The Agency Insider with Linda McGlasson

On Identity Theft and Breaking the Wrong Record

On Identity Theft and Breaking the Wrong Record

Everyone was watching the Olympics this past month and saw lots of records being broken. But there is one record no one want to be included in -- the record number of 449 data breaches that have happened (and been made public) and recorded by the Identity Theft Resource Center. Unfortunately for some unlucky players (and their customers) in the financial services industry, they're on this year's list.

ep, some big players and some not so big are on this list - Countrywide, Bank of New York Mellon, Wells Fargo, to name a few of those among some of the big players that had customer records go missing or stolen.

But before you say "Thank goodness my institution isn't on that list," ask yourself - how would you know if a breach had happened to your data? Unless you're certain that no one has breached your proprietary information or your customer database chock full of NPPI (non-public personal information), then don't breathe that sigh of relief. Here's the ITRC 2008 Data Breach stats for banking/credit/financial companies. So, 52 companies in our industry had a total of 9,209,547 records taken, and that's just for the first 8 months of 2008.

When I spoke with Linda Foley, founder of the ITRC earlier this week on this dismaying news, she bluntly told me that it was high time people took identity theft and data breaches seriously. She says its time to draw a line in the sand and say "enough is enough." I say yes, it's time to treat your customers' information as if it were your own. What would happen to your institution (and your job) if its proprietary information was stolen?

Getting more personal, think what impact would it have on your life if your identity was stolen? Having heard several friends relate their tales of identity theft, I can assure you it's a nightmare, and it often takes years to regain your identity, even with help from organizations such as the Identity Theft Assistance Center. It's a painful journey.

Now, as for what our industry is doing about it in terms of protecting customer information and their identities, we're watching what the level of compliance will be with the ID Theft Red Flags rule that all financial institutions will be examined on come November 1.

When you're thinking that your ID Theft Red Flags examination is just another compliance exercise that will be over and done with after your next exam, just look at that list of data breaches above and think of what you would say to your angry customers (many of who will also be your employees) when they ask after their information and/or bank account is stolen from your institution "What were you doing to protect my personal information, and how could you let this happen?" Just ask Countrywide, Bank of New York Mellon or Wells Fargo. They'll tell you that handling angry customers whose information has been stolen isn't a day at the breach, umm, beach. (Don't forget you've got roughly 63 days (including weekends) to be ready for ID Theft Red Flags.)



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.