BreachExchange mailing list archives
Re: Data Loss versus Identity Theft
From: Adam Shostack <adam () homeport org>
Date: Fri, 27 Oct 2006 15:10:35 -0400
On Fri, Oct 27, 2006 at 01:03:01PM -0500, Chris Walsh wrote: | The distinction between the two is clear. To me, a thornier issue is | whether "data loss" is itself a misnomer. In many cases, PII has been | exposed to possible loss, but we have no way of knowing whether it has | been obtained by any unauthorized people. | I think 'data loss' or 'breach' refers to the loss of the ability of the organization to control the data. What happens after that is a result of that loss of control. Lets say you have a truck full of dollar bills, and it falls apart. Let's also say that good samaratians help you pick up all the money. Do you not wonder why the truck fell apart? Do you not count it as a serious event? Recovery of the money doesn't make your loss of control any less serious, it simply means you've lucked out of some of the more serious potential impacts. Substitute "good police work" for "good samaritian" and "laptop" for "dollars" and you have the VA laptop situation. Adam _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 139 million compromised records in 447 incidents over 6 years.
Current thread:
- Data Loss versus Identity Theft lyger (Oct 26)
- Re: Data Loss versus Identity Theft George Toft (Oct 27)
- <Possible follow-ups>
- Re: Data Loss versus Identity Theft Casey, Troy # Atlanta (Oct 27)
- Re: Data Loss versus Identity Theft DAIL, ANDY (Oct 27)
- Re: Data Loss versus Identity Theft Chris Walsh (Oct 27)
- Re: Data Loss versus Identity Theft Adam Shostack (Oct 27)
- Re: Data Loss versus Identity Theft Brannigan, Chris J - Washington, DC (Oct 27)
- Re: Data Loss versus Identity Theft Chris Walsh (Oct 27)
- Re: Data Loss versus Identity Theft Henry Brown (Oct 27)
- Re: Data Loss versus Identity Theft Walter Padworski (Oct 27)