Identity theft victims face lots of hassle

Associated Press

SAN FRANCISCO

As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer’s free credit monitoring offer so he would be notified if someone used his identity to commit fraud.

Someone did. The first monitoring report showed crooks opened accounts in his name at Macy’s and Kohl’s department stores, where they racked up more than $7,000 in charges. “My heart basically sank,” he said. Over the next seven months, the New York City resident spent hours on the phone, most of a day in a police station filing a report, and countless time sending documents to banks and credit reporting agencies to clear his credit history.

He’s hardly alone. The Target hack during last year’s Black Friday shopping weekend was just one in a wave of data breaches that have exposed more than 100 million customer records at U.S. retailers, banks and Internet companies. The latest high-profile hack, at Sony Pictures Entertainment, resulted in Social Security numbers and other personal details of nearly 50,000 current and former Sony employees and film actors being stolen and posted online for anyone to see. While cases are difficult to trace, analysts at Javelin Strategy & Research estimate that one in three Americans affected by a data breach ultimately became the victim of fraud last year — up from one in nine in 2010.

Although banks often absorb bogus charges, it’s up to victims to clean up their credit histories and recover stolen funds. On top of lost time, money and emotional energy, victims face the frustration of rarely seeing anyone pay for the crimes. Identity-theft cases are rarely prosecuted, said Avivah Litan, an analyst who studies fraud and identity theft for the research firm Gartner. Local police have limited resources, and criminals are often overseas, “so unless it’s part of a bigger pattern, they’re not going to spend much time pursuing it.” Kim said a police detective who took his complaint later told him the accounts were opened by someone in California, but Kim never heard any more about the investigation.

In the past year, Target and other major retailers have said they’re increasing security. President Barack Obama has urged banks and stores to speed up adoption of “chip-and-pin” payment cards, which are harder to hack. But reports of data breaches continue. And as Federal Trade Commission member Terrell McSweeney said recently, “Disturbingly, the news has seemed to desensitize many people to the real risks created each time an event occurs.”

Kim can’t be certain Target was the source of the fraud he experienced, he acknowledged. Experts say crooks often steal or buy consumer information from more than one source, and use it to compile a complete dossier on potential victims. That’s likely the way hackers last year impersonated the rich and famous to get credit reports on Paris Hilton, Michelle Obama and even Gen. Keith Alexander, then-head of the National Security Agency.

Meticulous by nature, Kim documented every conversation with an investigator or company representative. He was fortunate, he added, that his employer let him use the phone and fax machine where he works. “If I worked at a stricter company, it would have been a nightmare,” he said.

While identity theft is certainly a global problem, experts say it’s difficult to measure worldwide losses. However, a Department of Justice study estimates identity theft of all kinds was responsible for U.S. financial losses of $24.7 billion in 2012 — nearly double the $14 billion lost from all other property crimes such as burglary and theft.