That President’s Identity Theft Task Force has recommended federal legislation that would permit companies involved in data breaches determine whether consumers are at risk after a data breach, according to Frank.
It would overturn California's much stricter law, which requires companies to notify everyone whose personally sensitive information was stolen or lost in an electronic breach.
The recent arrests lead to the recovery of more than 200,000 credit card account numbers used in connection with the ring's activity, which was responsible for fraud losses of more than US$75 million. Secret Service agents also seized two pick-up trucks, US$10,000 in cash, and one handgun.
Because such a large number of stolen credit card numbers could come only via a data breach somewhere, this case proves "there's a huge connection between data breaches and ID theft," said Frank, an attorney who became a consumer-rights advocate after having her identity stolen. "How can consumers protect themselves when cases like this are so far beyond their control?" she asks.
"They would know only when they get a letter from a company telling them about a data breach," she said. The task force developing federal privacy legislation, however, essentially believes "there's no evidence security breaches lead to ID theft.
"Here's evidence," Frank said, referring to the arrest of Miguel Alegria, Raynier Pupo, Ariel Montero, and Javier Padron-Bravo, with aggravated identity theft, counterfeit credit card trafficking and conspiracy.
"This tells me we must continue to notify consumers when their sensitive information has been stolen from a database so they can pay extra attention to their credit card statements," Frank added.
The pending federal legislation leaves "the fox minding the hen house -- they say there should be no notification [of a data loss] until a company decides there's reasonable risk of harm."
According to the
Secret Service, the four Cuban nationals purchased tens of thousands of stolen credit card account numbers from known cyber criminals in Eastern Europe.
They then used the stolen credit card account numbers to counterfeit credit cards in "plants" throughout southern Florida.
The arrests of the four members of the organized fraud ring came as a result of an earlier investigation into the activities and arrest of Julio Lopez and his girlfriend, Anett Villar.
The Secret Service alleges that Lopez, who used the screen name "Blinky," trafficked in counterfeit credit cards and identifications for years over the internet.