Chase breach underscores cost of Congressional inaction on data security – National Consumers League

October 3, 2014

Contact: Ben Klein, National Consumers League, benk@nclnet.org, (202) 835-3323

Washington, DC – News of yet another massive data breach — this time at JPMorgan Chase — underscores the urgent need for data security reforms in Congress, according to the National Consumers League. Affecting 76 million households and 7 million small businesses, the Chase breach comes on the heels of other mega-breaches this year at Home Depot, Jimmy Johns, eBay, and Community Health Services.

“These data breaches are occurring with frightening regularity, and striking some of the country’s biggest companies. It is clear that our cyber security systems are unable to stay one step ahead of these bad guys,” said Sally Greenberg, NCL executive director. “It is time that our elected officials sit down with businesses and law enforcement to develop a comprehensive plan for protecting Americans’ personal information from cyber thieves.”

This summer NCL launched its #DataInsecurity Project to raise awareness about the impact of data breaches on consumer confidence in the marketplace. NCL is calling on Congress to pass a strong national data breach notification law, require businesses that hold consumers’ data to abide by data security standards, and give the Federal Trade Commission and states greater authority to hold companies that fail to protect consumers’ personal information accountable.

“Seventy-six million households at Chase, 56 million cards at Home Depot, 145 million accounts at eBay — enough is enough,” said John Breyault, NCL Vice President of Public Policy, Telecommunications and Fraud  “With each new breach, consumers’ trust in the marketplace is eroded. We must not accept the massive theft of consumers’ personal information as the ‘new normal.’ These breaches should serve as a wake-up call to Congress that we need reform now.”

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

Turning cybersecurity awareness into cybersecurity reform – National Consumers League

Facebook_NCSAM_icon.jpgOctober is National Cyber Security Awareness Month, which is a good time for consumers to take stock of their online safety habits and practices. Great tips and tricks for creating stronger passwords, taking advantage of two-factor authentication and learning to spot phishing scams and other cyber threats abound from organizations like the Federal Trade Commission, Stop. Think. Connect., and NCL’s own Fraud.org.In partnership with the U.S. Department of Homeland Security and the National Cyber Security Alliance, NCL is helping to raise awareness about cybersecurity and give consumers advice on how to protect themselves from hackers and other online scam artists. However, 2014’s NCSAM comes at a unique time. Consumers’ concern about the security of their personal data has rarely been higher. Due in part to massive data breaches at retailers like Target and Home Depot—and, just this week, news regarding JP Morgan Chase—there is a new urgency for action in Washington and in corporate boardrooms to address data security.

While NCSAM is a perfect opportunity to take ownership of your own data, one person cannot protect all of their data by themselves. In today’s connected economy information about consumers is held by hundreds, if not thousands of entities – often without your knowledge. However, a data breach at just one of these companies can expose millions of consumers’ records to fraud.

This summer, NCL organized events in Miami, Los Angeles, and Chicago to raise awareness about the problem of data breaches. Armed with new research from a groundbreaking survey and a report on the consumer impact of data breaches, we met with federal and state law enforcement and consumer protection authorities, local media, and American consumers. What we heard was not surprising: Consumers are fed up with the constant stream of data breaches, which they often feel powerless to stop. They want businesses to do more than just offer up free credit monitoring – they want a way to hold businesses and government accountable when their sensitive data is not protected.

That’s why this October, we’re calling on policymakers in Congress, at the White House and throughout the country to not just be aware of cybersecurity, but to do something about it. Through our #DataInsecurity Project, NCL is working to raise the alarm about the urgent need for data security reforms, including passing a national data breach notification standard, creating meaningful national data security requirements and giving enforcement agencies like the FTC the tools they need to go after hackers and companies that put profits ahead of securing consumers’ data.

As we look towards a new Congress, we at NCL will be redoubling our efforts to make sure our elected leaders don’t sit idly by while hackers profit off our data. Instead, we’ll be making our voice heard in Washington and throughout the country to push for real reforms that start to put a dent in the data security problem.

