Recently Citibank announced that they were hacked, a typical data breach. See the International Business Times article here, http://www.ibtimes.com/articles/160376/20110609/hacking-citibank-citibank-hacked-citi-hacked-citibank-hack-2011-citibank-online.htm. Were they not conducting vulnerability tests on their own system to see if they were vulnerabile? The comes on the heels of Sega, Sony, Lockheed Martin amongst others. So far they only report that 360,000 cards were compromised. We can assume that those customers, if they actually know which accounts were compromised will get 2 years of credit monitoring. But what happens when you actually get false charges? You now have to go spend time to resolve the problems and most likely you might take a hit to your credit score.
Its amazing that this continues to happen and there isn’t a stronger tie between the credit reporting agencies and the hacked banks to help consumer manage their credit and not be responsible to follow up on a data loss. The consumer is the one who has to bear all the burden. And the banks will probably just add another fee to cover their costs to managing the security breach.
These banks should really be more proactive in conducting vulnerability scans daily, conducting website security testing and implement intrusion detection and prevention systems. We do not know if Citibank had a IDS system in ploace but you would think that with a good prevention system in place, this hack should have been immediately identified and stoped before the data breach could occur?
The Birmingham news (http://blog.al.com/spotnews/2011/05/pleasant_grove_man_sentenced_t.html) reported that a Pleasant Grove man received six years in prison for HIPAA violations. Included in his crimes was aggravated identity theft and disclosures. These violate the HIPAA regulations.
Identity theft with regards to healthcare information is on the rise. There is a lot of value in stealing an identity to get healthcare. If you could do that for someone under 18, then you might have several years before they actually notice. Kids generally do not need to check their credit ratings until they get that first credit card in college. BY then the thief could have racked up a lot of charges on that identity.
Using healthcare access can allow the thief access to drugs which are then resold. In this case the thief used the stolen identity to cause the prescription drug plan to pay for $72,746 in drugs.
The Obama Administration announced a cyber security plan recently. Does it take into account the rise in identity theft? Are government agencies actively trying to find solutions? So far the answer seems to be No.