Identity theft victims face months of hassle
SAN FRANCISCO (AP) — As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer's free credit monitoring offer so he would be notified if someone used his identity to commit fraud.
Someone did. The first monitoring report showed crooks opened accounts in his name at Macy's and Kohl's department stores, where they racked up more than $7,000 in charges. "My heart basically sank," he said. Over the next seven months the New York City resident spent hours on the phone, most of a day in a police station filing a report, and countless time sending documents to banks and credit reporting agencies to clear his credit history.
He's hardly alone. The Target hack during last year's Black Friday shopping weekend was just one in a wave of data breaches that have exposed more than 100 million customer records at U.S. retailers, banks and Internet companies. The latest high-profile hack, at Sony Pictures Entertainment, resulted in Social Security numbers and other personal details of nearly 50,000 current and former Sony employees and film actors being stolen and posted online for anyone to see. While cases are difficult to trace, analysts at Javelin Strategy & Research estimate that one in three Americans affected by a data breach ultimately became the victim of fraud last year — up from one in nine in 2010.
Although banks often absorb bogus charges, it's up to victims to clean up their credit histories and recover stolen funds. On top of lost time, money and emotional energy, victims face the frustration of rarely seeing anyone pay for the crimes. Identity theft cases are rarely prosecuted, said Avivah Litan, an analyst who studies fraud and identity theft for the research firm Gartner. Local police have limited resources, and criminals are often overseas, "so unless it's part of a bigger pattern, they're not going to spend much time pursuing it." Kim said a police detective who took his complaint later told him the accounts were opened by someone in California, but Kim never heard any more about the investigation.
In the past year, Target and other major retailers have said they're increasing security. President Obama has urged banks and stores to speed up adoption of "chip-and-pin" payment cards, which are harder to hack. But reports of data breaches continue. And as Federal Trade Commission member Terrell McSweeney said recently, "Disturbingly, the news has seemed to desensitize many people to the real risks created each time an event occurs."
Kim can't be certain Target was the source of the fraud he experienced, he acknowledged. Experts say crooks often steal or buy consumer information from more than one source, and use it to compile a complete dossier on potential victims. That's likely the way hackers last year impersonated the rich and famous to get credit reports on Paris Hilton, Michelle Obama and even General Keith Alexander, then-head of the National Security Agency.
Alexander told a public forum this fall that when he tried to file his taxes, he learned someone else had already claimed a $9,000 refund in his name. Fraudsters also used his identity to apply for about 20 credit cards. The FBI eventually caught a suspect, he said; the FBI declined comment.