NCL statement on bank data breach – National Consumers League

August 29, 2014

Contact: Ben Klein, National Consumers League, benk@nclnet.org, (202) 835-3323

Washington, DC-The National Consumers League reacted to the recent news that hackers infiltrated the security systems of the nation’s largest bank, JPMorgan Chase, as well as four additional smaller banks by reiterating the need for major legislative reforms to protect consumer information. This call to action is the mission of NCL’s latest campaign — the #DataInsecurity Project — to raise awareness about the impact of data breaches on consumer confidence in the marketplace.

NCL’s Executive Director, Sally Greenberg, stated “Like the rest of the public, we are just learning that yet another major American institution, this time one of the nation’s largest banks, has reportedly fallen victim to a sophisticated hacking scheme. This underscores the need for comprehensive federal legislation ondata security that includes a) breach notification to consumers whose accounts have been potentially compromised; b) requirements that companies use state of the art data security technologies, c)empowers federal enforcement agencies like the FTC,” NCL is calling for a national consensus to act and we need to agree on a roadmap to getting there. This involves consumers, business, government and law enforcement sitting down and committing to a process.

NCL has hosted meetings in Miami, Los Angeles and Chicago this summer and hopes to hold a similar meeting in Minneapolis to examine the impact of data breaches on consumers and what steps can be taken to address this massive and growing problem. “Consumers are asked to hand over more and more private financial and personal data to big institutions like banks, retail establishments and government.Consumers must be confident that their data receives the best possible protections to ensure that thisinformation is not getting into the wrong hands,” Greenberg said. NCL is calling on Congress, federal agencies, state attorneys general and other regulatory and law enforcement bodies to develop and adopt robust policies to protect the public’s information

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

Chicago Data Breach Victims at Heightened Risk of Identity Theft, New Study Shows – National Consumers League

July 16, 2014

Contact: National Consumers League, Ben Klein, (202) 835-3323, benk@nclnet.org
Carol McKay, (412) 945-3242, carolm@nclnet.org
Javelin Strategy & Research, Danielle Ostrovsky (410) 302-9459,dostrovsky.ctr@javelinstrategy.com
Natalie Bauer, Office of Attorney General Madigan, 312-814-4947,nbauer@atg.state.il.us

Attorney General Madigan and National Consumers League Address Online Security for Illinois Residents

Chicago – New research released today by the National Consumers League (NCL) and Javelin Strategy and Research reveals disturbing trends for Chicago residents who have been affected by data breaches, finding that 72 percent of fraud victims were also victims of data breach, suggesting a strong link between breaches and fraud.

Attorney General Madigan joined representatives from NCL and Javelin Strategy & Research Wednesday at 1871 to discuss the research findings and resources for Illinois residents to protect themselves from identity theft.

“The latest data breaches have served as a wakeup call signaling that government and the private sector need to take serious, meaningful action to curb this growing threat to our financial security,” Madigan said.

Also included in the research were findings that show consumers are losing faith in business to protect their identities and want more government action on fraud prevention measures.

“Data insecurity is leading to real consumer harm and this report confirms consumers are at a loss for where to turn in the face of this national problem,” said NCL’s John Breyault. “As consumers share vast amounts of personal data with businesses, government and other entities, they expect their information to be protected from malicious hackers.”

This event today in Chicago is the third in NCL’s’ #DataInsecurity Project, and follows similar events in Miami and Los Angeles which featured United States Attorney for the Southern District of Florida Wifredo Ferrer, Federal Trade Commission Commissioner Terrell McSweeny and Joanne McNabb, Director of Privacy Education & Policy for the California Office of the Attorney General.

“In this polarized political climate, it’s rare for Americans to express such agreement on any issue,” said Al Pascual, Javelin’s Senior Analyst of Fraud and Security. “But when itcomes to the security of their personally identifiable information, the respondents said with one voice that the government must do more.”

