Personal data continues to spill out of high-profiles. When will anybody give a dam? (Lousy pun intended.)
The most recently reported spill comes from GE. According to reports, one of the company's employee's laptop was swiped from his hotel room early this month. The system contained personal data of 50,000 GE employees, including their names and Social Security numbers.
GE's response has been pretty typical: Employees have been notified. They don't think their data's been misused. A year of free credit-monitoring has been offered. (2006 has no doubt become a boon year for the credit-monitoring industry. For those of you who haven't noticed, a year of free monitoring has become the de facto consolation prize from companies who have let their customers' or employees' personal data become compromised.)
So it looks like data leaks really are becoming business as usual. Is that a surprise? The fact remains that companies currently have no incentive to take strides in better protecting that kind of data. There've been no reprecussions to speak of, save for a bit if bad press, perhaps. (Well, the Dept. of Veteran Affairs, which suffered some leaks a while back, is taking action by implementing encryption, but that's more for political reasons, one would think.)
Of course, some people might point to a recent survey from Pleasanton, Calif.-based analyst firm Javelin Strategy & Research: "Javelin's research showed that despite recent hype, data breaches were responsible for just 6 percent of all known cases of identity theft, compared to 30 percent from incidents like losing one's wallet," Computerworld reported.
That's all well and good, but it's certainly no reason for companies to rest on their laurels, nor for consumers to breath an easy sigh of relief. Just give cybercriminals more time, and we'll start to see an increase of clever scams using stolen data, like how we saw AT&T leaked data used recently for an intricate phishing ploy.
No, I am not trying to be an alarmist here, but I am advocating that companies start working now on strategies to plug up data leaks. I predict that eventually, a company will be held accountable when its customers and employees fall victim to identity theft, and it will have to pay through the nose.
What do you think? Should companies be doing more to protect user data? Or is it really just an overblown threat?