Thursday, March 03, 2005
Identity thefts at ChoicePoint Inc. and security failure at Bank of America Corp. reflect a fundamentally flawed system for handling sensitive data, s
(BOSTON -- March 3, 2005 -- IDTheftSecurity.com) Tapes of Bank of America Corporation's financial information for 1.2 million people, including a number of U.S. senators, have been missing since December 2004. A deep, yearlong breach of security led to identity theft at Georgia-based ChoicePoint Inc. more than four months ago. In both cases, law enforcement officials told the companies to delay informing affected customers. Members of U.S. Congress have responded to the gravity of these crimes by calling for hearings.
"Identity theft has become a pandemic," says Robert Siciliano, as quoted last week on CNBC's "Closing Bell." A Boston-based personal security and identity theft expert, Siciliano added, "The U.S. needs to improve the rules that govern when and how companies and law enforcement inform those whose identities may have been stolen." Nationally televised and quoted, he is the author of "The Safety Minute: 01."
Loss of customers' financial information leads to government reaction
"Legislators have been slow to respond to the dangers of identity theft," says Siciliano. "When information so critical to individuals, our economy, and the security of our nation is bereft of order, bad things happen. Companies resort to the least cost-intensive ways of doing business."
He added, "This can frustrate consumers. Someone wishing to precipitate government action could achieve the objective by heisting 1.2 million identities from a major bank."
The Boston Globe's Sasha Talcott paraphrased Senator Charles Schumer (D-NY), who posited that commercial airline flight baggage handlers swiped Bank of America's tapes. CNET, Reuters, The Associated Press, and others report that other members of U.S. Congress have joined Schumer in his concern over security breaches at Bank of America and ChoicePoint. FOX News' Kelley Beaucar Vlahos reports that Democrats and Republicans alike plan to look into industry shortcomings and explore possible improvements.
"Schumer and 38 attorneys general have reacted to ChoicePoint's security problems as if this is something new," says Siciliano. "These are their knee-jerk responses. For four years, I've been screaming about the danger of precisely what has now happened with Bank of America and ChoicePoint. Schumer and friends are just now coming out of the woodwork."
He added, "Security is about being proactive and protecting your constituents before something happens. It is not about showing up when the cameras are on to clean up a mess that should have never happened."
Bank of America responds, but the theft of information in transit has precedent
"Security measures in place, as the past month's events demonstrate, are insufficient at best and, at worst, nonexistent," says Siciliano.
The implication of Schumer's statement is that banks routinely transport their customers' sensitive data via insecure means. As reported by Paul Nowell of The Associated Press, Bank of America believes the tapes were simply lost and has unearthed no foul play related to the information on these missing tapes. A spokesperson for Bank of America, quoted in major publications across the country, says, "The investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused."
Theft or loss of sensitive information in transit has precedent. Just last week, for instance, the San Diego Union Tribune reported that a U.S. mail carrier stationed in California was arrested on suspected identity theft that he allegedly committed in exchange for drugs.
"The motives to lift people's identifying information are legion," says Siciliano. "The identity thief may be a junkie. She may need the money. He could just be a kleptomaniac. It doesn't matter. Information is susceptible."
Law enforcement's needs and the interests of company executives may conflict with timely communiqués to the public
The Bank of America investigation began in December when bank officials alerted the Secret Service that tapes were missing. It was only this week, as reported by The Dallas Morning News' Pamela Yip and others, that the Secret Service allowed Bank of America to inform customers.
"We cannot rely solely on law enforcement as the solution to the problem of identity theft," says Siciliano. "As we see, companies can follow procedures by the book and still wait too long to inform victims. While law enforcement officials are doing everything they can, the real answer is to change the system of reporting."
ChoicePoint spokespeople say law enforcement asked the Georgia-based company to delay efforts to inform the public. During the meantime, executives at the company made questionable stock sales equaling a total of $16.6 million, reports Associated Press writer Harry Webber and others. The revelation, made after ChoicePoint's problems became public a couple weeks ago, has fueled suspicions that ChoicePoint could have done more, and sooner, to protect the integrity of identities at risk.
"It's understandable for law enforcement officials to seek the benefit of a low profile as they investigate and perform due diligence," says Siciliano. "They want to make sure their ducks are in a row. They certainly don't want to cry wolf."
"Bank of America discovered in December that its tapes were missing and, working with the security-obsessed Secret Service, notified affected bank clients within two months," Siciliano added. "ChoicePoint waited four months. For ChoicePoint to attribute this to reasons similar to Bank of America's is specious at best. What's bothersome is that ChoicePoint executives managed to make a killing in stock deals during the meantime. Something smells funny. Investors should be screaming bloody murder."
ChoicePoint's slow response and the massive scale of the crime against the company have encouraged a California woman, as reported by Reuters and in the Los Angeles Business Journal and elsewhere, to sue ChoicePoint over the theft of her identity. Her suit could reach class-action status to cover the losses of the thousands others whose sensitive personal information may have been compromised.
"How would you like to be sued by about 150,000 people?" Siciliano asks. "We need to develop a strategy to let consumers know when their identities have been stolen. A class-action suit on this scale would destroy any company. It is time for industry to stop playing chicken with identity theft. Profitable only until disaster strikes, the game then invites the lawyers to swoop in and ends."
ChoicePoint's is no stranger to litigation. Justin Rubner of the Atlanta Business Chronicle reports the company "has been involved in at least 11 lawsuits since 2000 involving possible misappropriation of information."
Identity theft traces to organized crime and poses a threat to national security
On February 22, The Seattle Post-Intelligencer published a report, written by Bob Keefe of Cox News Service, on organized crime's link to the Internet. Well-known organized rings such as the Gambino crime family have tried their hands at consumer fraud. Newer players from Russia, Africa, Argentina and elsewhere have thrown their hats into the ring as well.
"Security failures such as ChoicePoint's and Bank of America's will continue to happen," says Siciliano. "It is up to business leaders and government officials to clamp down on identity thieves."
Last month, Robert O'Harrow, staff writer at The Washington Post, reported that ChoicePoint and companies like it are beginning to operate as private intelligence services for national security and law enforcement tasks. FOX News' Kelley Beaucar Vlahos now reports that ChoicePoint is, in fact, a major government contractor providing important background check support to Homeland Security activities.
"The potential for identity theft is the Achilles' heel of our national security," says Siciliano. "In light of these companies' inability to secure citizens' financial and identifying information, observers have to wonder how safe any of us are."
Siciliano is available to discuss identity theft. A speaker who leads seminars nationwide, he has appeared on CNN, MSNBC, FOX News, CNBC, "ABC News with Sam Donaldson," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael" and "The Howard Stern Show." He has been quoted in Reuters, RealtyTimes.com, Woman's Day, Good Housekeeping, Mademoiselle, The New York Post, The New York Times, The Washington Times, and elsewhere.
Siciliano can be reached at 1-888-SICILIANO (742-4542). The following URLs will take readers to his Web site and information about his work:
Main Web site: http://www.IDTheftSecurity.com
Siciliano's biography: http://www.idtheftsecurity.com/PDF/11x17_1wc.pdf
Siciliano's contact information follows:
Robert L. Siciliano
Personal Security Expert
phone: 888-SICILIANO (742-4542)
fax: 877-2-FAX-NOW (232-9669)
The media are encouraged to get in touch with Siciliano directly. They may also contact:
STETrevisions, strategic communications
Brent W. Skinner, President