Home
  
 

Access useful resources for consumers and businesses about data breaches.
Learn more »
About the Coalition   The Facts   Resources   Newsroom   Contact the Coalition
 

DID YOU KNOW?

Facts About Data Security Breaches, Identity Theft & Fraud

  
   

Thirty percent of all U.S. consumers were involved in a data breach last year, but fewer than 1/10th of 1 percent (0.09 percent) became actual victims of identity fraud. (ID Analytics) (1)

Data breaches were responsible for only 6 percent of identity fraud in 2005. (2)

Government and universities were responsible for close to 60 percent of all security breaches in 2006. (3)

Thirty percent of identity fraud cases are perpetrated by friends, acquaintances, and business associates – people you know. (4)

The number of self-described victims of ID theft and bank losses due to credit card fraud is dropping steadily. (5)

Credit card companies say that fraud losses in 2005 overall were only about 6 cents per $100 for merchandise bought on credit. While this low level hasn’t varied much in the last few years, it was once much higher. Fifteen years ago, losses accounted for nearly 16 cents per $100 for merchandise bought on credit. (6)

Lost or stolen wallets and checkbooks are much more likely to result in identity theft than are computer data breaches. (7)

Out of all consumers known to have been involved in a data breach, 99.2 percent did not become victims of any fraud as a result. (8)

A credit freeze will not protect you from an identity theft involving existing credit cards and accounts; new accounts that do not require a credit check to open, such as some telephone, wireless and even bank accounts; and identity theft already occurring when you place the credit freeze. (9)

You cannot be held liable for more than $50 for fraudulent purchases made with your credit card as long as you notify the bank or credit union within 60 days of when the credit card statement with the fraudulent charges was sent to you. Most card issuers even excuse the $50 maximum liability. (10)

If your ATM or debit card is lost or stolen, you may not be held liable for more than $50 for its misuse, as long as you notify the bank or credit union within two business days after you realize the card is missing. (11)

If fraudulent electronic withdrawals are made from your bank or credit union account, and your ATM or debit card has not been lost or stolen, you are not liable, as long as you notify the financial institution in writing of the error within 60 days of the date the account statement with the fraudulent withdrawals was sent to you. (12)

Under most state laws, you are not liable for any debt incurred on fraudulent accounts opened in your name and without your permission. Contact your state attorney general’s office for more information. (13)

The Federal Trade Commission and the federal bank regulatory agencies enforce a number of federal laws which require companies to safeguard consumer data. Such laws include the Gramm-Leach-Bliley Act, which established strict data security requirements for financial institutions; and the Fair Credit Reporting Act, which includes due diligence requirements for consumer reporting agencies and safe disposal obligations for companies that maintain consumer report information. (14)

Recognizing that only a tiny fraction of one percent of data breaches result in fraudulent activities, the Federal Trade Commission, the U.S. Government Accountability Office and the President’s Identity Theft Task Force have concluded that unnecessary breach notifications can overwhelm the public and impose undue burdens and costs on consumers, as well as on government agencies. These agencies warn against unnecessary or excessive notifications to federal agencies. (15)

1) National Data Breach Analysis, Inc. 2006, ID Analytics.
2) Data Breaches and Identity Fraud: Misunderstanding Could Fail Consumers and Burden Businesses, Javelin Strategy & Research, August 2006.
3) Chronology of Data Breaches 2006: Analysis, Beth Rosenberg, Sandstorm.net, February 1, 2007; Identity Theft Resource Center; AARP Public Policy Institute.
4) Federal Trade Commission –Identity Theft Survey Report, September 2003.
5) “ID Theft: More Hype Than Harm”, Business Week, July 3, 2006.
6) “Surging Losses, but Few Victims in Data Breaches,” New York Times, September 27, 2006.
7) Data Breaches and Identity Fraud: Misunderstanding Could Fail Consumers and Burden Businesses, Javelin Strategy & Research, August 2006.
8) Data Breaches and Identity Fraud: Misunderstanding Could Fail Consumers and Burden Businesses, Javelin Strategy & Research, August 2006.
9) Federal Trade Commission, “What is a credit freeze”.
10) Ibid, “Limiting Your Loss From Identity Theft”.
11) Ibid, “Limiting Your Loss From Identity Theft”.
12) Ibid, “Limiting Your Loss From Identity Theft”.
13) Ibid, “Limiting Your Loss From Identity Theft”.
14) Statement of the Federal Trade Commission before the Senate Committee on the Judiciary, March 21, 2007.
15) President’s Identity Theft Task Force, Interim Recommendations; FTC testimony to Congress; and, GAO Report 07-737, Personal Information – Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown.”

 
      © 2007 | Coalition for Data Security
All Rights Reserved		   We Value Your Privacy