Security Information

40 Million People Hacked - YOU as Identity Theft Victim

Saturday, MasterCard blamed a vendor of ALL credit cardproviders called CardSystems Solutions, Inc., a third-partyprocessor of payment card data, as the source of loss of 40million consumers credit card information.

As is pointed out by several newspaper and web articles overthe last few weeks, each recapping long lists of financialinformation data breaches, something's gotta give before weentirely lose trust in financial institutions, data brokersand credit bureaus. How much privacy loss can we takewithout acting?

These types of data loss were very likely common and havevery probably been going on for a very long time. Thedifference is that now, THEY ARE REQUIRED BY LAW TO DISCLOSETHOSE LOSSES - not just in California, but in many states.National disclosure laws on data security breaches are beingconsidered in Congress.

I suggest that these breaches of data security all came tolight due to the California law requiring disclosure fromcompanies suffering hacking loss or leaks or socialengineering or crooked employees or organized crime ringsposing as "legitimate" customers. All of the above have beengiven as reasons for security lapses or poor securitypolicies.

About three years ago, a friend told me his paycheck depositto Bank of America went missing from account records afterhe took his check to the bank on Friday. By Monday, Bank ofAmerica was in the news claiming a computer glitch haddisappeared the entire day's deposits. I mumbled to myself,"I'll bet that was a hack and that hacker just made a hugeoffshore banking deposit with B of A depositors' money."

But we didn't find out why it happened in that particularcase because there was no disclosure law in place at thetime. Now we have disclosure laws that mandate notice ofsecurity breaches. Now suddenly - huge financial serviceshacks and devious criminal social engineering outfits posingas legitimate customers and apparently "innocent" losses bytransport companies of backup tapes begin to come to light.

This spate of data loss incidents is proof of the need forcorporate "sunshine laws" that make public notice mandatoryof those data losses that threaten customer information.

Who is going to lose here - the public, the corporations,the criminals, or the government? I'd prefer that the badguys get the shaft and take down crooked company insidersthat either facilitate data loss by underfunding securityand encryption or participate in data theft or loss in anyform - even if that participation is security negligence.

Financial companies and data brokers have been covering upthe losses and keeping quiet about hacks so as not to worryor frighten their customers. But that practice isessentially ended now that they must notify the public anddisclose those losses instead of hushing them up.

Keeping the breaches hidden from public view is bad practiceas it maintains the status quo. Disclosure will facilitateinternal corporate lockdowns on the data and all access toit. Disclosure will educate the public to the lack ofsecurity and danger to the sensitive information we allprovide rather casually and routinely to businesses.

As the following link to a story suggests, wecannot take much more of this lack of regard to privacy andmust lock down financially sensitive data securely and mustbegin to hold data brokers, bureaus and handlers VERYaccountable.

Insist to your elected representatives that your financialdata be locked down, encrypted and guarded by thoseentrusted with storing, transporting and using it. Since ourfinancial, medical and legal lives are increasingly beinghoused in digital form and transmitted between data centersof multiple handlers - we need to know it is secure. We alsoneed to know when that security has been breached and ourdata compromised or lost.

Thieves are becoming more aware of the ease with which theycan find and access financial data. Hacking is not thesource of the greatest losses.

Organized crime has easily found their way into ourfinancial records by simply paying for it by posing as"legitimate" business customers of information brokers suchas ChoicePoint and Lexis/Nexis. Any business can buyfinancial and credit information from those informationbureaus and credit reporting agencies by meeting rather laxrequirements for "need to know" that data.

As long as it is possible to purchase our sensitive datafrom brokers and bureaus, organized crime will"legitimately" buy it from those sources, then ruin ourcredit by selling that information at a higher price inidentity theft schemes.

Since disclosure laws have come into effect, those breacheshave been made public, credit cards cancelled before lossescan occur and credit reports monitored to watch forsuspicious activity. The bad guys activities are squelchedbecause we are made aware of the possibility our informationhas been compromised.

Not all blame can go to financial institutions and databrokers. Protect your own private data by protecting yourcomputer records at home, in the office, on your laptop andin your PDA by using basic keyword security and locking downfiles. Use built in encryption on your operating system andyour home network to keep data secure. Then be certain toclear that sensitive data off the computer when you sell itor throw it away.

Data security is something we all need to take seriously andthe corporate breaches are dramatic illustrations of howimportant it has become to build digital fortresses aroundour critical financial, legal and medical information.

Mike Banks Valentine is a privacy advocate and blogs aboutprivacy issues at PrivacyNotes.comYou can read more about identity theft issues at:Publish101

Contact MikeValentine for Search Engine Optimization

could not open XML input