Study: ID Theft from Data Breaches Rare
Detailed analysis of four separate data breaches involving a half-million identities indicates that misuse of the information could be lower than what some may expect. Identity risk management firm ID Analytics announced the results of the findings on Thursday.
Research suggests the level of the breach and how the data was lost contribute to the risk factor. For example, the firm separated the incidents into two categories, "identity-level," where names and social security numbers were stolen, and "account-level," where account numbers were stolen, occasionally tied to accountholders.
The study found that identity-level breaches pose the greatest risk. However, even here less than 1 in 1,000 identities were used for fraudulent purposes.
Fraud experts with the firm surmised that the reason for the low rate of misuse is likely due to the amount of time it takes to actually commit identity theft. Credit applications take an average of five minutes to fill out, and in order to fully utilize a file with one million identities it could take a half-century to do so, researchers say.
ID Analytics also suggested that notification of breaches seemed to slow use of that data for the purposes of identity theft. In any case, the firm says the study will help companies figure out how to best deal with the problem, and who is most at risk.
"The risk to consumers and businesses varies considerably based on the type and scope of the data breach, which is why we think assessing the degree of risk for a given breach is critical to determining the best next steps," said Mike Cook, ID Analytics' co-founder and vice president of product.
"The good news is not only that we have technology that can measure the risk of a breach, but that we can actually distinguish which sets of breached data are actively being used to commit fraud."