More than Target customers are at ID theft risk

It's up to you to be your own privacy watchdog. If you don't do it, no one will.

  • Pin It

Consumer columnist David Lazarus, reporter Ricardo Lopez and Equifax vice president Scott Mitic talk about what to do if you are the victim of credit card data theft.

Your personal information isn't safe.

That doesn't apply only to the 40 million Target shoppers whose credit and debit card numbers may now be in the hands of hackers.

It's a trend that's been clear for many years: The stewards of consumers' personal info — businesses, hospitals, government agencies — are woefully negligent when it comes to safeguarding data.

Too often, sensitive computer files are unencrypted or left on laptops that get stolen. Aggressive moves by hackers are met with only the most cursory security upgrades.

And it's not just illegal activities that people have to watch for.

A multibillion-dollar industry has emerged to profit from the buying and selling of perfectly legal consumer data, regardless of whether you've given permission for your ostensibly confidential information to be hawked on the open market.

On Wednesday, a leading privacy advocate told Congress that professional data brokers are selling lists of rape victims, people with HIV or AIDS and even police officers' home addresses to marketers.

"Few people know that data brokers exist, and beyond that, few know what they do," said Pam Dixon, executive director of the World Privacy Forum.

"Even a knowledgeable consumer lacks the tools to exercise any control over his or her data held by a data broker," she said. "It doesn't matter that the data is about the consumer. The data broker has all the rights, and the consumer has none."

Digital technology has brought many advances to the world. But all those bits and bytes have become low-hanging fruit for legal and illegal enterprises eager to exploit the ready availability of information about where people live, what they buy, who their friends are and how they live.

For marketers, this is a golden age of targeted ad campaigns that allow companies to pitch their goods and services to people with a high likelihood of interest in such things.

It's no coincidence that if you buy some shampoo online, you'll be bombarded with ads for all types of hair products. If you subscribe to "Field & Stream," it's guaranteed that you'll receive marketing pitches for all manner of outdoor activities.

Meanwhile, 1 of every 14 Americans aged 16 or older was a target or victim of identity theft last year, according to the latest government statistics. Financial losses approached $25 billion.

On Thursday, Target disclosed that hackers broke into its customer database around Black Friday in late November or early December, making off with millions of purchase records.

For cyber-thieves, ID theft is an almost risk-free crime. Only about 2% of perpetrators end up facing a penalty or prison, according to law enforcement authorities.

With odds like that, many bad guys view all those corporate and public databases of consumer information as easy pickings.

Nearly 622 million consumer records have been made vulnerable by more than 4,000 security breaches since 2005, according to the Privacy Rights Clearinghouse, a San Diego advocacy group.

And those are just the breaches we know about. State and federal privacy laws are dodgy when it comes to holding companies accountable for letting sensitive info go astray.

California, for example, has some of the toughest privacy rules in the country. But when it comes to security breaches, businesses are only required to notify consumers if it's "reasonably believed" that their personal info has been "acquired by an unauthorized person."

Who makes that call? The businesses, of course.

  • Pin It

Local & National Video

Local & National Video