Is your personal data next?

Another day, another massive data leak. Another 100,000 or so Americans exposed to identity theft. And still, we don't seem ready to talk about the real problem: Consumers are being forced to live in the personal data flood plain, often against their will. And the river keeps rising. 

What's more, however bad the news may sound now, the size of the problem has been generally underestimated . Companies have shown a tendency to lowball the size of the data theft flood in their initial disclosures. For example:

• On Feb. 14, ChoicePoint Inc. said its data theft involved 30,000 to 35,000 people, and only California residents were involved. Only later did the firm admit the crime involved about 150,000 people all around the country.  
• On March 9, LexisNexis said information about 30,000 people had been stolen from its databases. The number was revised upward to 310,000 on April 12.
• DSW Shoe Warehouse told the world 100,000 credit card numbers were stolen in early March, only to reveal last week that the true size of the theft was more like 1.4 million. 

WHO'S BEEN HIT Data breaches Data brokers, universities, shoe stores, even the DMV can expose your personal information. See who's been hit.

The data loss flood isn't just a problem for corporate America, either.  More than 100,000 people were exposed by data thefts at The University of California at Berkeley, and at Boston College. Other massive data thefts at Chico State in California, George Mason University, and the Las Vegas Department of Motor Vehicles each exposed tens of thousands of consumers. In Las Vegas, criminals actually drove a car through an external wall in the building to race inside and steal blank IDs and data.

The obvious question must be asked -- at some point, will everyone's identity be stolen?

That's not as far fetched as it sounds. The Federal Trade Commission estimates that 27 million Americans were victims of some kind of ID theft in the past five years. Other studies suggest 1 in 20 U.S. citizens had been hit by this kind of electronic fraud.  Last year, an industry group suggested that about 100 million credit card numbers had been stolen in one way or another.

The numbers are staggering. Just adding up the news from 13 recent high-profile data theft incidents shows 5.2 million consumers were exposed to identity theft through data leaks. It's undeniable that high-tech financial firms are selling, sharing, and hemorrhaging personal data like a leaky dam. But yelling at the leaky dam won't do much good, and neither will spackling over the holes. A more fundamental change is needed.

The data is too valuable
Theft of personal data is prevalent for one simple reason: the data is incredibly valuable. It's time Congress and U.S. financial institutions take an honest look at why that is, an honest look at the only reason anyone wants to steal all that personal data in the first place: the free-flowing, overflowing issuance of instant credit.

Today, consumers can walk into virtually any electronics store with an empty wallet and walk out with a $3,000 television set in a few moments. Often, all that's required is a Social Security number that happens to be attached to a decent credit rating. As long as these stolen nine digits are worth $3,000 or more, criminals will always find a way to take them.

Only meaningful reform of the way our nation distributes instant credit will change this equation. Hackers will always steal what's valuable; only by de-valuing personal information like Social Security numbers will the rash of high-tech data thefts stop.

The credit and retail industries fear any interruption in the free-flow of credit, saying it will cut down on consumer impulse buys. So we sacrifice the privacy of millions to protect the ability to spend much of our future earnings in an instant. It's time to openly debate the wisdom of that trade-off.

MORE FROM SECURITY

Security Section Front

Check your junk mail: Might have a contract in it FTC warns of increase in Internet scams Man indicted in hacking of Palin's e-mail Tiny flash drives improve their security Fake YouTube pages used to spread viruses EU proposes more rights for Internet shoppers Gmail 'Mail Goggles' stymie drunk e-mailing Fraud plagues prepaid calling card market GPS 'spoofing' could threaten national security Chinese snoop on Skype, but are they alone? Security Section Front   Add Security headlines to your news reader: