In many situations, we have little control over how our personal information is used, and who can gain access to that information. Our identifying information is stored in dozens of databases with government agencies, doctors' offices, creditors, banks, lenders, schools and more. Providing personal information like a Social Security number is a precondition of obtaining any number of services. So, even though we feel like we shouldn't be giving this information out, we often have no choice.
TUTORIAL: Investing 101
As a result, we're vulnerable to identity theft from numerous access points that we have no ability to protect. You can be extremely careful with your data in your everyday life, with a locked mailbox, shredder and secure home network, and still become a victim. Here are some of the people who may be at fault if your identity has been stolen, despite your best efforts. (For related reading on identity theft, see Identity Theft: How To Avoid It.)
Companies and Their Employees
Sometimes companies don't properly store, encrypt or password-protect their customers' sensitive data. Other times, they don't properly dispose of electronic files and physical documents. Even companies with the best policies can have careless or malicious employees who compromise their security. Identity theft can even occur at an employee's own workplace, when a coworker takes advantage of easy access to information, or even a personal relationship to steal an identity.
In 2007, identity thieves stole 46 million credit and debit card numbers from a T.J. Maxx and Marshall's database. More recently, there was the theft of 77 million Sony PlayStation users' information. In the first quarter of 2011, hacking accounted for more than one-third of security breaches. Data breaches, like these, are common enough that you've probably already been affected by at least one of them. Most states have laws that require attacked companies to notify affected consumers.
Through methods such as phishing and impersonation, scammers try to get people to voluntarily hand over their sensitive personal information. We've all received emails, or phone calls, that pretend to originate from a financial institution, and ask us to "verify" our data. Sometimes these scams try to create a sense of urgency, which fools people into acting before they think, by stating that there's been a security breach that requires immediate action. Scammers will even go after job seekers and email them fake job offers, in the hope that they will respond by filling out a false employment document that asks for a great deal of background information.
If someone opens your mailbox and removes a credit card statement, they'll have quite a bit of your personal information. If a thief steals the laptop of an employee who manages sensitive customer data, they'll have a field day with all the facts they gain. If someone breaks into your house, they might take all the information they need to steal the identities of everyone in your household.
What's more, information can be stolen and not used inappropriately for months or years. So, even if you are aware of a theft, problems might not crop up until you've forgotten about the initial breach. Once your information has been stolen and used, you can clean up the initial problem only to encounter additional problems in the future. (For related reading, see Pros And Cons Of Credit Monitoring Services.)
Friends and Relatives
Sadly, many cases of identity theft trace back to someone the victim knows personally. Assuming you figure out who was responsible, the good news is that you've identified the thief, and may be able to find out exactly what they've done with your information. The bad news is that handling the situation can be tricky since it involves close personal relationships. Many people won't want to press charges against a friend or family member for emotional reasons, and because of the reality of continuing to see and interact with this person on a regular basis. Also, creditors will sometimes take advantage of a victim's relationship with an identity thief to try to get the victim to pay, even though legitimate identity theft victims are not responsible for paying fraudulent charges.
Can You Sue?
A June 2011 MSNBC article by Bob Sullivan reported that 14 states don't recognize identity theft victims as such, which makes it difficult to sue an identity thief for damages in civil court. Even if the criminal is caught, and serves time in prison, that doesn't make up for the time and money victims spend trying to clean up the mess. Some states, including California and North Carolina, do make it possible to sue identity thieves. In any event, you'll need to be able to prove damages, and file your lawsuit before any applicable statute of limitations runs out.
The Bottom Line
Identity theft is a scary problem, because you only have so much control over preventing this crime, and it can be expensive, frustrating and time consuming to deal with the fallout of an attack. Most people do take precautions to safeguard their data, but sometimes it isn't enough. Even if you are careless or make a mistake in handling your personal information, however, the blame for identity theft always rests with the thief - not with the victim. (For related reading, see Identity Theft Checklist.)