Identity Theft & Data Security in the 21st Century - Overview

Posted on October 15, 2018

Author: Mark A. Denlinger

Originally published in October 2018

Copyright © 2018 Knox McLaughlin Gornall & Sennett, P.C.

What Is Identity Theft?

A crime where a person obtains key pieces of your personal identifying information (“PII”) without your permission, consent or knowledge and uses your PII for their own personal gain. Key pieces of information typically include:

  • Social Security number
  • Account numbers/Passwords
  • Credit Cards/Debits Cards
  • Driver’s license number/information

Identity theft is a crime by itself, but also may lead to related crimes such as:

  • Check or wire fraud, or credit card fraud
  • Financial identity theft: File false tax returns and claim refunds, etc.; Steal/withdraw funds from bank accounts, retirement accounts, etc.; or Mortgage fraud
  • Criminal identity theft: Commit crimes (speeding tickets, parking violations, etc.) under your PII registrations
  • Governmental identity theft: False or fraudulent medical records and medical claims under your PII; or Apply for government-issued licenses or registrations using your PII.

Costs and expenses for handling identity theft claims easily exceed millions of dollars every year. If we include the costs and expenses that companies, industries, government, etc. spend on implementing preventive safeguards and protections to avoid data breaches and/or to respond to data breaches, then we are looking at billions annually.

  • Average cost of a large-scale breach - $7-10 million
  • Average of $200 - $300 per compromised record

Kids and Young People (i.e., high school and college students) are growing segment of victims of Identity Theft. While many kids do not have any or significant bank accounts, they do have “clean slates” of credit upon which a thief can use and abuse. Thieves can create new identities with a mix of a child’s information and fictitious information. Very often the child’s ID may be victimized by family members or friends.

How Does Identity Theft Occur?

Stolen wallet or purse, which may contain:

  • Driver license
  • Credit cards/debit cards
  • Bank accounts, checks, withdrawal slips
  • Health insurance cards
  • Loyalty or frequent flyer cards

Steal mail from mailbox or packages from doorstep:

  • Banking or credit card offers
  • New checks
  • Tax information

Complete “change of address” forms to divert your mail.

Rummage through trash of home or business (“dumpster diving”).

Pose as business or landlord to request sensitive information.

Computer virus, including ransomware, etc., and “Phishing” and social engineering:

  • Links to fraudulent websites
  • Email
  • Phone calls

Social Networking accounts & public information on Internet.

Purchase and acquire information from “inside sources” or hack and retrieve information from third parties.

Typical Warning Signs of Identity Theft

  • Mistakes on accounts or on your Explanation of Medical benefits
  • Regular bills go missing
  • Calls from debt collectors for debts that are not yours
  • Notices from the IRS
  • Calls or mail about accounts in your minor child’s name

New, Expanded Threats - "Alexa, What Does IoT Mean?"

“IoT” – “Internet of Things”

Network of connectivity of physical devices, vehicles, home appliances, and other items embedded with electronics, software, and sensors which enables these things to connect and exchange data. Such connectivity creates opportunities for more direct integration of the physical world into computer-based systems, and (arguably) results in efficiency improvements and economic benefits. It is not just the “Internet” of computers, phones or servers – it extends to daily tasks and services (i.e., “Internet of Things”).

Growth of Applications of IoT Devices and Technology

Commercial applications – medical/healthcare and transportation:

  • Mobile devices collecting and sharing medical information, including Fitbits or electronic wristbands, blood pressure monitors, pacemakers, advanced hearing aids, etc.
  • Living space monitors (i.e., dust levels, ventilation, etc.)
  • Integrated communication and control between vehicles, drivers and transportation systems, including EzPASS, smart traffic controls, vehicle controls, smart parking, auto speed limit signs, etc.

Industrial applications – manufacturing and agriculture:

  • Integration of various manufacturing devices allows for greater management of manufacturing equipment, asset management, and manufacturing process control, as well as optimized supply chain networks (Digital control systems, statistical evaluation of goods production and consumer purchases, plant optimization, predictive technology on longevity and maintenance of equipment, etc.)
  • Farming applications that collect data on temperatures, rainfall, humidity, wind speed and soil content

Metropolitan/Infrastructure applications – energy management, environmental monitoring, etc.

  • Use of energy-consuming devices integrated with Internet connectivity to optimize energy consumption and balance power usage – e.g., remote powered heating and cooling systems, changing and adjusting lighting conditions, monitor electronic transformers to electric grids, etc.
  • Large scale deployments in cities or regions to manage community services or systems, improve transportation, reduce noise pollution, improve air and water quality, security services, etc. – e.g., Songdo, South Korea is a fully equipped and wired “smart city” with much of city and businesses wired together/automated
  • Use of sensors to monitor air or water quality, atmospheric or soil conditions, as well as movement and migration of wildlife, as well as tsunami or earthquake early-warning systems can assist emergency services organizations

Consumer applications – “smart” homes, elder/disabled care, children’s toys, and entertainment/hospitality:

  • Personal assistants (Amazon Alexa, Amazon Echo, Google Home, Apple HomePod, Apple Siri, Microsoft Cortana, etc.), wearable technology, security systems, thermostats, connected appliances, etc.
  • Ability to provide assistance to those with disabilities and elderly individuals – e.g., voice control devices, “smart beds” to monitor movement and avoids falls, etc.
  • Voice-activated toys or tablets, along with apps, that collect data on children (Specific issue with protection of children and the ability to grant “consent” by a minor child).
  • Key cards to hotel rooms, fingerprint scanners to Disney World/Disneyland, etc.

With Greater Connectivity and Integration of IoT, the Risks of Privacy and Data Breaches and Identity Theft Also Increase

  • No uniform technical standards exist for interplay of all IoT devices, and there are inconsistent approaches on permissions, consents and autonomy and control in IoT devices
  • No ability or limited ability to encrypt data or protect the storage of data on IoT devices
  • Obsolescence and degradation of IoT devices with no upgrades or security patches, etc., and thus leaving devices vulnerable to breaches or attacks.

In the next article, we will discuss tips to reduce your risk and prevent identity theft.

Author: Mark A. Denlinger

Originally published in October 2018

Copyright © 2018 Knox McLaughlin Gornall & Sennett, P.C.