[Dataloss] Wired News: Privacy Debacle Hall of Fame
lyger
lyger at attrition.org
Mon Aug 21 09:15:52 EDT 2006
(some pretty interesting choices here, especially number one... - lyger)
http://www.wired.com/news/politics/privacy/0,71622-0.html?tw=rss.index
Earlier this month AOL publicly released a data trove: 500,000 search
queries culled from three months of user traffic on its search engine.
The company claimed it was trying to help researchers by providing
"anonymized" search information, but experts and the public were shocked
at how easy it was to figure out who had been searching on what.
Apparently, AOL's anonymizing process didn't include removing names,
addresses and Social Security numbers. Although the company has since
apologized and taken the data down, there are at least half-a-dozen
mirrors still out there for all to browse.
This may have been one of the dumbest privacy debacles of all time, but it
certainly wasn't the first. Here are ten other privacy snafus that made
the world an unsafer place. Despite the obvious flaws of rankings, we have
attempted one as follows, in descending order:
10. ChoicePoint data spill:
ChoicePoint, one of the largest data brokers in the world, in early 2005
admitted that it had released sensitive data on roughly 163,000 people to
fraudsters who signed up as ChoicePoint customers starting in 2001. At
least 800 cases of identity theft resulted. Sued by the FTC, the company
paid $15 million in a settlement earlier this year -- at least $5 million
of which goes to the consumers whose lives they ruined.
9. VA laptop theft:
In May, two teenagers stole a laptop from the Veterans Association that
contained financial information on more than 25 million veterans, as well
as people on active duty. Electronic Frontier Foundation staff attorney
Kurt Opsahl said this is one of the worst data breaches in recent memory
because of its sheer scale: "The database contained the names, Social
Security numbers and dates of birth of as many as 26.5 million veterans
and their families, though allegedly recovered without evidence of the
thieves obtaining access." The case also raised awareness about how many
unprotected, private databases are floating around on easily-stolen,
mobile devices. When the laptop was recovered, it appeared that none of
the data had been disturbed -- but only time will tell.
[...]
More information about the Dataloss
mailing list