- 1
- 2
- 3
- next
- | single page
E-mail
Print
In the past several months, a parade of household names -- from Polo and Time Warner to MCI and Bank of America -- have been sending out "oops" letters apologizing for leaving laptops around that are chock full of private data or issuing news releases about possible credit-card theft.
In recent weeks, MCI Inc. began informing about 16,500 current and former employees that their personal data, including Social Security numbers, were on a laptop computer stolen from an employee's car. Bank of America Corporation and Wachovia Corporation are in the process of notifying more than 100,000 current and former customers of a breach in which bank employees allegedly sold account information to someone who sold it to collection agencies.
Last month, Polo Ralph Lauren Corporation said it may have been storing customers' credit-card numbers too long, providing an inviting target for thieves. Tufts University recently warned more than 100,000 alumni of unusual activity on a computer server that contained Social Security numbers. The University of California at Berkeley has been informing alumni, students and applicants that their data were in a laptop that was stolen.
So what are some of the institutions that lost data doing for the affected individuals? Most encouraged individuals to call credit-reporting agencies and put fraud alerts on their files. Time Warner Inc. took an additional step. When it announced on May 2 that a contractor lost a computer backup tape containing the data, including many Social Security numbers, of about 600,000 current and former employees, it offered a year of free credit monitoring. That would normally cost $129.95 a person a year.
The wave of announcements comes as an increasing number of legislators want to force companies to tell affected individuals when a data breach is detected. Already, several states, including California, require various degrees of disclosure; Congress is considering bills on the subject.
Time Warner's offer to pay Equifax Inc. to give potential victims a free year of credit monitoring effectively set a benchmark for others with missing data. With credit monitoring, consumers get alerts when something changes on their credit files. That way, they will find out quickly if a thief is trying to redirect their mail or buy a car in their name, for instance.
Credit monitoring can be helpful because it enables people to track whether changes are legitimate or instances of thieves trying to open new accounts.
By Sept. 1, everyone in the United States will be able to order a free annual report from the three big credit-reporting agencies: Equifax, GUS PLC's Experian and TransUnion LLC. Credit reports, while valuable, simply provide a snapshot of your loans and creditworthiness at a particular moment.
To explore how some companies are dealing with potential victims of identity theft and credit-card fraud, we enlisted several Wall Street Journal colleagues who had dealings with organizations that recently disclosed breaches.
Each institution was contacted by the affected staffer, who didn't reveal his or her Journal affiliation.
Time Warner set up a toll-free number for people with questions. When our reporter called in the first days after the company's announcement, the person who answered didn't know how to deal with a former Time Warner employee whose address had changed.
She told him to call Time Warner directly but didn't have its number. When he called the Time Warner switchboard operator, she had no idea where to direct him. Finally, someone in human resources took his address and said he would get a letter within two weeks with a promotion code to use when ordering the free credit monitoring. It never came. He called the 800 number again and finally was able to get the code.
When we talked to a Time Warner spokeswoman about the test, she said, "We take security very seriously and worked overtime to provide accurate resources as quickly as possible."
So far, the company hasn't heard of any reports of thieves attempting to use the data. And we are well aware that it is much easier for a bank employee or postal worker to steal our data than it would be for a person trying to upload Time Warner's backup tape.
According to a 2003 Federal Trade Commission survey, 1.5 percent of participants reported thieves opening new credit accounts or otherwise impersonating them in the previous year. Theft or other misuse of existing credit-card accounts happened to 2.4 percent of respondents.
At Berkeley and Tufts, however, there was theft or unusual computer activity that left Social Security numbers, which are vital to opening credit accounts in someone else's name, vulnerable.
Berkeley and Tufts suggested that we place a fraud alert on our credit accounts. Equifax, Experian and Transunion will do this for free for anyone who thinks thieves have their data. For 90 days after that (or longer if you extend the alert), credit-card application clerks, cell phone-store employees and others should see the alert anytime anyone tries to open an account in your name.
According to Equifax, the number of people asking for alerts has gone up significantly in the past year.
Berkeley and Tufts didn't offer to pay for credit monitoring. At Tufts, where our reporter attended graduate school, it turned out that his Social Security number wasn't among those exposed.
