Slashdot Mirror

← Back to Stories (view on slashdot.org)

158 Million Records Exposed (And Counting)

Posted by CmdrTaco on from the do-i-get-a-vitamin-now dept.

Lucas123 writes "According to the The Privacy Rights Clearing House 158 million records have been exposed over the past two years as a result of inadequate security. Data's less secure today because as fast as banks, merchants and consumers add new layers of security to their storage systems and networks, new technologies — or simply careless users — create new security holes, according to Bob Scheier at Computerworld."

6 of 106 comments (clear)

  1. i read it somewhere else by circletimessquare · · Score: 4, Insightful

    but all you would have to do is pass a law making the financial institutions responsible for all of the costs and hassles involved with identity theft, and it would never happen again. but as long as consumers shoulder that burden, or even a part of it, it will continue, as the consumer is not the one in a position to fix any of the problems that lead to identity theft

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:i read it somewhere else by aldousd666 · · Score: 4, Insightful

      They can't make companies that consume financial information responsible for it 100%, because the big huge wide open hole is the consumer themselves. They can type their password into a fake website faster than you can say 'anbesol' and what fault of the bank's is that? None. Consumers need to be smarter, BUT banks or merchants SHOULD be liable for any data exposure due to negligence. Which is something else entirely. If it's bad security practice on behalf of the institution, or someone accidentally left the firewall open, then they should eat the cost of cleaning up their spill. But, if someone misuses a login because you were dumb enough to phish out your password, or you got keylogged, sucks to be you.

      --
      Speak for yourself.
    2. Re:i read it somewhere else by plover · · Score: 4, Insightful

      "all you have to do is pass a law...and it would never happen again"?

      Oh, if it were that easy. Pass a law and Windows bugs are fixed. Pass a law and dishonest employees will never steal again. Pass a law and a hard drive will never be misplaced, or a delivery service will never lose a tape en route, or a destruction service will never hire a corporate spy.

      California (and a few other states) has a law requiring notification. Minnesota has almost exactly the law you would like requiring the leaking parties to be responsible for the costs, yet continues to have breaches.

      Laws aren't like some magical "wand of protection +5". Sure, they give people incentive to do something, but they can't actually stop the dishonest people, nor do they protect us from the incompetent until after the damage is done.

      --
      John
    3. Re:i read it somewhere else by Billosaur · · Score: 5, Insightful

      As many people will point out, at some point you have to take responsibility for your own information. It's not the data breaches themselves that are really the issue, but the fact that once your data gets into the wild, it can be used for nefarious and often illegal purposes, and that's there is no easy way to deal with the problem. Anyone who gets their identity stolen literally spends years writing letters and making calls to various companies to indicate that in fact their identity was stolen and they are not responsible for the misuse of it. When it comes to clearing things up with the major credit monitoring services, it can be downright frustrating to get them to make necessary and factual changes to your credit report in order to get the matter cleared up.

      We don't just need laws to make companies liable, we need a system in place to make sure that when data breaches do occur, that those affected can restore some semblance of normalcy to their lives with the minimum of fuss. And we need laws in place to define just what data any particular company can collect (remember: your SS# is not supposed to be used as any kind of identifier except for tax purposes) and more importantly, how that data should be stored (mandatory encryption).

      --
      GetOuttaMySpace - The Anti-Social Network
    4. Re:i read it somewhere else by JonXP · · Score: 5, Insightful

      "The only way to truly end this is to remove the ability to use the data online, and require face-to-face authentication."

      Because, as we all know, fraud and identity theft did not exist before the advent of the internet.

      --
      Still IMing in the stone age?
  2. Always going to be a problem by TubeSteak · · Score: 4, Insightful

    Data breaches are always going to exist.
    The big question is: What can be done to minimize the impact of the breaches.
    The short answer - make it harder to get credit cards, loans, etc.

    Once you change the way that money is handed out by financial institutions, all that stolen data becomes worthless.

    But... that will never happen. Easy access to credit is the lifeblood of the debt driven American economy. So really, no matter how much moaning goes on about fraud, they still want a system that allows everyone to easily have access to debt at the drop of a hat.

    --
    [Fuck Beta]
    o0t!