[Dataloss] Email correspondences containing PII / sensitive information that may be used to commit identity theft

[Al Mac Wheel]

I do not believe there is a satisfactory alternative out there as yet.

What you are complaining about is an extremely widespread practice.
1. I would guess 99% of the time when I request a new password, or register 
at a site new to me, the password and logon info arrives via e-mail in 
plain text.
2. I think all professionals I deal with ... auditors, accountants, 
lawyers, whoever ... all of them send highly sensitive info in attachments 
that anyone who can see the e-mail (such as our ISP), can also read the 
data, and request same from me.  A handful of them have some boiler plate 
verbiage below the sig about what is the authorized use of this 
e-mail.  These same people have this identical verbiage on the bottom of 
their postings to discussion lists, whose archives are available to the 
general public.
3. Vast numbers of the computer using public appears to be clueless when it 
comes to relationships between types of computer usage (e.g. P2P) and 
various risks (e.g. spyware).

We can report this kind of thing to the FTC or equivalent organiation in 
other nations, but generally all they do is collect statistics on how much 
of the total industry is criminal and/or incompetent.  Some organization 
has to be extremely more blatant in harming consumers before action taken.

The anti-spam, anti-virus,e-police, etc. software includes a lot with false 
positives and failures to block all the bad stuff, and lacks standards 
across various software clients.

, Steve Hamburg wrote:
>I apologize if this is a mere repeat of a previous thread, however, I
>just received an email notification from Disney Cruise Lines (DCL) that
>frustrates me, and reminded me of many other violators out there.
>
>I'm planning a Disney trip for my family (yes, there will be people
>staying at, and guarding our residence), and the unprotected
>confirmation email received from DCL included the names and birth dates
>of all of my family members, as well as where within the cruise ship we
>would be residing.  This reminded me of many other violators, for
>example:
>
>1. How many times have you received an unprotected email after
>requesting a new password or creating a new account that contains both
>your user ID and password?
>2. How many times have you had service providers (e.g., attorneys,
>accountants, etc.) send you unprotected emails with attachments
>containing extremely sensitive information?
>
>It would be very interesting if a service / notification mechanism were
>to exist where these types of risk-prone actions could be reported and
>the informant could be rest-assured that disciplinary actions would be
>exercised.
>
>Thoughts?
>
>Steve.
>
>--
>Steven E. Hamburg, President
>Eclipsecurity, LLC
>Toll Free: (877) 369-5331 x 302
>Office: (847) 850-5088 x 302
>www.eclipsecurityllc.com
>
>Lock-in success.  Because information travels...
>********************
>This message and any accompanying attachments are intended
>only for the addressees(s) named above, and may contain information
>that is privileged or confidential.  If you have received
>this email in error, please notify the sender and delete this
>message and any accompanying attachments immediately
>thereafter.  To the extent the contents of this message or any
>accompanying attachments are original works of authorship, the
>right to copy, prepare derivative works, distribute, or display publicly
>such work without the permission of Eclipsecurity, LLC, is strictly
>prohibited under U.S. Copyright law.
>********************
>
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
>http://attrition.org/dataloss
>
>Tenable Network Security offers data leakage and compliance monitoring
>solutions for large and small networks. Scan your network and monitor your
>traffic to find the data needing protection before it leaks out!
>http://www.tenablesecurity.com/products/compliance.shtml