[Dataloss] a recurring theme...

*Hobbit* hobbit at avian.org
Fri Feb 17 10:17:57 EST 2006


Well, by "the industry" I really mean any corporation that accumulates
data on people, especially of the financial sort, and is therefore
likely to cause privacy leaks in a breach.  But more subtly, I mean
the outfits that are doing that and then making such data available
via largely insecure means -- "it's easy!  Manage your account
online!  Just sign up here, and use the last 4 digits of your
social as a default password!" ... it's not *quite* that bad these
days, but on the other hand getting a bank or other organization
with which one holds an account of some kind to completely *decouple*
one's particulars from any sort of online access is increasingly
difficult.  And they act surprised when someone calls in and says
"no, I don't want ANY internet access to my account please".  Or
be in total shock when someone wants to follow good security
guidelines and change an otherwise relatively static secret.

Many procedural assumptions are being made, in the financial sector
and otherwise, that are fundamentally flawed, and they're all
copycatting each other in this madness so that makes it all seem
like "accepted practice".  This is where things have gone so
horribly wrong, and now we see the results.  But it's gotten too
big, and nobody knows or cares how to fix it anymore.  They've
learned how to pronounce "identity theft", but that seems to be
about as far as it goes.

Hopefully this list can help drive home a different conclusion.
I think I've seen an aggregate figure of over a million customers
at risk go by in just the short time I've been here.  Perhaps
efforts to bring lists like this to a wider audience would help...

_H*


More information about the Dataloss mailing list