How many times can my identity be stolen?

I’m starting to lose track of the number of times my identity (or my family’s) has been stolen, lost, or otherwise defrauded. On Saturday, I received yet another notice that something untoward has happened to my personal information, and I suspect many millions of other consumers got the very same letter in the mail.

This time it was from BNY Mellon Shareowner Services. Their news: “computer tapes containing some of your personal information were lost while being transported to an off-site storage facility by our archive services vendor.” The letter went on to say that the company had no reason to believe that anyone had used my data inappropriately, but it would offer me a free service for 24 months to monitor misuse of my data. I can now get the credit monitoring product, Triple Alert, as long as I respond within 90 days.

Apparently the Bank of New York Mellon gave unencrypted backup tape data on 4.5 million consumers to Archive Systems, a transportation company, which lost the tape in transit to a storage facility. The incident has been written about here.

Meanwhile, I’d like to make the following announcement to all banks and credit card companies: You know that million-dollar loan application you may have received from me? Or that Rolls Royce that I put on the newly opened credit card in my name? It wasn’t me. I repeat. If you got something like that, it wasn’t me.

Now the maddening thing about the letter from BNY Mellon Shareowner Services is that the incident happened in February. That’s right, Feb. 27. “Our archive services vendor notified us that they could not account for one of several boxes of backup data tapes being transported to an off-site storage facility.” The only explanation for the long delay was “the timing of this notice was affected by our forensic investigation into the nature and scope of this incident.” Gee, thanks for the timely and thorough information.

What did they lose? My name, Social Security number, address, and shareowner account information? And I don’t have a clue who BNY is. Other than that they provide “stock transfer agency, employee plan administration, and related services for issuers of securities such as publicly traded corporations.” Neither does the letter mention how my data got into BNY’s hands. This is not a company I do business with.

This isn’t the first, second, or even third time something like this has happened to me or my family. The first time was when My wife left a credit card at a restaurant. Someone took it and went on a shopping spree. We reported it to the police and the restaurant, but never heard back. We didn’t have to pay for the shopping spree and we got replacement credit cards and a new account.

Then there was the time we received notices from United Healthcare that a family member’s healthcare account had been used several times at doctors’ offices. At least one of the times, we checked the address of the doctor and the office didn’t exist. United Healthcare was apparently paying these false claims anyway. We reported the problem to United Healthcare repeatedly and sent them a certified mail letter. They never responded to us. We were not billed personally for any of those services. Even after I wrote about it in the San Jose Mercury News (available in a reprint link here), I got no further personal contact from the bank.

Last year, we got a call from our credit card company asking if I had made three purchases on the same day of games on the PlayStation Network. I made no such purchases, as I was working out of the office that day and wasn’t anywhere near my PlayStation 3. We filed a fraud claim and looked over our bill. There were a lot of small purchases that we didn’t make. We reported it to the credit card company. The bank had the gall to deny some of the charges as fraudulent and asked us to pay them. We wound up switching to another credit card company, with considerable hassle and time wasted. We froze our credit and put a fraud alert into the credit bureaus (link to reporting fraud here). I also reported it to the Federal Trade Commission’s Identity Theft Site. We never heard back from them or the credit agencies. There are places online, such as the Department of Justice site, where you can learn a lot about identity theft. (See the Identity Theft Resource Center site, too). But it doesn’t seem like the good guys are winning this one.

There was another time, as well, but I don’t recall the details. I got a letter saying a truck with my personal data in it overturned on a bridge and that my data may have been lost as a result.

If it’s happened to me this many times, I can only extrapolate. As I noted in the Mercury News story, the stats are alarming: According to Javelin Strategy and Research, there were 8.9 million victims of identity theft in 2006. Thieves made off with $56.6 billion, with the average fraud costing $6,278 per victim. The Federal Trade Commission said 8.3 million Americans faced identity theft in 2005.

This situation is ridiculous. It’s going to be delightful to start this whole process of keeping an eye on my credit again. I know there are services such as Debix ($24 a year) that can do this for me. But what a pain. Exactly when is somebody in this country going to take identity theft seriously?

[Photo credit: Flickr, Tpatch]


We're studying digital marketing compensation: how much companies pay CMOs, CDOs, VPs of marketing, and more, with ChiefDigitalOfficer. Help us out by filling out the survey, and we'll share the results with you.