A Tufts spokeswoman says that while it was unlikely that it will pay for credit monitoring in the future, alumni can call 1-800-737-7035 to ask the school to remove their Social Security numbers from its records.
In recent weeks, MCI Inc. began informing about 16,500 current and former employees that their personal data, including Social Security numbers, were on a laptop computer stolen from an employee's car. Bank of America Corporation and Wachovia Corporation are in the process of notifying more than 100,000 current and former customers of a breach in which bank employees allegedly sold account information to someone who sold it to collection agencies.
Last month, Polo Ralph Lauren Corporation said it may have been storing customers' credit-card numbers too long, providing an inviting target for thieves. Tufts University recently warned more than 100,000 alumni of unusual activity on a computer server that contained Social Security numbers. The University of California at Berkeley has been informing alumni, students and applicants that their data were in a laptop that was stolen.
So what are some of the institutions that lost data doing for the affected individuals? Most encouraged individuals to call credit-reporting agencies and put fraud alerts on their files. Time Warner Inc. took an additional step. When it announced on May 2 that a contractor lost a computer backup tape containing the data, including many Social Security numbers, of about 600,000 current and former employees, it offered a year of free credit monitoring. That would normally cost $129.95 a person a year.
The wave of announcements comes as an increasing number of legislators want to force companies to tell affected individuals when a data breach is detected. Already, several states, including California, require various degrees of disclosure; Congress is considering bills on the subject.
Time Warner's offer to pay Equifax Inc. to give potential victims a free year of credit monitoring effectively set a benchmark for others with missing data. With credit monitoring, consumers get alerts when something changes on their credit files. That way, they will find out quickly if a thief is trying to redirect their mail or buy a car in their name, for instance.
Credit monitoring can be helpful because it enables people to track whether changes are legitimate or instances of thieves trying to open new accounts.
By Sept. 1, everyone in the United States will be able to order a free annual report from the three big credit-reporting agencies: Equifax, GUS PLC's Experian and TransUnion LLC. Credit reports, while valuable, simply provide a snapshot of your loans and creditworthiness at a particular moment.
To explore how some companies are dealing with potential victims of identity theft and credit-card fraud, we enlisted several Wall Street Journal colleagues who had dealings with organizations that recently disclosed breaches.
Each institution was contacted by the affected staffer, who didn't reveal his or her Journal affiliation.
Time Warner set up a toll-free number for people with questions. When our reporter called in the first days after the company's announcement, the person who answered didn't know how to deal with a former Time Warner employee whose address had changed.
She told him to call Time Warner directly but didn't have its number. When he called the Time Warner switchboard operator, she had no idea where to direct him. Finally, someone in human resources took his address and said he would get a letter within two weeks with a promotion code to use when ordering the free credit monitoring. It never came. He called the 800 number again and finally was able to get the code.
When we talked to a Time Warner spokeswoman about the test, she said, "We take security very seriously and worked overtime to provide accurate resources as quickly as possible."
So far, the company hasn't heard of any reports of thieves attempting to use the data. And we are well aware that it is much easier for a bank employee or postal worker to steal our data than it would be for a person trying to upload Time Warner's backup tape.
According to a 2003 Federal Trade Commission survey, 1.5 percent of participants reported thieves opening new credit accounts or otherwise impersonating them in the previous year. Theft or other misuse of existing credit-card accounts happened to 2.4 percent of respondents.
At Berkeley and Tufts, however, there was theft or unusual computer activity that left Social Security numbers, which are vital to opening credit accounts in someone else's name, vulnerable.
Berkeley and Tufts suggested that we place a fraud alert on our credit accounts. Equifax, Experian and Transunion will do this for free for anyone who thinks thieves have their data. For 90 days after that (or longer if you extend the alert), credit-card application clerks, cell phone-store employees and others should see the alert anytime anyone tries to open an account in your name.
According to Equifax, the number of people asking for alerts has gone up significantly in the past year.
Berkeley and Tufts didn't offer to pay for credit monitoring. At Tufts, where our reporter attended graduate school, it turned out that his Social Security number wasn't among those exposed.
A Tufts spokeswoman says that while it was unlikely that it will pay for credit monitoring in the future, alumni can call 1-800-737-7035 to ask the school to remove their Social Security numbers from its records.
Digg
Twitter
Facebook
StumbleUpon
