Vontu Urges Presidential Signature On First Bill That Seeks To Stem Rising Tide Of “Insider” ID Theft
As Recent AOL Case Shows, Insiders Armed with Only a User Name and Password Can Access, Steal Millions of Consumer Records with the Click of a Mouse
SAN FRANCISCO – June 28, 2004 – Vontu Inc., the innovator in the new Data Firewall category of products that strengthens information security by guarding against data leaks from the inside, today urged President Bush to take the historic step of signing the first federal law that addresses the growing challenge of “insider” identity theft.
The increasing amount of sensitive data being stored in databases, combined with widespread employee access to communication tools like Email, web and IM have created the “perfect storm” of a security threat – namely, easy information leakage from the inside. Whether accidental or intentional, the insider threat is contributing to the growing problem of identity theft and putting customers and companies at risk.
“I commend Congress for supporting the first Bill to address the havoc insider threats can wreak on businesses and consumers,” said Joseph Ansanelli, CEO of Vontu. “Identity theft losses affect the backbone of our economy with losses to ordinary consumers amounting to billions each year. We urge the President to quickly sign this Bill so that not another day is wasted in establishing stiffer penalties for insiders who steal personal information and commit identity theft.”
The Identity Theft Penalty Enhancement Act was passed by the House on June 24. The U.S. Senate passed the legislation the following day, June 25, by voice vote. The legislation, sponsored by U.S. Representative John Carter (TX-31) a former federal judge, is aimed at thwarting the epidemic of identity theft by increasing the punishment of and establishing a new crime of aggravated identity theft.
The passage of this bill marks the first time Congress has focused on the real, growing problem of identity theft caused by insiders. A recent study by Michigan State University, notes that up to 70 percent of identity theft cases are caused by insiders with legitimate access to sensitive consumer information.
The Cost of Insider Theft
Both businesses and consumers are victims of the growing epidemic of identity theft. According to the Federal Trade Commission, business losses amount to $45 billion per year. On average, individual victims lose between $500 and $1200, for a total annual loss to consumers of $5 billion. Victims typically have to spend between 30 and 60 hours to resolve their own identity theft problems.
Cases of Insider Thefts
The Identity Theft Penalty Enhancement Act could not have come at a more appropriate time. The very day that the House passed the measure, law enforcement officials were announcing arrests of suspects in a case where an insider used access to the corporate network to steal 92 million e-mail addresses and other personal information.
Last year a University of Texas student who was trusted with access to the university’s database stole 55,000 Social Security numbers. Perhaps the highest-profile case of insider identity theft broke in late 2002, when the Department of Justice charged a help-desk worker at financial data company Teledata Communications Inc. with fraud and conspiracy in connection with an identity-theft scheme that involved more than 30,000 victims. The worker allegedly used his insider status to access thousands of credit reports, which he sold for $60 apiece through a co-conspirator.
New Research Shows Insider ID Theft Poses Serious Risk to Consumers
“Predator Profiles,” a soon to be published report from the Michigan State University Identity Theft Lab, outlines the behavioral and psychological traits of identity theft criminals. One of the major findings of the study is the real source of identity theft is in the workplace. At least half and perhaps up to 70 percent of identity theft is facilitated through the workplace. Perpetrators extract the sensitive data from loosely protected databases and government records. Financial institutions, medical facilities and government agencies are the most often targeted industries. As sensitive information is increasingly being exported for outsourcing this survey reports the cases of identity theft are expected to soar.
The survey also found that most of these perpetrators did not act alone. Sixty percent are part of identity theft rings and 5 percent are tied to terrorist groups. The behavioral element of the survey also reported that 15 percent of identity theft cases are used to facilitate a violent crime.
Vontu provides Data Firewall solutions to help global enterprises protect critical customer and company information from insider leakage. Vontu’s flagship product, Vontu Protect, acts as a security checkpoint at every exit on the corporate network, monitoring email, Web mail, Web posts, instant messages, FTP and other electronic communication channels for leaks of sensitive information. By accurately identifying incidents of information disclosure and security policy violations as they happen, Vontu helps companies avoid regulatory fines, lawsuits, lost business, public embarrassment and other consequences of unintentional or malicious data leaks.