For Immediate Release
CONTACT: R.M. Tracy (303) 648-3496
May 22 , 2007
CONSUMERS ARE PASSING THE COSTS OF ID THEFT BACK TO BUSINESSES
DENVER, Colorado — A new white paper written by Privacy Trust Group President R.M. Tracy and Pat Wood titled Identity Theft and Corporate Information Theft: The Growing Business Liability explains the urgency of businesses needing to examine and update their data security measures. Although previous surveys seemed to indicate that the cost of identity theft or corporate information theft had leveled off or even dropped, this was not what the Privacy Trust Group saw happening. Pointing to rising incident recovery costs and successful lawsuits against companies considered negligent in their protection of consumer information, Tracy shows that businesses of every size are in imminent danger of lawsuits, monetary losses and even failure.
 NGS Consulting co-founder Mark Litchfield says that businesses’ privacy policies are often not backed up by strong security practices. Instead, they are merely “jargon” aimed at giving customers “a warm feeling in parting with their credit card and other associated sensitive material."
A particularly egregious example included in Tracy and Wood’s white paper regards CardSystems Solutions, Inc. Hackers stole customer information from CardSystems, which also failed to comply with Visa and MasterCard security requirements. Visa and MasterCard ceased doing business with CardSystems, effectively putting CardSystems out of business. The FTC also took enforcement action against CardSystems, its first against a credit card processor.
ID and information theft is costing organizations significantly more as thieves get better at their craft," Tracy says. "Companies must take more steps to notify and help consumer to recover. Consumers are still passing the costs of ID theft back to the organizations they see as responsible for the unauthorized access to their information through lawsuits-multi-million dollar lawsuits in some cases. Companies must do more to mitigate the liability they face.
In case companies miss the point, Tracy and Wood highlight just a few lawsuits and their results:
Choice Point – Investigated by law enforcement and the Attorneys General of 19 states. Threatened with suspension of multi-million-dollar state contracts as a result of the theft of their customer information and their failure to quickly notify consumers.
- Tower Records – Lawsuit settlement required them to implement appropriate security, correct misrepresentation in its privacy policy and bi-annual security audits for ten years. Ongoing actions could also result in future fines of up to $11,000 per breach.
- The U.S. Department of Veterans Affairs – Lawsuit for unauthorized access to veterans’ information. The suit requests $1,000 in damages for each person, total $26.5 billion.
- Ligand Pharmaceuticals – Sued by employees when an employee easily obtained access to employment records and used information about coworkers to commit ID theft and credit fraud.
- BJ’s Wholesale – Subject to ongoing FTC enforcement action. Ongoing lawsuits may result in up to $13 million in fines.
- Ziff Davis Media – Paid $500 each to affected customers because information security failures exposed the personal data of thousands of subscribers last year.
- Ford Motor Company and Experian – Unauthorized data access through a partnership resulted in investigation by the FBI.
Most important, Tracy and Wood explain what companies, organizations and government agencies must do to protect sensitive consumer and business information from unauthorized access and protect themselves from similar law suits. For a copy of the 25-page white paper, call R.M. Tracy at (303) 648-0119.
|
