Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13, 000

[Blanchard_Michael () emc com]

  Dr. Solly, I agree with each and everything you said below.  SSN was never
meant to be an ID number, but these days if you have someone's SSN and a
couple other pieces of info.... Hmmm, lets hit someone's trash and grab a
utility bill or two, then "find" their SSN on the web somewhere, ok now
let's go to the DMV in some far away town to get a replacement drivers
license....  You've now become that person, easy cheesy....

  It's not nust the SSN that I'm worried about though.  Personal information
in general, Credit card numbers, bank account numbers, hell even the color
of my eyes or hair (yes if you've seen my in person, these two are pretty
obvious, and I believe I've met just about everyone on this list in person
at one time or another).  BUT!  It doesn't matter.  It's MY information.
Information about ME, no one else.  Information that's supposed to be
PRIVATE.  These places don't have the right, IMHO, to allow my information
to be stored on any laptop and brought home with anyone.  I should be able
to assume a reasonable amount of security precautions will be taken with my
data. 

  It is very interesting to note that most of this data theft is within the
States, at least those that we hear of....  What are you guys doing in the
UK that prevents or seriously discourages this type of thing? 


Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 


-----Original Message-----
From: Drsolly [mailto:drsollyp () drsolly com] 
Sent: Monday, June 19, 2006 11:32 AM
To: Blanchard, Michael (InfoSec)
Cc: fergdawg () netzero net; privacy () whitestar linuxbox org
Subject: Re: [privacy] Laptop Stolen From D.C. Home With Personal Data of
13, 000

On Mon, 19 Jun 2006 Blanchard_Michael () emc com wrote:

>  When, oh when, will there be fines levied against idiots or idiot
> companies that allow people to bring personal, customer data home on
> laptops and they get stolen......

When, oh when, will people stop regarding knowledge of someone's ssn 
as proof of identity? That's getting towards like knowing someone's 
email address as proof of identity.

"Who are you?" Alan Solomon
"Prove it by giving your email address" drsolly () drsolly com
"OK, that's fine, here's the cash you wanted."

>   Oh happy will be the day.  Maybe we'll see this insanity stop!  Stop
> the insanity!  Serenity now!

Which insanity is this? The insanity of assuming that accountants know 
anything about computers or security and therefore have the wit to require 
employees to use an encrypted file system, or the insanity of assuming 
that knowing someone's ssn, proves that they are who they say they are?

> I might as well put up my SSN on a web page along with all my other
> information and be done with it....

That's a sensible idea. If everyone did that, alongside email address, 
phone number and other contact details, maybe people would stop assuming 
that knowledge of SSN proves identity.


> Michael P. Blanchard 
> Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
> Office of Information Security & Risk Management 
> EMC ² Corporation 
> 4400 Computer Dr. 
> Westboro, MA 01580 
>
>
> -----Original Message-----
> From: Fergie [mailto:fergdawg () netzero net] 
> Sent: Saturday, June 17, 2006 10:47 PM
> To: privacy () whitestar linuxbox org
> Subject: [privacy] Laptop Stolen From D.C. Home With Personal Data of 13,
000
> Via The Washington Post.
>
> [snip]
>
> A laptop containing personal data -- including Social Security numbers
> -- of 13,000 District workers and retirees was stolen Monday from the
> Southeast Washington home of an employee of ING U.S. Financial
> Services, the company said yesterday.
>
> ING, which administers the District's retirement plan, known as DCPlus,
> notified the city about the theft late Friday.
>
> The company is mailing a letter to all affected account holders to
> alert them to the risk of someone using the information to commit
> identity theft, spokeswoman Caroline Campbell said. The company is also
> telling customers that it will set up and pay for a year of credit
> monitoring and identity fraud protection.
>
> The laptop was not protected by a password or encryption.
>
> [snip]
>
> More:
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/17/AR2006061700
966.html
> - ferg
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg () netzero net or fergdawg () sbcglobal net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
> _______________________________________________
> privacy mailing list
> privacy () whitestar linuxbox org
> http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
> _______________________________________________
> privacy mailing list
> privacy () whitestar linuxbox org
> http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________
privacy mailing list
privacy () whitestar linuxbox org
http://www.whitestar.linuxbox.org/mailman/listinfo/privacy