Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Theft Soars to Unprecedented Levels

Posted by Zonk on from the never-been-easier-to-be-someone-else dept.

A Wired article reports on data loss in 2007, and the numbers aren't good. Credit card and social security theft was at an all-time high, with even more losses expected in 2008. Information thieves, it seems, are just one step ahead of IT security. "While companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late. 'More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be,' said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself."

7 of 116 comments (clear)

  1. The Solution. by Slashdot+Suxxors · · Score: 5, Funny

    Just provide your credit card number to me and I will make sure no one steals it.

  2. The downside of exponential-growth computing by lobiusmoop · · Score: 4, Insightful

    This seems like a consequence of being able to carry gigabytes of data around in your pocket. It is probably all too easy for the odd database to duplicate into an employee's thumbdrive these days I suspect.

    --
    "I bless every day that I continue to live, for every day is pure profit."
  3. Something fishy... by __aaclcg7560 · · Score: 4, Insightful

    Is data theft at an all-time high because of hackers or just dumb companies not encrypting their backup data that gets lost in transit?

  4. Not a big surprise by gta3mobster · · Score: 5, Insightful

    Irresponsible data handling by employees at retail stores probably contributes quite a bit.

    One of my friends went dumpster diving at Compusa. On top of finding almost every cable you'd ever need to hook anything up, he found over 70 pages of daily reports disclosing full credit card numbers, expiration dates, first/last names, and card company. Personal checks that were used during that day listed the account #, routing #, first/last name, birthdate, drivers license #, address, phone number, and probably some other stuff. He found this on two separate occasions, with over 300 cards listed total. None of the papers were shredded/torn either. He didn't intend to find this stuff - Imagine how easy it must be for somebody who actually wants the information!

    The majority of the population doesn't understand how seriously security needs to be taken when venturing online to make purchases. If people understood going onto unsecured networks/etc was pretty much the same as leaving your credit card/checkbook in the front seat of your car, leaving the doors unlocked, and parking it in a bad neighborhood they might take security more seriously.

    Sure - Most of the time if you leave stuff in your car unsecured, it'll be there when you get back. But there's always that small chance it'll get stolen.

  5. IT Security really to blame? by Blittzed · · Score: 4, Insightful

    The post states that "Information thieves, it seems, are just one step ahead of IT security.". I disagree with this, but it all depends on your definition of IT security, mine being more on the tech side in relation to protection, countermeasures and network forensics. The article really does not make any claim that IT security is at fault, but rather that counter measures to known threats are not being empyloyed. In relation to the quoted statement above, I would say that information theives are five steps ahead of those of don't take measures to protect against threats, rather than being ahead of IT security. I guess it could be argued that IT security is indirectly responsible, or failing, as user education and policy are major parts of protecting corporate networks and data. The failure in these cases seems to be more related to a lack of user knowledge or failure to adhere to policy / weak policy, rather than a complete inability of IT security to protect information. Everyone knows that the internet is a dangerous place (TM), even my grandma. For those in government, schools etc to have data stolen and claim that they didn't know about the risks posed of using online data systems is just plain stupid. According to TFA, the biggest theft of information occurred due to the use of a wireless network. "What! Wireless isn't secure? I had no idea!" Only if you had your head firmly wedged up your own back passage could you as a security professional, or even semi professional ;) claim that you had no idea of the many vulnerabilities of wireless networks...

    --
    "They looked deep into my soul and assigned me a number based on the order in which I joined"
  6. Time for *actual* authentication by RickRussellTX · · Score: 4, Insightful

    It continues to astonish me that people think of "data theft" as the cause of identity theft.

    Data theft is not the problem. The problem is that financial organizations are willing to accept transactions without authentication, or with very weak authentication. Supplying a 9-digit number which is a matter of public record is not a form of authentication. It does not prove that the person speaking is the account holder. Anybody can walk into a store with a fake credit card and buy stuff in my name, no questions asked. People can write checks with my account number on them, and it will be charged to my account. At no point is the slightest attempt made to authenticate the identity of the person making the transaction and certify that they are allowed to post transactions to the account.

    There is no way to "plug" these leaks; most of these names and numbers are a matter of public record and must be surrendered in order to make a transaction in the first place. The identity theft problem will not abate until account holders have enhanced authentication options, and the financial institutions are required to use them. Biometrics, physical security tokens, PINs, it doesn't really matter what solution we use. We just need to use something to verify the identify of the person making the transaction. It's the only solution.

  7. Identity Theft, a Corporate Victory by Vocabulary by shani · · Score: 5, Insightful

    In the olden days (like 10+ years ago), if someone wrote a check in someone else's name, it was called "fraud". It is, in fact, a crime where someone steals money from the bank.

    At some point, someone changed the vocabulary, and now we call this "identify theft", and so we make the crime against the person who's name was forged. In fact, this person has nothing to do with this crime, and is an innocent bystander. The bank is charged with protecting my assets, and if they fail to do so, they should be liable, just as much as if someone walked into the bank with a gun and took it!

    By convincing society at large that the crime is "identity theft" and not "fraud", the corporations, while not solving the problem of fraud, has made it someone else's problem; namely their customers. And the customers accept this, and direct their ire against the criminals, instead of against the company. (Admittedly the criminals are Bad People, so they do deserve to be feared and hated.)

    In some ways, it is a stroke of genius by the corporate world. But not one that we should celebrate. :(