Thursday, December 21, 2006

ID theft catastrophe

ID theft hits a milestone

by Konstantin Kornakov  |   Dec 18 2006 11:25 GMT   | 

Identity theft over the last years has become one of the most talked-about contemporary crimes. And no wonder, as the number of personal records lost or stolen in the US since 2005 has now reached a staggering 100 million. This means that more than a quarter of Americans will have had first-hand experience of it. According to Privacy Rights Clearinghouse (PRC), which has kept a track record of all data breaches in the US since February 2005, when the ChoicePoint data theft started the list, the milestone was reached last week.

Since then there have been many major breaches, with some leaving as many as tens of millions potential victims. The largest-ever data breach was registered in June 2005, when card-processing firm CardSystems suffered a hacking incident that led to the loss of 40 million private personal records. Victims were mostly users of MasterCard-issued cards, but Visa and other card issuers were also affected. The second biggest incident occurred in May 2006, when a laptop containing personal data of more than 28 million US military veterans was stolen from the house of an employee of the Veterans Affairs department. An anonymous person later handed in the laptop following an intensive search effort, and the FBI claimed that there was no evidence that any data was taken from the computer. A third data breach with more than 17 million victims was logged in March 2006, when the database of Internet billing company iBill was stolen with the help of either a corrupted insider or by using malware. However, that incident is not counted by PRC towards the total number of victims of ID theft, since no personal financial data was lost, however, the information that was stolen could still be used to fake identities through social engineering.

The latest target for ID thieves seems to be educational institutions, as warnings have been sounded recently about the vulnerability of universities to hacking attacks. The most prominent data breach incident involving a US university happened in May this year, when it was discovered that several computers at Ohio University were broken into by cyberthieves in unrelated incidents. Hackers controlled one of the computers for at least a year, using it as to carry out DoS attacks. Ohio University has now closed their security gaps and is implementing a special plan to improve IT safety. However, other educational institutions are still suffering data breaches. For instance, according to PRC records of the 15 data breach incidents in December 2006, a total of 7 were recorded at colleges or universities. The biggest breach of the month was registered at UCLA, where hackers broke into a database containing personal data of current and former students and staff. This has been a trend all through 2006, as PRC records show that educational organisations account for more than 50 percent of data breached this year. The problem for universities and colleges is to balance the openness required in the learning and scientific process and the need to protect sensitive data. Until this right balance is found right across the educational sphere, though, more victims will suffer the agony of having their personal information stolen by ID thieves.


Yahoo News
ZdNet UK

Labels: ,

Made4biz Security Translating real-world security knowhow into state of the art security systems.
Made4biz Security

Turn on Sound for Demos:
Bill Gates Demo (Location-based)
Elvis Demo (Location/Context-based)
Clint Eastwood Demo (Temporal-based)

Powered by Blogger

Subscribe to
Posts [Atom]

Technorati Profile

RSS Syndication

Made4Biz Security Inc