[Dataloss] VISA / 1ST BANK

[George Toft]

lyger wrote:
> 
> On Fri, 20 Oct 2006, George Toft wrote:
> ": " Until the lawmakers of Washington suffer ID Theft, nothing will change. 
> ": "   If I were an ID thief, I would definitely dump any high profile name 
> ": " from my database - no need to spoil the party.  And the party will 
> ": " continue until some high profile politico gets burned.
> 
> But data loss <> ID theft.  If data is lost or stolen regardless of an 
> actual theft of an identity or identities, said data has been 
> compromised even if no access can be proven.  Things *can* change, but it 
> has to start with the actual protection of personal data and not wait 
> until the media starts screaming "IDENTITY THEFT" in the headlines.

I realize the difference - my information has been stolen 4 times, but 
my ID has not (yet).

Information protection received a major blow this month now that CPA's 
are exempt from Gramm-Leach-Bliley (or so says my recent ASCPA 
newsletter).  Not that many of them actually knew they were under this 
legislation or even cared.


> ": " I was in Home Depot this week at the customer service counter.  A 
> ": " customer was telling the clerk about someone running around with his 
> ": " SSN.  It is becomming commonplace (at least in Arizona).
> ": " 
> ": " George Toft, CISSP, MSIS
> 
> Out of curiousity, did he mention how it was compromised?  Data breach of 
> a third party or did someone stole his wallet?  Not much could probably 
> have been done about the latter, but the former needs to be addressed from 
> a data protection standpoint, not an "identity theft" one. 

It was a conversation I overheard.  What I got out of it was that his 
SSN was being used, not his whole ID.  The issue surrounded paying for a 
purchase and they offered him cash, check or charge.  He couldn't do 
check because his SSN was being abused.

George