BreachExchange mailing list archives

Re: VISA / 1ST BANK

From: George Toft <george () myitaz com>
Date: Fri, 20 Oct 2006 16:35:14 -0700

lyger wrote:


On Fri, 20 Oct 2006, George Toft wrote:
": " Until the lawmakers of Washington suffer ID Theft, nothing will change. 
": "   If I were an ID thief, I would definitely dump any high profile name 
": " from my database - no need to spoil the party.  And the party will 
": " continue until some high profile politico gets burned.

But data loss <> ID theft.  If data is lost or stolen regardless of an 
actual theft of an identity or identities, said data has been 
compromised even if no access can be proven.  Things *can* change, but it 
has to start with the actual protection of personal data and not wait 
until the media starts screaming "IDENTITY THEFT" in the headlines.


I realize the difference - my information has been stolen 4 times, but 
my ID has not (yet).

Information protection received a major blow this month now that CPA's 
are exempt from Gramm-Leach-Bliley (or so says my recent ASCPA 
newsletter).  Not that many of them actually knew they were under this 
legislation or even cared.

": " I was in Home Depot this week at the customer service counter.  A 
": " customer was telling the clerk about someone running around with his 
": " SSN.  It is becomming commonplace (at least in Arizona).
": " 
": " George Toft, CISSP, MSIS

Out of curiousity, did he mention how it was compromised?  Data breach of 
a third party or did someone stole his wallet?  Not much could probably 
have been done about the latter, but the former needs to be addressed from 
a data protection standpoint, not an "identity theft" one.


It was a conversation I overheard.  What I got out of it was that his 
SSN was being used, not his whole ID.  The issue surrounded paying for a 
purchase and they offered him cash, check or charge.  He couldn't do 
check because his SSN was being abused.

George
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 137 million compromised records in 430 incidents over 6 years.

Current thread:

VISA / 1ST BANK security curmudgeon (Oct 19)
- Re: VISA / 1ST BANK Joshua Fritsch (Oct 19)
- Re: VISA / 1ST BANK ziplock (Oct 19)
  - Re: VISA / 1ST BANK B.K. DeLong (Oct 19)
    - Re: VISA / 1ST BANK Chris Walsh (Oct 19)
    - Re: VISA / 1ST BANK B.K. DeLong (Oct 19)
    - Re: VISA / 1ST BANK Dennis Opacki (Oct 19)
    - Re: VISA / 1ST BANK blitz (Oct 20)
    - Re: VISA / 1ST BANK George Toft (Oct 20)
    - Re: VISA / 1ST BANK lyger (Oct 20)
    - Re: VISA / 1ST BANK George Toft (Oct 20)
    - Personal experiences? Was Re: VISA / 1ST BANK lyger (Oct 20)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Joshua Fritsch (Oct 20)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Al Mac (Oct 20)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Henry Brown (Oct 23)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK ziplock (Oct 21)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Chris Walsh (Oct 21)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK ziplock (Oct 22)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Doctor Spook (Oct 22)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK dano (Oct 21)
    - Re: Personal experiences? Was Re: VISA / 1ST BANK Ivan Junge (Oct 23)

(Thread continues...)