I’m mystified that we’re still wondering about the problem of ID theft. Another week, another slew of identity theft victims. This week it’s a scam preying on Stop and Shop customers in Southeastern Massachusetts and Rhode Island. While ingenious in its criminality, the data breach was, from the consumer’s perspective, less dangerous than the breach at TJX Companies last month. Here, it appears that only credit card data was compromised. This is much less dangerous to consumers because credit cards can be canceled and consumers are limited to $50 in liability under federal law.
On the other hand, data stolen from TJX was personally-identifiable, that is, unique to consumers and therefore far more valuable to thieves. Social security numbers and birthdates, when lost, mean that a consumer can have credit opened up in their name, without their knowledge, and suffer significant—sometimes permanent—damage. What’s more, because these numbers don’t change for the life of the consumer – the damage could happen any time, even many years after the data has been stolen.
The breach at TJX mystified me because it seemed so preventable. But it was hardly unprecedented: the Boston Globe, Citigroup, Bank of America, Lexis/Nexis, and Fidelity, to name few, have all experienced serious breaches in the last couple of years that have compromised customer security. Last week, the state disclosed that a former employee of the Department of Industrial Accidents (DIA) retrieved workers’ compensation claimants’ personal information and used that information to commit identity theft.
Given the slowness of both public and private sector data aggregators to adopt secure aggregation and storage policies, the importance of legal protections for consumers can’t be overstated. Two provisions are critical to any legislation trying to protect consumers from financial identity theft.
One of the most important protections needed is the so-called “notice provision.” If a private or public entity storing your personally-identifiable information suffers a loss or theft, this requirement assures that you will be notified, along with the type of information lost or stolen. Without notice, you won’t know that you need to take protective action. It’s important to note that there is no mandatory notice provision in Massachusetts right now. Stop & Shop, the Boston Globe, TJX, and other companies who have been breached never had to notify Massachusetts consumers about their compromised systems. It is commendable that they did, because at least consumers will be on notice about the threat to their personal information.
Unfortunately, right now there is little a Massachusetts consumer can do upon learning of such a breach of their personal data. Federal law allows consumers to notify the three national credit reporting agencies (Experian, Equifax, and TransUnion—see below for more info) and have a fraud alert “flag” placed on their report for ninety days. This does not stop anyone from opening credit in your name; it is a mere notice to those checking the credit that suspicious activity may have occurred. Upon seeing this, a creditor is supposed to double-check the person’s identity, by asking additional questions or requesting to see their ID. How often this happens, we will never know, because it is not mandatory that creditors do this.
Great law, no? Protects you from theft after you’ve been a victim of theft—something akin to closing the barn door after the horse has already gotten out. And if you haven’t yet been a victim, what can you do? Not much.
In addition to notice, consumers need a real right to a “security freeze.” A security freeze allows us to limit third party access to our credit histories, in essence requiring our consent before the agency can share our history with a third party. In practical terms, this means we’ll have the right to limit thieves from opening accounts in our names by ending the open-door policy towards credit approvals currently in place. No longer will a thief be able to apply for credit in your name and have the credit reporting agency enable this crime by unquestioningly supplying key information that the third party creditor needs before opening a line of credit.
Twenty-three states now require companies and government agencies to notify consumers and law enforcement immediately of any data security breach. Fourteen states now give consumers the right to put a security freeze on their credit reports. These are the only tool proven to stop identity theft in its tracks, blocking would-be thieves from getting credit in the victim's name. With a security freeze, a consumer can block access to his or her credit report through the use of a password or personal identification number. A security freeze does not hamper a consumer's ability to use existing credit, or seek new credit, as a consumer can temporarily remove the freeze by using their PIN.
Notice requirements and security freezes—along with other protections—are part of legislation I have authored with MASSPIRG and Representatives Mike Costello of Newburyport and Representative Bill Straus of Mattapoisett on Beacon Hill. Please let your legislators know of your own support for the bill by calling the State House at (617) 722-2000.
