Sometimes human error is a factor. When Genworth Financial sent tax forms to its clients, including 69 Maryland residents, their Social Security numbers were visible through the envelope window, said Hugh Williams, who directs the identity theft program for the attorney general's office.
Maryland lawmakers passed the notification law last year, several months after Johns Hopkins reported the loss of data tapes containing personal information on more than 135,000 current and former employees. The legislature also approved a measure that would allow consumers to place a "security freeze" on credit reports.
Williams said he was surprised by the number of security breaches when he started in November.
He said he reviews the notifications before they are sent out to ensure that they include necessary -- and correct -- information for consumers. Thefts and other crimes are investigated by local police authorities.
Linda Foley, founder of the San Diego-based Identity Theft Resource Center, cautioned that "just because you've received a breach notification, it does not mean you're an identity theft victim."
Foley said such residents are at risk, and that they should take steps to reduce the possibility of fraud involving their information.
Experts say a security breach involving, say, a Social Security number is more worrisome than one involving a credit card -- which can be easily canceled.
"I'm less worried about my credit card number being stolen," Kenney said, because she'll notice any unusual charges on her next bill. However, for Social Security numbers, "there's a global market for this data," she said.
Although the person who initially stole a laptop computer might not be sophisticated enough to mine information from it, she said, "the buyer will check the hard drive to see if there's data on it that's marketable."
That's why Kenney recommends people consider a security freeze if their Social Security number has been disclosed.
Security freezes prevent businesses from accessing an individual's credit report, a step that's generally taken when a new line of credit is offered or considered. Under a Maryland law also passed last year, it costs only $5 to place or remove a freeze per credit bureau -- $15 for all three.
In many of the incidents reported in Maryland, businesses offered to pay for people to receive free credit monitoring for a year, state records show. But Kenney said businesses should offer consumers the choice of free credit monitoring or a security freeze.
"Credit monitoring only tells you you've been defrauded after it's happened," she said. "The key is protection beforehand so you don't have to clean up the mess."
liz.kay@baltsun.com
Sun reporter Tanika White contributed to this article.
Security breaches 2008
Maryland has received nearly 40 reports of security breaches since the state on Jan. 1 began requiring notification of affected state residents. Here are reported cases involving the personal data of 100 or more Marylanders:
CareFirst Blue Cross Blue Shield/The Dental Network: 75,000
BNY Mellon Shareowner Services: 4,690
Sava Senior Care/Mariner Health Care: 2,199
MLSGear.com: 1,613
T. Rowe Price Retirement Plan Services: 1,470
Invitrogen Corp.: 1,004
[Source: Office of the Maryland Attorney General]
