When the report refers to “loss of personally identifiable information” or “identity theft” it’s in reference to information such as an individual’s Social Security number, name, date of birth, and credit card numbers. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. 

According to GAO, “some identity theft victims have been refused loans, lost jobs opportunities and even been arrested for crimes they did not commit” as a result of identity theft. The loss of personally identifiable information, such as an individual’s Social Security Number, can result in fraud or other crimes.  

There are several examples that illustrate the magnitude of the losses that could occur from a single incident, for example, in 2005 a help desk employee at a New York-based software company stole the identities of up to 30,000 individuals by using confidential passwords and subscriber codes of the company’s customers. According to the report, the former employee sold these identities for $60 each, and with that information made credit cards for online purchases and bank loans. 

Another example, in 2006 an Ohio woman pled guilty to conspiracy, bank fraud, and aggravated identity theft as the leader of a group that stole citizens’ personal identifying information from a local public record keeper’s website, resulting in over $450,000 in losses to individuals, financial institutions, and other businesses.  

According to the report several steps have been taken, both in legislation and administrative actions to combat identity theft at the federal, state and local levels. GAO explains that even though “there are numerous federal laws that place restrictions on public and private sector entities’ use and disclosure of individuals’ personal information in specific instances, there is no one law that regulates the overall use of personally identifiable information”.  

The Federal Watchdog assured that despite efforts to prevent identity theft, “vulnerabilities remain and can be grouped into several areas, including display and use of Social Security numbers, availability of personal information through information resellers, security weaknesses in federal agency information systems and data security breaches”. As a matter a fact, “some federal agencies continue to experience numerous security incidents”.  

The growth of technology means that more and more people will be entering their personal information online. GAO recommends that institutions, such as the FTC, control deficiencies and information security program shortfalls. According to the report, the correct implementation of these controls will reduce the chance of incidents involving data loss or theft.