BreachExchange mailing list archives
Re: Keeping track of idtheft victims of breaches
From: Al Mac Wheel <macwheel99 () wowway com>
Date: Sun, 13 Jul 2008 22:13:57 -0500
There are already several such efforts out there. Perhaps your time could be better spent being a volunteer with attrition's open source data base of breaches. There can be a large span of time between a breach, and the info used in id thefts. I believe the US Congress is trying to pass legislation to give that job to the Secret Service. According to the FTC, one in seven Americans at some time in their lives, will be a victim of id theft ... what's the US population now ... about 350 million ... so that's 50 million names for the data base? Plus similar volumes from other nations. Not all of those victims are due to data breaches ... ther's also dumpster diving in garbage of ordinary people, proceeds from mugging, pkck pockets, insider crime, etc. A lot of identity theft victims don't have a clear knowledge of which of the many breaches, some of which they were never notified of, were responsible for them becoming victims. Sometimes when law enforcement captures some id theft criminals, they can back trace where they got the info, sometimes not. Then many victims want to get their lives cleaned up, not become identified as a mark who was conned once, so is a potential victim for future con artists. Al Macintyre , Sasha Romanosky wrote:
Hey everyone, I'd like to start keeping a record of those stories that cite actual numbers of identity theft victims from data breaches. I realize it's difficult to know, and there's much room for error, but it seems to me there is currently no record -- even a bad one -- of this kind of information. It also gives those interested a place to follow up for more detail. I have to think other people would be interested in these stories, too. To that end, I'd like to ask that if you come across any studies or articles (and if they're appropriate for this list) that you forward them on. Otherwise, please feel free to send them to me. Thanks a bunch, sashaFrom checking some of my notes, I know of the following:- Choicepoint: 2900 (GAO-07-737) - UnitedHealthcare: 155, http://www.networkworld.com/news/2008/060308-unitedhealthcare-data-breach-le ads-to.html?code=nlsecuritynewsal142524 - And in aggregate, the 3 studies I listed in my WEIS paper (Table 2). _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Keeping track of idtheft victims of breaches Sasha Romanosky (Jul 13)
- Re: Keeping track of idtheft victims of breaches David Scott (Jul 13)
- Re: Keeping track of idtheft victims of breaches Al Mac Wheel (Jul 13)