Archive for the ‘Identity and Fraud’ Category

Is $1000 enough for your stolen identity pain?


Larry Dignan over at asks us how much our personal data is worth. He proposes “Stiffer fines, Safter Data“. I agree and disagree; stiffer fines will eventually lead to safer data, but it won’t happen right away. Enterprises need maintainable solutions and process that work first. In my opinion, identity theft lawsuits and media frenzy will drive this “solution”.

How much is your stolen, used, and abused identity worth to you? Is $1000 enough? Has your identity been stolen? How much did it end up costing you money and time-wise?

Possible identity theft for 1300 Oregon tax payers


This security breach hits a little to close to home:

Porn-surfing hits taxpayer IDs
Security breach – More than 1,300 people face identity theft after a state employee let in data-stealing spyware

Last night the 10 o’clock news said that the Oregon Department of Revenue would be sending letters to the individuals at risk.  I’m an Oregonian and I’m hoping I didn’t make the list. It was rather amusing when the news station asked random Portland citizens their thoughts on the matter and they were more aghast with the fact that a Department of Revenue employee was surfing porn at work! Amazing… what is it going to take to wake up the public so they see the root of this identity theft problem?

Government helps solve identity theft with reactive measures


Today Greg sent me a link and after clicking it the title of the article had me thinking that the identity theft pendulum had begun to swing the other way (in our favor). The article title was: Veterans Affairs chief calls for stronger data laws

The article is a reactive statement to the 26.5 million veterans information that was stolen a while ago and starts out hopeful with a great inspirational quote:

“It’s an emergency at the VA, and it should be an emergency in our society,”

but then starts to take a roll down hill with:

Rep. Tom Davis, the Virginia Republican who heads the committee, said the incident had prompted him to weigh changes to a law called the Federal Information Security Management Act of 2002, which outlines procedures federal agencies must undertake in order to protect their data and systems.

I wonder, is it the actual incident that prompted Tom OR WAS IT THE FACT THAT THE VETS ARE SUING? Hope spirals back into the vast wasteland of stolen identity when the article goes on to say:

That law requires agencies to notify law enforcement and internal inspectors general when a breach occurs, but it does not require notification of potential victims or the public. It must be updated to include penalties, incentives and “proactive notification requirements,” Davis said, adding that he is “troubled as the number and scope of losses continues to expand.”

So if I understand right, once you let my data get stolen you’ll find it in the goodness of your heart to tell me (instead of me finding out after my bank account is drained). That’s proactive? I think not. Proactive is encrypting my data and being certified to manage my data. Ugh..This is pathetic.

Stolen data fiesta


Is it the fact that I work in a security group and this stuff naturally flows through my inbox or has the last week been a stolen data fiesta? customers data is stolen and Greg is MAD (WARNING! Don’t make Greg mad, it’s not pretty. Well, sometimes it’s humorous to watch… If you have the opportunity to rib him a little bit someday in person just bring up how slow Microsoft Virtual Server is and you’ll see traces of the mad Greg. Mad level 3 out of 10). Anywhooo, Greg not only rants about how pathetic security is in the industry but offers some practical advice on knowing how secure a company is by their certifications. Good stuff.

Data lost on all 2.2 million (nearly all) active duty, reserve and guard members.

Veterans fight back and sue for data lost/stolen (this is what we need to wake the industry up).

Alex Scoble sent an article stating that cleaning up data breach costs 15x more than encryption. No joke? Go figure. But why do that? That’s pro-active and not re-active. Fire-fight mode is sooo much more fun though.

Geek T-shirt – Feed Me (RSS)


Are you a blogger or blog reader? Are you a fan of syndication? Let me present the latest in geek t-shirts for RSS. I had this one on the back burner since I started this blog in December of 2005 and finally sat down to create it tonight. This master-piece is titled “Feed Me” (I won’t be offended if you consider it a master-POS). The image below requires ShockWave-Flash. If you can’t see it, just go to where this little beauty resides. Do you hate black t-shirts or would rather a sweat-shirt or tank top? Zazzle has a huge product line-up that you can place this advertising gem on. Gem you say? Yes, this is THE official RSS icon to be recognized by a cajillion internet users by 2007. TRUST ME. Don’t be a “wanna-be” by displaying your syndication spirit in 2008. Get this frickin’ thing on your chest now!

1.3 million Social Security numbers stolen


Ho-hum, more user data stolen, yawn… This time only 1.3 million borrowers Social Security numbers from the Texas Guaranteed Student Loan Corp. Interestingly enough, this time it was encrypted for transport but then decrypted by the data management company Hummingbird Ltd. After decryption the hardware that it was on was “lost”. Lost? <Insert snide comment here>.

Read more here.

Personal information for 26.5 million veterans is stolen


Yet more personal information is stolen, this time from our Veterans. Don’t act so surprised. This one seems to be getting some pretty good press though. Will it change anything? Doubt it. It’s just another instance to add the simmering pot. Someday the pot will start to boil, and then eventually boil over. Who will make them stop and listen? Maybe Brad Pitt and Angela Jolie? Save us Brangela, save us from this wretched mess.

Read more here.

Post navigation