A couple months ago, things were looking pretty grim for the personal information industry. Data collator ChoicePoint (NYSE:CPS) reported first 35,000, and then 145,000 likely victims of a hack attack on its personal information database. Then, as bad as it was, the situation grew considerably worse with yesterday's announcement by Anglo-Dutch information provider Reed Elsevier (NYSE:ENL).
Reed, you'll recall, had suffered a similar but different disaster to that which struck ChoicePoint. In the latter case, an elaborate scheme was employed to set up fake businesses, buy access to ChoicePoint's database through these businesses, then use that access to make off with reams of personally identifiable information from ChoicePoint's database. The Reed scam had the same effect but a simpler means to that end: Someone stole the identity and PIN of a legitimate client of Reed's Seisint subsidiary and used those to access the Seisint database.
Except that it turns out there wasn't just one incident of a security breach at Seisint. Rather, there were 57. And two more at other Reed subsidiaries. At last count. As a result, the number of estimated victims of the Reed data theft has now skyrocketed from the original 32,000 to, as of yesterday, more than 310,000.
Scary numbers. But what's even scarier is the utter complacency with which the victims of these attacks -- the owners of the Social Security numbers, driver's license numbers, and such like information that was stolen -- are reacting. Or rather, not reacting. Reed, you see, lost no time in following ChoicePoint's lead on damage control. As soon as Reed identified the persons whose information had been accessed, it offered to pay for a credit monitoring service for each and every one of these people. (And yes, it's now expanding that offer to the next batch of 280,000-odd persons affected.) Yet according to this AP wire report, to date, only 2% of the people affected by the first batch of Seisint data thefts have taken Reed up on its offer of free credit monitoring, credit reports, and fraud insurance.
That just boggles the mind. Even if the risk of identity theft is, as Reed avers, not "significant," it is certainly increased. Given that fact, there's just no logical reason why potential victims of ID theft would pass on an offer of free protection. No logical reason except one, that is: They just don't care.
Hard as that is to fathom, it suggests that the data collection industry may escape this series of fiascoes without Congress imposing additional regulations on it. Voters who don't care enough about their own data security to accept an offer of free protection are not likely to be expending much effort lobbying Congress for tighter regulations.
Fool contributor Rich Smith owns no shares in any company mentioned in this article.
