By Eva Velasquez, CEO and President, Identity Theft Resource Center
Data breaches and identity theft significantly impact both businesses and consumers.
Last year alone (as of November 30, 2018), 1,138 data breaches exposed over 561,782,485 million records. In the March 2018 Consumer Sentinel Network Data Book, the Federal Trade Commission (FTC) also reported that it received 1.1 million reports of fraud and 371,000 reports of identity theft in 2017.
It’s crucial for organizations involved in the identity theft remediation process to remember that these are more than just numbers. The people whose identity has been stolen are our teachers, our neighbors, and even our family members – real people dealing with the serious downstream implications of theft of their identity. Identity theft can weigh on victims’ emotions and can even affect their health. Many victims also feel that they cannot find the proper support from professionals who are supposed to help them resolve the situation.
The Identity Theft Resource Center, a nonprofit that supports victims of identity theft in resolving their cases, recently released its mid-year trend analysis of the 2018 Aftermath® survey, an annual report based on input from victims who contacted the center for assistance in 2017. The trend analysis examines the effects of identity theft beyond the known financial consequences. The emotional, socioeconomic, and physiological effects are not as easy to quantify as the financial costs, but they can often be more significant. Respondents admitted the identity theft incident caused problems at their place of employment (32 percent) and at school (8 percent). These costs have very real impacts – as much impact if not more than the monetary aspects of the crime – on how victims relate to and resolve their situation.
Highlights from the Aftermath survey shed light on the multitude of impacts identity theft victims face:
- Of the victims who responded to the survey, 21 percent stated they had their identity stolen previously, meaning almost a quarter of victims are dealing with identity theft for at least a second time.
- As noted in previous years, the emotional impacts of identity crimes leave people with overwhelmingly negative feelings. Respondents reported that they felt worried, angry, and frustrated (each at 85.7 percent); violated (83.7 percent); unsafe (69.4 percent); powerless or helpless (67.3 percent); sad or depressed (59.2 percent); and betrayed (55.1 percent).
- Respondents’ many negative emotional impacts lead to real physical issues, including 77.3 percent who reported increased stress levels and 54.5 percent who experienced increased fatigue or decreased energy.
- Nearly half (46 percent) of those surveyed said their identity theft left them feeling like they couldn’t trust family, and 55 percent said they subsequently had issues trusting friends.
Victims’ feelings of distrust extend to organizations as well. With the vast amounts of information compromised by data breaches, consumers are losing trust in companies and are becoming complacent in securing their information.
Businesses can build a culture of cybersecurity that includes employees knowing how to secure customers’ personal data and understanding cyber risks with resources from CyberSecure My Business from the National Cyber Security Alliance.
When identity theft victims believe their case has been mismanaged, their feelings of distrust, anger, frustration, and helplessness can easily be ascribed to the identity theft remediation process. Many of those surveyed were somewhat or very dissatisfied with credit issuers and financial institutions (46 percent), credit reporting agencies (43.1 percent), the FTC (42.8 percent), and law enforcement (36.7 percent). Industry leaders need to empower their employees to provide the best possible customer service and assistance in helping victims clear up the situation, to show empathy throughout the process, and to help victims take back control of their data. A good first step can be ensuring that victim/customer has one primary point of contact throughout the process. Victims have to call multiple organizations to clear up a single event, making them call and keep track of multiple processes at ONE organization just adds to the confusion.
Victimization reverberates in people’s lives for months or years after identity theft. People must try to regain their identity as well as their dignity. In the end, victims often feel abused by the thief as well as by the companies they have to interact with to resolve the issue. The hoops they must jump through to get complete resolution become more and more intrusive and tedious as victims’ cases become more complicated. These hoops can include certified letters to prove their identity has been stolen, contacting multiple different agencies and countless hours in remediation, and sometimes contacting multiple departments within the same company or entity to remediate one incident.
No other crime requires a victim to report it, tell their story, and then personally monitor the remediation process, tracking a multitude of organizations handling the various parts and pieces involved and understanding each organization’s process in doing so. We wouldn’t ask victims of violent crime to remedy their own situation, but we do ask cybercrime and identity crime victims to oversee and be responsible for resolving their own cases.
It’s essential for any business that collects, houses, or uses identity credentials to understand the issues that victims of identity theft deal with so they can provide the proper support. We challenge business owners to join us in ensuring that their standard operating procedures for collecting, protecting, and, if need be, resolving security breaches are victim-centric. Visit the ITRC to access online resources and victim assistance to help you shape your company’s response to identity theft and guide any victims through the resolution process, including a simple case management tool through the free ID Theft Help App.