40 Million Credit Cards Hacked - YOU as Identity Theft Victim
by Mike Banks Valentine
Published on this site: June 22nd, 2005 - See
more articles from this month...
Saturday, MasterCard blamed a vendor of ALL credit card providers
called CardSystems Solutions, Inc., a third-party processor of payment
card data, as the source of loss of 40 million consumers credit
card information.
As is pointed out by several newspaper and web articles over the
last few weeks, each recapping long lists of financial information
data breaches, something's gotta give before we entirely lose trust
in financial institutions, data brokers and credit bureaus. How
much privacy loss can we take without acting?
These types of data loss were very likely common and have very
probably been going on for a very long time. The difference is that
now, THEY ARE REQUIRED BY LAW TO DISCLOSE THOSE LOSSES - not just
in California, but in many states. National disclosure laws on data
security breaches are being considered in Congress.
I suggest that these breaches of data security all came to
light due to the California law requiring disclosure from
companies suffering hacking loss or leaks or social engineering
or crooked employees or organized crime rings posing as "legitimate"
customers. All of the above have been given as reasons for
security lapses or poor security policies.
About three years ago, a friend told me his paycheck deposit to
Bank of America went missing from account records after he took
his check to the bank on Friday. By Monday, Bank of America was
in the news claiming a computer glitch had disappeared the entire
day's deposits. I mumbled to myself, "I'll bet that was a hack
and that hacker just made a huge offshore banking deposit with B
of A depositors' money."
But we didn't find out why it happened in that particular case
because there was no disclosure law in place at the time. Now we
have disclosure laws that mandate notice of security breaches. Now
suddenly - huge financial services hacks and devious criminal social
engineering outfits posing as legitimate customers and apparently
"innocent" losses by transport companies of backup tapes
begin to come to light.
This spate of data loss incidents is proof of the need for corporate
"sunshine laws" that make public notice mandatory of those
data losses that threaten customer information.
Who is going to lose here - the public, the corporations, the criminals,
or the government? I'd prefer that the bad guys get the shaft and
take down crooked company insiders that either facilitate data loss
by underfunding security and encryption or participate in data theft
or loss in any form - even if that participation is security negligence.
Financial companies and data brokers have been covering up the
losses and keeping quiet about hacks so as not to worry or frighten
their customers. But that practice is essentially ended now that
they must notify the public and disclose those losses instead of
hushing them up.
Keeping the breaches hidden from public view is bad practice as
it maintains the status quo. Disclosure will facilitate internal
corporate lockdowns on the data and all access to it. Disclosure
will educate the public to the lack of security and danger to the
sensitive information we all provide rather casually and routinely
to businesses.
As the following link to a silicon.com story suggests, we cannot
take much more of this lack of regard to privacy and must lock down
financially sensitive data securely and must begin to hold data
brokers, bureaus and handlers VERY accountable.
http://software.silicon.com/..../0,39024655,39131279,00.htm
Insist to your elected representatives that your financial data
be locked down, encrypted and guarded by those entrusted with storing,
transporting and using it. Since our financial, medical and legal
lives are increasingly being housed in digital form and transmitted
between data centers of multiple handlers - we need to know it is
secure. We also need to know when that security has been breached
and our data compromised or lost.
Thieves are becoming more aware of the ease with which they can
find and access financial data. Hacking is not the source of the
greatest losses.
Organized crime has easily found their way into our financial records
by simply paying for it by posing as "legitimate" business
customers of information brokers such as ChoicePoint and Lexis/Nexis.
Any business can buy financial and credit information from those
information bureaus and credit reporting agencies by meeting rather
lax requirements for "need to know" that data.
As long as it is possible to purchase our sensitive data from brokers
and bureaus, organized crime will "legitimately" buy it
from those sources, then ruin our credit by selling that information
at a higher price in identity theft schemes.
Since disclosure laws have come into effect, those breaches have
been made public, credit cards cancelled before losses can occur
and credit reports monitored to watch for suspicious activity. The
bad guys activities are squelched because we are made aware of the
possibility our information has been compromised.
Not all blame can go to financial institutions and data brokers.
Protect your own private data by protecting your computer
records at home, in the office, on your laptop and in your
PDA by using basic keyword security and locking down files.
Use built in encryption on your operating system and your
home network to keep data secure. Then be certain to clear
that sensitive data off the computer when you sell it or throw
it away.
Data security is something we all need to take seriously and the
corporate breaches are dramatic illustrations of how important it
has become to build digital fortresses around our critical financial,
legal and medical information.
Mike Banks Valentine is a privacy advocate and blogs
about privacy issues at http://privacynotes.com/privacy_blog/
You can read more about identity theft issues at: http://shorl.com/hudryrygepregru
Contact MikeValentine for Search Engine Optimization http://www.seoptimism.com/SEO_Contact.htm
|
