BreachExchange mailing list archives
Re: University of MD mails 24000 SSN on front of envelope
From: "Kyle Davis" <Kyle.Davis () apollogrp edu>
Date: Wed, 23 Jul 2008 09:56:43 -0700
I'm rather new here, but thought I'd toss in my $0.02 I agree with much of what you've all stated regarding lack of education but, having SSN so available to a person that does a mail merge for envelopes seems silly to me. There really does need to be better lock down on some data (SSN being one of the top ones). Is this kind of thing still going to happen in the future even after locking down the data better? You betcha it will happen, but at least there will be less occurrences of it. And if it does happen, there will be a better feed back program in place to help with situations like this in the future. Also, Michael hit the nail on the head when he stated "periodic training". A single training event is NOT enough for most of the work force out there. They need to be hit with training on this topic at least twice a year, if not more. Kyle R. Davis, Security Analyst Apollo Group -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Arshad Noor Sent: Wednesday, July 23, 2008 9:47 AM To: Michael Hill, CITRMS Cc: dataloss () attrition org Subject: Re: [Dataloss] University of MD mails 24000 SSN on front of envelope Couldn't agree with you more, Michael. In fact, the lack of training of involved personnel, and the lack of a culture that encourages "risk detection and management" is probably the single biggest weakness in most IT environments today. There is far too much trust placed in technology and not enough in the ability and training of humans to address security risks. While I would like to say that companies lose as a result of this myopia, in the long-term we consumers wind up paying for those losses, unfortunately. Arshad Noor StrongAuth, Inc. Michael Hill, CITRMS wrote:
Lack of education and training given to employees, contractors and
service
providers to help spot security vulnerabilities. Periodic training emphasizes the importance you place on meaningful data security
practices.
A well-trained workforce is just as important defense against identity
theft
and data breaches as are physical and electronic security. In this case, I cant believe nobody in the whole process did not spot
the
SSN or at least question it when seeing a 9 digit number. Training certainly could have uncovered this, though we will never know.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- University of MD mails 24000 SSN on front of envelope Henry Brown (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Kim Z. Dale (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Max Hozven (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Michael Hill, CITRMS (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Arshad Noor (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Kyle Davis (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope David Scott (Jul 23)
- Re: University of MD mails 24000 SSN on front of envelope Kim Z. Dale (Jul 23)