Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Bank loses tape with personal information on 90,000 customers

From: David Farber <dave () farber net>
Date: Thu, 12 Jan 2006 17:18:49 -0500


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: January 12, 2006 12:54:35 PM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: Re: [IP] Bank loses tape with personal information on 90,000 customers 

Bingo.  As Dan notes, lost tapes in transit, even when the data is
unencrypted, are a very low probability vector for identity theft
problems.  In fact, the majority of identity thefts are usually
highly targeted and often are "inside jobs" based on realtime access
to running database systems -- and frequently the perpetuators are
"friends" or acquaintances of the targets.

In fact, offhand I know of no case where one of these big reported
"tape loss" stories that get so much play actually have been linked
to later problems.

All of the attention over lost tapes and proposed laws to force
encryption of the transported data simply divert attention from
where the real problems are -- the people who have realtime access
to the running data systems and the amount of data being collected
and stored in the first place.

In a way it's similar to the MPAA making such a big deal about
trying to catch people with camcorders in theaters making low
quality copies, when in reality most of the pirated versions of
movies that really give them grief are the result of prints
copied by insiders along the production or display chains.

With identity theft, as in movie piracy, the key word is *focus*.
No pun intended.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com

 - - -




Begin forwarded message:

From: Dan Shoop <shoop () iwiring net>
Date: January 12, 2006 9:41:01 AM EST
To: dave () farber net, ip () v2 listbox com
Subject: Re: [IP] Bank loses tape with personal information on 90,000
customers


This actually happens all the time. The bank FedEx's or otherwise
sends a tape, it get's lost. This happens. In a past life as a
datacenter manager at Citibank we used to receive palettes of tapes
by FedEx every morning from Sioux Falls, SD, where the credit card
processing center was, a truck of tapes having better bandwidth at
lower cost that any telco line.  Occassionally tapes got lost, it was
no big deal and no one thought much of it other than to request
another copy. California, IIRC, was the first state to mandate that
any lost customer records of any sort has to be reported, and other
states have followed suit. Since such laws been enacted that it must
be reported it's been getting recent press and what is actually a
common occurance is now "news". The risk from this is considered very
low. In most all cases the data is encrypted. Even if it wasn't other
policies prevent keeping say account numbers and names, or other
required pieces of information necessary to commit a fraud or
identity theft with information together in the same place at once.

Having names and Social Security numbers together is considered low
risk since this information is readily available through numerous
sources.
--

-dhan
---------------------------------------------------------------------- -- Dan Shoop AIM: iWiring Systems & Networks Architect http:// www.iwiring.net/ shoop () iwiring net http:// www.ustsvs.com/ 
1-646-217-4725
pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF 12B1 7840 3BE7 3736 DE0B 

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.


-------------------------------------
You are subscribed as lauren () pfir org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting- people/ 


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: