Mitnick, whose federal probation on computer cracking charges ended in January, testified that businesses should better protect their computers from newly discovered security flaws and train employees to spot the tricks of identity thieves.
"The bad guys are going to look for the weakest link in the security chain," said Mitnick, who served five years in federal prison for stealing software and altering data at Motorola, Novell, Nokia, Sun Microsystems and the University of Southern California. He now runs a business to help companies guard against computer attacks.
Prompted by three recent cases of information theft involving the accounts of millions of people, two subcommittees of the House Financial Services Committee heard from law enforcement and corporate officials on the growing vulnerability of consumers' most sensitive financial information.
"Consumers will quickly lose confidence in our nationwide credit system if we don't do everything practical to improve security and protect sensitive data," said Rep. Michael Oxley, R-Ohio, chairman of the full committee. He said computer information thefts cost U.S. businesses $400 million each year
The weak links were different in the three recent incidents.
Authorities say an identity theft scheme involving Teledata Communications in New York came from the inside when an employee sold passwords for downloading consumer credit reports. Prosecutors said in November that more than 30,000 people were victimized with losses of more than $2.7 million.
In December, thieves physically broke into an office of TriWest Healthcare Alliance in Phoenix and stole computer hard drives containing Social Security numbers and addresses of about 562,000 military personnel and their families. The company, which posted a $100,000 reward for information, said no identity thefts have been reported.
Last month, a cracker broke into the computers of Data Processors International, a company based in Omaha, Neb. that handles transactions for catalog companies and other direct marketers. The Secret Service said the cracker accessed more than 10 million credit card numbers.
"The cyber threat is rapidly expanding," said James Farnan, deputy assistant director of the FBI's cyber division. "Using a simple Internet search, a 12-year-old could locate a variety of hacker tools, then download and implement them."
Farnan said the FBI has devoted more resources and training to counter the growing problem of computer crime, which includes information theft and terrorist threats against sensitive computer networks.
"Many intrusions are never reported because companies fear a loss of business from reduced consumer confidence in their security measures or from fear of lawsuits," Farnan said.
Beginning next month, the Federal Trade Commission will require many financial institutions to better protect consumer information. Companies must have written security plans and train employees to protect sensitive data.
The FTC will watch companies to make sure they follow the rules, said Howard Beales, chief of the agency's consumer protection bureau.
Copyright 2003. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
