WASHINGTON—Sean McDermott will have to stay on guard for the rest of his life. In March, GMAC Financial Services informed him—and about 200,000 others—that a laptop that might contain his personal and financial history had been stolen from the company. Since then, McDermott, a Tampa, Fla., computer security expert, has had to monitor his credit reports for fraudulent charges.
"There's nothing I can really do other than be vigilant," he said.
Few of the millions of Americans whose personal information has been stolen or lost since January have been targeted for fraud, but all of them will remain vulnerable for the rest of their lives. Savvy criminals are likely to use such personal information—which in the case of Social Security numbers can't be changed—months or years from now, government officials, identity theft experts and a convicted computer hacker agreed.
"When they get a hold of this information, they know the heat is on," said Linda Foley, the co-executive director of the San Diego-based Identity Theft Resource Center. The center reported that 61 instances of personal information breaches at companies so far this year have left 13.5 million Americans' personal information insecure. "If you were a criminal, and you had just stolen someone's Social Security number, would you use it today or use it 90 days from now?"
This year's security lapses at organizations such as GMAC, Citigroup, Bank of America, LexisNexis, Time Warner, Wachovia, Boston College and the University of California-Berkeley have prompted some of the affected people to secure their financial information. But because authorities in many instances haven't determined whether the personal information has landed in the wrong hands, people are unsure when, or if, they'll be victims of fraud.
Companies lost Social Security, driver's license, credit card and bank account numbers. Criminals as far away as Nigeria and China can use those numbers to get credit cards, start businesses and transfer money.
"The reality is we don't know who has the information and what they plan to do with it," Foley said.
Of the data thefts and accidents announced in the last six months, only one—the stolen information of at least 145,000 people from Choicepoint in Alpharetta, Ga.—has led to fraud so far, said Claudia Bourne Farrell, a spokeswoman for the Federal Trade Commission.
In 2004, the FTC received 246,570 identity-theft complaints, up 15 percent from the previous year.
People can take several steps to reduce the risk of identity theft. Potential victims can call one of the three U.S. credit-reporting companies—Equifax, Experian and Transunion—to place 90-day fraud alerts on their accounts. The alert, which can be extended for up to seven years, requires creditors to call customers when credit is requested in their names. The more stringent "security freeze," which is available in California, Texas, Vermont and Louisiana, enables individuals to prevent anyone from accessing their credit files.
These measures, however, can be time-consuming and, in the case of security freezes, can prevent legitimate companies from accessing credit reports.
"There's been a lot of grief and aggravation. A lot of unnecessary stress," said Warren Lambert of San Francisco, whom Choicepoint notified in February that his address and Social Security number may have been stolen. He froze his account last month because he "just got tired of going to my accountant every other day" to go over his financial statements.
"You get scared," he said.
Certain types of people may be more susceptible to fraud than others, said Kevin Mitnick, a hacker who spent several years in jail before becoming an author and security consultant.
"People who have good credit or extended credit would obviously be targeted first," he said in a phone interview from Costa Rica, where he gave a security presentation last week. He said people living in "influential areas" such as Manhattan or Beverly Hills might be targeted because they were thought to be wealthy.
But with such a large supply of names and information to choose from, criminals often pick their victims randomly.
"When it comes to identity theft, you'll almost perpetually have a black cloud over your head," said Jordana Beebe, the communications director for the Privacy Rights Clearinghouse, a nonprofit consumer organization in San Diego. "I don't think there's going to be a point when you're in the clear."
For more information online, go to ftc.gov, identitytheft.org and idtheftcenter.org.
(c) 2005, Knight Ridder/Tribune Information Services.
Need to map