ITRC: Breaches Blast '07 Record
ITRC: Breaches Blast ’07 Record - Via PogoWasRIght - Privacy News Headlines:
With slightly more than four months left to go for 2008, the Identity Theft Resource Center (ITRC) has sent out a press release saying that it has already compiled 449 breaches– more than its total for all of 2007.
As they note, the 449 is an underestimate of the actual number of reported breaches, due in part to ITRC’s system of reporting breaches that affect multiple businesses as one incident.
.... More important than the individual numbers, perhaps, are the details of a breach, something that is often lacking or glossed over in reports. As one example, when third party benefits administrator Administrative Systems, Inc., disclosed that its office had been burgled in December 2007, it did not reveal the total number of clients affected, nor the total number of individuals whose unencrypted data were on the stolen computer. Given that just one of the dozens of clients informed this site that it had to notify 250,000 of its customers, the numbers for that breach might be staggering. But more importantly, perhaps, ASI’s notification letter did not tell those affected that ASI suspected that the computer had been stolen by an employee, nor that in the course of the burglary, the thieves walked past newer computers and only took the one computer that had all the client data on it. That information was never publicly revealed and only came to light when this site obtained the police reports in response to a Freedom of Information request. Although we can be somewhat understanding of the need for discretion during an ongoing investigation (in this case, the police were not able to determine the identity of the thieves and the case is on inactive status), if you were one of those affected, would knowing that the firm suspected one of its own employees and that the thieves had ignored closer and newer computers and only taken the one with personal information influenced your level of concern or any steps you might take to protect yourself? ASI did nothing wrong as far as the laws on disclosure and notification go. But are we requiring too little?
[...]
Source - Chronicles of Dissent blog
(Read Original Article - Via PogoWasRIght - Privacy News Headlines.)
Delicious
Digg
Reddit
Google
Yahoo
TechnoratiRecent blog posts
- Apple patching serious SMS vulnerability on iPhone
- Enter the Advertisers - self-regulatory principles ?
- Out of business, Clear may sell customer data
- TSA asked to ensure safety of customer data after Clear closing
- Several Facts about Google and HTTPS
- China thinks twice – and its 300m internet users scent a rare victory
- Did the Sanford E-Mail Tipster or the Newspaper Break the Law?
- Supreme Court Serves Up Remote-Recording Victory
- Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance
- ATM Vendor Halts Researcher’s Talk on Vulnerability
