Identity theft

News earlier this week that the British Government has managed to ‘lose’ details of 25 million individuals has raised awareness of data leakage and identity theft. If the information was to fall into the wrong hands it could have significant implications to a large proportion of the UK population (although its currently thought that the disks in question are still lost somewhere in the internal post of Her Majesty’s Revenue and Customs).

Whilst I wouldn’t want to underestimate the seriousness of this blunder, lets put it into context. The huge growth in connectivity in the UK and the rest of the world and the subsequent increase in compromised machines is just as big a concern for me at least. The fact that a 21 month old piece of malware is still accounting for a significant proportion of the malware seen on our spam traps and the continuing growth in spam volumes show that there we still have a long way to go in protecting users from online identity theft.

Even if those 25 million details did fall into the wrong hands, its an awful lot of data to sift through to find the best identity to take over. Whereas a few thousand infections, that collate personal details including bank balances makes the selection (and therefore value) a lot easier.

I was at a recent seminar organised by Experian on fraud, which included an on stage interview with a former fraudster that proved to be a real insight. Having just moved house, I realised how easy it could be for someone to register for a credit card in my name if an ‘invitation’ was sent to my old address.

For the consumers of Britain or anywhere else for that matter there are a host of precautions that should be taken to minimize the risk of identity theft (shredding personal documents, ensuring mail is forwarded when moving, notifying organisations of change of address, etc). There is a wealth of advice for the consumer out there, including GetSafeOnline.org, CIFAS and others (The home office have a good document here).

So whilst data leakage events like this are deeply concerning and embarassing to the organistion they are very much out of the control of the individual, there are however a host of things the individual can do to prevent becoming a victim, not least of which are of course to ensure their home computer is secured.