Massive Identity Theft Exposes Troubling Trend

What's being called the worst case of identity theft in American history is behind us -- but the vulnerabilities it's exposing are far from fixed.

This week, government officials announced the arrests of 11 people accused of stealing tens of millions of credit card numbers from major corporations -- then ringing up astronomical charges.  The companies hit include Barnes and Noble, BJ's, Boston Market, Dave and Buster's, DSW, Forever 21, OfficeMax, Sports Authority, and TJX -- the parent company of TJ Maxx and Marshall's.

Investigators say the suspects traveled from city to city for the past five years, using laptops to systematically hack into each business's wireless network.  Prosecutors claim they lifted passwords and personal account details along with the credit cards, then sold it all online.  The accused ringleader and two other men are from Miami.  Eight of the other suspects are from San Diego, and the rest come from Estonia, Ukraine, China, and Belarus. 

All right, so these guys are behind bars awaiting trial -- so what now?  One of the companies' spokespeople has called for tighter security and the implementation of "proven" measures already being used in other countries.

Gee, you think?

The most troubling thing about this case is not the fact that so much stuff was stolen.  It's the fact that it took 41 million credit card thefts to make us realize we needed to step up security.  In this day and age, shouldn't we have been a step ahead?

The same scenario plays itself out time and time again.  Just this week, a lost airport security laptop created a wave of concern in San Francisco.  The computer, which contained 33,000 passengers' personal information, vanished for several days.  Oh yeah, and the data was completely unencrypted.

Americans' reactionary stance to security has bitten us hard too many times.  When it comes to technology, we often know enough to protect ourselves -- but we don't get around to putting those measures in place until after the fact.  An InformationWeek study this past June found 21 percent of companies never even bother conducting security risk assessments in the first place.  We're effectively all waiting to buckle our seat belts till after the wreck.

Naturally, we can't be prepared for every possible problem.  Some things catch us off-guard.  I have to think, though, that our Transportation Security Administration could have encrypted its sensitive data...and some of our nation's biggest companies could have come up with a stronger system -- maybe using, say, those "proven" measures -- to keep high-tech hackers out of their networks before they got in. 

Subscribe to the Security Watch Newsletter

Comments