud-detection services to banks, cellphone operators and other companies.

Yet Cook, like other security experts, predicts a looming problem as more commerce moves to the Internet, a virtual marketplace of faceless transactions and instant credit.

Data breaches vary considerably, and so does the risk that financial fraud or identity theft may result. Customer or employee records on a computer disk or tape that have simply been lost in shipment -- fallen off a truck, for example -- are at little risk, computer security experts note.

Visa and MasterCard report that about 2 percent of the card accounts lost or stolen in the past 18 months have been used to make fraudulent purchases. That is within the range of the 1.5 percent and 4 percent of consumers who reported being victims of financial fraud or identitytheft, surveys say.