The New York City police will have a special interest in this data breach. It impacts upon them. Approximately eighty thousand (80,000) former and current members of the police department are at risk of identity theft:
There was a security breach at the University of Florida. Files of over 97,000 people were compromised:
One would like to think that military secrets about operations in Afghanistan and Iraq would have the strictest security possible. Apparently, this is not the case:
A security breach of historic magnitude may have exposed your credit card information. Millions and millions of confidential files have been compromised:
This could be historic. The dubious distinction is that this might be the largest security breach ever noted. There may be in excess of 100 million personal files compromised:
Every day, there are news reports of security breaches and identity theft. Apparently, the severity of identity theft problem has not reached the Canadian passport offices. If these government officials who administer the passport offices indeed are aware of the preponderance of identity theft crime, then the security protocol is even more baffling:
It’s supply and demand. With the constant data breaches, personal identity information can be obtained for a price. And it is available online:
In another incident of a government data breach, possibly 1.7 million people may have had their personal information exposed by the British Ministry of Defence:
“…In some cases this would include data such as bank details, passport, National Insurance and National Health Service numbers, driver’s licence information and details of next of kin.”
link: Missing British computer drive could hold data on 1.7M people
The question is ‘why was these data not encrypted?’. There has to be consequences for this level of clumsy security with people’s private, confidential information. It is simply inept handling of sensitive information for almost two million people. All those people should receive free credit monitoring to protect against identity theft.
Catherine Forsythe
Staff details are on a stolen Health and Safety Executive (HSE) laptop. It exposes thousands of staff members to the risk of identity theft:
“…Staff were not told for 13 days that an unencrypted laptop containing all their personal details had been stolen from HSE offices at the Carnegie Centre in Dublin’s Lord Edward Street.
The staff were only informed by letter on Wednesday — a full 13 days after the theft occurred on September 17.”
link: Stolen HSE laptop leaves staff open to identity theft
The theft is compounded by the length of time it took to notify the staff that their personal, confidential information had been exposed and possibly used for identity theft. The delay places each person who was unfortunate enough to have his / her sensitive information on that laptop at further risk. The delay is irresponsible; legislation should make such notification delays criminal.
Catherine Forsythe
There is a new federal law enacted to address the consequences of an identity theft:
“President Bush last week signed into law a bill that seeks to make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced to cough up ill-gotten gains.”
link: New Federal Law Targets ID Theft, Cybercrime
This legislation allows easier prosecution of hacking activities. However, the law does not address the security of data. Companies and agencies have data bases of millions of personal confidential files. Legislation needs to be enacted to safeguard those files with safe practice standards. For example, encryption of Social Security files should be mandatory. As the Countrywide identity theft incident illustrates, millions of people can be impacted with a single data breach. Entrusting a business or agency with one’s sensitive personal data should be protected by law.
One of the reasons that such legislation is slow in forthcoming is that government agencies themselves do not follow standard security procedures. Such legislation would make the government themselves the target of countless lawsuits for shoddy handling of private, confidential data bases.
Catherine Forsythe
