I recently attended the Connecticut Privacy Forum. One of the presentations was by Kim Peretti who is Director of Forensic Services at Pricewaterhouse and a former federal prosecutor that chased down identity thieves globally. (read an interview with Kim here about the infamous TJX case). I learned quite a bit of information about trafficking in personal identifying information also known as PII. You can read my live tweets from her presentation here.
In the data theft industry, the thieves are called "carders." They are out there looking for victims in person and online. The primary goal is not only credit card information, but "full wallets." Full wallets is when the carder gets all the information you might have in your wallet. Credit cards, license, bank cards, etc. The thieves might get this information from you personally, but more likely through a company that keeps this type of information. Once they get a full wallet, they typically sell it overseas where the information is stored on computer servers and offered for sale on websites. Scary stuff.
As a coincidence, I have had a recent uptick of inquiries from victims of identity theft. There are many laws that are implicated in cases of identity theft such as wire fraud, computer fraud, and theft statutes. The theft may also involve a data breach such as in the case of TJX.
Here is a quick summary of Connecticut's statutory law for identity theft.
In Connecticut, an attorney can file a civil lawsuit on behalf of a victim of identity theft and obtain an award of one thousand dollars or treble damages, whichever is greater pursuant to statutory law. In addition, a victim can obtain an award of costs and reasonable attorney's fees. Damages may include documented lost wages, or any financial loss that can be tied to the identity theft. Courts have the ability to award other types of relief also, including but not limited to, not less than two years of commercially available identity theft monitoring.
In Connecticut, attorneys may prove identity theft for civil damages by showing a violation of the criminal identity theft statutes. This is similar to the civil theft statute and computer crime statute. In general, the criminal identity theft statutes may be broken down under the following categories:
- Class B felony identity theft. This violation concerns cases where the victim is under the age of 60 and the value of money or theft exceeds ten thousand dollars or the victim is over the age of 60 and the value is greater than five thousand dollars.
- Class C felony identity theft. This violation occurs where the victim is under 60 and the value is greater than five thousand dollars, or if the victim is over 60.
- Class D felony identity theft. This occurs for any violation regardless of age or value.
To prove the underlying violation or actual identity theft, an attorney must prove in the following:
A person commits identity theft when such person knowingly uses personal identifying information of another person to obtain or attempt to obtain, in the name of such other person, money, credit, goods, services, property or medical information without the consent of such other person.
Personal identifying information is defined by the statute as:
any name, number or other information that may be used, alone or in conjunction with any other information, to identify a specific individual including, but not limited to, such individual's name, date of birth, mother's maiden name, motor vehicle operator's license number, Social Security number, employee identification number, employer or taxpayer identification number, alien registration number, government passport number, health insurance identification number, demand deposit account number, savings account number, credit card number, debit card number or unique biometric data such as fingerprint, voice print, retina or iris image, or other unique physical representation.
If you are a victim of identity theft, you should take fast action. Some of the actions you might consider:
- Identify potential defendants for a lawsuit, such as the actual perpetrator or the source where the perpetrator obtained the information
- Assess provable damages
- Seek police involvement and file a private complaint
- Take immediate action to help restore credit ratings
- Filing for an injunction, damages or other lawsuit against perpetrators
Consulting an identity theft attorney is also a good idea. An identity theft attorney can help a victim sort through the various options, take direct action on behalf of the victim, and determine if there are grounds for a lawsuit to seek an injunction, restraining order, or damages.