Security Incidents Inundating the News Today
When checking the news this morning I felt like I was in the Twilight Zone; it seemed that the news of information security incidents just kept popping up, one right after the other.
I envisioned a TZ episode, perhaps entitled, "Data Wants To Be Free," with the plotline: Overnight all the personal data for every business in North America and the EU (yes, this needs to be an international story) has been stolen...every hard drive, every storage device and every laptop computer...CISOs and CPOs anguish about what to do while copies of everyone's personal data that were on these devices continue to be mysteriously posted to thousands...no, make that millions...of Internet sites...the major credit reporting agencies increase their computing power to accommodate credit monitoring for basically all the U.S.'s...and rest of the world's...population...the public panics and jams the credit card companies phone lines with requests to cancel their accounts and establish new ones... Okay, I'll stop with the silly storyline...but is it really so far-fetched? :)
Back to the real (and in many ways equally as scary) news...
Here are the first eight incident stories that leaped out at me this morning; I found many more after these, most in smaller venues, but I think this listing demonstrates how information security and cybercrime really seem to be out of control with data virtually flying out of businesses and going to who-knows-where every day.
- Tops employees' personal data stolen (Buffalo News) - For the second time in a month, a laptop computer containing personal information on Tops Markets employees has been lost, the supermarket's parent company said Friday. The computer was stolen from a Deloitte Accountants employee during a commercial airline flight, said a spokesman for Dutch supermarket company Royal Ahold NV. Neither Ahold nor Deloitte would say when or where the laptop was stolen, how many supermarket employees are affected or exactly what personal information is at risk. (click the link to read the full story)
- Navy finds sailors' private info on Web: Latest in string of security gaps affects 28,000 (San Francisco Chronicle) - Navy officials this week discovered that personal data for nearly 28,000 sailors and family members appeared on a public Web site, fueling more concerns about the security of sensitive information belonging to federal employees. (click the link to read the full story)
- City Hall break-in puts thousands at risk (Hattiesburg American) - Thieves who broke into Hattiesburg City Hall made off with more than $150,000 in computer equipment, including four computer servers that contained personal information of at least 23,000 city residents and employees. Sometime late Thursday or early Friday, two unidentified men broke out a window on the southeast side of the building to gain entry into the basement level. There they shattered the door of the information technology department and took the computer equipment, Hattiesburg Police Chief David Wynn said Friday. (click the link to read the full story)
- Stop & Shop employees’ data stolen (Worcester Telegram) - A laptop computer containing personal information of current and former employees of supermarket chains Stop & Shop, Giant and Tops was stolen during a commercial flight, the supermarkets’ parent company said yesterday. It was the second such incident disclosed by the company this month.
The U.S. subsidiary of Dutch parent company Royal Ahold and an auditor whose employee had the computer would not say when the laptop was stolen, how many supermarket employees were affected or describe what personal information had been divulged. (click the link to read the full story) - 619 students' secure data revealed online (Bradenton Herald Today) - A number of Catawba County high school students received an unwanted adult-world graduation present: Their Social Security numbers were exposed on the Web. The mother of a graduate found the numbers along with test scores of 619 students on a school Web site this week. She found the page while looking on Google for information about a beauty pageant contestant. Catawba County Schools officials said the page was password protected and they had no idea how Google got access. Google was working to remove the page Friday night. (click the link to read the full story)
- Identity data stolen along with laptop (Roanoke) - A laptop containing the personal information of more than 200 people was stolen from a Roanoke-based staff attorney for the federal Social Security Administration. The computer contained the names, Social Security numbers and, in some cases, medical information of the 228 people whose records may have been compromised, said Mark Lassiter, a spokesman for the Social Security Administration. (click the link to read the full story)
- Thief steals Bank of the Orient ID data (Pacific Business News) - An estimated 28,000 consumers of Bank of the Orient are potentially at risk for identity theft after a robbery at a branch in Los Angeles, the company said Friday. The San Francisco-based bank, which has two branches in Honolulu, said magnetic tapes containing customers' names and Social Security numbers were stolen during the heist. (click the link to read the full story)
- STOLEN LAPTOP CONTAINED STUDENTS' PERSONAL INFORMATION (Bay City Newswire) - A laptop stolen from a San Francisco State University faculty member's car on June 1 contained identity information of 3,035 business students, SFSU spokeswoman Ellen Griffin said today (June 23, 2006). The university was notified of the incident on June 6 and alerted students on June 13. About 95 percent of the names on the stolen computer were alumni, but some were current students. There is no indication that information on the laptop has been used illegally, but because it contained 2,816 social security numbers and other personal data, university officials sent a warning letter to affected students. (click the link to read the full story)
Technorati Tags
information security
IT compliance
stolen laptop
cybercrime
corporate governance
awareness and training
personal data protection
privacy law
privacy
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
There was an interesting paragraph in a story in the SF Chronicle (taken from the Washington Post):
“If someone wants to be an identity thief, it's far easier to go on overseas-based Web sites that auction off blocks of stolen credit card numbers, eBay-style, said Michael Vatis, a lawyer and executive director of the Markle Foundation's Task Force on National Security in the Information Age.
“Vatis said it would be laborious, time-consuming and a gamble for identity thieves to target middle managers, follow them and steal their laptops, hoping a database would be there.
"If this is your business, stealing people's identity, you're better off with a business model where you're not looking for a needle in a haystack but you're looking for hay, and there are haystacks everywhere," he said. “
This attitude is a bracing antidote to the fairly hysterical, breathless reporting we are used to, even as it seems to me to be both a disingenuous and misleading statement. The general media keeps missing the point. But a discussion about what constitutes “sensitive” information and the means best to guarantee its CIA would take too long. Far better to fan the flames of fear.
And I don’t presume to know the criminal mind, but it shouldn’t take a genius to realize nowadays that a laptop may have more intrinsic value than what can be offered on the street for the hardware. But maybe they don’t follow the news...
Posted by: patrice rapalus | June 28, 2006 4:55 PM
Indeed...so many very good opportunities with these reports of incidents to raise the awareness of the public of information security, but it seems all that is typically done is spin and hype. Yes, I guess they only have so much space...and news is typically served in what, 1-2 minute chunks?
Posted by: Rebecca Herold | June 30, 2006 10:24 AM