Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000

[Drsolly <drsollyp () drsolly com>]

On Mon, 19 Jun 2006 Blanchard_Michael () emc com wrote:

>  When, oh when, will there be fines levied against idiots or idiot
> companies that allow people to bring personal, customer data home on
> laptops and they get stolen......

When, oh when, will people stop regarding knowledge of someone's ssn 
as proof of identity? That's getting towards like knowing someone's 
email address as proof of identity.

"Who are you?" Alan Solomon
"Prove it by giving your email address" drsolly () drsolly com
"OK, that's fine, here's the cash you wanted."

>   Oh happy will be the day.  Maybe we'll see this insanity stop!  Stop
> the insanity!  Serenity now!

Which insanity is this? The insanity of assuming that accountants know 
anything about computers or security and therefore have the wit to require 
employees to use an encrypted file system, or the insanity of assuming 
that knowing someone's ssn, proves that they are who they say they are?

> I might as well put up my SSN on a web page along with all my other
> information and be done with it....

That's a sensible idea. If everyone did that, alongside email address, 
phone number and other contact details, maybe people would stop assuming 
that knowledge of SSN proves identity.


> Michael P. Blanchard 
> Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
> Office of Information Security & Risk Management 
> EMC ² Corporation 
> 4400 Computer Dr. 
> Westboro, MA 01580 
>
>
> -----Original Message-----
> From: Fergie [mailto:fergdawg () netzero net] 
> Sent: Saturday, June 17, 2006 10:47 PM
> To: privacy () whitestar linuxbox org
> Subject: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000
>
> Via The Washington Post.
>
> [snip]
>
> A laptop containing personal data -- including Social Security numbers
> -- of 13,000 District workers and retirees was stolen Monday from the
> Southeast Washington home of an employee of ING U.S. Financial
> Services, the company said yesterday.
>
> ING, which administers the District's retirement plan, known as DCPlus,
> notified the city about the theft late Friday.
>
> The company is mailing a letter to all affected account holders to
> alert them to the risk of someone using the information to commit
> identity theft, spokeswoman Caroline Campbell said. The company is also
> telling customers that it will set up and pay for a year of credit
> monitoring and identity fraud protection.
>
> The laptop was not protected by a password or encryption.
>
> [snip]
>
> More:
> http://www.washingtonpost.com/wp-dyn/content/article/2006/06/17/AR2006061700966.html
>
> - ferg
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg () netzero net or fergdawg () sbcglobal net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
> _______________________________________________
> privacy mailing list
> privacy () whitestar linuxbox org
> http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
> _______________________________________________
> privacy mailing list
> privacy () whitestar linuxbox org
> http://www.whitestar.linuxbox.org/mailman/listinfo/privacy

_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy