Results 1 to 6 of 6

Thread: Groups: Record Data Breaches in 2007

  1. #1
    weebit Guest

    Default Groups: Record Data Breaches in 2007

    "BOSTON (AP) -- The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information."

    Click here [wired news]

    A good majority of them don't beef up security until after a breech has happened. Their security is so lax it's not even funny. Most breeches accrued because of laptop theft. Apparently the companies have not heard of encryption, and secure passwords. Just two companies in my area have ban the practice of allowing sensitive information leaving the job. Other's "check out" a laptop that has been beefed up with security measures.

    Most that steal laptops have no clue they have such a gold mine of information on them. They are out for a quick buck at a local pawn shop or from a friend that has no clue or just a slight clue that the laptop is stolen. In my area, big items like laptops/notebooks you have to show a receipt that you purchased it before a pawn shop will even take it. Several other items are the same way. So many are sold unsuspecting to the neighbor, friend and unfortunately to drug dealers.

  2. #2
    watcher Guest

    Default Re: Groups: Record Data Breaches in 2007

    Dear weebit:

    Many companies have practiced this penny-wise, dollar-foolish method for information security, hoping they were lucky. However, now there are GLBA, SOX, and HIPAA laws. The penalty for noncompliance is such that it forces companies to comply for the protection of information, whether they want to or not.

    Laptops usually have security chips inside, like the TPM. If you have drive encryption built in, and handled by the security chip, not by software, it is nearly impossible for a hacker to retrieve that info. Even if they remove the hard drive and attach it to the hacker's PC, the data should be unretrievable.

    The January, 2008, issue of PC Magazine came out with an 1-page article entitled, "Your PC's Been Arrested-Now What?". It explains what to consider when law enforcement shows up at your company because of an employee's illegal activity.

    WATCHER

  3. #3
    weebit Guest

    Default Re: Groups: Record Data Breaches in 2007

    "The penalty for noncompliance is such that it forces companies to comply for the protection of information, whether they want to or not."


    Kind of late to do that now. And yes I knew there was a few laws. But the fact is your chance of your information already being breeched is high. My info has been breeched 3 times so far judging by the letters I get from the companies I do business with. Now that they have to comply and inform the public, I can't help but think, of the number of times my personal information has been breeched, and no one informed me of it. Three times, is three times too many. But I suspect everyone's information has been breeched a few times in their lifetime., and they just don't know about it.

  4. #4
    watcher Guest

    Default Re: Groups: Record Data Breaches in 2007

    Dear weebit:

    Sorry to hear about your personal loss. My comments were meant to give add'l info re information security.

    These laws have been in effect for several years now.

    WATCHER

  5. #5
    weebit Guest

    Default Re: Groups: Record Data Breaches in 2007

    I do realize what you are pointing out here. But my statement was just letting you know that even with the new laws info is being miss placed and stolen. If you even think back to the year 2000 I can bet back then you didn't give this much of a thought. But I bet you that even up till the time they passed the laws your information was either lost or stolen, and so was everyone else's. There are no clear cut ways to protect our information if it is running a muck in the wild already. But if my information has been breeched three times, can you just imagine the number of businesses that had such a breech, and never reported it? Remember before the new laws came into effect there was no one telling them they "had" to report it. "Out of sight, out of mind." The laws only protect you "if" your information never was breeched, but in reality it is not that much protection. The laws basically cover someones you know what. Does nothing for the consumer because many places even today have a poor IT security department, or none at all. Their security is a joke. Sorry, but I have seen it first hand. Even had a few to say they ONLY did what the GOV said to do and nothing more because they didn't want to put heavy restraints on their personnel. I believe many will have this false sense of security regarding these new laws.

  6. #6
    watcher Guest

    Default Re: Groups: Record Data Breaches in 2007

    Dear weebit:

    You have a talent for understatement. There have been a LOT of breaches this past year alone resulting in data theft, including database breakins and stolen laptops. My point is that there is more accountability now that these federal laws are in effect.

    About your statement re ways to protect, what I assume you meant, personal info, once it has already been disseminated to unauthorized parties, isn't necessarily correct. A case in point that I remember was this lady whose social security number(SSN) had been stolen(identity theft) and illegal Mexican immigrants were using this same SSN down in Texas to work. They never paid their taxes and this lady received a notice from the IRS for delinquent taxes she owed. It cost her a lot of time to resolve this with the IRS and her SSN continued to be used so finally she rec'd a new SSN from the Social Security Administration. Her previous SSN has, I'm sure, since been flagged as fraudulent and the theft of that information has no value any more. Anyone trying to use that info now would be caught and prosecuted.

    Previous to these laws, and still applicable, the FBI handled security breaches at corporate sites. You're right in that it had to be reported first and companies are reluctant to report this due to the negative publicity should it ever leak out prematurely. The FBI usually keeps the incident confidential while it is investigating. It all depends on what kind of info was stolen and what happened to it.

    Small companies have small IT budgets(for labor/hardware/software costs) and hackers are well aware of it. That's what makes them tempting targets. If management doesn't support an information security(IS) policy, there isn't much an IT specialist can do. Only large corporations can afford dedicated IS personnel. Small companies usually have 1 IT specialist to do just about everything. Unfortunately, IT and IS are 2 different fields, with some overlap.

    I'm sure a lot of people have a false sense of security not to mention high expectations for protecting their personal information. These laws are not perfect but they have teeth. There are also other resources available to people who have suffered identity theft.

    WATCHER

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •