[Dataloss] Wired News: Privacy Debacle Hall of Fame

lyger lyger at attrition.org
Mon Aug 21 09:15:52 EDT 2006 

(some pretty interesting choices here, especially number one... - lyger)

http://www.wired.com/news/politics/privacy/0,71622-0.html?tw=rss.index

Earlier this month AOL publicly released a data trove: 500,000 search 
queries culled from three months of user traffic on its search engine.

The company claimed it was trying to help researchers by providing 
"anonymized" search information, but experts and the public were shocked 
at how easy it was to figure out who had been searching on what. 
Apparently, AOL's anonymizing process didn't include removing names, 
addresses and Social Security numbers. Although the company has since 
apologized and taken the data down, there are at least half-a-dozen 
mirrors still out there for all to browse.

This may have been one of the dumbest privacy debacles of all time, but it 
certainly wasn't the first. Here are ten other privacy snafus that made 
the world an unsafer place. Despite the obvious flaws of rankings, we have 
attempted one as follows, in descending order:

10. ChoicePoint data spill:
ChoicePoint, one of the largest data brokers in the world, in early 2005 
admitted that it had released sensitive data on roughly 163,000 people to 
fraudsters who signed up as ChoicePoint customers starting in 2001. At 
least 800 cases of identity theft resulted. Sued by the FTC, the company 
paid $15 million in a settlement earlier this year -- at least $5 million 
of which goes to the consumers whose lives they ruined.

9. VA laptop theft:
In May, two teenagers stole a laptop from the Veterans Association that 
contained financial information on more than 25 million veterans, as well 
as people on active duty. Electronic Frontier Foundation staff attorney 
Kurt Opsahl said this is one of the worst data breaches in recent memory 
because of its sheer scale: "The database contained the names, Social 
Security numbers and dates of birth of as many as 26.5 million veterans 
and their families, though allegedly recovered without evidence of the 
thieves obtaining access." The case also raised awareness about how many 
unprotected, private databases are floating around on easily-stolen, 
mobile devices. When the laptop was recovered, it appeared that none of 
the data had been disturbed -- but only time will tell.

[...]

More information about the Dataloss mailing list