Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

What You Don't Know About ID Fraud

New study of real fraud cases debunks myths, theories about identity theft

Identity thieves want to steal as many identities as they can, so they can sell them to other criminals who will immediately use them to defraud users, right?

Wrong, according to a study being released today by ID Analytics Inc., which operates a nationwide network of identity information compiled from multiple resources and industries. The study, which evaluated cases of ID theft and the use of the stolen data, debunks some myths about fraud.

For example, while much hype surrounds large breaches such as TJX, the study found that smaller breaches had a higher misuse rate. Misuse of personal data ranged from one in 200 identities for breaches of fewer than 5,000 individuals to a misuse rate of less than one in 10,000 identities for breaches of more than 100,000 individuals.

In most cases, fraudsters don't store up stolen ID information, but cycle through it quickly, the study says. Fraudsters misuse a breached identity for no more than two weeks before moving onto the next identity, researchers found.

The study found no evidence that fraudsters who misuse breach data were selling the data broadly or distributing it over the Internet. "This finding is significant because one of the greatest potential risks of data breaches is the broad dissemination of personal information to others with criminal intent," ID Analytics says.

You can get a copy of the report by contacting ID Analytics via market[email protected].

— Tim Wilson, Site Editor, Dark Reading

  • ID Analytics Inc.

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
    Robert Lemos, Contributing Writer,  2/20/2020
    Ransomware Damage Hit $11.5B in 2019
    Dark Reading Staff 2/20/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    New Best Practices for Secure App Development
    New Best Practices for Secure App Development
    The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-17274
    PUBLISHED: 2020-02-26
    NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
    CVE-2019-17275
    PUBLISHED: 2020-02-26
    OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
    CVE-2020-3169
    PUBLISHED: 2020-02-26
    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a spe...
    CVE-2020-3170
    PUBLISHED: 2020-02-26
    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could expl...
    CVE-2020-3171
    PUBLISHED: 2020-02-26
    A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input vali...