Time to take control of our identities

As predictable that night follows day you can be sure that identity fraud is not going to go away and the latest data breach involving Sony PlayStation is a clear sign that fraudsters are as inventive and industrious as ever.

Attacking Sony’s PlayStation Network, fraudsters are estimated to have obtained sensitive personal and financial data of over 70 million customers worldwide including three million users in the UK. The data loss ranks as one of the biggest data losses to affect individuals and exceeds the loss by HMRC of all Child Benefit records affecting 25 million individuals and 7.25 million UK families in November 2007.

What makes this data breach potentially so serious, however, is the amount of data that has been stolen. Sony’s blog http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593 that first reported the data breach says the name, address, country, e-mail addresses, date of birth, as well as password and login details of its PlayStation Network and Qriocity service user accounts have been obtained.

Furthermore, it is possible that credit card information may also have been stolen. Experts have described the security breach as a “nightmare” scenario, which could leave millions of PlayStation users open to identity and credit card fraud.

What this data breach tells us is that consumers cannot guarantee that their personal data will not be stolen. And because of this consumers must consider and treat their identity as a valuable commodity. This will require a significant, but necessary shift in attitude for many people who hitherto have consciously decided to stick their ‘heads in the sand’ and hope identity fraud won’t happen to them.

Undeniably few sensible people would leave the key in their car’s ignition, carry thousands of pounds on their person or leave their front door unlocked, but neglecting to manage our identities is akin to financial negligence. This latest data breach is a clear warning that we all have to proactively engage in detecting identity fraud through monitoring our credit reports, interrogating our bank statements, and being careful about the disclosure of sensitive and personal information either online and to any unsolicited e-mails and phone calls.

In the UK, according to the Information Commissioner’s Office there were 603 self-reported data breaches – where information has been disclosed or lost – between 6 April 2010 and 22 March 2011 (source: CRN 27 April, 2011); clear evidence that we cannot guarantee our identities will not be stolen or compromised by events outside our direct control.

If you are one of those affected by the data breach one of the first actions you should take is to change your passwords and usernames if you are in the habit of using the same access details for different online accounts – access to one could mean access to all and open up a whole host of problems.

Beyond this immediate action, the proactive management of people’s identities has to become a priority to ensure our exposure to events such as this is limited and properly managed.