[Dataloss] Addt'l info on Ohio U 4+5

Joanne_McNabb at dca.ca.gov Joanne_McNabb at dca.ca.gov
Tue Jun 13 18:53:34 EDT 2006 




When the data compromised in a breach is SSNs, which can be used in a
variety of ways at any point in time, there's no reason to expect that
anyone would know whether or not they were used soon after the event.


                                                                                                              
                      "Dennis Opacki"                                                                         
                      <DOpacki at Covestic.c         To:      "Chris Walsh" <cwalsh at cwalsh.org>,                 
                      om>                         <dataloss at attrition.org>                                    
                      Sent by:                    cc:                                                         
                      dataloss-bounces at at         Subject: Re: [Dataloss] Addt'l info on Ohio U 4+5           
                      trition.org                                                                             
                                                                                                              
                                                                                                              
                      06/13/2006 03:03 PM                                                                     
                                                                                                              
                                                                                                              



Is it just me, or do disclaimers like, "there is no evidence that any of
the information has been misused" provide little comfort? Other than PR
spin, do they serve some underlying legal purpose?

-Dennis Opacki, CISSP QDSP
 Covestic, Inc.

From: dataloss-bounces at attrition.org on behalf of Chris Walsh
Sent: Mon 6/12/2006 11:09 PM
To: dataloss at attrition.org
Subject: [Dataloss] Addt'l info on Ohio U 4+5



"
A breach was discovered on a computer that housed IRS 1099 forms for 2,480
vendors and independent contractors for calendar years 2004 and 2005. There
is no evidence that any of the information has been misused.

Event 5: A breach was discovered on a computer that hosted a variety of
Web-based forms, including some that processed on-line business
transactions. Although this computer was not set up to store personal
information, investigators did discover files that contained fragments of
personal information, including Social Security numbers. The data is
fragmentary and it is not certain if the compromised information can be
traced to individuals. Also found on the computer were 12 credit card
numbers that were used for event registration. There is no evidence that
nay of the information has been misued.
"

Via http://www.ohio.edu/datasecurity/

Typos in the orginal.

_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/errata/dataloss/
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/errata/dataloss/

More information about the Dataloss mailing list