#DataInsecurity Project Findings For Chicago Metropolitan Area Fraud Victims

The National Consumers League recently released new research examining the impact of data breaches and identity fraud on consumer victims in four key regions nationwide, including the Chicago metropolitan area. According to the study, Americans are urgently calling out for government action on the growing threat posed by data breach and identity theft.

The study, conducted in partnership with Javelin Strategy & Research, shows that theimpact of data breaches on consumers is indeed severe: 61 percent of data breach victims who also experienced identity theft reported that the breached information was used to commit the fraud against them. What’s more, nearly half of all fraud victims – 49 percent – do not know where the information used to defraud them was compromised.

The NCL/Javelin study, which includes surveys of fraud victims from Chicago, Los Angeles, Miami and Minneapolis, along with additional Javelin research on national fraud trends, found that consumers are calling for government to take action. A mere 28 percent of victims surveyed said the government’s requirements for protecting healthcare and financial data were “sufficient.”

In Chicago, 43 percent of fraud victims said their data was used to make online purchases and 28 percent said their information was used to make purchases in-person. Among fraud victims in Chicago, 72 percent had previously received a data breachnotification which is higher than reporting by victims in Minneapolis (66 percent), but is comparatively worse than in Los Angeles (82 percent) and Miami (80 percent) where the rates of data breach notification among fraud victims were significantly higher.

According to the new study, the consequences of consumer fraud have a serious ripple effect: fraud victims report losing trust in the businesses where their data was compromised. For example, 59 percent of respondents whose data was breached at a retailer expressed  “significantly decreased” trust in retailers who failed to protect their information. “When consumer trust drops, so do sales,” added Breyault, “This study is only the latest evidence for why the business community should be one of the most vocal advocates for protecting consumer data.”

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visitwww.nclnet.org.

FTC Commissioner Terrell McSweeny speaks at NCL event on data breach, ID theft – National Consumers League

July 8, 2014

Contact: National Consumers League, Ben Klein, (202) 835-3323, benk@nclnet.org
Carol McKay, (412) 945-3242, carolm@nclnet.org
Javelin Strategy & Research, Danielle Ostrovsky 410-302-9459, dostrovsky.ctr@javelinstrategy.com

FTC Commissioner Terrell McSweeny Speaks at National Consumers League Event on Data Breach, Identity Theft

Commissioner McSweeny Joined by Joanne McNabb, Director of Privacy Education & Policy For the California Office of the Attorney General, to Discuss New NCL Research on Data Breach, Identity Theft and Impact on Californians

Los Angeles, CA – Federal Trade Commission Commissioner Terrell McSweeny spoke today at a National Consumers League briefing on data breach and identity theft, where she discussed new research findings about the consumer impact of data breach and fraud.

Commissioner McSweeny was joined in Los Angeles by Joanne McNabb, Director of Privacy Education & Policy for the California Office of the Attorney General, for the second event of the National Consumers League’s #DataInsecurity Project, a cross-country series to raise awareness and push for action on consumer data security.

After a morning press event with several data security experts, the two officials joined NCL Vice President John Breyault to discuss a new study, released by NCL and Javelin Strategy & Research, which revealed disturbing trends for Los Angeles residents who have been affected by data breach and identity fraud. Nearly half of identity fraud victims are unaware where their information was compromised, while 61 percent of those who were also data breach victims reported that the breached information was used to commit fraud. The majority of data breaches affecting fraud victims involved a compromised retailer; fraud victims also reported that their information was used to make unauthorized purchases, either online (31 percent) or in person (39 percent). As a result, Los Angeles identity fraud victims are losing trust in retailers’ ability to keep their personal information secure and prevent it from being used to commit fraud.

“This report shows that fraud victims are calling for a decisive and coordinated response from both governments and the business community,” said Sally Greenberg, NCL executive director. “We thank Commissioner McSweeny and Director McNabb for joining us for this important discussion, and for their continued advocacy on behalf of consumers.”

