Study Tackles Employees' Criminal Misuse Of Stolen Identities

• Aug 01, 2008

ID Analytics Inc. recently released the results of its internal data theft study which provides an analysis of the criminal behavior patterns associated with the misuse of identities stolen from the workplace by employees. The study's findings also provide a better understanding of the harm resulting from an internal versus external data breach.

Organizations routinely invest significant resources to ensure the security of confidential customer and employee information such as home address, Social Security number, and date of birth. In addition to perimeter security, common internal security measures include employee education programs, data access monitoring, and strict policies regarding use of USB ports and portable devices.

However, intentional data theft and unintentional data loss by authorized employees continue to be the most common sources of data breaches. Organizations struggle with the threat of the "human element" -- employees with access to a company's most valuable information. Furthermore, to date, little has been done to study and understand how stolen data is exploited once it leaves an organization.

ID Analytics' study, Analysis of Internal Data Theft, sought to expose how, where and when employees misuse data stolen from the workplace. The research examined more than a dozen incidents of internal data theft involving more than five million identities from consumer and employee files across organizations in the government, education, and commercial sectors.

Of these, eight incidents ultimately led to more than 1,300 cases of attempted fraud targeting bank card, retail card and wireless providers. Using Advanced Analytics to identify suspicious or anomalous activity, the research uncovered associations between transactions and patterns of criminal behavior after data theft had taken place.

Key findings from the study include:

• In the analysis of the eight internal data breaches where harm was found, organized misuse ranged from 3 percent (data leak caused by mishandling data) to 36 percent (targeted employee data theft) of the identities stolen.
• The identities associated with these internal incidents were up to 24 times more likely be misused than the average U.S. consumer identity.
• Misuse of the stolen identities occurred in remarkably close proximity to the site of the internal data theft. Fraudulent activity relating to each incident of internal data theft took place within 20 miles of the source, indicating that the stolen identities had not been sold or distributed on a national level.
• Fraudulent activity reflected a significant increase in attempts to acquire wireless phones. Of the 1,300 cases of attempted fraud, 69 percent targeted the wireless industry.
• Identities involved in internal data theft were misused in similar patterns to those taken via external attacks in terms of period of use and using the Internet to commit fraud. Most of the stolen identities in the study were used very briefly -- over a period of two weeks.
• The internal theft activities also focused mainly on online channels. In five of the eight internal data breach cases, 80 percent of the fraudulent application activity was online.

"In today's data rich environment, organizations continue to struggle with the human element at the heart of data security," said Mike Cook, co-founder and chief operating officer, ID Analytics, Inc. "Companies should be on the alert for what may be the biggest security threat to their customers-employees with access to sensitive customer data. Given the balance between the need to grant employees access to information to complete their job functions and the need to protect sensitive customer data, we encourage companies to implement strategies that increase visibility and reduce the risk of data loss."