Identity Theft Articles

Poorly-Protected Databases Pose As Large An Identity Theft Threat As Criminals

A simple search in a peer-to-peer network can reveal the sensitive information of thousands if databases are unprotected

Each day, Americans see an overwhelming amount of identity theft and fraud cases committed by a criminal or computer hacker. Some are more astonishing than others, as more children and senior citizens are falling victim to the crime at the hands of family members and legal guardians. However, human beings are not the only threat to privacy. As more information is posted and stored online, businesses and government entities that leave their databases unsecured and vulnerable may be jeopardizing the privacy of millions, according to the Wall Street Journal.

Citing a Javelin Research study, the Journal reports that the number of reported identity theft cases rose 11 percent to 11.2 million Americans in 2009. Additionally, the Internet Crime Complaint Center - partially managed by the Federal Bureau of Investigation - reports a 23 percent increase in the number of fraud cases filed, reaching 336,655.

While these numbers continue to rise, the Journal asserts that a higher number of fraud and identity theft cases do not involve criminals hacking into computers, but simply seeking out vulnerable computer systems. For example, Edward Waters College failed to protect the driver's license and Social Security numbers of hundreds affiliated with the school, which were indexed in online search engines, the newspaper said.

Dartmouth business professor Eric Johnson also told the newspaper that he found thousands of names, Social Security numbers and health insurance information on files that were exposed by peer-to-peer networks at the school. This was accomplished easily by entering search terms such as "hospital" into P2P networks such as LimeWire, which can connect to and transmit data directly from other computers.

"There's no hacking or anything like that going on," Johnson told the newspaper. "We were just searching."

Even after removing peer-to-peer networks from certain locations, such as schools, they may continue to jeopardize an individual's privacy if the files were shared with another computer elsewhere.

Understanding the need for greater security, the Federal Trade Commission has mandated that certain sectors, namely those that lend to consumers and hold credit information, create industry-specific guidelines for detecting and resolving cases of identity theft. Though the measure has been pushed back to give legislators more time to examine which entities should fall under the rule, the Red Flag regulations are set to go into effect on January 1, 2011.