The Cloudy Identity Theft Crisis
Every day seems to bring yet another massive identity theft news story. Interestingly, the February 2014 attack on the Anthem Health database targeted names, addresses, and Social Security numbers—not sensitive medical information—putting potentially 80 million individuals at risk of fraudulent use of their data. Based on emerging problems with electronic tax filings through Intuit, it looks like the information is mostly being used to file fraudulent tax returns. Fraudulent electronic filings have been a growing problem over the past few years, but this latest attack is on an unprecedented scale.
So, who is actually responsible for maintaining the security of a person’s data in the cloud? Most consumers assume it is their responsibility to protect their account information and precious sensitive online information. With over 7 percent of American households affected and hundreds of millions of people around the world at risk, it is long past time to stop blaming the victims. Based on the profiles of the many high profile attacks over the past ten years, it does not even seem possible for consumers to take full responsibility for protecting their online identity.
The elephant in the room is that as more data is moved online and into the cloud, the easier it is for sophisticated rings of criminals to steal it. On the surface it seems to be a victimless crime, but for the 15 million plus annual American victims of identity theft or online fraud, a theft can mean months and even years of grief—including days of lost time proving they were victimized and not just being sloppy with sharing their data or credit card information.
This has been an ongoing problem since the beginning of cloud computing, but with the latest targets it is clear that it is time for financial institutions and owners of the vast databases of consumer information to take more proactive actions to protect consumer personally identifiable information and sensitive data.
The good news is that for the most part, the technology for protecting this data is already available. More widespread use of multi-factor security, private network access to limit exposure, and more sophisticated data encryption techniques, both for the data at rest in the data pools and the data in transit as it goes through the networks, will go a long way towards closing the vulnerabilities and shutting down access to the criminals. Companies around the globe are starting to implement these protections as they wake up to just how expensive a data breach can be in terms of the loss of consumer confidence and trust.
