Friday, October 2, 2009

76 million Veteran records in Question

The inspector general of the National Archives and Records Administration (NARA) is investigating a potential data breach involving the sensitive data of 76 million military veterans, reports Wired. The records were contained on a failed hard drive that was returned to a contractor for repair without first being sanitized, the report states. The contractor passed along the drive, which was beyond repair, to a recycling firm. The NARA IT manager who reported the incident to the inspector general told Wired: "This is the single largest release of personally identifiable information by the government ever." NARA says it does not believe there was a breach of PII. Full Story

Ladies and gentlemen, let me make this as clear as a bell for you. There is only ONE way to insure that a hard drive is safe to recycle. Do not listen to any other advice!

There is only ONE certain way to render a drive of any kind useless to data thieves. DRIVE A BIG NAIL THROUGH THE DISK. If it is a flash drive smash it with a hammer, smash it good. Never recycle a laptop, photo copy machine, server, desk top computer, fax machine, unless you, the user, render the drives useless. Never leave it to anyone else to do.

Tuesday, September 29, 2009

They Keep Sending the Faxes

For all of you who still are under the illusion that data breaches can be prevented I submit the following...

Doctors in three Tennessee cities have been sending sensitive patient information to the fax machine of an Indiana businessman for three years, reports the "This is a total breach of privacy," said the recipient of the faxes, Bill Keith. Despite repeated attempts to correct the problem, including calls, faxes and e-mails to state officials and the doctors' offices, Keith says his office continues to receive about five faxes each week that contain patients' data, including medical histories and Social Security numbers. A Department of Human Services spokesperson described the situation as "troubling." Full Story

Monday, September 28, 2009

Only 163,000 Breached Records Contained Social Security Numbers!

The University of North Carolina is notifying 163,000 women that their personally identifiable information was exposed in a security breach, reports Computerworld. A hacker broke into a system containing records on women who participated in a federally-funded research project. The information of more than 236,000 women who have participated in the UNC School of Medicine mammography research study was exposed, but only 163,000 records contained Social Security numbers. The breach was discovered in July. The system was taken offline. A university spokesperson said that UNC is implementing precautions to prevent future breaches. Full Story

Now what do you think about breach notification laws? UNC believes these intrusions might go back several years and the women affected are just being notified now. Does this provide the best opportunity for the potential victims to prepare for what might result in the worst legal nightmare they will ever experience? How many of them are already having difficulties as the result of these breaches?

This also illustrates once again that our personal information is out there in hundreds if not thousands of lists and databases of all types. It really doesn't matter much to information thieves where the info is as long as they can get it. If there is a list somewhere that has value to a data thief then it is a target.

I will always maintain that the best defense against these and other types of data misuse is to have a service that will work for you in the event of a data theft episode. Don't wait until after the fact, have something in place first. Most services will not provide the same level of services after your identity is misused as they will as a preventive tool unless you pay a healthy fee. It is more cost effective to have a service in place first. When you consider that the average identity theft episode costs over $90K an identity theft service provides an amazing ROI.