Recently, reports of security breaches in which customer data and personally identifiable information (PII) were somehow compromised seem to appear almost daily. Choicepoint, Lexis Nexis, DSW Shoe Warehouse, Ralph Lauren / HSBC, Bank of America and more have all reported massive amounts of compromised or ill-gotten customer information just in the past couple of months.
However, most identity theft or compromises of PII, including a couple of the major breaches mentioned above, have nothing to do with the Internet or lax computer or network security. Unpatched operating system vulnerabilities or hacking wizardy are involved in a relatively small number of the total cases. The Choicepoint breach resulted from poor processes to identify that the business asking for consumer information had a legitimate reason. The Bank of America breach resulted from a data backup tape being lost in transit.
Information can be pulled from your trash can. Waiters can swipe or simply write down your credit card number when you make a purchase at a restaurant. There are a variety of laws related to securing customer information including Sarbanes-Oxley, HIPAA, GLBA and others. Congress is currently investigating the breaches at Choicepoint and Lexis Nexis and considering further legislation aimed at allegedly protecting customer data. But, social engineering and good, old-fashioned theft still pose a larger threat than network security and it is up to you to monitor and protect your personal information and your credit.