[Dataloss] [Fwd: CO DMV data leakage issue(s)]

Tue Jul 15 00:31:06 UTC 2008

Hey Arshad - didn't you have a list of the breaches at one time - I seem to 
recall it from the ISC list.

Todd

----- Original Message ----- 
From: "Arshad Noor" <arshad.noor at strongauth.com>
To: "ekmi" <ekmi at lists.oasis-open.org>; <ST-ISC at MAIL.ABANET.ORG>; 
<dataloss at attrition.org>
Sent: Wednesday, July 09, 2008 10:03 AM
Subject: [Dataloss] [Fwd: CO DMV data leakage issue(s)]

While I don't believe anyone has said this is a breach, for
all we know the data has already been used for illegal uses.
If it is classified as a breach, this will be the fourth
largest one (behind TJX, CardSystems and Hannaford).

An excerpt from the article:

"Colorado ranks eighth in the nation in identity-theft
complaints per person and first in the nation when it
comes to general fraud reports. On average, those frauds
cost victims $4,041 each for a total of $41.3 million in
2007, according to information from the attorney general's
office."

Do government officials know about open-source software and
that it can do mission-critical things at far lower costs
than commercial software?

Arshad Noor
StrongAuth, Inc.

-------- Original Message --------
Subject: [Dataloss] CO DMV data leakage issue(s)
Date: Wed, 09 Jul 2008 07:35:59 -0500
From: Henry Brown <hbrown at knology.net>
To: dataloss at attrition.org

http://origin.denverpost.com/breakingnews/ci_9822063

DMV puts Coloradans at risk of ID theft
By Jessica Fender
The Denver Post
Article Last Updated: 07/09/2008 06:10:43 AM MDT

The Division of Motor Vehicles put 3.4 million Coloradans at risk of
identity theft due to flaws in the way driver's-license information is
handled, lawmakers learned Tuesday at an interim transportation
committee hearing.

The DMV regularly sends large batches of personal information over the
Internet without encryption and has failed to properly limit access to
its database, according to a recent audit. At one point, 33 former DMV
employees could access names, addresses, dates of birth and Social
Security numbers — some workers more than a year after their departure,
auditors found.

[...]

Auditors said the DMV's method for handling sensitive information was
"fragmented, disorganized and poorly planned," partly because the
division is made up of a number of decentralized offices scattered
across the state. No one person is responsible for security.

[...]
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.4.7/1542 - Release Date: 7/9/2008 
6:50 AM