|
Information Security News
mailing list archives
Re: Dark Day Planning: Insuring Against Data Loss
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 20 Dec 2006 01:03:19 -0600 (CST)
Forwarded from: security curmudgeon <jericho (at) attrition.org>
Cc: matt_hines (at) ziffdavis.com
: http://www.eweek.com/article2/0,1895,2073528,00.asp
:
: By Matt Hines
: December 15, 2006
:
: The list of data breaches involving sensitive personal information
: maintained by the Privacy Rights Clearinghouse achieved a significant
: milestone Dec. 13, as the nonprofit group saw the total number of
: records exposed in such events crest the 100 million mark.
This 100 million figure is getting so many articles it isn't funny. The
sad part, all of these journalists jumping on the bandwagon are doing
some pretty shoddy work. The not so fine print at the top of the PRC
page fairly clearly indicates that a significant amount of their data
comes from the efforts of attrition / PWR and links to attrition's
dataloss page. Checking that, we see that 100 million was crossed over
six months ago. And remember folks, that's just based on the incidents
that are documented and public.
: Since the PRC first began tracking data losses in February 2005, when
: consumer data aggregator ChoicePoint reported that fraudsters had
: gained access to 163,000 consumer records
Speaking of ChoicePoint being a 'watershed' event (PRC wording), it was
reported that 145,000 records "could be" affected (later said to be
163,000), yet three months earlier there were 320,000 documents taken
from Hamilton County Ohio Clerk of Courts, 100,000 from Delta Blood Bank
four months earlier, and "over 100,000" from Brazos Higher Education
Service Corp four months earlier, and 145,000 from The University of
California (UCLA) ten months earlier, and 200,000 from Illinois
Secretary of State ten months earlier, and "possibly 380,000" from San
Diego State University eleven months earlier, and 500,000 from PetCo
almost a year and a half earlier, and *OVER 5 MILLION* credit card
numbers from DPI in March of 2003 and 562,000 from United States
Department of Defense / Triwest in Jan of 2003 and for the finale...
300,000 credit card numbers from CD Universe in Jan of 2000.
So, could anyone please tell me WHY ChoicePoint was a 'watershed' event
and sparked the (relatively) recent interest in dataloss? And why all
these clearing houses and experts weren't on this years earlier? And why
ChoicePoint is some magical cut off when there were significantly larger
dataloss events years before?
---
http://attrition.org/dataloss/rant/100million.html
100 million... the gloves come off.
Thu Dec 14 20:31:40 EDT 2006
Lyger
I'm going to preface this entire rant with one caveat: I have respect
for Beth Givens and Privacy Rights Clearinghouse for their efforts to
promote awareness regarding data breaches that involve personally
identifying information. I have respect for other groups and entities
who care enough to report these breaches, analyze them, and provide
meaningful and insightful commentary and analysis. However:
[..]
That's right, you read it. Attrition and PWR, for the most part, FEED
PRC'S LIST. Granted, PRC started their list in April of 2005. Attrition
started its list in June of 2005. At that time, neither PRC nor
Attrition had any knowledge of the other's efforts. For those of you who
think the Attrition.org list might have been either "borrowed" from PRC
or was my idea to begin with, here's a little insider info:
[..]
The Data Loss Database - Open Source has almost 510 events and over 143
MILLION compromised records as of this writing. 100 million? Dudes and
dudettes, we had that over six months ago.
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 By Date 
By Thread
Current thread:
|
Intro
