ONTARIO STOLEN PERSONAL DATA HAS A VALUE You're worth $18 on identity market
| |
| The Ottawa Citizen |
Monday, March 19, 2007
You might think your identity is priceless, but according to a study being released today, you're wrong -- it's only worth about $18 U.S.
The study, by computer security firm Symantec Corp., found that the paltry sum was the going rate for a person's personal banking and credit card information, birth date and social security data. The firm also found that much of that data may have been stolen from government offices.
Symantec says thousands of Internet chat rooms and websites openly sell credit card and personal information for the purpose of identity theft -- and are doing plenty of business.
Many of the sites can be found using the Internet Relay Chat program that is similar to MSN Messenger or AOL's Instant Messenger software. Simply search for "#cc" and hundreds of websites will pop up.
"I have valid CC (credit card) and bank loggins (sic)," bragged one person asking interested parties to contact him at hotty_stuffin@yahoo.com.
"Anyone interested in buying operative USA, UK & Canada CC with billing info and CVV (a credit card security number): harvesting_tom@yahoo.ca. Reasonable prices," bragged another.
Symantec, the company responsible for the popular Norton Anti-Virus program, says it monitors many of these Internet properties to better understand identity theft.
The findings are part of a 120-page semi-annual report on online security issues and threats. The report focuses on problems that emerged during the last six months of 2006.
"Bad guys have a tendency to want to brag a bit," said Dean Turner, executive editor of the report. "All of the information we gather is in public Internet Relay Chat servers. ... They are filled with lots and lots of people."
An individual's credit card information, by itself, will sell for between $1 U.S. and $6 U.S. on any of these chatrooms, Mr. Turner said. An entire identity can be bought for as little as $14 U.S.
Even more disturbing is where the personal information comes from, he said.
According to Symantec, governments were responsible for as much as 25 per cent of all leaked information that could be used by criminals to perpetrate identity fraud.
The second and third biggest contributors to data loss are the health care industry (20 per cent) and educational institutions (14 per cent), Symantec says.
And most of the information isn't going to hackers who break into government computer systems. About 54 per cent of all data lost is just being carried out the door.
Hacking comprises only 13 per cent of the information that is being leaked.
"The major cause is theft or loss ... stealing hard drives out of machines," said Mr. Turner. "Governments have a wealth of information on various groups and individuals."
With new methods of data storage, it's easy for a person to walk into a government building and steal information, he said. Thumb drives and MP3 players are capable of copying files, while computer terminals in unsecured locations can be pried open by a thief who steals the hard drive and all of the information on it.
He pointed to a 2003 incident in which a thief stole four Canada Revenue Agency computers containing confidential personal information on more than 120,000 citizens.
More recently, a doctor at Toronto's Hospital for Sick Children lost a laptop containing the personal data of more than 2,900 patients in January.
The incident prompted Ontario's privacy commissioner, Ann Cavoukian, to release guidelines requiring all personal data be encrypted before it is moved from an office setting.
"It is certainly something to be alarmed about," said Mr. Turner.
What's worse is that the amount of data loss may be even more bigger than suspected.
According to Mr. Turner, governments, health and educational institutions are required by law to report data breaches as soon as they occur. The private sector is not bound by such rules.
"Look at the Winners' situation, how much time elapsed between the time of that attack and the release of that data," said Mr. Turner. "It's quite disturbing and concerning."
In February, TJX Co., which operates Winners and Home Sense stores, announced that hackers had broken into its systems as far back as 2005 to steal credit card information of shoppers.
About the same time, police and the federal privacy commissioner announced they were investigating the disappearance of a computer hard drive containing the personal information in 470,000 CIBC Talvest Mutual Funds accounts.
In its report, Symantec urges governments and private businesses to require mandatory encryption of sensitive data. That way, even if the information is stolen, thieves won't be able to access it.
While there are no statistics on identity fraud, credit card fraud accounts for more than $300 million in losses every year, according to recent statistics from Visa Canada.
To compile its report, Symantec used information it collected between July 1 and Dec. 31, 2006 from its offices in more than 180 countries and from some of the 120 million users of its security products.
Posts
No comments:
Post a Comment