<html>
<body>
Let's suppose hypothetically, a federal law was passed that would permit
victims of data loss to get a replacement Social Security #, how far away
are we from running out of the #s?<br><br>
There are some #s that cannot be used because of sensitivity to such
topics as 66 is the number of the Devil. The SSN # would start
having to use alpha characters, more than 7 digits. There's all
that computer software out there not ready for that.<br><br>
At the rate at which underground e-crime is able to get at the info to
breach additional people identities, until that availability is dried up,
I consider the historically taken data only a risk where the theft was
not by large scale data thefts.<br><br>
<blockquote type=cite class=cite cite="">I am wondering about the
long-term effects of record loss. It seems to <br>
me that all a thief needs to do is wait a year or two to use the <br>
information - after all, you can't change your SSN, Birth Date, and are
<br>
probably not changing your name, so the info is good for years to
come.<br><br>
My thinking is that people tend to forget about the fraud alerts, which
<br>
only last 90 days. Maybe they renew them a couple times.
After a year <br>
or so, the thief should be able to act on the data and perhaps 1/2 will
<br>
be effective.<br><br>
Thoughts? Enlightenment?<br>
-- <br>
George Toft, CISSP, MSIS<br>
My IT Department<br>
<a href="http://www.myitaz.com/" eudora="autourl">www.myITaz.com</a><br>
480-544-1067<br><br>
Confidential data protection experts for the financial industry.<br>
_______________________________________________<br>
Dataloss Mailing List (dataloss@attrition.org)<br>
<a href="http://attrition.org/errata/dataloss/" eudora="autourl">
http://attrition.org/errata/dataloss/</a></blockquote>
<x-sigsep><p></x-sigsep>
-<br>
Al Mac AKA Alister Wm. Macintyre<br>
<font color="#FF0000"><b>Security Warnings</b></font> (Sig last revised
2006-July-5)<br>
1. Do I have PRIVATE data on Y"all? (Ask me to explain) or access to
it <br>
<x-tab> </x-tab>YES<br>
2. Is your data at risk of security breaches & if so how?<br>
<x-tab> </x-tab>YES ...
your e-mail address may be at risk of spyware malware etc. breaching,
without me aware ... my cable modem ISP may be cooperating with secret
gov surveillance efforts<br>
3. Does my GOV require breach
notification?<x-tab> </x-tab><br>
<x-tab> </x-tab>YES but me
may not have to (Indiana law scope both limited and poorly
communicated)<br>
4. Select word(s) (e.g. Encrypted, less than 10 people have key, know
password) to best describe how I am protecting data on you:<br>
<x-tab> </x-tab>MIMIMUM
PRUDENT (physical locks, dual firewall layer, keep anti-virus current,
several anti-spyware, periodically run some checks, while others run
continuously, IT co-workers know where I hide password directory) <br>
* If you can read this, thank a teacher....and since it's in
English,<br>
thank a soldier. When stuff is written in gibberish and symbols, thank a
spammer.<br>
</body>
</html>