[Dataloss] [Fwd: CO DMV data leakage issue(s)]

Arshad Noor arshad.noor at strongauth.com
Wed Jul 9 17:03:25 UTC 2008


While I don't believe anyone has said this is a breach, for
all we know the data has already been used for illegal uses.
If it is classified as a breach, this will be the fourth
largest one (behind TJX, CardSystems and Hannaford).

An excerpt from the article:

"Colorado ranks eighth in the nation in identity-theft
complaints per person and first in the nation when it
comes to general fraud reports. On average, those frauds
cost victims $4,041 each for a total of $41.3 million in
2007, according to information from the attorney general's
office."

Do government officials know about open-source software and
that it can do mission-critical things at far lower costs
than commercial software?

Arshad Noor
StrongAuth, Inc.

-------- Original Message --------
Subject: [Dataloss] CO DMV data leakage issue(s)
Date: Wed, 09 Jul 2008 07:35:59 -0500
From: Henry Brown <hbrown at knology.net>
To: dataloss at attrition.org

http://origin.denverpost.com/breakingnews/ci_9822063

DMV puts Coloradans at risk of ID theft
By Jessica Fender
The Denver Post
Article Last Updated: 07/09/2008 06:10:43 AM MDT

The Division of Motor Vehicles put 3.4 million Coloradans at risk of
identity theft due to flaws in the way driver's-license information is
handled, lawmakers learned Tuesday at an interim transportation
committee hearing.

The DMV regularly sends large batches of personal information over the
Internet without encryption and has failed to properly limit access to
its database, according to a recent audit. At one point, 33 former DMV
employees could access names, addresses, dates of birth and Social
Security numbers — some workers more than a year after their departure,
auditors found.

[...]

Auditors said the DMV's method for handling sensitive information was
"fragmented, disorganized and poorly planned," partly because the
division is made up of a number of decentralized offices scattered
across the state. No one person is responsible for security.

[...]


More information about the Dataloss mailing list