Slashdot Mirror

← Back to Stories (view on slashdot.org)

Indiana Data Theft Compromises 700,000

Posted by timothy on from the can't-the-thieves-just-trade-among-themselves dept.

palewook writes "A Midwest collection company, Central Collection Bureau, admits a server and eight PCs stolen contain over 700,000 individuals' personal data. Central Collection Bureau acts as a collection contractor for doctors and utility companies. The Indiana based company admits the stolen info consists of addresses, social security numbers, and medical codes."

13 of 52 comments (clear)

  1. Well this is a well timed article by Durrok · · Score: 2, Interesting

    I happen to work in Indiana in IT for a retail store and my boss and I were just discussing how to avoid a "CNN event" just like this. Hopefully this article will be the tipping edge for the upper management to give us the time and resources to be able to properly secure our network... but somehow I doubt it.

    --
    I keep telling myself I'm not the desperate type.
    1. Re:Well this is a well timed article by base3 · · Score: 2, Informative

      The "good news" is that these "CNN events" are pretty common, and people aren't so fazed by them any more. And the public's attention span is woefully short, so the damage won't last more than a couple of weeks from a PR standpoint. Now if there are contract penalties for a breach, that's a different story altogether.

      --
      One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
    2. Re:Well this is a well timed article by borg007 · · Score: 2, Informative

      Wow. Here in Maine 4.2 million (yes million!) credit/debit cards were compromised by Hannaford Brothers, a grocery store chain. The company knew about for months, but never told their customers. Here's the latest news: http://pressherald.mainetoday.com/story.php?id=183060&ac=PHnws

    3. Re:Well this is a well timed article by Ironsides · · Score: 2, Interesting

      Have HR tell tell you what the fines are for a HIPAA violation. Then have them tell you what is covered under HIPAA. I'm pretty sure at least some of your computers contain HIPAA protected information. Then arrange a presentation with Upper Management.

      --
      Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
    4. Re:Well this is a well timed article by Skapare · · Score: 2, Funny

      Take a CNN story like this, edit it to show your company as the culprit including how sales dropped dramatically, set it up on a web server somewhere, fabricate a CNN-spoofing URL to access it, and use an anonymous web email account to send it to those upper level managers along with a comment saying "do you want to avoid a situation like this?".

      --
      now we need to go OSS in diesel cars
  2. State-wide data theft by Anonymous Coward · · Score: 2, Interesting

    Is it just me, or is it every week that some state has over 500k identities compromised? We may as well have a ticker that says which state this week and how many. We really need to find alternatives, otherwise by the end of the year, over half of the USA will have their identities somewhere underground...

    1. Re:State-wide data theft by pclminion · · Score: 2, Interesting

      That would be awesome. Finally everybody would be forced to abandon the SSN as a unique ID and move to a system that isn't completely fucked.

    2. Re:State-wide data theft by WaltBusterkeys · · Score: 2, Interesting

      Economists would call this a a classic "externalities" problem. It costs a company next to nothing to store vast amounts of data about you, but they don't pay the cost when your data gets spread around.

      Right now, there's no reason why a company (or a state government) wouldn't keep as much data about you as it can. Hard drive space is all but free (especially relative to these types of transactional data) and big database engines can rapidly sort through the data when it's needed.

      But, the problem is that you personally pay the price when a thief takes off with your name, address, social security number, mother maiden's name, etc. You are the one who has to go and call your credit card companies and pay people to remove your name from databases to clean up the mess.

      I'm no fan of government regulation generally, but this seems to be the sort of problem that there's no easy market solution for. I'm quite sure that companies (and governments) would be a lot more careful with personal data if they had to personally call each victim's credit card companies and personally investigate every claim of identity theft. We probably don't need to go that far, but it makes the point.

  3. That's what they get for outsourcing . . . by base3 · · Score: 4, Funny

    . . . to India...na . . . oh, wait.

    --
    One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
  4. Business should assume that SSN is public by PIPBoy3000 · · Score: 3, Insightful

    At this point, it seems like just about everyone's SSN is out there in the public domain in one form or another. What pains me is that SSN is still used like a password for many institutions. Banks will ask for SSN, birthdate, and mother's maiden name. Unfortunately all of those things can be found out with a bit of digging.

    The more these breaches happen, the more apparent it is that we need a better "proof of identity" mechanism. I'm not advocating for the government to pass out universal ID cards to everyone. I think I'd rather see something along the lines of SSL certificates, where business can issue identification to people and later use that number and passphrase to do business with them. Perhaps a handful of business certificates become the "gold standard" and and are accepted by other businesses as a valid identifier.

    1. Re:Business should assume that SSN is public by menace3society · · Score: 2, Insightful

      I disagree, the solution is to do away with the concept of any sort of proof-of-identity mechanism. Whatever you come up with, people will always be able to forge it or fake it or commit fraud with. Banks and things like the current situation with the SSN because it gives them someone to go after in the short-term. In the long-term, of course, they have to give you back the money they took, but to do that requires the victim of fraud/identity theft to jump through quite a few bureaucratic hoops to prove they were a victim. In the meantime, the financial institution can get help from the FBI, the Secret Service, and usually the IRS to go after whoever it was that really did it. You get your money back, sans interest earned on it and less legal expenses, fees, and the time you put in. They also don't fix your credit for you, and you can bet you'll still be answering questions to the IRS about it for months, if not years.

      Banks could do a lot more to prevent fraud before it happens without having a social security number, but they don't bother because they know either way they end up ahead. Putting them, and not the consumer, on the hook when they get duped by scammers will go a long way towards shoring up bank security and personal information privacy.

  5. What authorities are saying by Alzheimers · · Score: 3

    According to anonymous officials, they're calling this heist even more daring than the time he stole the Ark of the Covenant away from the Nazis.

  6. Next, on World's Dumbest Criminals.... by Seraphim_72 · · Score: 4, Funny

    I mean they stole the data of 700,000 people that were on the roles at a Debt Collection company. I mean, these are people that can't pay their bills and have bad credit. How stupid is it to steal that data. "Uh...my SSN is...er...123-45-6789" "I am sorry sir, with your credit score we can't issue you a card." Sure it is still a bad thing for those people to have their info exposed, but sheesh what is next - "Thieves get data of soup kitchen patrons, bankrupt Campbells."? My suspicion is that they are too dumb to know what they have stolen. "Should we bring this flat one? It ain't got no screen or keyboard?" "Sure, I bet its a dvd player, grab it."

    --
    Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.