funsec mailing list archives
Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000
From: Blanchard_Michael () emc com
Date: Mon, 19 Jun 2006 11:59:48 -0400
Dr. Solly, I agree with each and everything you said below. SSN was never meant to be an ID number, but these days if you have someone's SSN and a couple other pieces of info.... Hmmm, lets hit someone's trash and grab a utility bill or two, then "find" their SSN on the web somewhere, ok now let's go to the DMV in some far away town to get a replacement drivers license.... You've now become that person, easy cheesy.... It's not nust the SSN that I'm worried about though. Personal information in general, Credit card numbers, bank account numbers, hell even the color of my eyes or hair (yes if you've seen my in person, these two are pretty obvious, and I believe I've met just about everyone on this list in person at one time or another). BUT! It doesn't matter. It's MY information. Information about ME, no one else. Information that's supposed to be PRIVATE. These places don't have the right, IMHO, to allow my information to be stored on any laptop and brought home with anyone. I should be able to assume a reasonable amount of security precautions will be taken with my data. It is very interesting to note that most of this data theft is within the States, at least those that we hear of.... What are you guys doing in the UK that prevents or seriously discourages this type of thing? Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: Drsolly [mailto:drsollyp () drsolly com] Sent: Monday, June 19, 2006 11:32 AM To: Blanchard, Michael (InfoSec) Cc: fergdawg () netzero net; privacy () whitestar linuxbox org Subject: Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 On Mon, 19 Jun 2006 Blanchard_Michael () emc com wrote:
When, oh when, will there be fines levied against idiots or idiot companies that allow people to bring personal, customer data home on laptops and they get stolen......
When, oh when, will people stop regarding knowledge of someone's ssn as proof of identity? That's getting towards like knowing someone's email address as proof of identity. "Who are you?" Alan Solomon "Prove it by giving your email address" drsolly () drsolly com "OK, that's fine, here's the cash you wanted."
Oh happy will be the day. Maybe we'll see this insanity stop! Stop the insanity! Serenity now!
Which insanity is this? The insanity of assuming that accountants know anything about computers or security and therefore have the wit to require employees to use an encrypted file system, or the insanity of assuming that knowing someone's ssn, proves that they are who they say they are?
I might as well put up my SSN on a web page along with all my other information and be done with it....
That's a sensible idea. If everyone did that, alongside email address, phone number and other contact details, maybe people would stop assuming that knowledge of SSN proves identity.
Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: Fergie [mailto:fergdawg () netzero net] Sent: Saturday, June 17, 2006 10:47 PM To: privacy () whitestar linuxbox org Subject: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13,
000
Via The Washington Post. [snip] A laptop containing personal data -- including Social Security numbers -- of 13,000 District workers and retirees was stolen Monday from the Southeast Washington home of an employee of ING U.S. Financial Services, the company said yesterday. ING, which administers the District's retirement plan, known as DCPlus, notified the city about the theft late Friday. The company is mailing a letter to all affected account holders to alert them to the risk of someone using the information to commit identity theft, spokeswoman Caroline Campbell said. The company is also telling customers that it will set up and pay for a year of credit monitoring and identity fraud protection. The laptop was not protected by a password or encryption. [snip] More:
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/17/AR2006061700 966.html
- ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Drsolly (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Drsolly (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 David Lodge (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Michael Simpson (Jun 21)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 21)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Blanchard_Michael (Jun 19)
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Drsolly (Jun 19)
- <Possible follow-ups>
- Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000 Gregory Hicks (Jun 19)