Let’s see … a convicted felon “who had helped her lover swindle more than $200 million from insurance firms” was hired by TIAA-CREF, “a prestigious financial institution that handles some of the nation’s largest academic retirement funds” by using a phony Identity. Before she was discovered, she “had unfettered access to customer data for a couple of months” and downloaded unencrypted customer Identity data, including social security numbers and birth dates. Her laptop hard drive and USB devices have never been recovered. The number of user records she stole is under dispute, but could be in the millions.

Just think … “She could, in all likelihood, serve her time in prison and sell the customer data when she gets out.”

But her supervisor, who discovered and reported her background and illegal actions, was fired for allowing her to have access to the Identity data. His appeal under the Sarbanes-Oxley Whistleblower act was denied on a technicality. It hardly seems fair.

This story illustrates the vulnerability of sensitive Identity data even when expensive security systems are in place. In this case, a devious thief nosed her way into a componay and deliberately stole Identity data right out from under the noses of her supervisors. In the high-profile Veterans Administration data theft case, an employee simply violated security policy and allowed Identity data to be stolen from his home. Oops!

Identity Data has become a hot commodity – very profitable for bad guys who steal it, and terribly inconvenient for those who are victimized.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Identity Theft