Identity Theft Enforcement and Restitution Act of 2008

Identity Theft Enforcement and Restitution Act of 2008 - Amends the federal criminal code to: (1) authorize criminal restitution orders in identity theft cases to compensate victims for the time spent to remediate the intended or actual harm incurred; (2) expand identity theft and aggravated identity theft crimes to include offenses against organizations (currently, only natural persons are protected); (3) include conspiracy to commit a felony within the definition of "felony violation" for purposes of aggravated identity theft crimes; (4) include making, uttering, or possessing counterfeited securities, mail theft, and tax fraud as predicate offenses for aggravated identity theft; (5) enable prosecution of computer fraud offenses for conduct not involving an interstate or foreign communication; (6) eliminate the requirement that damage to a victim's computer aggregate at least $5,000 before a prosecution can be brought for unauthorized access to a computer; (7) make it a felony, during any one-year period, to damage 10 or more protected computers used by or for the federal government or a financial institution; (8) expand the definition of "cyber-extortion" to include a demand for money in relation to damage to a protected computer, where such damage was caused to facilitate the extortion; (9) prohibit conspiracies to commit computer fraud; (10) expand interstate and foreign jurisdiction for prosecution of computer fraud offenses; and (11) impose criminal and civil forfeitures of property used to commit computer fraud offenses.

Directs the U.S. Sentencing Commission to review its guidelines and policy statements for the sentencing of persons convicted of identity theft, computer fraud, illegal wiretapping, and unlawful access to stored information to reflect increased penalties for such offenses. Sets forth criteria for updating such guidelines and policy statements.