Despite the hype, data breaches were responsible for only 6% of all known cases of ID fraud over the past year, according to a US study by analyst Javelin Strategy and Research.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The analyst says publicity surrounding recent high profile data breaches has created the wrong assumption among consumers that security breaches are the leading cause of ID fraud.
The research - which looks at the relationship between data breaches and actual occurrences of ID fraud - found that public notifications of breaches reached into the tens of millions last year, but identity fraud only increased by 4%.
The study found that the known leading causes of ID fraud were lost or stolen wallets, cheque books and credit cards, which account for 30% of ID fraud. Other causes include data stolen by friends, acquaintances, relatives or corrupt employees.
Around a third (30%) of consumers were victims of a data breach during the 12-month Javelin study, but data breaches were responsible for only 6% of all known cases of ID fraud in both new and existing accounts. Less than 1% of those whose data was lost were actually victims of identity fraud.
"When you compare the public attention that data breaches receive to other causes of ID theft, consumers are being misdirected on how to set overall priorities for guarding against identity fraud," said James Van Dyke, president of Javelin Strategy and Research.
"It is clear that there are other areas of exposure that carry a far greater overall risk. Consumers should be empowered with awareness of all the causes so they can take appropriate steps to prevent ID fraud," he said.
Javelin argues that national legislation could saddle businesses with costly and unnecessary burdens and distract consumers with unnecessary advice.
Earlier this year, a US House Committee approved a new data security law that requires companies that store confidential personal information to notify customers of any security breach.
In July, US regulators called for the introduction of new rules that will require all banks to develop an identity theft prevention programme for customers, that includes "red flags" to signal a possible risk of ID theft.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats