Companies that manage large customer databases often don’t have to look far for the perpetrators of identity theft. They only have to look as far as their own payroll. But they may want to look harder given that a company called ID Analytics found in their research that identities from internal theft are 24 times more likely to be misused than other identities.
ID Analytics is a provider of on-demand identity intelligence that four of the five largest wireless operators employ. An internal data theft study the company conducted recently provides analysis of the criminal behavior patterns associated with the misuse of identities stolen from the workplace by employees. It also examines the harm resulting from an internal versus external data breach.
Intentional data theft and unintentional data loss by authorized employees continue to be the most common sources of data breaches, despite company’s efforts to secure confidential customer and employee information, according to ID Analytics' study, Analysis of Internal Data Theft.
By examining more than a dozen incidents of internal data theft involving more than 5 million identities from consumer and employee files across several sectors, the company found that eight of the incidents ultimately led to more than 1,300 cases of attempted fraud targeting bank card, retail card and wireless providers.
The company used its Advanced Analytics network to identify suspicious or anomalous activity and uncovered associations between transactions and patterns of criminal behavior after data theft had taken place. For instance, it found that data leaks from mishandling data resulted in organized misuse of identities in only 3 percent of cases while targeted employees data theft led to trouble 36 percent of the time.
It also found that misuse of stolen identities occurred in remarkably close proximity to the site of the internal data theft, within 20 miles of the source. It is safe to say these thieves do not belong to any international identity theft organization.
Whereas identity thieves were going after credit cards in the past, their new favorite target is the cell phone. Of 1,300 cases of attempted fraud it identified, 69 percent targeted the wireless industry. In five of the eight internal data breach cases, 80 percent of the fraudulent activity using the identities occurred online.
“They are attacking wireless phones because the value of the handset has gone up substantially,” said Mike Cook, co-founder and COO of ID Analytics.
So ID Analytics works with companies to assess the level of risk to applications for service and provides the service provider with an ID score. “We take a massive amount of information about consumers and store it in an encrypted format and all we return are the identities and scores about identities,” Cook said.
The targeting of cell phones is likely to get worse, he said. “If the information stored in the phone is accessible, the value of that information could be of even more value than the handset.”
Cook’s company says its network provides the nation's only real-time, cross-industry compilation of identity information. The ID Network comprises billions of identity elements — including names, addresses, social security numbers, phone numbers and data from more than 2 million cases of reported fraud. The sensitive customer data is provided to ID Analytics by organizations looking to preventing identity fraud.
