BreachExchange mailing list archives
Wired News: Privacy Debacle Hall of Fame
From: lyger <lyger () attrition org>
Date: Mon, 21 Aug 2006 09:15:52 -0400 (EDT)
(some pretty interesting choices here, especially number one... - lyger) http://www.wired.com/news/politics/privacy/0,71622-0.html?tw=rss.index Earlier this month AOL publicly released a data trove: 500,000 search queries culled from three months of user traffic on its search engine. The company claimed it was trying to help researchers by providing "anonymized" search information, but experts and the public were shocked at how easy it was to figure out who had been searching on what. Apparently, AOL's anonymizing process didn't include removing names, addresses and Social Security numbers. Although the company has since apologized and taken the data down, there are at least half-a-dozen mirrors still out there for all to browse. This may have been one of the dumbest privacy debacles of all time, but it certainly wasn't the first. Here are ten other privacy snafus that made the world an unsafer place. Despite the obvious flaws of rankings, we have attempted one as follows, in descending order: 10. ChoicePoint data spill: ChoicePoint, one of the largest data brokers in the world, in early 2005 admitted that it had released sensitive data on roughly 163,000 people to fraudsters who signed up as ChoicePoint customers starting in 2001. At least 800 cases of identity theft resulted. Sued by the FTC, the company paid $15 million in a settlement earlier this year -- at least $5 million of which goes to the consumers whose lives they ruined. 9. VA laptop theft: In May, two teenagers stole a laptop from the Veterans Association that contained financial information on more than 25 million veterans, as well as people on active duty. Electronic Frontier Foundation staff attorney Kurt Opsahl said this is one of the worst data breaches in recent memory because of its sheer scale: "The database contained the names, Social Security numbers and dates of birth of as many as 26.5 million veterans and their families, though allegedly recovered without evidence of the thieves obtaining access." The case also raised awareness about how many unprotected, private databases are floating around on easily-stolen, mobile devices. When the laptop was recovered, it appeared that none of the data had been disturbed -- but only time will tell. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 307 incidents over 6 years.
Current thread:
- Wired News: Privacy Debacle Hall of Fame lyger (Aug 21)