Reactions to story from Security Watch
Lost Laptop Exposes 380,000 Records
http://bhconsulting.ie/ securitywatch/ ?p=360
Following on from last week’s announcement that the office of the Comptroller Auditor General lost a laptop containing sensitive data at a bus stop, today the CAG announced that it lost a laptop in April 2007that contained information from the Department of Social and Family Affairs on over 380,000 welfare recipients. The laptop was stolen from the office of the CAG and to compound the problem further, while the data was send to the CAG from the Department of Social and Family Affairs in encrypted format it was subsequently stored on the CAG laptop in plaintext form. The compromised data included personal details such as bank account numbers, names and addresses of people, in fact the perfect data an identity thief would pay a lot of money for.
Reactions / posts that link to this post
-
Why Identity Theft is such a problem!
http://www.merchant911.org/blog/index.php/2008/08/22/why-is-...If you are one of those that wonders why Identity Theft has become such a problem, wonder no more. Here’s just a few reports from one week. The total - almost 2.5 Million! Insider possibly compromises 2,000,000 records, including Social Security numbers, of mortgage applicants: “Countrywide Financial Corp. data loss circa 2008/08/02″ 15,000 notified about lost flash drive containing names, addresses, credit card numbers and Social Security numbers: “Arapahoe Community College data loss circa 2008/08/04″ Personal and financial information of 380,000 on stolen laptop: “Ireland Department of Social and Family Affairs data loss circa 2008/08/11″ Names, Social Security numbers, and dates of birth of 92,095 on hacked server: “Dominion Enterprises / InterActive Financial Marketing Group (IFMG) data loss circa 2008/08/18″
-
380,000 pensioners’ details were on that missing laptop
http://www.mulley.net/2008/08/11/380000-pensioners-details-w...So RTE says that laptop which was actually nicked/lost last year had 380,000 social welfare records on it. Holy shit. Adrian will no doubt say that the data will never be accessed so it’s nothing to worry about. A granny in Kerry probably has the data, right? While a junkie indeed might see a laptop valued at 50 quid and sell it on, where it ends up is another thing. Criminals are getting far more sophisticated in these matters as can be seen by the daily phishing attacks on banks, paypal and eBay in Ireland. There are enough gangs of criminals in Ireland into credit card theft and cloning now. Look at the Irish retailer website that got done over. It transpires that the criminals who had the credit card details waited months before trying out siphoning money from the cards. I think I’d be more concerned with the data on that laptop than the fact that there are eircom modems in use by businesses. Which if cracked into could lead clever criminals to crack other passwords that may eventually lead them into gaining access to point of sales systems. That’s if the POS systems are connected to the same network as wireless modems. And no encryption is used for transmitting credit card details to the verifying server. I’d be wondering why it took 16 months for this monumental fuck-up to be disclosed. Why are people are only being informed now? Why are banks are only being involved now? Why so long? Why was it not deemed a priority and why is it now an issue if it wasn’t for 16 months? I’d also wonder how long the Data Protection Commissioner knew of the extent of this information? A few days, weeks, months, a year? Other views: Brian, Digital Rights Ireland.
More rising blog posts
More rising news stories
Recent posts from Security Watch
-
Irish CERT Goes Live
25 days ago -
ENISA Release New Position Paper
30 days ago -
Incident Response Presentation Available Online
34 days ago
