BreachExchange mailing list archives
Re: Wis. mailing sent with personal info
From: Chris Walsh <chris () cwalsh org>
Date: Thu, 10 Jan 2008 21:43:08 -0600
EDS is a major provider of outsourced IT. They may well have a more general contract and, in effect, made this decision themselves. The SSNs would have been given as part of the larger scope of work, and then improperly used. <RUMSFELD> Is this a risk firms take when they outsource? Heavens to Betsy, yes. Should Wisconsin have anticipated this? Great Caesar's ghost they should have. Does Wisconsin not have an information classification policy to which 3rd parties must adhere? By jiminy, I would hope so. </RUMSFELD> On Jan 10, 2008, at 2:57 PM, Adam Shostack wrote:
Appalled experts elsewhere are asking why Wisconsin gave SSNs to EDS as part of mailing informational brochures. You don't have to select * from row. You could have selected name, address from row.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Wis. mailing sent with personal info lyger (Jan 08)
- Re: Wis. mailing sent with personal info Henry Brown (Jan 10)
- Re: Wis. mailing sent with personal info Adam Shostack (Jan 10)
- Re: Wis. mailing sent with personal info Chris Walsh (Jan 10)
- Re: Wis. mailing sent with personal info Tracy Blackmore (Jan 11)
- Re: Wis. mailing sent with personal info James Childers (Jan 11)
- Re: Wis. mailing sent with personal info Adam Shostack (Jan 10)
- Re: Wis. mailing sent with personal info Henry Brown (Jan 10)
- <Possible follow-ups>
- Re: Wis. mailing sent with personal info Steve Hamburg (Jan 11)