Monday, September 28, 2009

Only 163,000 Breached Records Contained Social Security Numbers!

The University of North Carolina is notifying 163,000 women that their personally identifiable information was exposed in a security breach, reports Computerworld. A hacker broke into a system containing records on women who participated in a federally-funded research project. The information of more than 236,000 women who have participated in the UNC School of Medicine mammography research study was exposed, but only 163,000 records contained Social Security numbers. The breach was discovered in July. The system was taken offline. A university spokesperson said that UNC is implementing precautions to prevent future breaches. Full Story

Now what do you think about breach notification laws? UNC believes these intrusions might go back several years and the women affected are just being notified now. Does this provide the best opportunity for the potential victims to prepare for what might result in the worst legal nightmare they will ever experience? How many of them are already having difficulties as the result of these breaches?

This also illustrates once again that our personal information is out there in hundreds if not thousands of lists and databases of all types. It really doesn't matter much to information thieves where the info is as long as they can get it. If there is a list somewhere that has value to a data thief then it is a target.

I will always maintain that the best defense against these and other types of data misuse is to have a service that will work for you in the event of a data theft episode. Don't wait until after the fact, have something in place first. Most services will not provide the same level of services after your identity is misused as they will as a preventive tool unless you pay a healthy fee. It is more cost effective to have a service in place first. When you consider that the average identity theft episode costs over $90K an identity theft service provides an amazing ROI.

2 comments:

AMIT said...

Do u mean that there are more records?

Web hosting india

John Taylor said...

Yes. As I understand it there were another 40,000 but they didn't contain sensitive personal information.