I do agree with the article. My family had three in the last six months.

I myself received a letter from THE HOSPITAL I had gone to on a work related injury. Two weeks letter I get a letter stating that my information (both my insurance info with my SSN and my credit card info used to pick up the $9 pain killers perscribed to me) had been compromised. Keep in mind this is a week after the bank contacted me to let me know that my card had been shut off. On top of that, the guy that stole the information started harrassing me (my address and number was in the medical insurance info stolen). I had to close the accounts, get a new social and move to a new state. And all the hospital, insurance and bank could do was send me a bunch of nice little notes that said "Sorry, your info has been stolen. Better luck next time!" The only reason I know where it was compromised was because all three letters came on the same day.

My mother and brother each had one at the same time, but could not determine where the breach had occurred. They use two seperate banks, and never shop at the same time and seldom at the same location. So, there were only a few places, but they couldn't get enough information to determine what to do or not do.

Now after all that, can you believe Comcast refused to install service unless they knew my new SSN?

Richard Fort Worth, Texas:

I've been contacted 3 times since 2002 about "possible" identity theft: TRICARE, Bank of America travel card for govt job, & the VA. I sent a letter to the president, my governor, senators & congressmen telling them how livid I was because each time it was the govt or a company working for the govt that compromised MY information. I also want STIFF penalties for those in whose care my information was with. [I received an appeasement letter from the previous head of the VA.]

I shred and black out information before throwing away mail. Check your credit info with the 3 credit bureaus for free; a different one every 4 months. Nothing will happen to quell this wave of entreprenuerialism ( I made a new word). We have to get better at protecting ourselves. And that includes bugging our elected officials because they are supposed to represent us.

Today I received one of those letters from my bank regarding my debit card. When I called them, with your story and website in front of me, they refused to release the information I need, saying, "The police are still investigating."

What sort of protection do I have? At the very least, I want to stop doing business with whoever had the data breach and I want to tell family and friends not to do business with them, either.

I have an easy solution which seems to be working very well - go delinquent on your credit cards and lose your house to foreclosure...anyone who steals my ID will be really ticketed off at me for wasting their time. So, ID theft is one less thing I now have to worry about.

If a lending institution screws up and ends up giving hundreds or even thousands of dollars to the wrong person (the thief), then I would imagine in a rational world, the lending institution should be responsible for making such a huge mistake.

The banks should try to change the way they do things to make such mistakes less likely in the future.

In the crazy world we live in, we blame the person who was being impersonated, not the bank, for failing to take better steps to verify the true identity of the person asking for the bank's money.

We should ask the banks, "Did you check to see who you were giving all that money to?"

If they say "Yeah, sure. We asked for their name, SSN and mother's maiden name. That should be good enough, right?"

And we should reply, "Haven't you seen all the theft that takes place with that information?! Not good enough, try again!"

Banks must feel they shouldn't have to spend their money to find out if someone is who they say they are.

Blame the victim of the theft for the bank's mistake.

Makes sense to me.

Just think once the crimminal gets your information they can hold it for several years before using it because most of us aren't going to move,change social security numbers, driver's license, etc. So what good does the one year package the companies provide you? Want an eye opener read Stealing Your Life by Frank W Abagnale.

It's a "joke"..do not keep your Social Security card with you at any time. But..do you have a Medicare card? What's the # on it? It's your S. S. # with the letter on it.

Keeping your credit cards 'offline' won't help. These theives don't hack individual accounts. They hack the banks and credit companies. The banks are online, so your data is there, no matter if you access it yourself or not.
The biggest thefts that made the news recently were for companies that had about a dozen store credit cards. Even if you'd never used, or even closed your JCPenny card, the information was there.
I used to only use one card for online. Until I realized that the companies themselves that hold the accounts are the ones being hacked.
We are defenseless- they don't go after active credit card accounts. They are interested in the data the card holding companies have so they can open false accounts elsewhere. We have no recourse, we have no way of protecting it ourselves.

