By Joris Evers
Staff Writer, CNET News.com
October 24, 2005 4:00AM PDT
Gretchen Hayes was understandably concerned when she received a letter warning that she could be at risk of identity theft.
A laptop had been stolen from the University of California at Berkeley in March, and stored on it was personal information on 98,369 graduate students or graduate-school applicants, including Hayes.
The breach--which exposed names, dates of birth, addresses and Social Security numbers--was widely reported in the media, and the school created a special Web site to help individuals who found themselves suddenly vulnerable.
In the months since, however, not a single case of stolen identity related to the incident has been reported. The laptop was recovered in September, and police believe that the thief was interested only in the computer, not in the information in its files.
"I have not seen any ramifications," Hayes said. It is always possible that a crime may yet occur or has simply gone unnoticed. But the Berkeley incident underscores the reality of ID theft, which is often portrayed as a scourge in our increasingly digital society. Although headlines create the perception of rampant hackings or corporate blunders, few people whose personal information is exposed are ever victimized.
Widespread media reports have given rise to much misinformation and confusion around the issue. Many people believe that banking or buying online increases the risk, for example, though the chances of fraud are far greater in the brick-and-mortar world.
Just 12 percent of identity fraud cases last year occurred because the victim was active online, while 63 percent happened as the target used traditional channels, according to a survey by Javelin Strategy & Research, which tracks such data.
"Data security has been oversold in the media. The one-to-one ratio between records breached and consumers harmed, implied in much reporting, is off by several orders of magnitude."
"Knowing what we know now, shouldn't we ask more questions about commercial data brokers' operations? We need to go beyond security and inquire into the use of personal information."
"Ignorance threatens to spawn inefficient investments and regulation."
"Congress has failed to act. It's time for D.C. to let our 50 states take the next steps in protecting consumer privacy throughout the country."
"Personal information has value: Information is the currency of our economy. If you use information (and who doesn't?), you have an obligation to protect it. All should pay attention."