[Dataloss] At Least 20 Big-Name Passports Breached
Max Hozven
mhozven at tealeaf.com
Thu Mar 27 18:15:18 UTC 2008
Another seemingly simple solution would be to flag certain high-profile
accounts with
an option that requires a supervisor's electronic okay to open a record.
It seems like what they have now is that certain accounts are flagged as
high-profile
(government officials, celebrities, etc) and the management is notified
AFTER somebody
pulls up the record. Kind of like closing the barn door after the cows
have left.
-Max
-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of Chris Walsh
Sent: Thursday, March 27, 2008 8:04 AM
To: Richard Forno
Cc: dataloss at attrition.org
Subject: Re: [Dataloss] At Least 20 Big-Name Passports Breached
Reports I read said that as part of their training, contractors are told
to bring up the file on somebody (whom they pick). Most trainees pick a
relative, the article said.
This is of concern on several levels, the most obvious of which is the
blatant disregard for privacy that it shows. In 30 seconds, I could
rewrite this training regime to preserve privacy -- just have trainees
be instructed to bring up a record which exists solely for training!
John Q Public of 123 Main St., Anytown USA comes to mind.
The fact that live data is used for training, when the contents are
sensitive is quite disheartening. This is a systemic problem, not one
that just impacts Senators or dead celebrities.
cw
On Wed, Mar 26, 2008 at 11:12:05PM -0400, Richard Forno wrote:
> At Least 20 Big-Name Passports Breached Last Edited: Wednesday, 26 Mar
> 2008, 6:47 PM EDT
>
> http://www.myfoxdc.com/myfox/pages/News/Detail?contentId=6140974&versi
> on=2&l
> ocale=EN-US&layoutCode=TSTY&pageId=3.3.1
>
>
> WASHINGTON -- State Department workers viewed passport applications
> containing personal information about high-profile Americans,
> including the late Playboy playmate Anna Nicole Smith, at least 20
> times since January 2007, The Associated Press has learned.
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
More information about the Dataloss
mailing list