Language Selection

English French German Italian Portuguese Spanish

Congress urged to boost identity theft safeguards

Filed under
Security

It takes only a few seconds for your financial identity to be stolen, but months to get it back and clean up the credit mess. Aware of consumers' frustration and fear, the government wants Congress to consider more protections.

Lawmakers should look at strengthening laws that govern the way companies store and use sensitive consumer data, the Federal Trade Commission recommended at a Senate hearing Thursday.

The agency's chairwoman, Deborah Platt Majoras, also endorsed the idea of a law requiring companies to tell consumers about a security breach when there is significant risk of identity theft.

California has a law that requires such notification; many other states are considering following suit.

Nearly 10 million people fall victim to identity theft annually, costing consumers $5 billion in out-of-pocket losses and businesses $48 billion, according to the FTC.

The nonprofit Identity Theft Resource Center estimates the average victim spends 600 hours trying to clear up credit problems. The center, based in San Diego, helps people recover from the crime.

Identity theft has become even more alarming for consumers in recent months with disclosures of data losses or possible breaches at CitiFinancial, Time Warner Inc., Wachovia Corp. and Ameritrade Holding Corp.

At the hearing, Majoras announced a settlement with BJ's Wholesale Club in a case the FTC said led to the theft of credit and debit card data involving thousands of customers. The data was used, the agency said, to make millions of dollars in illegal purchases.

BJ's, based in Natick, Mass., will not have to pay a fine. The company agreed to submit to outside security audits for 20 years and tighten protection of customer information.

``This information is like gold. It's as valuable as money these days and it ought to be treated that way,'' said Sen. Charles Schumer, D-N.Y., before the hearing by the Senate Commerce, Science and Transportation Committee.

Schumer and Sen. Bill Nelson, D-Fla., have introduced an identity theft bill that would require notification and higher security standards for personal data, such as encryption. Schumer also said the bill would impose fines on companies of up to $1,000 per customer violated.

Consumers Union, the publisher of Consumer Reports magazine, supports tougher security standards for companies as well as federal and state notification laws.

``What we're hearing from consumers really is a fear that even if they're doing everything right, they can still become a victim,'' said Susanna Montezemolo, a policy analyst with the group.
Experts say banks and other companies can do more.

``Without any question, some of the incidents that have occurred underscore the need for encryption, particularly when you're transmitting information electronically or tapes by delivery,'' said Rick Fischer, who has spent more than 30 years advising banks and other financial institutions on data security and privacy issues.

Associated Press

More in Tux Machines

Linux/FOSS Events

  • The Linux Foundation Announces Session Lineup for ApacheCon(TM) Europe
  • OpenShift Commons Gathering event preview
    We're just two months out from the OpenShift Commons Gathering coming up on November 7, 2016 in Seattle, Washington, co-located with KubeCon and CloudNativeCon. OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. And we're excited to say, the 1.3 GA release of OpenShift Origin, which includes Kubernetes 1.3, is out the door! Hear more about the release from Lead Architect for OpenShift Origin, Clayton Coleman.

Security News

  • Report: Linux security must be upgraded to protect future tech
    The summit was used to expose a number of flaws in Linux's design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it's also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
  • security things in Linux v4.6
    Hector Marco-Gisbert removed a long-standing limitation to mmap ASLR on 32-bit x86, where setting an unlimited stack (e.g. “ulimit -s unlimited“) would turn off mmap ASLR (which provided a way to bypass ASLR when executing setuid processes). Given that ASLR entropy can now be controlled directly (see the v4.5 post), and that the cases where this created an actual problem are very rare, means that if a system sees collisions between unlimited stack and mmap ASLR, they can just adjust the 32-bit ASLR entropy instead.

Raspberry Pi PIXEL and More Improvements

Trainline creates open source platform to help developers deploy apps and environments in AWS