• Understanding ID Theft: Info for Consumers, Businesses, Organizations
• Self-Assessment
• White Papers about Fraud
• Trend Pieces about Fraud
• Expert Analyses
• Legislative Alerts
• Resources/Links
• Identity Theft Glossary

Experts Analyses of Identity Theft

Biggest Information Security Mistakes that Organizations Make and How to Avoid Making Them
Security Innovation
By Ed Adams (CEO)
Summary: Information security mistakes are costly, damaging and all too prevalent.  Given the obvious repercussions or poor security strategies, one is inclined to believe change agents are in place; however, organizations continue to make seemingly avoidable mistakes when it comes to information security.  This is due to misconceptions and common mistakes that are repeated.  This article introduces five common information security mistakes that organizations make and concludes with recommendations and best practices for building and maintaining a successful information security practice and avoiding these mistakes. 
http://www.securityinnovation.com/pdf/biggest-mistakes-detailed.pdf

Debunking Myths About Identity Fraud
February 7, 2007
News.com
By Eric J. Sinrod
Summary: It seems that we constantly are hearing horror stories about the perils of rampant identity fraud.  However, a recent survey seeks to set the record straight by saying that in the United States, the problem is actually decreasing.
http://news.com.com/Debunking+myths+about+identity+fraud/2010-1029_3-6156841.html

Average Data Breach Costs Companies $5 million
November 2, 2006
Network World
By John Fontana
Summary: Companies spent nearly $5 million on average, and 30% more, this year than in 2005, to recover when corporate data was lost or stolen, according to a new study from the Ponemon Institute.  The study also concluded that companies spend $180,000 after each incident to prevent further data breaches.  In addition, the average cost for each compromised record increased by more than 30% since 2005, rising from $138 to $182.  The average total recovery cost was $140 per lost customer record.  Observers note that those costs have nothing to do with IT and suggest that companies need to look at a broader spectrum when factoring costs.
http://www.networkworld.com/news/2006/110206-data-breach-cost.html

‘Shopadmins’ and the ID Theft Cycle
September 28, 2006
Washington Post
Reporter: Brian Krebs (tech and computer security writer for the Post since 2000)
Summary: Brian Krebs discusses how exactly thieves go about obtaining personal information and how they use that data to, in turn, obtain more data about a person’s identity.; The column includes multiple case studies of ID theft victims and commentary from Jay Foley who is the head of the Identity Theft Resource Center in San Diego Calif.
http://blog.washingtonpost.com/securityfix/...

Study Analyzes 16 Months of Data Breaches
September 1, 2006
Washington Post
Reporter: Brian Krebs (technology and computer security writer for the Post since 2000)
Summary: ;Washington Post technology reporter Brian Krebs comments on a recent AARP report on consumer data breaches recorded over the past 16 months.; Reports indicate that hacking remains the most frequent source of data theft and loss, with breaches reported by educational institutions making up 43 percent of all reported data thefts or losses.
http://blog.washingtonpost.com/securityfix/...

IT Pros Say They Can’t Stop Data Breaches
August 30, 2006
eWeek Enterprise News and Reviews
Deborah Rothberg
Summary:; Many IT experts believe that their companies are not taking the proper preemptive measures to prevent a breach.; While some companies claim that data breach prevention is too costly, others have an outdated mindset.
http://www.eweek.com/print_article2/0,1217,a=187484,00.asp

Avoid a Meltdown: Reacting to a Security Breach
August 1, 2006
Author: James Christiansen (Chief Information Security Officer at Experian)
Source: CSOonline.com
Summary: Over the past year we have seen many examples of breach notifications that range from affecting hundreds to millions of victims. Looking further into the business impact of the post-breach processes, we quickly see that the way an organization reacts to the security breach can make the difference between a minor financial impact and a complete corporate meltdown.Given the potential financial losses and other substantial impacts that can cost well into the millions of dollars, an investment in preparedness can really pay dividends regardless of when—if ever—an event does occur.
http://www.csoonline.com/read/080106/counsel_pf.html

Short Shelf Life for Data Breach Laws?
March 2, 2006
News.com
Summary: Data-breach laws have had a remarkable and positive effect on security practices in the United States. Corporate America now is beginning to understand and respond to the risks of unencrypted data, poorly protected laptops and inadequate security procedures. However, the shelf life of data-breach protection laws could be remarkably short. Disclosures that are relevant for a world of data matching make little sense in a new era of sophisticated identity verification technologies. A federal data-breach notification law will have far-reaching impacts on consumer confidence and the future of corporate security practices.
http://news.com.com/2102-7348_3-6044865.html?tag=st.util.print

Are Corporate America’s Networks Prepared to Fend-Off Targeted Security Attacks?
August 22, 2005
Source: Breach Security Inc., Press Release
Summary: ;Breach Security Inc., the provider of next-generation web application security to protect privileged information, today underscored the results of several recent high profile surveys, research and legislative action that encourage security professionals taking stock and suggested action, while noting doing little can have dire consequences for consumers and corporations.
http://www.breach.com/news_press_detail.asp?id=12

Lessons Learned from Corporate Security Breaches
August 9, 2005
Written by: Jay Cline (Privacy Expert)
Summary: With information security breaches in the U.S. now reported at a rate of one every three days, corporate privacy and security officers need to take stock about what's happening and what they can do about it. ;The article recommends that large corporations interested in avoiding a security breach: adopt a comprehensive information security program based on the ISO 17799 and Payment Card Industry standards; require any sensitive information stored on laptops to be encrypted; formalize a process where employees can contact a central phone number or e-mail to report suspicious activity with company information; validate the security of suppliers that handle sensitive information, including backup tapes and documents; train employees on security policies and procedures and performing periodic spot checks to measure compliance.
http://www.computerworld.com/action/...