Now that 2011 is over, all sorts of organizations are writing up summaries of what happened last year. It would be silly to ignore the opportunity to talk about identity theft, now that we’re tracking a fresh year. Although the official FTC report won’t be out for another month or so, we can look at some of the data breach statistics from 2011 to get a feel for what the FTC report may tell us.
At the top of the list, we saw the latest morph of the card-skimming schemes that have been so popular at gas stations for a couple of years. December of last year, it came to light that hackers had installed card-skimming technology in grocery store self-checkout machines. The scam is being called the “Lucky Scam”, after the grocery store chain that had first reported their clients were victims.
The Lucky Scam represents another modification in identity theft strategies, as identity thieves continue to target the behavior patterns of the average consumer. Schemes like the Lucky Scam primarily lead to financial identity theft, targeting bank accounts. The loss here is considered minor, but also more direct; minor, because the money taken is usually just a few hundred dollars, direct because if you fall prey to this type of scam, there is a near 100% chance of being a victim. (Besides, in today’s economy, who can afford to have a few hundred dollars stolen? A technically “minor” theft like this can escalate in a downward spiral, forcing homes into foreclosure and loss of employment.)
Unfortunately, we can expect to see more reports of the Lucky Scam affecting shoppers, and impact could reach into unemployment, welfare, and social outreach programs like food stamps. Taking information from a magnetic stripe in a skimming scam means any card program is vulnerable to attack. Indirectly, states will begin to feel the identity theft squeeze as benefits start to hemorrhage out of their clients’ pockets.
Data breaches are always important with regards to identity theft. Less personal and not always directly impacting the victim, data breaches merely increase the likelihood of becoming a victim of identity theft. The Identity Theft Resource Center (ITRC) has been tracking data breaches for years now, and their numbers show 419 breaches reported in 2011, compromising 22,918,441 records, an average of almost 55,000 records per breach. For comparison, in 2010 there were more breaches (662) reported, but fewer records (16,167,542), averaging 24,000 records per breach. So some statistics will once again say identity theft is in decline because there were fewer reported data breaches, but in actuality identity thieves are getting more records per breach, which means they are getting better at picking their targets.
Businesses also showed growth in their roles, accounting for nearly half (47%) of the breaches that were reported last year. With over 7 million records lost, business identity theft will continue to be the biggest concern for consumers.
Our government represented the second highest risk of data breach, losing 44% of the 23 million records compromised last year. This seems to be in keeping with your Guide’s thoughts about the increasing exposure of risk as more and more socialized programs are rolled out. Perhaps the Social Security Act of 2010 will make a difference once state and federal agencies begin implementing it, but 2011 has to go down as an epic fail in that department.
The other thing that caught your Guides eye while crunching numbers for this article was the fact that medical identity theft more than doubled in 2011, and the average number of records lost per incident went from nearly 12,000 in 2010 to over 43,000 – close to tripling. This, too, is in keeping with the forecast that medical information will continue to be more and more exposed to risk as socialized healthcare programs are implemented, forcing the sharing of medical information through increasing numbers of hands as the convoluted oversight process evolves.
In all, 2011 may have been a record-setting year when it comes to identity theft, if the data breach numbers are any indication of how the identity theft numbers will come out. Until the official FTC report is published, though, this is just your Guides opinion.
