With the news constantly filled with stories of major data breaches such as last week’s disclosures of data breaches at Experian, Trump Hotels and Scottrade, it would be easy to come to the conclusion that hackers planting keystroke logging malware in the computers of their targeted victims would be the primary source of data breaches. However, that conclusion is wrong. According to a just released study done by the security firm Trend Micro, using data compiled by the Privacy Rights Clearinghouse, while 25% of the data breaches indeed were attributed to malware planted by hackers, 41% of the data breaches were attributable, according to the report, to the loss of “sensitive information stored on employees’ laptops, mobile devices, and thumb drives.” Further complicating the problem is the fact that often the information contained on these devices was unencrypted, which should come as no surprise to those who remember the 2006 data breach at the Department of Veterans Affairs in which unencrypted personal information including Social Security numbers of more than 26 million present and former military personnel was stolen through the theft of a laptop from the home of a VA data analyst.
Once again, the lesson is that regardless of how careful you are to protect the privacy of your personal data, you are only as safe as the companies and agencies with the weakest security that hold your personal information. Therefore, it is not a matter of if you will become a victim of a data breach, it is a matter of when. Knowing this it is important to first, as much as you can, limit the places that have your personal information. Many times you are asked for such information by companies without a need for that information. Your physician does not need your Social Security number. When possible, refuse and offer another form of identification, such as your driver’s license number. Second, you should be prepared for the inevitable data breach and put a credit freeze on your credit reports at each of the three major credit reporting agencies so that even if someone does obtain your personal information, they cannot use that information to get access to your credit report and run up debts in your name. Putting a credit freeze on your credit reports is the simplest and best protection you can have against identity theft. To learn more about how to put a credit freeze on your credit reports, go the archives of Scamicide and type in “credit freeze.”