Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has the Data Security Problem Become an Epidemic?

Posted by Cliff on from the so-much-for-privacy dept.

telstar asks: "Lately, it seems like an almost weekly occurrence: confidential customer data is exposed online, despite the assurance that security measures were in place to prevent such a problem. ChoicePoint Inc., LexisNexis, and DSW Inc. were all victims of online security breaches. Ameritrade and Bank of America both admitted lost physical data tapes containing confidential client account information. Recently, Carnegie Mellon notified 19,000 students, alumni, faculty and staff that their confidential information may have been compromised. An April 2005 GAO report found that though the IRS is making progress fixing security holes in systems that it operates, they aren't keeping pace with new vulnerabilities, risking exposure of sensitive financial data of the taxpaying population of the country. To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced. What about companies like Google? As they expand their service offerings with GMail and Google Search History, where they are increasingly responsible for retaining client data, will they become a bigger target for attackers? This is the problem. What is the solution? Are there any tips for people to help protect their identity and confidential financial information? What firms go above and beyond the call of duty to ensure that their client data is secure?"

4 of 75 comments (clear)

  1. Legislation in the pipeline by Anonymous Coward · · Score: 1, Interesting

    I imagine there will be some laws passed about this real-soon-now. Stuff like this doesn't happen over night, but as high profile cases hit the news with greater frequency it is only a matter of time before an influential senator or congressman gets inconvenienced by it and champions a bill.

    I'm surprised the Homeland Security folks haven't done it themselves on the grounds terrorists will steal identities of US citizens to sneak in and get around.

    As for a technological fix... unplug.

  2. California by Motherchucker · · Score: 1, Interesting

    Whoops, posted anonymously...

    This is just speculation, but I believe a lot of these new warnings are the result of California's new law forcing disclosure of these events. I'd venture that it was probably happening before, but they just kept quiet about it. And if someone doesn't conduct business in California, you still won't know until it's too late.

    On the other hand, some of these may be cases where the *potential* exists that someone accessed your data, but really didn't, but the company is covering it's ass.

    Some of these attacks could be mitigated if these companies encrypted their backups before they go off-site (which they should already be doing anyway).

  3. Entire Registry of Motor Vehicles Database Hole by devexial · · Score: 1, Interesting

    This was in the Boston Globe as well as The Washington times today. The govenor of the state and many celebritie's driving records were publicly available, such as Jay Leno's. Massachusetts closes personal data hole

  4. Re:Some of it is legal by aero6dof · · Score: 2, Interesting

    In California they are required to do so, but you should note that one iteration of thought that ChoicePoint reportedly went through was to consider notifying only CA residents.

    As far as I've read, there is no US Federal law requiring company disclosures of security breaches.