About this episode
“You cannot have data compromised that you do not have.” James Lee has spent two decades watching breach transparency collapse—from near-total disclosure in 2020 to just 30 percent today. The president of the nation's leading identity crime nonprofit breaks down why your Social Security number is worthless on the black market. Why your driver's license isn't and what individuals can actually do when the system designed to protect them has already failed.
Episode Summary
James Lee has seen the identity crisis from both sides. He was a senior executive at ChoicePoint when a 2005 data breach triggered the first wave of breach notification laws in the United States. He now leads the Identity Theft Resource Center, the nation's only nonprofit providing free identity crime victim assistance. The ITRC's 20th annual data breach report, released weeks before this conversation, tracked a record 3,322 compromises in 2025—a 79 percent jump over five years—while 70 percent of breach notices failed to disclose how the attack happened.
Lee walks through the real economics of stolen identity: Social Security numbers carry zero resale value because the market is so flooded, while driver's license numbers command $150 to $2,000 depending on the state, a direct consequence of pandemic-era digital verification expanding their use far beyond the DMV. The conversation moves through the limits of KYC, the case for data minimization over data hoarding, and why the ITRC advocates for more friction in financial transactions. What it means is that breached data from years ago is being recycled into new attacks. Lee makes the case that individuals, organizations, and government all need to act—and none can solve identity crime alone.
About the Guest
James E. Lee is president of the Identity Theft Resource Center (ITRC), the nation's leading nonprofit dedicated to supporting victims of identity crime at no cost. Before joining ITRC's staff in 2020 as COO, Lee served over a decade on its board of directors, including three years as chairman. His career spans senior leadership at ChoicePoint (now LexisNexis), where he navigated the landmark 2005 data breach, and Irish cybersecurity firm Waratek. He chaired two ANSI working groups on identity management and privacy and has testified before the Senate Commerce Committee on identity crime trends. Lee holds credentials from the University of Texas Center for Identity, the Wharton School, and the University of Arkansas.
LinkedIn: James E. Lee
ITRC: idtheftcenter.org
ITRC on X: IDTheftCenter
Key Quotes
“You cannot have data compromised that you do not have. So data breaches go down right there. Data breaches go down, victims go down. Data breaches go dow