#DataInsecurity Project Findings on Los Angeles Metropolitan Area Victims

The National Consumers League has released new research examining the impact of data breaches and identity fraud on consumer victims in four key regions nationwide, including the Los Angeles metropolitan area. According to the study, Americans are urgently calling out for government action on the growing threat posed by data breach and identity theft.

The study, conducted in partnership with Javelin Strategy & Research, shows that the impact of data breaches on consumers is indeed severe: 61 percent of data breach victims who also experienced identity theft reported that the breached information was used to commit the fraud against them. What’s more, nearly half of fraud victims — 49 percent — do not know where the information used to defraud them was compromised.

“Data insecurity is leading to real consumer harm, and this report confirms consumers are at a loss for where to turn in the face of this national problem,” said NCL’s Breyault. “As consumers share vast amounts of personal data with businesses, government and other entities, they expect their information to be protected from malicious hackers.”

The NCL/Javelin study, which includes surveys of fraud victims from Los Angeles, Miami, Chicago, and Minneapolis, along with additional Javelin research on national fraud trends, found that consumers are calling for government to take action. A mere 28 percent of victims surveyed said the government’s requirements for protecting healthcare and financial data were “sufficient.”

In Los Angeles, 35 percent of fraud victims said their data was used to make online purchases and 44 percent said their information was used to make purchases in-person. Among fraud victims in Los Angeles, 82 percent had received a notice of data breach previously which corresponds with reporting by victims in Miami (80 percent), but it is significantly higher than in Chicago (72 percent) and Minneapolis (66 percent).

“In this polarized political climate, it’s rare for Americans to express such agreement on any issue,” said Al Pascual, Javelin’s Senior Analyst of Fraud & Security. “But when it comes to the security of their personally identifiable information, the respondents said with one voice that the government must do more.”

According to the new study, the consequences of consumer fraud have a serious ripple effect: fraud victims report losing trust in the businesses where their data was compromised. For example, 59 percent of respondents whose data was breached at a retailer expressed “significantly decreased” trust in retailers who failed to protect their information. “When consumer trust drops, so do sales,” added Breyault, “This study is only the latest evidence for why the business community should be one of the most vocal advocates for protecting consumer data.”

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

New Javelin Strategy & Research/National Consumers League Study: Consumers Losing Trust in Businesses, Expect Government Action on Fraud and Data Breach – National Consumers League

June 30, 2014

National Consumers League #DataInsecurity Cross-Country Tour kicks off today in Miami; slate of national events to feature FTC Commissioner Terrell McSweeny, Florida U.S. Attorney Wifredo Ferrer and other leading experts.

NCL and Javelin to Host Media Teleconference on Study Findings on Tuesday, July 1 at 1:30 PM EDT. RSVP to lpugliese@clsstrategies.com for dial-in details.

Contact: National Consumers League, Ben Klein, (202) 835-3323, benk@nclnet.org
Carol McKay, (412) 945-3242, carolm@nclnet.org
Javelin Strategy & Research,  Danielle Ostrovsky 410-302-9459, dostrovsky.ctr@javelinstrategy.com

 

Washington, DC – Today, the National Consumers League #DataInsecurity Project released a new survey of identity fraud victims which finds that Americans are urgently calling out for government action on the growing threat posed by data breach and identity theft.

The study, conducted in partnership with Javelin Strategy & Research, shows that the consumer impact of data breach is indeed severe: 61 percent of data breach victims surveyed reported that the breached information was used to commit fraud against them. What’s more, nearly half of victims–49 percent–do not know where the information used to defraud them was compromised.

The National Consumers League has launched the #DataInsecurity Project to raise awareness and push for action on consumer data security. NCL kicked off its cross-country series today in Florida, the state that is the source of more ID Theft complaints per capita than any other in the nation, with an event in Miami featuring United States Attorney for the Southern District of Florida Wifredo Ferrer. The next event is July 8 in Los Angeles featuring Federal Trade Commission Commissioner Terrell McSweeny and Joanne McNabb, Director of Privacy Education & Policy for the California Department of Justice, Office of the Attorney General.

