BreachExchange mailing list archives

Re: CTS: Thief Steals Tax Records

From: "B.K. DeLong" <bkdelong () pobox com>
Date: Sun, 4 Feb 2007 14:27:54 -0500

Data Loss and Compliance is all a game of Risk......Management. The
CPAs and other folk all get together to calculate at what point an
incident would be an unacceptable cost. That becomes the threshhold to
determine just how much they're willing to comply - both from a "CNN
moment" the result of a breach and a fine due to lack of compliance.

The "loss of reputation" might encourage more awareness but the key is
to get inside their head.

Though keep in mind, with each younger generation the better the BS meter. ;)

On 2/4/07, Adam Shostack <adam () homeport org> wrote:

So without meaning any disrespect George, I think that there are
multiple fair interpretations of what's happened.

1) Arizona CPAs don't care.
2) Arizona CPAs saw your ads and decided that the risk wasn't that
high.  (No comment on the quality of the risk assessment.)
3) Arizona CPAs said "he's trying to drum up business" and let that
color their risk assessment

Similarly, your claim earlier "There was virtually no interest on the
part of the CPA's to protect their customer's information"

1) could be true
2) could be that the CPAs don't know how to differentiate themselves
on this basis.
3) could be that your telemarketer stinks.

I'm glad to have you on the list and discussing your experience.
Please don't take this as anything more than an attempt to offer
alternate hypotheses.

Adam

On Sun, Feb 04, 2007 at 11:37:36AM -0700, George Toft wrote:
| We tried to alert them all.  We published articles and ads in the
| Arizona Society of CPA magazine.
|
| George Toft, CISSP, MSIS
| My IT Department
| www.myITaz.com
| 623-203-1760
|
| Confidential data protection experts for the financial industry.
|
|
| blitz wrote:
| > So one would/might postulate at this point the thieves are selecting
| > smaller targets, with less names and info. Especially ones with less
| > security, and obviously more to loose should they be compromised.
| >
| > */There should be an alert to them all.
| >
| >
| > /*At 23:39 2/3/2007, you wrote:
| >
| >> I would expect to see more of these.  I met an accountant in Phoenix
| >> that had just her hard drives stolen - guess what the thief was after?
| >>
| >> This is a sore point for me - we hired a telemarketer to call every CPA
| >> in Phoenix.  There was virtually no interest on the part of the CPA's to
| >> protect their customer's information from this type of event.
| >>
| >> BTW - 800 people for one firm means it's a small firm.
| >>
| >> George Toft, CISSP, MSIS
| >> My IT Department
| >> www.myITaz.com <http://www.myitaz.com/>
| >> 623-203-1760
| >>
| >> Confidential data protection experts for the financial industry.
| >>
| >>
| >> Dissent wrote:
| >> > http://www.wndu.com/news/headlines/5530966.html
| >> >
| >> > Eight hundred people are in jeopardy of having their credit ruined,
| >> > because thieves in the night stole their personal information from a
| >> > Cassopolis tax preparer.
| _______________________________________________
| Dataloss Mailing List (dataloss () attrition org)
| http://attrition.org/dataloss
| Tracking more than 146 million compromised records in 562 incidents over 7 years.
|
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 562 incidents over 7 years.



-- 
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 562 incidents over 7 years.

Current thread:

Re: CTS: Thief Steals Tax Records, (continued)
- Re: CTS: Thief Steals Tax Records George Toft (Feb 03)
  - Re: CTS: Thief Steals Tax Records blitz (Feb 04)
    - VA Breach - Stupidity Redux James Childers (Feb 04)
    - Re: CTS: Thief Steals Tax Records George Toft (Feb 04)
    - Re: CTS: Thief Steals Tax Records James Childers (Feb 04)
    - Re: CTS: Thief Steals Tax Records George Toft (Feb 04)
    - Re: CTS: Thief Steals Tax Records James Childers (Feb 04)
    - Re: CTS: Thief Steals Tax Records lyger (Feb 04)
    - Re: CTS: Thief Steals Tax Records James Childers (Feb 04)
    - Re: CTS: Thief Steals Tax Records Adam Shostack (Feb 04)
    - Re: CTS: Thief Steals Tax Records B.K. DeLong (Feb 04)
    - Re: CTS: Thief Steals Tax Records George Toft (Feb 04)
- Re: CTS: Thief Steals Tax Records Max Hozven (Feb 03)