The lack of government intervention in this wide spread epidemic is suspicious....If we're not spending, they are at very least allowing the thieves to spend for us.

I have absolutely no respect for hackers! They shouldnt be given jobs with the govt or any other company. Their hands should be cut off and then told "you like to hack into computers so much, maybe you can find a way to sew your hacked hands off".

A useful-and-very-affordable safeguard: Consumer gets an email for every charge on credit card, or check.

With such-a-program, the consumer is quickly warned (if they monitor their email) when a false charge is made, and can cancel the credit card or account before charges are high.

Do any of your realize that our Government, led by the Bush administration, was bought/sold by/to the credit card companies. (Along with Big Oil/Pharmaceuticals, and any other businesses that had/have the money.)

There is absolutely no compassion with these evil people anymore than there is conservatism.

Has our Government gotten bigger or smaller over the past two terms? Has the value of your home gone up or down during the past two terms? Has the loss of home equity ever happened to you before? What has happened to our balanced budget from 3 terms ago? Why does our
Vice President scowl at the world? Why is it that the only time he looks someone in the eye is when he wants to intimidate? If our Government doesn't care about its people, the people won't care about anyone but themselves, and most assuredly our society will become more violent not less violent. Our society will become paranoid, not calm, and our freedoms will be compromised until the super rich will be above the laws, and everyone else will effectively be turned into slaves.

Finally, if our government is corrpt, Like a parent to the child, our society will be influenced by the behavior, and all of us will come to feel that corruption is the norm for everyone. Who will be the last honest man? It most certainly won't be a Harvard graduate.

I don't understand why consumer should have to give _anything_ up. Why shouldn't disclosure notices be complete and comprehensive? Nearly every one of us is stuck in this ridiculous, leaky system because "instant credit" has been sold to us with the marketing slickness of Satan himself; now, we're stuck cleaning up the mess, paying for "credit protection" and "ID theft prevention" services offered by... wait for it... the credit industry! Does this sound like a protection racket, or what?

One of the problems is that leading fortune companies still protect their (and our) most confidential data with insecure passwords. Anybody can get access to anybodies users profile and with it access to confidential data. Companies need to step up and protect their critical data on the data level with innovative technology. They need make sure that only the intended person can access your social security number or credit card number - not everybody that can guess the right password. View an educational movie, how this can easily accomplished at www.bioLock.us

Many of the state data breach laws forbid entities from giving any specific details about how the breach occurred in their disclosure letters. In fact, the data breach law in Massachusetts forbids including any information at all about the mechanics of the breach. This is to a) prevent copycat attacks on the same entity and b) to avoid compromising law enforcement investigations that often take place when data breaches occur.

Bob - Aren' these businesses responsible for any damage that results from those thefts? In most cases, the companies retain records well after the need for processing payment, the only genuine business interest they have. So, common sense would dictate that they destroy those records and, if a data theft results, they are responisble for any damages, time spent by a consumer fixing credit, calling banks and credit card companies, etc. These companies, especially with "opt out" being impossible these days, don't have our permission to keep these records in the first place.

Likewise, I would assume that the the big credit reporting firms would be respobsible for damages when they suffer a breach or even if they districute incorrect information.

I don't much like lawsuits better than anyone but I think these are situations for which class action and individual suits were designed. Is there something I am missing here? Do these companies get some sort of blanket protection from Congress? Where are the lawyers, here?

Alcatel Network lost employee records and notified us, free trial for credit monitoring,then-NOTHING................I have no idea how compromised I was.
Not surprised, they also cancelled our annunities for Medical Insurance and closed Prescription services THAT WAS PART OF OUR RETIREMENT. Beware of Alcatel is my feeling.

If America does not turn around, it will be a lot more than identify theft...it will be murder.

