Internet Information Service

40 Million People Hacked - YOU as Identity Theft Victim

Posted in Hardware |

June 18, MasterCard blamed a vendor of ALL credit card

providers called CardSystems Solutions, Inc., a third-party

processor of payment card data, as the source of loss of 40

million consumers credit card information.

As is pointed out by several newspaper and web articles over

the last few weeks, each recapping long lists of financial

information data breaches, something's gotta give before we

entirely lose trust in financial institutions, data brokers

and credit bureaus. How much privacy loss can we take

without acting?

These types of data loss were very likely common and have

very probably been going on for a very long time. The

difference is that now, THEY ARE REQUIRED BY LAW TO DISCLOSE

THOSE LOSSES - not just in California, but in many states.

National disclosure laws on data security breaches are being

considered in Congress.

I suggest that these breaches of data security all came to

light due to the California law requiring disclosure from

companies suffering hacking loss or leaks or social

engineering or crooked employees or organized crime rings

posing as legitimate customers. All of the above have been

given as reasons for security lapses or poor security

policies.

About three years ago, a friend told me his paycheck deposit

to Bank of America went missing from account records after

he took his check to the bank on Friday. By Monday, Bank of

America was in the news claiming a computer glitch had

disappeared the entire day's deposits. I mumbled to myself,

I'll bet that was a hack and that hacker just made a huge

offshore banking deposit with B of A depositors' money.

But we didn't find out why it happened in that particular

case because there was no disclosure law in place at the

time. Now we have disclosure laws that mandate notice of

security breaches. Now suddenly - huge financial services

hacks and devious criminal social engineering outfits posing

as legitimate customers and apparently innocent losses by

transport companies of backup tapes begin to come to light.

This spate of data loss incidents is proof of the need for

corporate sunshine laws that make public notice mandatory

of those data losses that threaten customer information.

Who is going to lose here - the public, the corporations,

the criminals, or the government? I'd prefer that the bad

guys get the shaft and take down crooked company insiders

that either facilitate data loss by underfunding security

and encryption or participate in data theft or loss in any

form - even if that participation is security negligence.

Financial companies and data brokers have been covering up

the losses and keeping quiet about hacks so as not to worry

or frighten their customers. But that practice is

essentially ended now that they must notify the public and

disclose those losses instead of hushing them up.

Keeping the breaches hidden from public view is bad practice

as it maintains the status quo. Disclosure will facilitate

internal corporate lockdowns on the data and all access to

it. Disclosure will educate the public to the lack of

security and danger to the sensitive information we all

provide rather casually and routinely to businesses.

As the following link to a silicon.com story suggests, we

cannot take much more of this lack of regard to privacy and

must lock down financially sensitive data securely and must

begin to hold data brokers, bureaus and handlers VERY

accountable.

Insist to your elected representatives that your financial

data be locked down, encrypted and guarded by those

entrusted with storing, transporting and using it. Since our

financial, medical and legal lives are increasingly being

housed in digital form and transmitted between data centers

of multiple handlers - we need to know it is secure. We also

need to know when that security has been breached and our

data compromised or lost.

Thieves are becoming more aware of the ease with which they

can find and access financial data. Hacking is not the

source of the greatest losses.

Organized crime has easily found their way into our

financial records by simply paying for it by posing as

legitimate business customers of information brokers such

as ChoicePoint and Lexis/Nexis. Any business can buy

financial and credit information from those information

bureaus and credit reporting agencies by meeting rather lax

requirements for need to know that data.

As long as it is possible to purchase our sensitive data

from brokers and bureaus, organized crime will

legitimately buy it from those sources, then ruin our

credit by selling that information at a higher price in

identity theft schemes.

Since disclosure laws have come into effect, those breaches

have been made public, credit cards cancelled before losses

can occur and credit reports monitored to watch for

suspicious activity. The bad guys activities are squelched

because we are made aware of the possibility our information

has been compromised.

Not all blame can go to financial institutions and data

brokers. Protect your own private data by protecting your

computer records at home, in the office, on your laptop and

in your PDA by using basic keyword security and locking down

files. Use built in encryption on your operating system and

your home network to keep data secure. Then be certain to

clear that sensitive data off the computer when you sell it

or throw it away.

Data security is something we all need to take seriously and

the corporate breaches are dramatic illustrations of how

important it has become to build digital fortresses around

our critical financial, legal and medical information.

Courtesy of http://www.articles-hub.com

Posted in Hardware |