BreachExchange mailing list archives
Re: Is dataloss becoming the next 'computer virus' trend?
From: "Sean Steele" <SSteele () infolocktech com>
Date: Mon, 18 Dec 2006 10:26:05 -0500
The points you raise are good ones, perhaps the most important in this entire larger discussion.
From where I'm sitting, it appears few of these data breaches/losses are
becoming, over time, either ID theft problems for the affected individuals, or corporate security calls-to-action for the organizations at fault. Many laptops in particular are stolen as targets of opportunity, for their hardware resale value (not specifically targeted for the data that may reside on them). We see few compliance or regulatory sanctions, little in the way of public flogging (the VA laptop loss being a notable exception), and an ocassional slap on the wrist (e.g., MA Dept of State's whopping $25k fine against Ameriprise Financial for losing a laptop with data about 230,000 customers and financial advisers). You're right, these losses are weekly if not daily news items. They're so commonplace, however, that I'd propose we're (collectively) becoming desensitized: we're tuning out the ongoing "noise". I think it's clear we need a landmark tracking / longitudinal study of these breaches, their affected individuals, and ideally, the organizations in question, to assess whether there is a real crisis. There may not be, as much as we think there is or might be. -- Sean Steele, CISSP infoLock Technologies 703.310.6478 direct 202.270.8672 mobile ssteele () infolocktech com -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Richard Forno Sent: Sunday, December 17, 2006 11:51 AM To: dataloss () attrition org Subject: [Dataloss] Is dataloss becoming the next 'computer virus' trend? We see these reports of data loss, laptop theft, databse compromises, etc, etc, etc on a weekly, if not daily basis. Some of these are quite large, too. Yet after the initial hysteria of "yet another theft of data" story making the rounds in the media, is anyone tracking not just the number of events, but the outcome of such events over time? I can't remember too many dataloss cases that had much of a "tail" to them after the initial event was reported in the media: What happens after the organization in question notifies their victims? Does it engage in any [effective] corrective action to remedy the problem that caused the data loss? Does anyone get fired? Fined? Arrested? Do the victims sue? Do regulators (state/federal/local) get involved? Or does life just go on and the organization in question (or victims) just brush the event off as another consequence of doing business in the information age, much like dealing with the latest Windows worm/virus/trojan? Consequently, I wonder if "data loss" is fast becoming the new computer virus in terms of what I sense is a growing "routine-ness" about how the media covers such events -- especially if nothing much ever is done to deal with it by the affected entities or to hold their feet to the proverbial (and public) fire of accountability. Which raises the question, I think, of how seriously folks (companies and individuals alike) take this entire issue in a broad sense. Thoughts? -rick Infowarrior.org _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 507 incidents over 6 years. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 512 incidents over 6 years.
Current thread:
- Is dataloss becoming the next 'computer virus' trend? Richard Forno (Dec 17)
- Re: Is dataloss becoming the next 'computer virus' trend? security curmudgeon (Dec 17)
- Re: Is dataloss becoming the next 'computer virus' trend? blitz (Dec 17)
- <Possible follow-ups>
- Re: Is dataloss becoming the next 'computer virus' trend? Sean Steele (Dec 18)
- Re: Is dataloss becoming the next 'computer virus' trend? Brannigan, Chris J - Washington, DC (Dec 18)
- Re: Is dataloss becoming the next 'computer virus' trend? Chris Walsh (Dec 18)
- Re: Is dataloss becoming the next 'computer virus' trend? Brannigan, Chris J - Washington, DC (Dec 18)
- Re: Is dataloss becoming the next 'computer virus' trend? blitz (Dec 18)
- Re: Is dataloss becoming the next 'computer virus' trend? security curmudgeon (Dec 17)