Learning From Four Cases of Corporate Identity Theft
One of the primary objectives of document destruction is to safeguard the data of your clients, preventing it from being used for nefarious purposes. However, there’s another side to the equation. Sensitive data can also be used against businesses themselves, with third parties targeting not a company’s clients, but its employees. Sometimes, an entire company is targeted. Fortunately, these cases are on the public record and can therefore be examined. This is a good idea, because, essentially, if we don’t learn from our mistakes, we are destined to make them again. Looking to the past to discover ways that various companies opened themselves up to identity fraud can help businesses working in the present prevent such occurrences. Take these stories to heart, and apply their lessons. You may just end up avoiding a potentially harmful situation somewhere down the line.
#1: Be Careful With Your Data
The Case: A few years ago, Todd Davis, the CEO of an identity theft prevention company named Lifelock, came up with a novel way of promoting his company: he would release his social security number (457-55-5462) publically, to the entire world, basically asking the public to attempt to steal his identity so that he could show off the power of Lifelock. Now, he could have made the same attention-grabbing statement by posting a phony Social Security number, one that was not actually in use, but Todd was bold. He believed that his company was infallible. As such, he thought nothing of using his actual Social Security number. Not only that, but he put it everywhere. The campaign was pretty extensive in scope, with Davis’ private data displayed prominently on local billboards. He had internet and television ads created, all of which advertised his Social Security number. The fallout was pretty much what you’d expect. Despite Lifelock’s efforts, at least 88 people were able to use Davis’ data to improve their economic situation.
The Lesson: There are several key lessons to be learned here. First of all, be careful with your data. While Todd Davis handed his over to the public, many companies do the same thing accidentally every year. Whether you’re throwing a piece of data in the trash or plastering it on a billboard, the second you relinquish control of that information is the second in which it can begin to be used against you. The second lesson here is not to be overly confident. Just because you’ve been storing or disposing of data incorrectly and it hasn’t gotten you in trouble so far, that doesn’t mean it won’t in the future. Have some humility, expect the unexpected, and don’t let down your guard.
#2: Know the Dangers of Sharing Data
The Case: A company, unnamed in the official record, sold one of its departments to improve its economic standing. When they did so, they handed over personal data they had gathered about their employees. This might seem like a reasonable course of action. After all, this other company now owned a part of the operation, and as such, they had every right to know who was now in their employ. The bad news is that the purchaser in question then used that data to steal money from the employees listed. More than 60 people were affected, their accounts overdrawn and their money gone.
The Lesson: Be careful who you trust. Only give your private data to those who have proven their honesty to you. Ideally, you should give it to no one. If you do have to share data, share as little as possible, precisely what is necessary and nothing more. If your actions harm your clients or employees, particularly by placing your trust in a duplicitous person or company, you are to blame. You have an obligation to all of those people to be responsible with their data. Do not take this obligation lightly.
#3: Know the Obligations of Storing Data
The Case: In 2009, 130 million credit card numbers were stolen from the databases of three corporations: Heartland Payment Systems, Hannaford Brothers Company, and 7-Eleven Incorporated. They were stolen by three men who, after methodically researching the security of each corporation, hacked into their computer-stored data and retrieved the information. They would then sell the credit card numbers online, where buyers would use the information to purchase whatever they needed. At the time, it was the most significant recorded example of identity theft.
The Lesson: Be vigilant. What happened here wasn’t the fault of anyone at any of the hacked corporations. They stored the data responsibly, and these men found a way around that. There’s no perfect answer when it comes to security. There are flaws in every system, regardless of how thorough it may be. The idea here to be mindful. When a problem like this arises, it needs to be addressed as soon as possible. Watch carefully for issues such as these so that they can be quickly minimized. Also, store only the data you actively need. Whatever is not completely necessary should be destroyed. Keeping as little data as possible lowers the stakes and puts less at risk. Be watchful, and be ready to act quickly.
#4: Hire Trustworthy People:
The Case: Two people in Pennsylvania were found guilty of committing several cases of identity theft to illegally claim $1.7 million, which would have been awarded to them through tax returns. They did this by bribing the employees of a local hospital to steal medical forms for them. These forms contained a great deal of sensitive data, including Social Security numbers. The couple used this data to forge fraudulent tax returns, each one requesting refunds from the IRS. Through this scheme, the thieves made more than $250,000 before they were caught.
The Lesson: The couple would not have been able to succeed in their plan without the help of those unlawful employees, so the lesson to impart here is that you should be careful who you trust, not just externally but internally. We often feel that corporate identity theft can only occur as a result of external machinations, but the fact of the matter is that the problem can indeed be internal. You owe it to your clients to protect their data, not only from outside aggressors but also from your employees and business partners. You also have an obligation to protect client data from other clients and employee data from other employees. When you are given sensitive information, make sure it’s as secure as possible. Give as few people access to it as possible. Monitor that data as closely as possible, and never betray your clients for any reason.
As a business owner or employee, you can learn a great deal. All of them provide examples of why carefully handling and disposing of data is crucial. The more unnecessary data you leave around and the more people you trust with vital information, the better the chance that data will be used against you, your clients, or your employees. Learn from these stories, and apply their lessons to your business. Don’t allow yourself to be a victim, and don’t let your clients or your employees down.