After someone used Robert Nighan's credit card to charge $2,000 worth of golf clubs in California, the insurance executive got an idea.
Nighan - who doesn't play golf and lives in Hartford, Conn. - figured out a way to make crime pay legally: Sell an insurance policy to protect against identity theft.
"I was involved in our crime insurance division at the time," said Nighan, who is a vice president of the insurance company St. Paul Travelers Companies Inc. "What happened to me was relatively minor; it took only about a week to fix. Still, it was a major distraction, and for some victims, it goes on for years."
In 1999, St. Paul Travelers became the first company to offer identity-theft insurance. It cost $25 as an option to a homeowners policy and covered the costs involved in fixing credit report problems after a crime.
The idea took off, and other companies followed.
"Our anti-fraud people say it is one of the fastest-growing areas," said Bryon Tucker, spokesman for the National Association of Insurance Commissioners. Companies offering the coverage include Allstate Corp., American International Group Inc., Chubb Corp., Fireman's Fund Insurance Co. and Metlife Inc.
Neither the NAIC nor insurance trade associations keep figures on the number of identity theft policies in effect, partly because the area is relatively new.
Some critics complain that the insurance companies are profiting off a problem they helped create. Like many businesses, insurance companies give or sell information about their customers to data aggregators such as ChoicePoint Inc., whose database was breached by identity thieves, prompting a national debate over how personal information is used.
"The unpleasant irony is that one of the main reasons we need protection is that actions by insurance companies helped make our personal information too readily available," said Doug Heller, executive director of the Foundation for Taxpayer and Consumer Rights in Santa Monica, Calif.
"They and other industries insist on their right to trade private information about all of us, and that makes it possible that the information can fall into the hands of thieves," Heller said.
Rather than relying on insurance, Heller and other activists said, consumers should be demanding tougher laws regulating how their personal data are used.
California has led the country in anti-identity theft laws. It was the first to require that information brokers notify state residents if their personal information might have been revealed to scammers as the result of a database break-in. The law was seen as crucial to the ChoicePoint security breach being made public.
During a Senate hearing Thursday, the Federal Trade Commission recommended that lawmakers look at strengthening laws that govern the way companies store and use sensitive consumer data.
Identity theft insurance generally costs $25 and up per year. Some companies include the coverage free on premium home insurance policies.
John Spagnuolo, director of new media for the Insurance Information Institute trade association, said he expects more companies to offer the coverage.
"Because of all the coverage of the problem in the media, consumers are aware that the possibility of being a victim of identity theft is not a small one," he said.
The Identity Theft Resource Center said almost 60 breaches of personal financial information involving up to 13.5 million people were reported this year. Earlier this month, Baltimore-based CitiFinancial said computer tapes containing Social Security numbers and other information for 3.9 million people had been lost en route to a credit-reporting agency's data processing center.
MasterCard International Inc. said Friday that a computer virus caused a security breach of customer information at one of its credit-card processing companies, which could put 40 million cardholders at risk.
The Federal Trade Commission has put the number of victims of identity theft at about 10 million annually, or nearly 5 percent of the adult population. It estimates identity theft costs about $50 billion a year, in false charges and lost time.
Beth Givens, head of the Privacy Rights Clearinghouse, which took information brokers to task before and after the database infiltration disclosures, says identity theft insurance might be appropriate in some cases. "If you are the victim of an especially aggressive thief, there will be a lot of certified-mail charges, faxes to credit bureaus and notary fees," she said. "It can add up to $1,000 sometimes. And in rare cases, you might have to hire a lawyer."
The main cost, though, often is lost time. "You might have to take days off work, just making phone calls," she said.
Givens was an unpaid adviser to St. Paul Travelers when it created its first policy. The insurer paid Privacy Rights Clearinghouse a $1,000 license fee to use some of the group's literature in its brochures concerning the problems and time involved in repairing one's credit status.
The Los Angeles Times is a Tribune Publishing newspaper.