Useful Information: How to contact the Three Credit Reporting Agencies There are three national credit reporting agencies. Currently, you can have each place a ‘fraud alert’ on your account if you have been a victim of ID theft. This is not a freeze: you cannot, as a resident of Massachusetts, place a freeze on who can access your credit—unlike a majority of other states.
You can order your free annual credit report (one from each of the reporting agencies) at www.annualcreditreport.com. You can also contact each of the agencies to dispute information on your credit report:
- Equifax: 1-800-525-6285, www.equifax.com, P.O Box 740241, Atlanta, GA 30374-0241
- Experian: 1-888-EXPERIAN (397-3742), www.experian.com, P.O Box 9532, Allen, TX 75013
- TransUnion:1-800-680-7289, www.transunion.com, Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Continuing to bring new innovations to basketball, the Hi-Vis ball features Nike RaDaR technology, which means Rapid Decision and Response. As a lab and field-tested standard of visual performance Men Air Max 90 allows players to see the ball better and capitalize on split second scoring and passing opportunities.
Posted by: Cheap Nike Air Max shoes | November 22, 2011 at 04:55 AM
This is an amazing entry. Thank you very much for the excellent post provided! I was looking for this entry for a long time, but I wasn’t able to find a trustworthy source.
Posted by: Be cool any time | January 14, 2011 at 01:34 PM
fgbfghhhhg
Posted by: andy | July 24, 2010 at 01:43 AM
A person familiar with the contract told The Associated Press that it cheap nfl jerseys was for $56.7 million, with $19 million guaranteed. Evans' Philadelphia-based agent, Jerrold Colton, confirmed the deal was the richest ever wholesale nfl jerseys given to a guard.
Evans was a restricted free agent, meaning the Saints owned his rights after NFL Pro Bowl Jerseysa deadline passed for him to sign offer sheets from other teams. However, Evans stayed away from New Orleans' first voluntary offseason workouts while Colton and Saints general manager Mickey Loomis worked on a long-term deal.NBA Jerseys
Loomis announced the length of the deal Wednesday, and coach Sean Payton said the guard had earned it.
Posted by: gdh | May 07, 2010 at 02:54 AM
I hope this bill is still alive. I intend to contact my representatives to express my support.
There is something very ironic about the existing procedure for getting a credit freeze - All three credit bureaus insist on payment by _credit_card_ for the freeze!
Someone like me, who hasn't used credit for years, but who still has a credit report, and is therefore a possible target for id theft - well, I'd have to first apply for a credit card, hopefully get one, then and only then could I get a credit freeze.
Just the last twist of the knife by the credit bureaus.
A side anecdote, fresh in my mind: A friend of mine was in Rome with a new credit card, which was deactivated in the middle of her trip. The reason: Experian has something called 'Fraud Sheild', which will issue a warning to a lender when something on a credit application doesn't match Experian's data. So. . . Experian had some bad data, then strands my friend in Europe, and this they they call a 'service'; their way of helping to fight id theft.
In case you're wondering, she's back home, thanks to a little help from her friends.
Posted by: Jeremiah | March 29, 2007 at 03:11 PM
Banks help create the identity theft problem with unsolicited mailings, etc, playing fast and loose with your personal data. Then they and the credit reporting agencies show up, protection racket style, with programs supposedly designed to help you prevent the problem they helped create, except they're purposefully ineffective.
If credit freeze legislation were enacted in Massachusetts, two things would happen almost immediately: (1) the scourge of identity theft would cease; (2) the revenues of the credit reporting agencies would take a substantial hit, both near and long term. That's why there's been a major effort at the national level by to get legislation passed which will effectively reverse the states' hard won credit freeze legislation, which has been rolling across the country.
There's big money involved, so don't expect relief from Washington on anything dealing with the banking brotherhood. Perhaps a compromise of Congress' personal data files, and the inevitable ensuing identity theft ... Naw. That would be too much to hope for.
