Consumer Federation of California

2/18/16 update: Nearly three out of every five Californians had their personal data exposed in 2015, according to this report just issued by the California Attorney General’s Office.

The first month of 2016 closed on an ominous note for anyone concerned about identity theft, an increasing threat to our privacy and financial security: Six computer hard drives belonging to the health insurer Centene disappeared, along with names, Social Security numbers, confidential health records and other identifiers for 950,000 patients, the San Francisco Business Times reported.

February began with this warning from The Wall Street Journal: “To the list of things we wish we could shield children from, add identity theft,” the paper advised. “Cyberthieves target children because their identities offer a clean slate with which to apply for bank accounts, credit cards or loans, government benefits and tax breaks. Criminals will often combine a child’s Social Security number with a fake date of birth and address to avoid suspicion, experts say.”

The scary start to 2016 tracks an alarming trend. The Federal Trade Commission (FTC) received over 490,000 complaints of identity theft in 2015, 47% more than the year before. The FTC attributes much of the spike to fraudulent income tax returns – a good reason to file early, before your tax refund falls into the wrong hands. The FTC recently opened a new Internet portal, identitytheft.gov, to help victims report and recover from this growing crime.

But the identity theft victims who reported the crime to the FTC are just a fraction of the 12.7 million adult victims nationwide in 2014, including over 1.5 million in California, according to the California Attorney General’s Office Identity Theft Web page; a yearly report from the AG’s office for 2015 is expected soon. And even those statistics vastly understate the scope of the problem.

Number Of Stolen Records Since 2005 Could Top 1 Billion In 2016

“My educated guess is that nearly every adult in the U.S. has been affected by at least one breach involving their Social Security number and/or sensitive personal financial information. Most people have likely been affected by more than one breach,” Beth Givens, Executive Director of the nonprofit Privacy Rights Clearinghouse (PRC), told Consumer Federation of California.

PRC’s website is packed with information on data breaches and how to limit your exposure, as well as protective steps to take when they do occur. The website’s interactive Chronology of Data Breaches counts more than 4,700 reported incidents since 2005, exposing nearly 895.7 million individual records – names, addresses, birth dates, credit card numbers and/or other personal information. Givens expects the count to top 1 billion this year, and she points out that even these numbers are low. Many, if not most, breaches go unreported.

Medical ID Theft

Medical identity theft may be the most lucrative. Hackers target health care records more than any other facet of the nation’s economy, one expert told San Francisco Business Times reporter Chris Rauber.

“Confidential health care data can sell in murky portions of the Internet for $10 to $50 per record — far more than the roughly $1 a simple credit card number is worth. Medicare records are even more valuable … and can sell for as much as $470 per record,” Rauber wrote.

PRC’s executive director explained why.

“Personal data collected and held by health care institutions is highly sought after by criminals because it’s so rich and robust,” Givens said. “It usually includes, names, addresses, Social Security numbers, dates of birth, the medical information itself, even financial account information – also the names of family members who are in the same health plan.”

A breach reported last February at Anthem Inc., the nation’s second-largest health insurer, “was probably the biggest one we know of for 2015,” Givens continued. “It put 80 million enrollees’ data at risk, including an estimated 8 million past or present members in its Anthem Blue Cross plan in California.”

How’s the outlook for the rest of the year shaping up?

“I think health care institution breaches will continue to be big stories in 2016. Security experts point out that many such institutions are not strongly secured against hacking attacks, even insider fraud. And of course, the bad guys will pick off the low-hanging fruit when they can,” Givens observed. “Other targets that are likely to continue to be attacked are educational institutions and government agencies. These institutions, unfortunately, are not funded well enough to spend sufficient money on security.”

This Consumer Federation of California Education Foundation portal has more identity theft information and links.

Tags: Banks, California Attorney General's Office, CFC, Children, Data Breach, Federal Trade Commision, Identity Theft, Income Tax, Medical Privacy, Online Privacy, Privacy Rights Clearinghouse