BreachExchange mailing list archives
Re: follow-up: Firm Hired After Security Breach FacesState Probe (fwd)
From: "Jamie C. Pole" <jpole () jcpa com>
Date: Tue, 26 Aug 2008 08:08:34 -0400
I believe that's an absolutely realistic scenario - I'm dealing with a client right now that seems to be experiencing it. They were breached 14 months ago, and provided credit monitoring for the victims. The monitoring ran out, and several of the victims have since contacted the client to ascertain whether or not another breach had taken place. Several of them have recently found new credit cards, new lines of credit, and a few other types of unauthorized transactions on their credit reports. As for the consumers electing not to continue the monitoring coverage, this is a double-edged sword. On the one hand, the credit reporting bureaus should not be permitted to sell monitoring services. If they spent a little time developing mechanisms to verify the accuracy of the information they reported, it might be slightly more difficult to commit identity/credit fraud. On the other hand, once your personal data has been disclosed, I would think it's in your best interest to continue the monitoring for several years, at the very least. Of course, none of this would be an issue if these companies were forced to spend a reasonable amount of money on prevention. Then again, with PCI being the (bad) joke that it is, a lot of these companies and agencies actually believe that they are safe. Jamie On Aug 25, 2008, at 10:42 PM, Michael Hill, CITRMS wrote:
The state received complaints after those people received letters from | Experian, one of the three credit bureaus, asking for confidential | information in order to continue the monitoring, Rell said. |This will not be the first time we see this. A company has a data breach, offers free credit monitoring for a year, then when that year is up, the credit monitoring company will be asking the consumer for confidential information (ex. credit card info) in order to continue the monitoring. A good percentage of the consumers involved in this breach will not continue the monitoring. The smart thieves will know this, and now will start using the PII they stole or bought. Is this a realistic scenario? Michael Hill Certified Identity Theft Risk Management Specialist www.idtheft101.net 404-216-3751 INFORMATION SECURITY | RISK MANAGEMENT | COMPLIANCE | FORENSICS | TRAINING "If You Think You're Not At Risk, Think Again!" NOTICE: This email and any attachment to it is confidential and protected by law and intended for the use of the individual(s) or entity named on the email. This information and all email information from the sender is not legal advice nor legal representation and should not be construed as legal advice nor legal representation. Check with your attorney in your State for legal advice. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination or distribution of this communication is prohibited. If you have received this communication in error, please notify the sender via return email and delete it completely from your email system. If you have printed a copy of the email, please destroy it immediately. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: Firm Hired After Security Breach Faces State Probe (fwd) security curmudgeon (Aug 25)
- Re: follow-up: Firm Hired After Security Breach Faces State Probe (fwd) Adam Shostack (Aug 25)
- Re: follow-up: Firm Hired After Security Breach FacesState Probe (fwd) Michael Hill, CITRMS (Aug 26)
- Re: follow-up: Firm Hired After Security Breach FacesState Probe (fwd) Jamie C. Pole (Aug 26)
- Re: follow-up: Firm Hired After Security Breach FacesState Probe (fwd) Michael Hill, CITRMS (Aug 26)
- Re: follow-up: Firm Hired After Security Breach Faces State Probe (fwd) Adam Shostack (Aug 25)