Posted by: Anonymous | March 03, 2007 at 05:35 AM
Jordan - I think probably because it's tough to pinpoint that a particular company's breach was what caused your identity theft. That information is probably held by thousands of companies and all they would need to show is that there's a possibility that your information was stolen through another breach. I think we should legislatively penalize the companies when there is a breach, class actions will be too hard!
Posted by: sharpchick | February 25, 2007 at 02:30 PM
I've been waiting for someone to sue the companies that allowed the theft.
Making them liable would do wonders for companies to clean up their act.
A few good class action suits would probably whip these companies into shape!
Why hasn't there been one?
Posted by: Jordan | February 21, 2007 at 09:36 PM
Jarrett,
I'm so glad you're doing something about this, let's hope that this time around there is more will in the legislature to finally get it done.
Stepping back for a second, Equifax, Transunion, and Experian seem to think that they own our information. They don't want any kind of protections for our information because they make money either way. The credit card companies (who also oppose this bill) don't seem to care either. Yes, they lose lots of money, but those are write-offs, and they must have figured out a way that they end up winning in the end because they are able to sign up more and more people for credit that they can't afford.
Do you know that there is *no* way you can opt-out of having a credit report? What if you are 70 years old, have paid off your mortgage, and you don't want your information floating around where people might be able to sign you up for other reports? Can you call up the credit reporting agencies and "block" people from accessing your credit or signing up new credit? No. It's your personal information and yet you have no control over it.
The security freeze is crucial and it's about time that Massachusetts consumers are given control over their personal information. Placing a security freeze on your credit report is the only way to protect yourself.
I know that the bill filed last year by Senator Barrios and Rep. Strauss bill didn't have any fees for creating a security freeze, or unfreezing your report. I hope this is how the bill remains and that it passes the legislature. The worst thing that could happen is some heavy fees by the industry charging consumers to control their information.
Posted by: sharpchick | February 20, 2007 at 11:19 AM
Not a week goes by that we don?t hear of another security breach of
some kind at a bank, retail store, other business or even a
governmental agency. While this most recent example at Stop & Shop is
unique in the way in which credit and debit card numbers were stolen,
it further highlights the need for stronger identity theft prevention
laws in Massachusetts.
As Senator Barrios has pointed out, in the face of inaction at the
federal level, states across the county have stepped up and passed
breach notification requirements and security freeze provisions.
Both of these laws are critical in preventing identity theft, but
unfortunately not in place in Massachusetts.
One might ask, who would be opposed to these commonsense protections? The answer is big companies that collect our information for marketing purposes etc. like banks, retail stores, and credit bureaus. Entities that collect and store personal identifying information don?t want to suffer the cost and embarrassment of being required to notify their
customers if a breach occurs. And credit bureaus don?t want individual
consumers to be able to freeze their own credit reports because that
would eat into the growing business of selling bogus monthly credit
monitoring products that give consumers a heads-up when their credit
report has been accessed, but does nothing to stop new credit accounts
from being issued (worst type of ID theft).
What's disgusting is that for years the credit reporting agencies Experian, Transunion, and Equifax have fueled the problem of
identity theft by allowing so much of our personal and financial
information to be accessed by just about anyone for any reason, and
now recognize that they can capitalize on the fear of identity theft
by selling a weak credit ?monitoring? product for $12.99 a month. They
are making huge profits off a problem they helped grow. And fighting
the real solution, strong security freeze laws.
While we're hopeful the legislature will pass a strong bill this year,
these big corporations hire the best lobbyists money can buy to
water-down reforms. That?s why it?s so important for people who want
stronger identity theft protections to contact their own state Rep or
Senator and urge them to make identity theft a priority and support
legislation filed by Sen. Barrios, Rep. Michael Costello and Rep.
William Straus (Call the State House at 617-722-2000).
Posted by: Eric Bourassa | February 20, 2007 at 09:08 AM