Voice of the Jaabc Editors

Of all the different kinds of crime, data breach directly affects the citizenry of a country and even the people of the globe. When hackers steal a company's records, and if you happen to be one of that company's customers, your sensitive information such as your Social Security number or bank account information can land in the hands of an identity thief. The result would ruin your whole day.

As you well know, the thief then can use the stolen information to siphon money from your bank account, gain access to your credit cards, or even create new accounts in your name. These are some of the frightening consequences of data breach. As a collateral victim, your credit reports can be blemished with overdue or unpaid accounts. As a result, you can start receiving phone calls from collection agencies.

Data breaches can happen at any type of business, whether it is a local retailer or an international bank. A case in point is the giant British HSBC bank located in Switzerland leaked data from 30,000 Swiss Bank Accounts reveals mass tax evasion as reported recently by Jamie Condliffe (a freelance journalist).

According to The Guardian (a British national daily newspaper), a slew of 30,000 leaked Swiss HSBC bank account details qualify as the "biggest banking leak in history." Each bank account lays bare the practices of the organization and its customers. The leaked files reveal the use of Swiss bank accounts by actors, football players, politicians, business owners, clergymen and more to avoid paying tax to the relevant authorities. The Guardian, which has helped leak the documents along with Le Monde, BBC Panorama and the International Consortium of Investigative Journalists, writes that the "Swiss operation actively abetted clients in keeping accounts secret from tax authorities, at its height hiding $120bn in assets." The sanctimonious image of Banks in Switzerland have been shattered beyond any repair.

The files were originally hacked by the French man Hervé Falciani, an IT expert working at HSBC's Swiss bank. He fled to France though, after being detained, was not extradited back to Switzerland, because authorities in France were concerned that he could reveal the identities of thousands of French tax evaders. While some authorities around the world have since received details from the leaked documents, the majority of the names have never become public—until now. Presently, the news outlets are making the list of account holders from 2007 public. In fact, you can happily browse through a selection of the most interesting ones—from Elle MacPherson to Flavio Briatore, Phil Collins to Christian Slater. Of course, the big names add color, but the real story here is about HSBC bank itself.

The Guardian newspaper explains how memos from the leak reveal a long and serious history of malpractice at the bank. It "routinely allowed clients to withdraw bricks of cash, often in foreign currencies of little use in Switzerland, aggressively marketed schemes likely to enable wealthy clients to avoid European taxes." The bank also "colluded with some clients to conceal undeclared "black" accounts from their domestic tax authorities, and provided accounts to international criminals, corrupt businessmen and other high-risk individuals."

The HSBC bank is already facing criminal investigations around the world as a result of the leaks, so far in France, Belgium, the US and Argentina. It remains to be seen where else the bank will face investigation. But one thing is certain: the story will run, with The Guardian releasing new insights based on the leak all week. In February, HSBC officials publicly apologized for the fiasco and promised to clean their house in the near future.

What is being done about this data breach mess now?

President Obama has vowed to tame the internet and apply stiff penalties to those hackers of proprietary data.

Congress is mobilizing to control the Internet just like another utility company (i.e., water, gas, electricity, etc.).

Obama requires a victimized business to inform their customers within 30 days of being hacked.

State laws typically require the business to notify affected customers within a certain amount of time or be subject to a fine.

The District of Columbia, Puerto Rico, and the Virgin Islands all have some type of data breach law. Five states—Alabama, Kentucky, Mississippi, New Mexico, and Colorado—do not.

In the past, some companies have paid for 6 to 12 months of credit monitoring for affected individuals. While this is something the Federal Trade Commission (FTC) recommends to businesses that have suffered a data breach, it is not a requirement.

What should you do if you are a collateral victim of a data breach? If you think you’ve been the victim of identity theft, here are some tips to help you resolve or mitigate the matter.

Phase I. Contact one of the three credit bureaus

By contacting one of the three reporting agencies or credit bureaus (i.e., Experian, TransUnion, or Equifax), an initial security alert (or fraud alert) can be immediately included in your credit profile to inform creditors to check your identity before approving credit. The downside of this kind of an alert may limit your chances of being approved for new credit right away or you may be asked to provide additional proof of identification.

Securing a report from each of the three credit bureaus is highly recommended. When you contact a credit bureau regarding your case, you may also request for a complimentary credit report. If you alert one of the credit reporting bureaus about the fraudulent activity, the alert will be shared with the other credit reporting companies so as they can update their credit files.

Make sure to keep a detailed record of all phone calls and all documents in connection with resolving this matter in case you need to refer to these items later.

Phase II. Review credit report(s) carefully

Thoroughly review your credit report for suspicious information or activity. Request a copy of your credit report from the credit bureaus. You should also review your billing statements and immediately notify each creditor to dispute what you believe are fraudulent charges. Keep detailed records of your conversations and interactions.

If you’ve identified fraudulent data, keep a list of all the potentially fraudulent information found on your credit report. Any data included that looks unfamiliar, including accounts, credit lines, addresses, and names should be reported.

Phase III. Obtain an Identity Theft Report

An Identity Theft Report will help you get fraudulent information removed from your credit report(s), prevent companies from collecting debts that result from identity theft, and can place an extended fraud alert on your credit profile. An extended fraud alert will last for seven years.

To create an Identity Theft Report, fill out a complaint form on the Federal Trade Commission’s website and print the Identity Theft Affidavit. Use that to file a police report and create your Identity Theft Report. You can also obtain an identity theft report by filing an official report about the identity theft to a federal, state, or other local law enforcement agency.

Phase IV. Obtain an extended fraud alert and request removal of fraudulent data from your credit report

After you’ve obtained an Identity Theft Report, contact one of the bureaus again to place an extended fraud alert on your credit profile and have the fraudulent information removed.

There are four pieces of information that a credit bureau needs to remove fraudulent activity on a credit report:

1. Proof of your identity

2. Identification of fraudulent data from your credit report

3. A copy of an official Identity Theft Report (See Phase III.)

4. A statement from you that the fraudulent activity does not relate to any transaction made by you

Once a credit bureau has received the required information, that bureau will remove all fraudulent activity from your credit report within four business days.

After following these steps, it is important to continue monitoring your credit history regularly. Understanding how identity theft can be detected early and resolved is one of the best things you can do to help protect yourself from the harmful effects of identity theft and identity fraud.

If you are a victim of identity theft or suspect you may be a victim due to a data breach, you have first-hand knowledge of the stress it can cause. Do not despair: US Congress is already deliberating on this crucial issue and will try to come up with safeguards to protect the citizenry, businesses, and society at large.

Z. S. Demirdjian, Ph.D.

Senior Review Editor

California State University, Long Beach, CA