Reflections on a new internal data theft study

Who steals data, and what do they do with it? Cooper Bachman of ID Analytics scrutinizes research from a dozen data thefts resulting in 1,300 attempted instances of data misuse.

It is important to note that this analysis is focused on the use of stolen identities being utilized to open new credit, retail, and wireless accounts. This study did not include takeover of existing accounts such as direct deposit account (DDA) or new openings of collateralized loans (e.g., mortgages and automotive finance).

Specifically, the study analyzed the change in identity relationships within each internally breached population looking for anomalous linkages. For example, if a group of consumers had no prior relationships with one another, and then suddenly began applying for credit cards and wireless phones at a single address, this would be viewed as a suspicious or anomalous relationship change. Then, each suspicious case was analyzed in depth and reviewed for possible misuse of identity data. The time periods analyzed ranged from 10 months to more than 30 months after the date of the internal data theft.

Methods of Misuse

The study performed temporal and relational analysis on over 1,300 cases of misuse. From these, four common patterns were highlighted.

1. Misuse of Data Occurred Within 20 Miles of the Internal Data Source

The data analysis found a geographic relationship between where the data was stolen and where it was used. In some cases, the misuse was occurring as little as two to five miles from the place where the data was removed. It is important to note, that the research did not include local lenders such as credit unions or community banks. The misuse identified was based on information from national credit card issuers, retail lenders and wireless organizations.

If the data has in fact been purchased by a national identity fraud ring, it is expected to see pockets of misuse in geographic areas much farther from the data source. However, all misuse occurred locally relative to where the data was removed and indicates the individuals who obtained the data were either abusing it themselves or providing it to other perpetrators in their local area.

Although there was no evidence of distributed data, it is known that a marketplace exists for identity information. In the Data Breach Harm Analysis published in 2007, a similar study analyzed stolen identities that were readily available on the Internet. As part of this research, scientists found that exposed identities on the Internet typically had a higher rate of misuse than the average consumer. As long as the value and accessibility of personal data remains high, the threat of breached data reaching the Internet and being digitally disseminated remains.

2. Misuse Rates are Higher Among Identities Involved in an Internal Data Breach

The risk associated with targeted internal data theft is greater than accidental breaches because of the intent underlying the breach. If a laptop is stolen from an unlocked car or a tape containing sensitive information is missing, the intent to use the data for the purpose of identity fraud is low. An employee may have simply left his car unattended while a thief saw an opportunity to obtain and sell valuable hardware. On the other hand if a disgruntled employee prints out identity information on 100 consumers, the breach now represents a heightened level of risk. The employee's motive to unlawfully obtain and abuse sensitive personal data creates a riskier scenario than a lost laptop. Individuals who are part of a targeted internal data breach are far more likely to have their identities abused due to the intent of the perpetrator.

Join the newsletter!

Error: Please check your email address.

More about BillCommunity BanksJavelinTrack Data

Show Comments