“Data insecurity is leading to real consumer harm and this report confirms consumers are at a loss for where to turn in the face of this national problem,” said John Breyault, NCL’s Vice President of Public Policy, Telecommunications and Fraud. “As consumers share vast amounts of personal data with businesses, government and other entities, they expect their information to be protected from malicious hackers.”

The NCL/Javelin study, which includes surveys of fraud victims from Los Angeles, Chicago, Minneapolis and South Florida, along with additional Javelin research on national fraud trends, found that consumers are calling for government to take action. A mere 28 percent of victims surveyed said the government’s requirements for protecting healthcare and financial data were “sufficient.”

“In this polarized political climate, it’s rare for Americans to express such agreement on any issue,” said Al Pascual, Javelin’s Senior Analyst of Fraud & Security. “But when it comes to the security of their personally identifiable information, the respondents said with one voice that the government must do more.”

According to the new study, the consequences of consumer fraud have a serious ripple effect: fraud victims report losing trust in the businesses where their data was compromised. For example, 59 percent of respondents report whose data was breached at a retailer expressed  “significantly decreased” trust in retailers who failed to protect their information. “When consumer trust drops, so do sales,” added Breyault, “This study is only the latest evidence for why the business community should be one of the most vocal advocates for protecting consumer data.”

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

Announcing the #DataInsecurity Project – National Consumers League

Last December, millions of consumers busily rang up more than $600 billion in holiday purchases. Unfortunately, hackers were also having a field day — at consumers’ expense. We learned that lax security procedures combined with an insecure payment mechanism resulted in as many as 110 million shoppers at retail giant Target having their personal information compromised.

Security researcher Brian Krebs, who first broke the story of the Target breach, recently published a startling set of numbers that demonstrates the impact of this one incident. They include:

  • $200 million – The cost to credit unions and community banks for reissuing 21.8 million credit and debit cards;
  • $18-35.70 – The media price range per card stolen from Target and resold on the black market in the months after the breach;
  • 1-3 million – The estimated number of cards stolen in the Target breach that were sold on the black market and successfully used to commit fraud;
  • $53.7 million – The estimated income that hackers generated from the sale of 2 million cards stolen from Target (at a median price of $18-35.70); and
  • $55 million – The size of outgoing Target CEO Gregg Steinhafel’s golden parachute.

Sobering as these numbers are, they represent the fallout from a single data breach, albeit a massive one. In 2013, the Verizon RISK team reported more than 1,300 data breaches. The non-profit Privacy Rights Clearinghouse, which tracks data breaches, reported that more than 257 million records were compromised last year as well. A recent study by the Ponemon Institute found that the average total cost of a data breach in the U.S. is $5.85 million per incident. The probability that a U.S.-based organization will experience a breach of at least 10,000 records in the next 2 years is 18.7 percent, according to the Ponemon study.

By 2020, annual global data production is expected to hit 35 zettabytes, (or 35 trillion gigabytes). This data explosion will power unfathomable changes to consumers’ daily lives. However, the existence of that much data – much of it personal and very valuable to malicious actors – demands stronger security practices. Federal agencies like the FTC are doing yeoman’s work to hold companies to account for lax data security. But the FTC’s authority in this area is in question in the courts, and case-by-case adjudication is unlikely to sufficiently address the larger problem. Organizations like the National Institutes of Standards and Technology have developed voluntary frameworks for cybersecurity, but companies and other entities are not compelled by law to adopt it. Standards bodies like the PCI Security Standards Council have industry backing, but they are sector-specific.

While no one can wave a magic wand and solve the problem of data security, more can and should be done in Congress to give enforcement agencies the tools they need to protect consumer data and prod industry to make data security a top priority.

