Monday, August 14, 2006
Earlier this summer, one of the three major credit unions, Equifax Inc., lost one of its own laptops to theft. This event strikes like no other to the core of our data security system’s fundamental flaws. Laptops are no place for sensitive data. And the response from both industry and government to all the breaches prior and since has remained slow at best—and counterproductive at worst. Companies continue in their unwillingness to learn basic lessons. Meanwhile, we’ve seen proposals from government this summer to further restrict access to the credit freeze, a major consumer-empowering tool against identity theft.
On June 20, Reuters and others reported that Equifax Inc., one of the three major credit reporting companies, had suffered the theft of a laptop computer. The machine contained identifying information on the company’s 2,500 U.S. employees. According to the company, the laptop housed no data on the millions of consumers whose credit scores Equifax sets. The company also said the employee was not allowed to store the information on his laptop, but did have authorized access the data.
Equifax is one of the companies whose information databases determine whether we’re good enough to get credit. And yet it seems that their security measures aren’t good enough to keep their own employees’ information safe. We can only hope they will offer those affected more than "free credit monitoring for one year"—the party line, it seems, these days.
We face the cold reality that we must go without much help from industry or government in protecting our own identities. I encourage any consumer to take her identity into her own hand—before a thief takes it into his. Luckily, despite the hurdles that face us, tools are at our disposal at the individual level. We’re going to need them.
Plenty of options exist for consumers to protect themselves. Identity theft insurance, for instance, is a wise choice, and companies should consider investing in password-protected locks for their employees’ laptop computers—that is, if they make the mistake of using laptops to transport personal financial information in the first place.
The Equifax laptop theft followed the loss of a Department of Veterans Affairs laptop containing personal data on millions of U.S. veterans. I encourage all veterans affected by the multiple VA data breaches this year to immediately enroll in IdentitySweep, a service that manages subscribers’ public records while monitoring their credit card information and Social Security numbers. Veterans can go to www.identitysweep.com/vet and receive a full year’s worth of IdentitySweep for only $18, a discounted rate, from MyPublicInfo, the Arlington, VA consumer identity protection company that created the service.