This Forbes magazine story is a reminder that identity criminals will use stolen data as long as they can get away with it:
"An Oregon man who was the victim of a 35-year-long identity theft said Thursday he's so happy about an arrest in the case... Tom Lesh, 66, said he's known since the 1970s that his brother's friend stole his identity, and he appealed to everyone from the IRS to the suspect's own mother for help - to no avail. As the decades wore on, he said, he spent "thousands of hours" writing letters to credit card companies, banks, insurance companies and government agencies, trying to clear his name..."
This year, a Premera Blue Cross insurance fraud investigator named Sandy Larson started investigating and contacted Lavelle, a special agent with the Social Security Administration's Office of the Inspector General:
"... Lavelle tracked down the suspect, a 58-year-old truck driver whose real name is Clark Mower, and arrested him Wednesday near his Seattle home. He was charged in U.S. District Court in Seattle with aggravated identity theft, Social Security number misuse and unlawful production of an ID."
In my mind, restitution and prison time are appropriate. This incident offers several reminders:
- Companies must investigate ID-theft and medical ID-theft compalints
- Inisder identity theft can often include relatives and "friends"
- The SSA offers instructions for consumers to report fraud
- A one- or two year-offer of free credit monitoring by companies after a data breach is woefully too short and insufficient.