That is why we are announcing today the launch of the NCL #DataInsecurity Project. We are calling on policymakers in Congress, federal agencies and the states to be champions for data security. For too long, policy inertia has prevented meaningful reform on Capitol Hill and elsewhere that would better protect consumers’ data. There are a number of promising bills currently pending in Congress, but more can and must be done. Pro-consumer steps to enhance data security include:

  • Creating a national data breach notification standard, modeled on strong state protections such as California’s;
  • Requiring businesses that maintain consumers’ personal data to protect that information via specific data security requirements;
  • Giving the Federal Trade Commission and state Attorneys General civil penalty authority to enforce violations of data security requirements;
  • Increasing civil and criminal penalties for malicious hacking;
  • Increasing efforts to enhance cooperation with international partners to bring overseas hackers to justice;
  • Requiring retailers and banks to implement the highest level of security available to protect consumers’ payment data

In an era when vast amounts of data are being collected about them, consumers must have confidence that their information is safe. The Target breach was a wake-up call. We can no longer sit idly by while sophisticated hackers steal with impunity and businesses accept the status quo as just another cost of doing business. The time for reform is now.

Mega-breaches and the importance of the Wyndham decision – National Consumers League

By John Breyault, Vice President of Public Policy, Telecommunications and Fraud

Consumers can be excused for not following the minutiae of U.S. district court decisions, but developments this week in New Jersey marked an important victory for data security. On Monday, Judge Esther Salas allowed a lawsuit brought by the Federal Trade Commission against Wyndham Worldwide Corp. (the parent entity of Days Inn, Howard Johnson’s and Ramada, among other hotel chains) to move forward.

From 2008 to early 2010, hackers breached Wyndham’s computer network, stealing credit and debit card information of approximately 500,000 customers. In 2012, the FTC sued Wyndham for the company’s alleged failure to adequately protect its customers’ information from theft. To date, the FTC has settled more than fifty similar cases resulting from businesses’ failure to put in place reasonable data security measures.  However, in the Wyndham case, the company is challenging the FTC’s authority to regulate corporate data security practices. This is important because the FTC is the only federal regulator charged with holding companies accountable for failure to protect their customers’ data. Had Judge Salas agreed with Wyndham, it would have threatened to eliminate the FTC’s authority to hold companies to account. The importance of Judge Salas’ decision was put in stark relief yesterday when security firm Symantec published its latest Internet Security Threat Report. The report, one of the most comprehensive security assessments in the industry, didn’t mince words when they called 2013 the “Year of the Mega Breach,” when “cybercriminals unleashed the most damaging series of cyberattacks in history.” Headlines from the report include:

  • 91% increase in targeted attacks campaigns in 2013
  • 62% increase in the number of breaches in 2013
  • Over 552 million identities were exposed via breaches in 2013
  • Spear-phishing campaigns saw a 91% rise in 2013
  • 38% of mobile users have experienced mobile cybercrime in past 12 months
  • 8 of the breaches in 2013 exposed more than 10 million identities each
  • 1 in 8 legitimate websites have a critical vulnerability
  • 500% increase in ransomware scams in 2013

The Symantec numbers are just the latest in a string of warnings coming out of the cybersecurity community about the growing threat from hackers. For example, Tuesday also marked the end of Microsoft’s support for the Windows XP operating system, which may still be installed on nearly 28 percent of desktop computers, as well as ATMs and government computer systems. Reports indicate that this could result in a field day for hackers as remaining security vulnerabilities in the operating system are exploited. News about a major vulnerability in the widely used OpenSSL security technology could expose the two-thirds of websites that run it to hackers. And those are just the warning coming out this week! While Monday’s decision in the Wyndham case was encouraging, the issue is far from resolved. Wyndham has stated that it will continue to challenge the FTC’s authority to regulate companies’ data security practices. This means consumers are still in danger of losing the most important data security cop on the beat. Given the constant stream of data security warnings, it’s imperative that uncertainty about the FTC’s ability to regulate data security be addressed. A number of bills currently pending in Congress would do just that. The FTC should also convene a workshop to examine the issue in depth, as NCL and others suggested last month. To be clear, there isn’t just a cybercrime wave going on right now. What consumers and businesses across the country are experiencing is more like a cybercrime tsunami. Policymakers in Washington need to make sure the FTC can continue to respond to this threat before we’re all washed away.

