These days, Identity theft is quite rampant - not only in the U.S., but also in other parts of the world.
Within the first 10 days of 2012, the Identity Theft Resource Center reported a total of six breaches, with 6,800 records being exposed. While many people are familiar with individual identity theft, businesses are also at risk. This is where thieves assume the identity of a whole business instead of individuals. The thieves then use these identities to commit a variety of crimes, leaving the authentic businesses to shoulder the consequences.
Corporate identity theft is getting popular for a couple of reasons. First, it gives the crooks the opportunity to make a lot of money. Second, it is relatively easy to clone a business because the necessary records are often readily available.
The following are examples of corporate identity thefts that drew the attention around the world. The first involved two private security companies whose names were almost identical.
Taking Advantage of Almost Identical Names
Executive Outcome Inc. was located in Michigan while Executive Outcomes Inc. was located in South Africa and the incident started because of confusion of the names.
A British debt collector got in touch with Executive Outcome Inc. to help in collecting $23 million that the Sierra Leone government owed for security, military equipment and training. However, the amount was actually owed to the South African Executive Outcomes Inc.
Never the less, Pasquale John DiPofi who ran the Michigan-based company seized the opportunity to get the money and went ahead and hired the debt collection agency. He solicited the help of Christopher Belan, an employee, and started producing fake documents to back up the claim. They even registered a new business in the name of the South African-based company in England and Michigan.
Things became more complicated when the debt collector filed necessary paperwork with the Sierra Leonean government. The government had already reached a payment agreement with the real creditor and the new claim raised concerns.
The Michigan-based company resorted to even dirtier tricks. They called and threatened a representative of the real company, urging them to reach an agreement or else... they went as far as sending the representative interior photographs of his Paris and London homes.
Fortunately, the FBI was called in and the culprits were caught before they received any money. The fraud began towards the end of 2001 and continued until 2007.
Sophisticated Hacking Techniques
In 2009, the U.S. Justice Department labeled a corporate identity case as the largest in history.
Miami-based Albert Gonzalez and two conspirators stole well over 130 million debit and credit card numbers via a massive corporate data breach that involved five companies – Heartland Payment Systems, Hannaford Brothers computer systems, JC Penney, Target, and certain Citibank ATM’s at 7-Eleven locations.
Heartland Payment Systems was hit the hardest in this attack, and they reported that they had lost $12.6 million in the attack.
The hackers were certainly professionals, and their methods were quite intricate. Their attacks came from around the globe, using proxies to hide their location. They disabled failsafe systems that recorded all inbound and outbound traffic to these databases.
Albert Gonzales has received two twenty-year sentences for his crimes against these companies.
Recommendations for Businesses
It’s important for businesses, as well as individuals to take measures to protect their identities. Although smaller companies are more at risk, no business is immune against corporate identity theft.
One of the simplest ways that companies can use to minimize the risk of corporate identity theft is to have an incredibly strong security initiative and a comprehensive contingency plan.