If we could get laws enacted that made the people that lose our data legally responsible you would see a complete reversal in such thefts

MY FRIEND'S DATA WAS LOST AFTER SOMEONE STOLE A LAPTOP FROM HER STUDENT LOAN COMPANY. sHE WAS TOLD WHAT HAPPENED BUT, HER CREDIT IS STILL RUINED. wHAT GOOD IS IT TO KNOW WHAT HAPPENED IF IT DOESN'T HELP YOUR CREDIT?

this reminds me of one other thing. you know those automatic payment schedules that we sign up for online to pay our bills? NEVER use your checking or any kind of liquid cash account. the theives can steal your money and you may never ever see it again UNLESS you use a credit card to pay the bill. data, safe, in today's age? lmao. those days are over. remember one thing folks. stealing personal data and reselling or using it is a JOB for some of these people, not just something they try or do here and there. it's an occupation. all day they think of ways and share tips with like minded crooks on how to steal. NOTHING will stop them totally. all you can do is take precautions.

These disclosures of breach are required by law. So companies are not doing any type of "customer service" by letting you know. This is also why so few details are revealed, as the law doesn't require many details to be required. EU law on the other hand is quite different. In the US the law favors the data handler (and your data is not yours). In the EU the data is yours and thus more strict laws.

One practical advice folks can follow is:
1. Change your credit number frequently whether or not you have lost it
2. Use one credit card for online and others for offline transactions
3. Refuse (or lie) about information like mother's maiden name or other "password recovery questions". Since if your data is stolen the criminals get this as well which can then allow them to fake your identity in many places.
4. If you are asked for personal details like SSN in a store, etc... just say you forgot it and ask if something else will work. That way there is no confrontation.
5. WHen possible provide your passport instead of your driver's license as evidence of person/identity.
6. Unless you are shopping for a house or something similar, place a credit lock on your credit reports. This forces anyone to get your permission before opening your file. Much better (and cheaper) than a monitoring service.
7. Be a spender of habit. That way you can immediately see charges on credit cards from stores you don't normally go to (ie gas stations).

These disclosures of breach are required by law. So companies are not doing any type of "customer service" by letting you know. This is also why so few details are revealed, as the law doesn't require many details to be required. EU law on the other hand is quite different. In the US the law favors the data handler (and your data is not yours). In the EU the data is yours and thus more strict laws.

One practical advice folks can follow is:
1. Change your credit number frequently whether or not you have lost it
2. Use one credit card for online and others for offline transactions
3. Refuse (or lie) about information like mother's maiden name or other "password recovery questions". Since if your data is stolen the criminals get this as well which can then allow them to fake your identity in many places.
4. If you are asked for personal details like SSN in a store, etc... just say you forgot it and ask if something else will work. That way there is no confrontation.
5. WHen possible provide your passport instead of your driver's license as evidence of person/identity.
6. Unless you are shopping for a house or something similar, place a credit lock on your credit reports. This forces anyone to get your permission before opening your file. Much better (and cheaper) than a monitoring service.
7. Be a spender of habit. That way you can immediately see charges on credit cards from stores you don't normally go to (ie gas stations).

We the people get screwed all the time with these things. I was one of many that had my info lost on one of the goverment's laptops last year, and one of the victims of an insider job at certegy check processors, also last year.What a nightmare to get things safeguarded. As much as that's possible with almost no info given to me. I don't care if someone so much as misfiles my data. I WANT TO KNOW IMMEDIATELY. It's mine. Get off their lazy @sses and and tell me. Is it really that hard??

I totally agreed with this article. I've had two such letters already. One was due to a corporate tax idiot leaving his laptop on the back seat of his car while traveling from London, England to the East Coast of the United States. Of course I wanted to know what my tax data was doing in a laptop and where was the laptop taken. England or USA? It does make a difference and of course I had to pry this information out of the responsible Tax Firm. Then being a veteran you must rememeber the loss of veteran data not long ago. The only way I found out about that loss was through the media.
The US Government has stiff penalties for loss of security information vital to the US. So why do we not have these same stiff penalties for loss of an individuals personal information. So someone was reprimanded for the loss of veterans data and nothing happened with the loss of the laptop. So where is the justice if someone uses the lost data to steal my identity. There isn't any and I'm stuck on my own trying to regain what has been stolen.