funsec mailing list archives
Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000
From: Drsolly <drsollyp () drsolly com>
Date: Mon, 19 Jun 2006 16:32:00 +0100 (BST)
On Mon, 19 Jun 2006 Blanchard_Michael () emc com wrote:
When, oh when, will there be fines levied against idiots or idiot companies that allow people to bring personal, customer data home on laptops and they get stolen......
When, oh when, will people stop regarding knowledge of someone's ssn as proof of identity? That's getting towards like knowing someone's email address as proof of identity. "Who are you?" Alan Solomon "Prove it by giving your email address" drsolly () drsolly com "OK, that's fine, here's the cash you wanted."
Oh happy will be the day. Maybe we'll see this insanity stop! Stop the insanity! Serenity now!
Which insanity is this? The insanity of assuming that accountants know anything about computers or security and therefore have the wit to require employees to use an encrypted file system, or the insanity of assuming that knowing someone's ssn, proves that they are who they say they are?
I might as well put up my SSN on a web page along with all my other information and be done with it....
That's a sensible idea. If everyone did that, alongside email address, phone number and other contact details, maybe people would stop assuming that knowledge of SSN proves identity.
Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: Fergie [mailto:fergdawg () netzero net] Sent: Saturday, June 17, 2006 10:47 PM To: privacy () whitestar linuxbox org Subject: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Via The Washington Post. [snip] A laptop containing personal data -- including Social Security numbers -- of 13,000 District workers and retirees was stolen Monday from the Southeast Washington home of an employee of ING U.S. Financial Services, the company said yesterday. ING, which administers the District's retirement plan, known as DCPlus, notified the city about the theft late Friday. The company is mailing a letter to all affected account holders to alert them to the risk of someone using the information to commit identity theft, spokeswoman Caroline Campbell said. The company is also telling customers that it will set up and pay for a year of credit monitoring and identity fraud protection. The laptop was not protected by a password or encryption. [snip] More: http://www.washingtonpost.com/wp-dyn/content/article/2006/06/17/AR2006061700966.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Fergie (Jun 17)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Gary Warner (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Drsolly (Jun 19)
- <Possible follow-ups>
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Henderson, Dennis K. (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 StyleWar (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)