In this interview, Tom Feige, CEO of idRADAR, shares alarming identity theft stories, explains the consequences of getting your identity stolen, offers advice to organizations that want to prevent their employees from becoming victims of identity theft, and more.
What is the most astonishing identity theft story you’ve heard about?
We hear a lot of gut wrenching stories. Kids who have had their identity stolen and used to take out mortgages and car loans. That sort of theft is not discovered until the youngster first applies for a student loan or an apartment and there can be foreclosures or even bankruptcies linked to their name. Job applicants whose application forms were stolen by an ID theft ring that committed lots of fraud using their names. College students whose key data is lost by their university who then encounter major identity theft.
It’s tough to choose the worst case story but perhaps the worst story I’ve heard is the case of a decorated Air Force veteran who worked at Los Angeles airport. He needed a top security clearance to keep his job and when his identity was stolen, he lost that clearance. He lost his job and ended up living out of his car while he struggled to correct an erroneous background check that linked him to crimes he never committed. Everyone should guard their identifying information closely but when your job depends on it, the need doubles.
Some consequences of identity theft can be quite severe. What should people be most worried about?
There’s a lot of focus these days on credit card data lost in breaches like Target and PF Chang’s. Having your card compromised is a major nuisance but it is not the biggest issue in my view. Losing your Social Security number or your medical insurance number yields far worse damages and in some cases, it can even be life threatening or land you in jail. For example, when someone steals medical services using your name that contaminates the valid medical data in your health file. You could find your insurance benefits exhausted when you need them most.
A criminal could get a driver’s license in your name and end up with a warrant being issued for you, not the thief. That’s what keeps me up at night—the prospect of a family member losing their data that cannot be cancelled or replaced. The potential for identity theft—even criminal charges being falsely linked to your name–is the biggest concern.
What advice would you give to organizations that want to prevent their employees from becoming victims of identity theft?
For organizations, the top issue is probably staff time lost. When a worker has a credit card compromised or worse, that worker’s not focused on work. Companies would benefit twofold from increased data security training for their staff. First, those workers could better protect the firm’s data from an accidental or sloppy breach saving the company a great deal of money. Then the workers themselves might carry over their increased awareness to beef up their data security practices and prevent time-consuming breach mitigation for their own accounts.
I see a day in the very near future where companies will offer identity protection services and password manager tools to their team members as a company benefit. It could greatly reduce the sort of ID theft that takes lots of time off to correct.
How has identity theft evolved in the past few years? Do you expect the threat to grow in the near future?
In recent years, the threat has mushroomed both in terms of the number of attacks and the financial resources targeted. Increasingly, hackers seek out and compromise legitimate user credentials to gain access to protected systems. It could be access to credit bureau files or payment processing files.
In the Target breach, it was a heating and air conditioning vendor that was exploited to gain entry. Eventually thieves grabbed data on over 100 million individuals. ADP payroll processing services experienced a rash of credentials-related breaches in the past two years, as has Experian, one of the Big Three credit reporting agencies. Another new trend is targeting smaller payroll processing companies directly to access their servers.
One recent data breach involving PayTime Payroll of Harrisburg PA hit over 200,000 worker files dating back to 2008. It encompassed both current and former workers of PayTime’s clients as well as some dependents and beneficiaries. Payroll data is probably the mother lode of personal data. It’s the ID thief’s complete tool kit.
As long as the hackers can make money, they’ll continue to seek out these obscure weak links and drill in. I do expect the threat to grow in future years because most firms still have their heads in the sand when it comes to bolstering their IT department. Yes, it costs money to do so but it’s money well spent because tighter security will protect your clients, your reputation and your bottom line. It’s disheartening to see how many CEO’s still turn a blind eye to the problem until it’s too late. As the former CEO of Target could tell them, their job’s also on the line if there’s a massive breach.