Not If, But When

It's simply not a matter of if you will experience identity theft, it's when.

Constantly, we hear of or experience occurences of stolen personal information resulting in identity fraud, credit card fraud, tax fraud, medical fraud, the list goes on. If it has not already affected your life, it will. And be ready for a rude awakening when you find yourself a victim. The burden is on you. Think you'll just need to make a phone call or two, think again. In some cases, just set aside a few years of your life and you may have some of the time, energy, and effort covered that you will find is necessary to try and restore your name.

The burden is not with the criminal and not with the entities who allow the theft to occur, it rests solely on you.

I do not under any circumstance have any amount of sympathy when an entity declares that they have been hacked.

The news is always followed-up with that they are doing "all they can do". What does that mean? What this really means is that they didn't think it would happen to them, or they didn't want to spend the money to put safeguards in place to protect you, and now they are doing "all they can do". 

In the latest hacking case health insurer Anthem says hackers infiltrated their computer network and the hackers were successful in accessing personal information, including social security numbers. 

Anthem has now hired an internet company to improve its defenses.

Isn't it a little late for that?

Here you are a health insurer who not only holds personal information, but also included in that access to some or all of your customer's medical history.

This is inexcusable. The mindset that they too are victims is wrong. They clearly were not doing all they could do, because now after the fact they have reached out to "improve their defenses" and "identify potential gaps".

Anthem, as well as other entities, is gambling that this will not happen and it does, daily. And, even if they thought this might occur, what is the worst that could happen? They would not be stuck cleaning-up the mess-no, that is left to you, and they would come out looking like victims of the crime, when clearly they are not.

Anthem is no stranger to this, in 2013 the company agreed to pay $1.7 million to resolve federal allegations of security weaknesses. And even with this most recent occurrence admitted the stolen information was not encrypted in their database. 

As for praising them for their rapid response to the hack, we need to start praising companies for their pro-active response instead of praising entities that operate bad business at our expense.