Data Security Woes: Governmental, Retail & Corporate

Think Your Social Security Number Is Secure? Think Again

The VA has had two major breaches of data security. Several states have had issues with their BMV databases and security. Colleges and universities have had issues as well. The telecommunications industry--especially Comcast, AT&T, Verizon--are releasing financial records and ISP data without warrants, probable cause of due process. The courts are leaning toward considering identity theft, identity security and breaches of identifying data involving the government as being safe from redress (two recent cases dismissed action against the government for unauthorized data release and/or breaches). Major retail corporations, like TMX, the parent corporation for T.J. Max and other retail outlets, are denying responsibility for the financial fallout for data breaches involving credit card and identifying info.

The US government is collecting data from hundreds of databases--including credit reports, flight itineraries, major purchases, bank transactions--that are at least 20% inaccurate, which causes an exponential effect on the inaccuracies and usefulness of the data. The National Centers for collecting data by the NSA and DHS are still not fully functional or compatible with all the network and platform requirements from 16 to 25 different networks.

Now comes reports that many of our social security numbers are posted on the Internet, openly available to those among us that are prone toward fraud, theft, identity assumption and maladaptive behaviors.

All this and our governments--state and federal--are hesitating to act decisively to provide for redress, prevention and protection. Can anyone really tell us why things have gotten so far out of hand and our legislators, as well as our major law enforcement agencies, have failed to act prudently?

Another problem is that there is an effort by not only the three major credit bureaus but many other "entrepreneurs" to make a profit by marketing ineffective measures to monitor, repair and "prevent" identity theft, database breaches, network hacking and poor IT security measures. It has become a major source of revenue for banks, credit bureaus and a litany of software and network solutions... none of which have proven effective even in a majority of cases.

Then again, there are congress critters seeking to propose bills to hold retailers and corporations accountable for data breaches that result in financial harm to consumers, but the GOP members want to put language in the bill that states if a retailer or corporation spends a certain amount per annum they will be exempt from the consequences. There is only one problem with that GOP proposal: spending a lot of money doesn't necessarily mean that they are following IT security protocols, that the end-users of the technology (i.e. accountants, clerks, cashiers, collectors) are trained properly on preventative measure, that the appropriate software and hardware have been installed, or that there has been proper maintenance, monitoring or installation of the same.

My mother has the best solution: she maintains such a poor credit history and standing that no one wants to steal her financial data, and her health is so bad from all the years she has spent smoking excessively, no one would want to even look at x-rays of her lungs, never mind steal all of her medical records.

It should come as little surprise that Social Security numbers are posted on the Internet. But, says Betty Ostergren, a former insurance claims supervisor in suburban Richmond, Va., who has spent years trolling for them, “people are always astounded” to learn that theirs is one of them.

Mrs. Ostergren, 57, has made a name for herself as a gadfly as she took on a lonely and sometimes frustrating mission to draw attention to the situation. With addresses, dates of birth and maiden names often associated with Social Security numbers, she said, they are a gift to data thieves.

But in the last few weeks, Mrs. Ostergren’s Web site, The Virginia Watchdog — with the help of lobbying from an unexpected ally, America’s farm bureaus — is having an effect.

One by one, states and counties have started removing images of documents that contain Social Security numbers, or they are blocking out the numbers. Four states, including New York, have removed links to images of public documents containing Social Security numbers.

Snohomish County, Wash., for example, said Wednesday that 61 types of documents, including tax liens and marriage certificates, would be blocked. (The documents are supposed to remain public at courthouses or state offices.)

On Wednesday, the Texas attorney general, Greg Abbott, issued a legal opinion that county clerks could be committing a crime by revealing Social Security numbers on the Internet.

“I am almost in a celebratory mode,” said David Bloys, a retired private investigator in Shallowater, Tex., who also highlights the public records issue on his Web site, NewsforPublicOfficials.com.

For people wondering if they should be worried about the security of their own numbers, there is a new tool to help them.

TrustedID, a company that sells services to consumers to give them more control over who sees their credit reports, has compiled a database of compromised numbers that could already be traded or sold on the Internet.

It has created an online search tool, StolenIDSearch.com, where people can check at no cost to see if their number is one that is in a too-public domain.

Study On Privacy Protections Finds Citizens Distrust Security Agencies

The CIA, Homeland Security Department and National Security Agency are the least trusted federal agencies when it comes to protecting Americans' privacy, according to a new study by the Ponemon Institute.

The annual survey, which will be released Wednesday, asked more than 7,000 citizens whether they believe the government takes appropriate steps to safeguard personal information. Answers were mixed, but the overall trend suggested a decline in public trust since the think tank first studied the issue in 2004.

The NSA has suffered a substantial flogging by lawmakers and privacy advocates amid questions in the past year over its domestic spying in search of terrorists. It also was revealed recently that the CIA has been utilizing a special subpoena power of the 2001 anti-terrorism law known as the USA PATRIOT Act to comb bank and credit-card records.

Homeland Security and the Transportation Security Administration, which were evaluated separately in the survey, have experienced their fair share of controversy over the mining of information from government and commercial databases and a program that screens travelers entering the United States.

After last year's massive breach of more than 27 million military personnel's data, furthermore, the Veterans Administration fell from a top-five ranking in 2006 to just outside the bottom five in the 2007 Ponemon study.

Attorney General Alberto Gonzales' office also was among the least trusted of the 74 federal entities included in the poll.