Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has the Data Security Problem Become an Epidemic?

Posted by Cliff on from the so-much-for-privacy dept.

telstar asks: "Lately, it seems like an almost weekly occurrence: confidential customer data is exposed online, despite the assurance that security measures were in place to prevent such a problem. ChoicePoint Inc., LexisNexis, and DSW Inc. were all victims of online security breaches. Ameritrade and Bank of America both admitted lost physical data tapes containing confidential client account information. Recently, Carnegie Mellon notified 19,000 students, alumni, faculty and staff that their confidential information may have been compromised. An April 2005 GAO report found that though the IRS is making progress fixing security holes in systems that it operates, they aren't keeping pace with new vulnerabilities, risking exposure of sensitive financial data of the taxpaying population of the country. To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced. What about companies like Google? As they expand their service offerings with GMail and Google Search History, where they are increasingly responsible for retaining client data, will they become a bigger target for attackers? This is the problem. What is the solution? Are there any tips for people to help protect their identity and confidential financial information? What firms go above and beyond the call of duty to ensure that their client data is secure?"

8 of 75 comments (clear)

  1. Write State Senators by justanyone · · Score: 4, Insightful

    Write your state senators and legislators and urge adoption of california style laws that require companies to notify their customers if any private data is compromised.

    Illinois does not have a law, and it should.

    From what I understand, the main reason we're hearing more about these data intrusions is the California law now mandates such disclosures.

    --
    Unitarian Church: Freethinkers Congregate!
  2. Some of it is legal by MerlynEmrys67 · · Score: 3, Insightful
    Companies are now legally required to publically disclose breaches... 5 years ago there was no such requirement - so they didn't bother.

    That said - the cracker population is getting significantly more sophisticated with more resources available to them (think a zombie network for solving distributed problems rather than simply launching a DDoS).

    Online is a scary place to be isn't it ?

    --
    I have mod points and I am not afraid to use them
    1. Re:Some of it is legal by aero6dof · · Score: 2, Interesting

      In California they are required to do so, but you should note that one iteration of thought that ChoicePoint reportedly went through was to consider notifying only CA residents.

      As far as I've read, there is no US Federal law requiring company disclosures of security breaches.

  3. No by Safety+Cap · · Score: 4, Insightful
    Data security is no more an epidemic than "terrorism" is. You're just hearing about it more, thanks to the disclosure laws in Cali, et. al.

    Compare with people who watch Faux News: they're convinced that Osama is on the verge of attacking BFE, ND, and we're also winning the war in Iraq.

    --
    Yeah, right.
  4. If it's worthless they won't steal it by vandezuma · · Score: 4, Insightful

    As I read in some article a few weeks ago (not sure if it was /. or not), if companies made their authentication processes more stringent, data like SSN's and names and addresses wouldn't be so valuable any more. The problem is that you can get access to so many things with just basic contact info and a SSN.

    --
    "That is the saving grace of humor, if you fail no one is laughing at you." -A. Whitney Brown
  5. "begs the question" by venomkid · · Score: 4, Informative

    Look, I know this is OT, but I see this so often it's starting to cause me physical pain.

    To top things off, these are only the cases that we're aware of, which begs the question of how many security breaches have gone unnoticed, or unannounced.

    The circumstances may "raise" or "prompt" a question, but it doesn't "beg" a question. "Begging the question" is a logically fallacious practice in which one assumes one's conclusion, making a circular logic. (eg. claiming the Bible is the inerrant word of God because it says so) It has nothing to do with speculation.

    --
    vk.
  6. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  7. Tell me about it.. by Klowner · · Score: 2, Funny

    The other day, the wonderful community college which I acquired my near worthless associates degree from, sent an email to just about all the people in my graduating class. Not a problem you may think, but consider this..

    THEY PUT EVERYONE'S EMAIL, IN THE TO: LINE.

    I (as well as every other fellow student) now have a full listing of all my fellow student's names and email addresses..

    Oddly enough, this school has a "networking" course, hello security.