It seems a day doesnt go by without a company announcing it has lost or had customer data stolen. TransUnion Credit Agency has now joined the parade of identity theft.

TransUnion Credit Agency

In late summer, TransUnion discovered that over 3,600 consumer records had been stolen from a regional sales office in California. The company indicated the data was stored on an independent desktop computer. The company believes the computer was stolen as part of a burglary, not an intentional intent to steal consumer data.

There are more than a few serious issues with TransUnions position and action. First, consumer data shouldnt be stored on a desktop computer sitting on a desk. More importantly, what is the data doing on a computer in a regional SALES office? TransUnion is supposedly looking into these issues.

Insultingly, TransUnion has suggested the stolen data is not a big deal since the computer is password protected. If TransUnion really thinks a password protected desktop computer is going to keep someone from seeing the data, it should lose its right to do business. A hacker would smirk at that.

Bigger Issues

3,600 consumer records is really a small issue when considering the big picture of consumer privacy issues. It does, however, portend to a bigger problem.

TransUnion is one of the big three credit reporting agencies with Experian and Equifax being the other two. It strikes me that the databases of these three companies must be the Holy Grail of Identity Theft. What happens if someone gets into one of these systems?

What happens if an employee with access to the data gets tempted? Keep AOL in mind. An AOL employee was recently sentenced for selling the AOL member list to spammers. How much do you think a criminal organization would pay for a copy of consumer records in a credit agency database?

A lot.