Forty million jeopardized credit card numbers show that the real consumer right is security, says IDTheftSecurity.com founder
The massive compromise of data at CardSystems Solutions was avoidable, according to Robert Siciliano, a Boston, Mass.-based security expert. The real \"consumer\'s right\" is data security, which legislation must strive to ensure.

/Public Sec. and Government News Articles/ - BOSTON, MA, June 25, 2005 - IDTheftSecurity.com) A compromise of data related to 40 million credit cards last week dwarfs other data breaches reported this year. The CardSystems Solutions security lapse was avoidable, according to Robert Siciliano, a Boston, Mass.-based security expert. Siciliano says public officials exploring ways to respond and stave this year's alarming hemorrhage of personal data need to shift focus away from consumers' privacy. The real "consumer's right" is data security, which legislation must strive to ensure.

"Companies have no incentives, negative or positive, to protect our data," said Robert Siciliano, a nationally televised and quoted authority on personal security and identity theft. "They operate with little mind for security because little punishment befalls them should breaches occur. Public embarrassment, such as what we saw with ChoicePoint, goes only so far to halt the bloodletting."

Siciliano is author of "The Safety Minute: 01" and an upcoming book, "Identity Theft Pandemic: Curing the Identity Theft Virus." He appeared on CNBC's "The Closing Bell" shortly after data breaches at ChoicePoint Inc. highlighted the problem of identity theft earlier this year.

Since the ChoicePoint news surfaced, SearchSecurity.com has quoted Siciliano alongside renowned security technologist Bruce Schneier, CNN's "Wolf Blitzer Reports" has aired a segment interviewing him and other experts, and various publications have turned to Siciliano's commentary.

MasterCard, with 13.9 million cards affected by the CardSolutions breach reported on June 17, posted a press release the same day detailing protections available to customers. A June 20 New York Times article by Eric Dash quoted CardSolutions' chief admitting that the company should not have been keeping the information lost to thieves.

"Reckless industry policies for handling sensitive information have set the stage for a massive security breach like the one at CardSolutions," Siciliano said. "I'm surprised this sort of thing didn't happen sooner. Identity thieves prey on easy targets. Complacency works in their favor. They gravitate to shoddy security and exploit lapses in judgment."

"Consumers enjoy some protections after a theft has occurred," Siciliano added, "but these are small comforts to victims, who must endure hassles unimaginable to the uninitiated."

The results of a Cyber Security Industry Alliance study, reported last week in ComputerWorld and elsewhere, indicated 97 percent of 1,003 of likely voters think identity theft is a "serious problem." Of respondents to the study, 71 percent "said new laws are necessary to protect consumer privacy on the Internet."

"We hear a lot about how identity theft threatens privacy," said Siciliano. "Consumers want privacy, and politicians know this. Yet the charge is a misnomer. Privacy went the way of the dinosaur many years ago."

Last week, just as news organizations began widely reporting the CardSolutions breach, U.S. Senators jockeyed for the public's attention in efforts to advance competing identity theft bills. The same ComputerWorld article reporting last week's research findings quoted members of Congress, such as Sen. Bill Nelson (D-Fla.), warning that identity theft threatens Americans' privacy.

"Politicians and consumer advocates who decry the loss of privacy in the wake of massive identity thefts raise a moot point," Siciliano said. "The issue driving the identity theft debate should be security."

"If politicians want to take action on consumer rights," Siciliano added, "they should pursue legislation speaking to consumers' obvious right to ironclad security that protects personal financial data from those who seek to gain access to it illegally."

Sen. Conrad Burns (R-Mont.) called for required government licensing of all data brokers. A bill proposed by Sen. Charles Schumer (D-NY) and Sen. Nelson looked at recourse such as expanding the Federal Trade Commission to combat rogue, irresponsible data brokers that lose information to thieves.

Other measures would pass a federal law much like California's SB1386, which requires companies and state agencies to inform Californians of any security breach potentially threatening the identities of 500,000 or more people; such a federal law, many insisted, must not supersede tougher state laws.

"Susceptible data calls for the armored vehicle's high-tech counterpart," Siciliano concluded. "These kinds of breaches are becoming commonplace. The industry storing our information is largely unregulated yet must be closely monitored. The situation is unacceptable, but the only way to turn things around is to pay attention and to start handling people's personal financial data in the same way we handle greenbacks."

Press Release Contact Information:

Robert Siciliano
IDTheftSecurity.com
Founder
P.O. Box 15145
Boston, MA
United States 02215
Voice: 888-742-4542
Fax: 877-232-9669
Website: Visit Our Website