Feds Lag On ID Theft Notification

Laws Needed To Notify Consumers When Identity Compromised

(AP)  The names and bank account details of up to 40 million credit-card holders have been exposed to fraud. Too bad the only way that information reached the public was largely thanks to California.

That's right, the rest of the nation has been made aware of serious identity breaches because California forces companies to notify consumers when such theft happens. The federal government, in the meantime, hasn't done anything to require the same.

Even though other states are following its California's lead, Congress can't afford to drag its feet on this national issue anymore. The reason is simple: Consumers have the right to know when their private information has been compromised.

"At this point, so many people are affected by identity theft that there is increasing pressure on federal legislators to do something that will go well beyond just holding hearings," said Susanna Montezemolo, a policy analyst at Consumers Union, which promotes consumers' interests through its policy initiatives as well as being publisher of Consumer Reports magazine.

The figures on this issue are stunning. Nearly 10 million people fall victim to identity theft each year, costing consumers $5 billion in out-of-pocket losses and businesses $48 billion, according to the Federal Trade Commission.

More than just money is lost. The Identity Theft Resource Center, a non-profit group based in San Diego, estimates the average victim spends about 600 hours trying to clear up credit problems.

The biggest data breach so far came last week with news that 40 million accounts were exposed to possible fraud. While the compromised data did not include addresses or Social Security numbers, the information that may have been viewed could be used to steal funds.

This mess was traced to Atlanta-based CardSystems Solutions Inc., which processes credit card and other payments for banks and merchants. CardSystems, according to MasterCard International Inc. which publicized the breach, inappropriately held on to card data for research purposes rather than deleting it. Forty million accounts were exposed, and records pertaining to at least 200,000 were known to have been stolen, primarily MasterCard and Visa cards.

Earlier this month, Citigroup Inc. said UPS lost computer tapes with sensitive information from 3.9 million customers of CitiFinancial, which provides loans.

ChoicePoint Inc. said in February that thieves using stolen identities created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people. This spring, LexisNexis Inc. disclosed that hackers had commandeered a database and gained access to the personal files of as many as 310,000 people.