BreachExchange mailing list archives
Re: 88 million... is it really an accurate number?
From: lyger <lyger () attrition org>
Date: Tue, 27 Jun 2006 21:08:13 -0400 (EDT)
On Tue, 27 Jun 2006, blitz wrote: ": " I would imagine any combination of personally identifiable information that ": " could be used to impersonate someone. ": " Medical records are supposed to be protected under the HIPPA laws, but to ": " date, NO ONE has been prosecuted/fined for violations, and they are indeed ": " widespread. I myself have had private medical information leaked. I filed a ": " complaint, but it falls on deaf ears. Ears that are intending to protect ": " the wrongdoers. ": " ": " ": " At 19:05 6/27/2006, you wrote: ": " > And what is a "record" in this case? A single name-to-address or ": " > name-to-SSN mapping, or the whole block of name/addr/phones/ssn/ ": " > license-plate/preferred-underwear-brand/criminal-record/allergy-list? ": " > ": " > _H* Hobbit's question leads to yet another question regarding uniqueness: You're an American citizen and have three credit cards. Two are VISAs, one is a MasterCard. Are you: 1. One "record" because of your name and mailing address, 2. Two "records" because you have two different brands of cards, 3. Three "records" because you have three unique card numbers, or 4. Six records because of the cross-references between your card brands and card numbers that seem to exist in various databases? I can't honestly answer that question, so any insight would be appreciated. Are combined raw numbers really useful? Example = Ohio University. In their four or five breaches, are they counting for uniques? Did one person's records live on five different breached servers? One media story says 360,000. Another says 70,000. Is the media counting "records", "names", "unique individuals", or some other criteria? (if responding, please post below for easier thread-following) _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- 88 million... is it really an accurate number? lyger (Jun 27)
- Re: 88 million... is it really an accurate number? blitz (Jun 27)
- <Possible follow-ups>
- Re: 88 million... is it really an accurate number? *Hobbit* (Jun 27)
- Re: 88 million... is it really an accurate number? blitz (Jun 27)
- Re: 88 million... is it really an accurate number? lyger (Jun 27)
- Re: 88 million... is it really an accurate number? blitz (Jun 27)