It’s a recurring headline: Some imbecile loses a hard drive or a cellphone, and suddenly millions of people are at risk for identity theft.
In the first three months of this year, this happened to at least 8.3 million consumers, according to the Identity Theft Resource Center in San Diego.
Last month, Colorado’s CollegeInvest said it was missing a hard drive with sensitive ID info on about 200,000 of its student-loan clients. And the Arapahoe district attorney issued a fraud alert after learning that Cove Creek Mortgage Co. threw customer files in a Dumpster after closing its doors.
The files included names, addresses, Social Security and bank- account numbers — the stuff one puts on a mortgage application.
Not to worry. Odds are nobody bothered to peek.
“Of claims I have handled, only in a minority of instances did data end up in the hands of criminal activity,” said Emily Freeman, executive director of technology risks for Lockton, an international insurance and risk-management company.
Nevertheless, any company responsible for such a breach can expect to pay a steep price.
The mitigation process begins with a groveling letter.
“When you send out a letter to the affected group, your brand and reputation is now seriously on the line,” said Freeman. “Customers are fearful about continuing their business relationship.”
That’s why companies in this unenviable position usually offer to pay for a credit-monitoring service. Then, by the time they hire lawyers to deal with regulations in multiple states, and perhaps a crisis-management PR pro or two, the initial costs of a security breach come to $90 to $305 per person, according to Freeman.
Lose a million names — and you just might lose $300 million.
“And you haven’t gotten to the lawsuits,” said Freeman, who is in the business of selling insurance to cover this risk.
Fear runs high whenever data disappear, because organized crime has made quite a market in stolen data. The competition is so brutal, the industry appears to be moving toward “volume discounts,” almost like Costco.
The price of a stolen credit-card number fell to 40 cents last year, and stolen access to bank accounts went for $10, according to a recent Internet Security Threat Report from Symantec Corp.
Last month, the Secret Service spied a Mexican diplomat taking about a half-dozen BlackBerrys from White House aides during a North American Leaders’ Summit in New Orleans. Apparently, people attending these meetings are required to check their cellphones in a non-secure place by the door.
Rafael Quintero Curiel said it was all a mistake when agents caught up with him at the airport.
He said he thought all of these devices had been inadvertently left behind and that he wanted to get them to their rightful owners.
He claimed diplomatic immunity and jumped on a plane. He was fired after arriving in Mexico. An investigation continues.
It’s hard to imagine there was anything on White House BlackBerrys of any value.
Al Lewis: , 303-954-1967 or alewis@denverpost.com
