The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Target. Home Depot. Michaels. And now, this Sony mess. The year 2014 will certainly be known as the year of the mega-hack, the year personal privacy took its first really big hit, right?
Not so fast. We’ve been down this road before. A trip down memory lane will offer some perspective.
Sure, 2014 began with Target news (the hack was revealed in December 2013, but the story swelled in January and beyond). And 2014 will end with the continuing Sony saga, a plot no screenwriter would dare consider. Hackers have actually managed to derail the release of a major Hollywood movie and embarrass executives by publishing their emails.
In between, the hits kept coming. Albertson’s and SuperValu. Home Depot. Even Dairy Queen. So many breach disclosure notifications. So may Brian Krebs blog entries. So many offers of free credit monitoring. You’d be tempted to add them all up, but that’s an exercise in compounding rounding errors. Suffice to say well more than 100 million U.S. adults were hit by these hacks this year, even when you consider double-counting.
Somewhere in the back of your mind, however, you must be thinking: Haven’t we been here before?
You’d be right. Many times.
In 2007, when TJ Maxx revealed 46 million consumers’ data was stolen. Later, we learned the real number was closer to 100 million. And the criminal in that case, Albert Gonzalez, now serving a 20-year prison sentence, is said to have stolen 170 million account numbers in all.
In 2008, when credit card payment processor Heartland Payment Systems revealed criminals had stolen payment information on an estimated 130 million people.
In 2011, when Sony announced criminals had stolen sensitive information on 77 million customers, primarily through its PlayStation network. Also that year, email giant Epsilon — which powered communications for firms like Citigroup — revealed millions of consumers’ information had been stolen.
So yes, we have been here before.
For those trying to keep score, the folks at the Privacy Rights Clearinghouse, who painstakingly document data hacks, worked with Bloomberg to create a nifty graphic representing big hacks since 2009. By their accounting, thanks in large part to the large but relatively unknown Court Ventures leak, 2003 edges out 2009 as the worst data leak year ever. (NOTE: 2014 isn’t over yet).
But again, perspective. All data leaks are not created equal. Theft of a million email addresses is probably a lot less serious than theft of 10,000 credit reports. So simple tallies aren’t all that useful. Moreover, if 100 million consumers’ credit card numbers were really stolen and used effectively by criminals, either you or your significant other would almost certainly be victims of fraud this year. That’s not true because only a tiny fraction of compromised numbers are ultimately used successfully to steal something. Bank fraud controls, and the simple power of large numbers, dictates that.
So, was 2014 really the worst year ever for personal privacy? Probably not. It’s probably on par with 2009…2011…and for that matter, 2005, when theft of information from data broker ChoicePoint became the first high-profile personal information database hack to really alarm Americans.
The problems dates long before 2005, of course. That’s a significant year for privacy harm news only because it was the first year that California state law required companies that lost consumer data to disclose it publicly. So, like many health issues, observers are left with this question: Are privacy leaks really getting worse, or is the reporting better?
One thing is certain: There will be plenty more to report on in 2015.
Image: iStock
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams