Slashdot Mirror

← Back to Stories (view on slashdot.org)

100 Million Victims of Data Theft

Posted by kdawson on from the and-counting dept.

jcatcw writes "With the latest significant data breach — theft of a Boeing laptop with unencrypted personal information on 382,000 employees — the Privacy Rights Clearinghouse estimates that the total number of data breach victims has passed 100 million since they started tracking in February 2005. The director, Beth Givens, admits 'the number 100 million is largely a fictional number,' but it surely errs on the low side. Since California is still the only state with disclosure laws, incidents are difficult to analyze fully. However, Congress this week passed a bill requiring that the Department of Veterans Affairs report breaches."

11 of 115 comments (clear)

  1. We need to think how transactions are processed by rolfwind · · Score: 4, Insightful

    Right now, it's becoming clear to me that the problem is that the weak chain in the link is that the creditors/banks/etcetera consistently rely on a few lines of data to complete transactions and identify the parties involved, 95% of which is publicly available, the other 5% easily stolen.

    I don't know what to do to solve this, any suggestions?

    (Way back when, my friend who worked at a Sam Goody used to actually check credit cards when customers bought something on his first day on the job. After the manager caught wind that he denied someone using their friend's mom's credit card, supposedly with permission, he got yelled at and told not to do it again. I can't help but think that the laws are too lax in this area and the industry has little interest fixing it.)

    1. Re:We need to think how transactions are processed by Anonymous Coward · · Score: 3, Insightful

      I don't know what to do to solve this, any suggestions?

      Do it the same way that you make companies care about any other type of public safety issue. Make it very painful for them if they fail to protect the data. If they lose privacy data they should be completely liable for any damages that occur. A couple of major class action lawsuits and we can make it so that companies won't want to collect privacy data except when absolutely needed.

    2. Re:We need to think how transactions are processed by Ajehals · · Score: 5, Insightful

      This is an old problem - the banks / merchants etc... want to make it easy enough for you to spend your money or to get credit that you do it on a regular basis. If banks decided to make it harder - in order to increase their / your security / privacy then it means that they lose business, especially if they are the first to do it. Basically they don't mind losing a bit of money to make a lot of money.

      Of course as long as its easy to get hold of your cash or get credit, someone will want to exploit that to get hold of cash or credit in your name. So making it harder to commit fraud or identity theft is really only beneficial to the customer, which in turn means that the only path to making it harder to commit fraud or identity theft is to introduce legislation or regulation to make it happen. That of course is opposed by the banks and merchants (as they lose out) and opposed by the majority of customers as they don't see that there is a problem until it happens to them.

      So yeah, apart from not seeing an easy solution for the banks and merchants, I also don't really see a will to implement any solution which decreases the amount of spending or credit applications, or one that will cost money to roll out (after all most organisations are looking at short term profit not long term strategy's).

    3. Re:We need to think how transactions are processed by dbc001 · · Score: 2, Insightful

      This is a great point - I get annoyed every time a credit card transaction goes through and I don't have to sign anything. Don't they realize that without a signature there's no way to prove whether the transaction was me or someone else?

  2. Personal Information by Barkmullz · · Score: 2, Insightful


    I wish I was the copyright holder, and protected by the applicable laws, of my own personal information.

    --
    Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
  3. From TFA by AlanS2002 · · Score: 4, Insightful

    Yeah, there's that problem; and also the fact that it is 100M known victims of identity theft.

    From the article: "A stolen laptop at The Boeing Co. has pushed a widely watched tally of U.S. data breach victims past the 100 million mark". Saying that the 100M people are thought to have had data disclosed about them is not the same as saying that 100M people are known victims of identity theft.

    --
    Not all conservatives are stupid,
    but it is true that most stupid people are conservative.
    - Hume
  4. I wonder... by e-scetic · · Score: 2, Insightful

    I never read of anyone having suffered consequences as a result of someone losing their data. Why is that?

    Doesn't it seem as if there would be a few major class action lawsuits, at the very least? You'd think every time data loss occurs on this large a scale, it would be followed by droves of people suffering from identity theft or fraud

    1. Re:I wonder... by scdeimos · · Score: 2, Insightful
      I never read of anyone having suffered consequences as a result of someone losing their data. Why is that?

      Because not many media outlets are interested in reporting on individuals who lose a few hundred dollars when they can throw around figures like 100,000+ victims in a single crime.

  5. Re:makes me wonder... by Skidge · · Score: 2, Insightful

    It was probably some schmuck trying to make an unreasonable deadline for some reports, trying to put in a few extra hours of work at home so he doesn't get yelled at by his PHB, who didn't give said schmuck the approval needed to get a secure remote connect because it would have cost his department a few extra dollars.

  6. Re:kill me, Slashdot, for I haven't the nerve myse by poopdeville · · Score: 5, Insightful

    I realize this is probably a troll, but I'm responding in case it isn't.

    It isn't too late. But you have a tough choice to make. You can either choose to make your life better, or choose to let life push you around. Changing is not easy.

    Read Sartre, Camus, Nietzsche.

    Pull your ethernet cable, unplug your wireless router. Take some time off of the /b/ scene. Get out of town for a while if you can.

    Think about your goals -- both the failed and incomplete. Ask yourself why the failed ones failed. Resolve to fix the problems that caused them to fail. Evaluate your incomplete goals. Make plans to finish them. Commit to your plans.

    Exercise is good for you. I don't mean to make fun of your belly. But you obviously need to become stronger to become the man you want to be.

    Don't sweat being bald.

    You've wasted a lot of time, but you're still young. There's no point wasting any more.

    --
    After all, I am strangely colored.
  7. For the love of God... by RulerOf · · Score: 5, Insightful

    Two words: Terminal Server.

    I know it has been asked before, but WHY in the name of GOD does this kind of information need to be on a fucking laptop?!

    My mother works at a VA hospitol and as such, has access to read and modify all the personal information necessary to commit identity theft on thousands of patients, and of course, she has a laptop computer issued by the hospitol so that she can work from afar. When she originally received it, it was nothing more than a Win2k box with VPN software, MS terminal services. All of the sensitive data was/is stored on the servers on their intranet. After a small "upgrade," the laptop was returned, only this time it came back with a full encryption setup. The interesting thing is that there is STILL no sensitive data stored on the laptop. It is, however, just as easily accessible. The point is, if someone stole that laptop, no sensitive data would be compromised, even if the encryption was broken (which probably wouldn't happen).

    I don't fucking understand, why when we have the technology READILY available to completely prevent this kind of crap, that it isn't used. A shout out to all the companies on this planet: Centralize your damned security. Laptops cost $500. This kind of shit publicity and potential lawsuits cost a hell of a lot more.

    --
    Boot Windows, Linux, and ESX over the network for free.