Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Bank of America computer tape loss puts 1.2 million at risk of ID theft

CU is working to enact stronger identity theft safeguards for consumers.

Friday, February 25, 2005

Gail Hillebrand, 415-431-6747

Bank of America computer tape loss leaves as many as 1.2 million federal workers vulnerable to identity theft

Consumers need right to put security freeze on credit files to thwart identity thieves

SAN FRANCISCO, CA – An estimated 1.2 million federal workers may be at risk of identity theft as result of lost computer tapes maintained by Bank of America. Bank of America announced today the loss of the tapes, which reportedly included such sensitive information as Social Security numbers. The announcement came just over a week after news of another major security breach involving personal and financial records maintained by ChoicePoint, Inc.

“Once again, consumers have been put at risk of identity theft because sensitive customer information held by a financial institution has been compromised,” said Gail Hillebrand, Senior Attorney for Consumers Union. “This is another reminder of how vulnerable consumers are to having their personal and financial information fall into the wrong hands.”

Current federal law gives identity theft victims, and those with a good faith belief that they are about to become victims of such fraud, the right to place only a 90-day initial fraud alert on their credit file. All consumers who do so are entitled to a free credit report. Initial fraud alerts instruct creditors to exercise more care to verify the identity of the credit applicant. Identity theft victims may choose an extended fraud alert good for seven years.
“For the 1.2 million federal workers who have had their records compromised as a result of these lost tapes, a 90-day fraud alert is simply not good enough,” said Hillebrand. “Consumers need the right to lock up their credit files with a security freeze to prevent thieves from getting credit in their names.”

Four states already have security freeze laws on the books and another 12 states are considering adopting the safeguard. A security freeze lets the consumer stop anyone from looking at his or her own credit reporting file for purposes of granting credit unless the consumer chooses to let that particular business look at the consumer’s information. When an imposter seeks credit in the consumer’s name, the creditor checks the credit reporting file. If the file is frozen, the creditor will deny the thief’s credit application. When the consumer is applying for credit, the consumer can lift the freeze so that a particular creditor can see the credit file. When the consumer is not seeking credit, the security freeze effectively prevents anyone else from getting credit in the consumer’s name.

California law enables consumers to put a security freeze on their credit reporting file at any time, even if they have not been victimized by identity theft. A similar security freeze right goes into effect in Louisiana in July 2005. Texas law allows consumers to put a security freeze on their credit files after they have filed a police report detailing that they have become victims of identity theft. Consumers in Vermont will have the same right starting in July 2005. Twelve states are currently considering security freeze legislation: Colorado, Connecticut, Hawaii, Illinois, Indiana, Maine, Maryland, Massachusetts, Nevada, Oregon, Utah, and Washington. Lawmakers in Texas have introduced a bill to strengthen the state’s existing security freeze law to allow all consumers – not just identity theft victims – to take advantage of the safeguard.

“It’s time for lawmakers to give consumers more control over their private financial information,” said Hillebrand. “A security freeze lets consumers decide for themselves when potential new creditors get to see their credit file, which stops identity thieves in their tracks.”

Consumers Union is urging state lawmakers and Congress to require all companies to notify consumers when sensitive customer information has been compromised as a result of a security breach, like the current law already in place in California. California is the only state that requires companies to notify customers about such security breaches. Other states and some members of Congress are beginning to look at such notification requirements.

More information about state efforts to enact security freeze legislation is available on the Consumers Union website at: http://www.consumersunion.org/campaigns//learn_more/001833indiv.html