[privacy] 93,754,333 Examples of Data Nonchalance

Dude VanWinkle dudevanwinkle at gmail.com
Mon Sep 25 14:38:43 CDT 2006 

On 9/25/06, security curmudgeon <jericho at attrition.org> wrote:
>
> : > > vulnerability of personal data, companies and institutions of every
> : > > shape and size - like the data broker ChoicePoint, the credit card
> : > > processor CardSystems Solutions, media companies like Time Warner and
> : > > dozens of colleges and universities across the land - have collectively
> : > > fumbled 93,754,333 private records.
> : >
> : > And given that most of the breaches have been in the US, it's safe to guess
> : > that most of the 93M have been US resident's records.  With the population
> : > sitting at just under 300M, that means a 1 in 3 chance your stuff has
> : > been swiped.
> :
> : err not really. Their math is FUD tainted. You have to at least subtract
> : the 26 million they included with the VA laptop that was recovered.
>
> So because the data was out of their control for over a month, but they
> happened to get the laptop back.. the data is just magically 'safe' and
> wasn't compromised? How do they know?

Forensics. They released a statement saying that the data had not been accessed.

of course whether or not They were telling the truth is another matter..

>
> : I am not saying that people dont mishandle data, or that the entire
> : system isnt flawed to begin with (I doubt very much that FDR was
> : concerned about Information Security), just that they drummed up the
> : numbers a little.
>
> Also remember that PRC does not track non US dataloss incidents.

do non-us residents have ssn's ;-)

Seriously though, I dont consider the loss of CC#'s to be that big a
deal for the consumer. You can always change your CC# and the credit
card companies will not hold you liable for the fraud. You can not
always change your SSN  however, and even when you can, it is not an
easy or expedient process.

I guess Identity Theft is not just an american issue though; every
government is implementing identity management, and the businesses
will go ahead and use that system for tracking individuals, and some
of those individuals will find a way to subvert that system.

On the one hand, I wish that the "system" was more than a number
printed on a card or broadcast via RFID, and on the other I dont trust
my government enough to give them my DNA.

oh well,

-JP

More information about the privacy mailing list