In a recent study by Javelin Research commissioned by Identity Finder, we show results that data breaches within healthcare and retail environments do correlate to identity theft. In plain English, it means that if a criminal is able to steal data from your healthcare provider, pharmacy or any merchant you do business with, that your identity is in jeopardy of fraud and theft.
The study shows that healthcare and retail are two business segments that are most likely sources for consumer identity theft. Here are some eye opening statistics from 2012:
- 4.4 million Americans were both notified that their payment card information was compromised in a data breach and suffered fraud on their existing credit or debit cards.
- 1.26 million Americans were both notified that their Social Security numbers (SSN) were compromised in a data breach and became victims of identity fraud.
- 270 thousand Americans were both notified that their online banking credentials were compromised in a data breach and suffered fraud on their financial accounts, including checking and savings accounts.
- 324 thousand Americans were both notified that their bank account numbers were compromised in a data breach and became victims of fraud incurred against their checking, savings, or other financial accounts.
Identity Finder recommends that businesses in these segments follow some basic steps to minimize chances of a data breach:
- Locate and identify sensitive data. Sensitive data is any data that has value to the organization or can expose them to risk if compromised. Sensitive data should include consumer bank account information, payment card data, SSNs and other types of personally identifiable information (PII), as well as trade secrets.
- Classify sensitive data accordingly. Categorize the information using a naming convention appropriate to the organization. This step can ease efforts to control the access, routing and storage of different types of data.
- Secure data based on risk profile. Deploy security measures commensurate to the risks associated with the loss of respective categories of data.
- Develop policies to mitigate future data management issues. Implement and enforce policies designed to prevent unprotected data from being stored outside of approved locations.
For complete findings and survey methodology, please download the research paper at: www.identityfinder.com/us/Files/JavelinDataRiskPart1.pdf