In California, a two year old law exist requiring all information brokers to notify all California residents when data files have been stolen. Without this law, we believe that information brokers probably would not voluntarily make this information available.
For instance, in the recently publicized "ChoicePoint" case involving hackers gaining access to thousands of records (name, address, social security numbers..), 35,000 Californians were notified under this new law that their personal information had been stolen or otherwise compromised. After this notification, other victims across the country learned of the breach. In another case and on March 9, 2005, Reed Elsevier Group (LexisNexis unit) disclosed that hackers had gained access to 310,000 consumer accounts.
Other Reporting Issues: Do You Really Know How Bad the Problem Is?
Would companies like ChoicePoint and LexisNexis report this information without this California law? Probably not. For example, it has been discovered that back in 2002, a similar incident took place at ChoicePoint (before the California law) and the hacking theft was never reported. Not even to the victims so that they could take precautions. ChoicePoint continues to decline to discuss the 2002 incident. If you are someone you know is a victim of identity or personal information theft and, you have suffered damages because of the theft, you may have legal rights against not only the thief, but also the information service (like ChoicePoint or LexisNexis) for negligence or fraud. The law is relatively new and consistently developing in this area so please feel free to contact us for the latest developments.
Things You Can Do to Protect Yourself
Protect yourself from your own bank. Make sure you have the latest virus, Trojan horse and firewall protection on your computer. In more than one case, bank account numbers and passwords are stolen from victim's home computers by criminals and then used to electronically transfer large amounts of funds out of the U.S. Believe it or not, banks are refusing to replace the funds and are instead presenting the defense that their customers are at fault for not using antivirus software robust enough to detect the virus.
You can avoid this problem by simply using the latest virus and firewall protection and keeping it automatically updated on a daily or weekly basis. So long as you take reasonable steps to protect your information, the banks will be hard pressed to argue that you are the one who should be held responsible for the loss.