Advocates call for FTC action to address data insecurity – National Consumers League

March 25, 2014

Contact: NCL Communications, Ben Klein, (202) 835-3323, benk@nclnet.org

Washington, DC – A coalition of consumer and privacy organizations today called on the Federal Trade Commission (FTC) to convene a forum examining the ongoing impact of data insecurity on America’s consumers. In a letter to FTC Chairwoman Edith Ramirez, the groups cited the increased consumer awareness of the threat of data breaches and other cybersecurity risks in the wake of data thefts at Target, Michaels, Snapchat, and other businesses.

“The Target breach should serve as a wake-up call that more must be done to address the looming data insecurity disaster,” noted the groups. “This is no longer an issue that can be limited to discussion among cybersecurity experts. It is now a threat to the entire economy.”

Statistics cited by the organizations included:

  • Since 2005, there have been more than 4,000 disclosed data breaches, a rate of more than one per day for nine straight years, according to the Privacy Rights Clearinghouse.
  • According to Javelin Strategy & Research, 13.1 million consumers suffered identity fraud in 2013, the second highest level on record. Total annual identity fraud losses were $18 billion.
  • Since 2004, more than 1.1 billion consumer records have been exposed to unauthorized parties, according to Verizon.

Past FTC workshops have examined pressing data security challenges surrounding the “Internet of Things,” mobile devices, and tax-related identity theft, among other issues. These forums provide an important opportunity for policymakers to convene experts and discuss ongoing consumer protection issues facing the Commission.

Organizations listed on the letter included Consumer Action, Consumer Federation of America, National Consumers League (NCL) and Privacy Rights Clearinghouse.

“The threat to consumers and the economy from data breaches is very real and growing,” said John Breyault, NCL Vice President of Public Policy, Telecommunications and Fraud. “Given the vast amounts of personal information that consumers are being asked to provide, it is imperative that the data be better protected from hackers and other malicious actors. As the nation’s leading consumer protection agency, the FTC is the right organization to lead a national conversation on this issue.”

Read the groups’ letter here.

###

About the National Consumers League 

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Its mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

Target data breach a wake-up call for retailers, policymakers – National Consumers League

92_creditcard.jpgAmericans assume that, when they shop, their personal financial information will be kept private and away from identity thieves. Unfortunately, that is not always the case, as evidenced by the more than 4,000 data breaches that have been reported since 2005 — an average of more than one a day over the last nine years. The latest headline-making breach involving the mega retailer Target is making many of us wonder just how safe our data is.

After data breaches occur, the burden for monitoring credit cards and recovering lost funds typically falls squarely on the affected consumers’ shoulders. This can cost the consumer significant time and money. If you think your personal information may have been stolen by cyber thieves in the Target data breach or any other data breach make sure you follow these tips:

  • Check credit card statements and your bank account every day to see if there are any unfamiliar charges. If you see any suspicious activity, report it to your bank immediately.
  • Monitor your credit report. It is a good habit to check your credit report at least once a year. If you think your personal information may have been compromised, check it sooner. Consumers can obtain one free credit report per year from each of the three credit reporting agencies via annualcreditreport.com.
  • Stay vigilant. Fraudsters may wait months to use your personal information.

Consumer advocates hope that the scale of the Target data breach will serve as the impetus for much needed data security reform. The time for change is now!

Although consumers’ financial information will never be 100 percent secure, there are things that can be done. Retailers can use advanced encryption technology and more secure firewalls. Credit card companies can encourage the use of “Chip and PIN” technology in their credit cards. Our politicians can pass legislation establishing a national data breach notification standard and urge the Obama Administration to explore incentives and penalties to encourage private sector businesses to better protect consumer data. These changes will not happen without pressure from consumers.

Target has provided a “responses and resources” page for consumers affected by the breach. Click here for more information. The FTC also has information for consumer online here.