Missing Data on 650,000 Credit Card Holders?

Beware of consumer fraud and identity theft. These days there's so much information that consumers and businesses have a joint responsibility to safeguard information.

If you have a credit card for Penney, you should probably cancel it right now. Recent new from Associated Press mentioned that personal information on about 650,000 customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. GE Money, which handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people.

The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage company, and was never checked out but can't be found either, said Richard C. Jones, a spokesman for GE Money, part of General Electric Capital Corp.

Penney said it had been told of the situation and referred further inquiries to GE Money.

Jones declined to identify the other retailers whose customers' information is missing but said "it includes many of the large retail organizations."

Jones said GE Money was paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape.

Incidents like this add to consumer concern about fraud. The Identity Theft Resource Center says there was a six-fold increase last year in the number of records reported compromised in the United States — to 125 million.

Data breaches can stem from hacking, as well as the physical loss or theft of computers of data storage equipment.

TJX Cos., owner of the T.J. Maxx and Marshalls retail chains, reported last year that tens of millions of credit and debit card owners were exposed to fraud when hackers stole data while it was being transmitted wirelessly.

It took GE Money two months to reconstruct the missing tape and identify the people whose information was lost. Since December, the company has been notifying consumers in batches of several thousand and telling them to phone a call center set up to deal with the breach. The notification is expected to be completed next week.

"I think the average consumer has thrown away that GE Money letter because they don't know it's about J.C. Penney," Rich said. "Not everybody opens junk mail."

Value Company Data- Costs Of Data Breaches Rising

In this age of information, the value of data and intellectual property is very high indeed. It is key for any company to protect not only business trade secrets but customer records as well.

According to Ponemon Institute reports the episodes of data breaches are costing an average of US$197 per lost or stolen customer record during 2007. This is a huge financial impact for any business.

A PC world article notes that organizations that experience data breaches are paying more than ever to recover from the incidents and retain customers once the events become public knowledge, according to a new research report.

Based on their interviews with different organizations, the average total cost of the breaches rose to $6.3 million in 2007, compared to an average of $4.8 million in 2006 with the average number of records exposed in the breaches Ponemon studied was roughly 20,000 per incident, although among those organizations surveyed the incidents ranged from as few as 4,000 records to more than 125,000 records.

What do you lose in a data breach?

• Not only do you lose the actual records, you also incur estimated cost of lost business and so-called customer churn that results from notification of the data breach episodes.
• Your company loses stability. You end up providing customer support and credit monitoring services to affected individuals, along with budgets allocated for advertising and marketing efforts aimed at repairing companies' public images.
  

However the article does end on a positive note for businesses (although not necessarily for clients). Despite the fact that the cost of responding to a data breach has risen consistently over the three years that Ponemon has studied the phenomenon, the expert believes that in time the price of losing customer data will eventually fall.

The researcher said that the sheer volume of incidents will drive customers to become desensitized to the events, resulting in lowered remediation costs and business churn.

"People are already finding that it is hard to trace an incident of ID theft to a specific breach, and with the growing number of notifications they receive, they won't care as much about the problem," Ponemon said. "There seems to be a herd mentality emerging among customers that applies to the law of large numbers; if people feel they are in a pool of millions of others who have had their records stolen or lost, their thinking is that the probability of being victimized isn't as strong."

Data security is key for any business strategy. It is worthwhile to invest time, money and effort to make sure that your clients feel safe and secure doing business with you. In this age of information, the value of this data rises in proportion to the profit businesses expect from clients.