Data breach hype is misleading consumers - study
14 September 2006 | 10478 views | 0
Despite the hype, data breaches were responsible for only six per cent of all known cases of ID fraud in both new and existing accounts over the past year, according to a US study by Javelin Strategy and Research.
But publicity surrounding recent high profile data breaches has created the wrong assumption among consumers that security breaches are the leading cause of ID fraud, says Javelin.
The research - which looks at the relationship between data breaches and actual occurrences of ID fraud - found that public notifications of breaches reached into the tens of millions last year, but identity fraud only increased four per cent.
The study found that the known leading causes of ID fraud were found to be lost or stolen wallets, cheque books and credit cards, which account for 30% of ID fraud. Other causes include data stolen by friends, acquaintances, relatives or corrupt employees.
Around a third (30%) of consumers were victims of a data breach during the 12-month Javelin study, but data breaches were responsible for only six per cent of all known cases of ID fraud in both new and existing accounts. Less than one per cent of those whose data was lost were actually victims of identity fraud.
"When you compare the public attention that data breaches receive to other causes of ID theft, consumers are being misdirected on how to set overall priorities for guarding against identity fraud," says James Van Dyke, president of Javelin Strategy and Research. "It is clear that there are other areas of exposure that carry a far greater overall risk. Consumers should be empowered with awareness of all the causes so they can take appropriate steps to prevent ID fraud."
Javelin argues that national legislation could saddle businesses with costly and unnecessary burdens and distract consumers with unnecessary advice. But the consultancy accepts that laws are needed to set uniform national standards for consumer notice of data breaches.
Earlier this year a US House Committee approved a new data security law that requires companies that store confidential personal information to notify customers of any security breach.
In July US regulators called for the introduction of new rules that will require all banks to develop an identity theft prevention programme for customers that includes "red flags" to signal a possible risk of ID theft.