BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Beware: Social Security numbers available online via indexed tax documents (fwd)

From: security curmudgeon <jericho () attrition org>
Date: Mon, 11 Apr 2011 13:50:52 -0500 (CDT)


---------- Forwarded message ----------
From: Dave Farber <dfarber () me com>
From: ken <ken () new-isp net>

http://www.zdnet.com/blog/seo/beware-social-security-numbers-available-online-via-indexed-tax-documents/2819

Beware: Social Security numbers available online via indexed tax documents
By Stephen Chapman | April 11, 2011, 4:38am PDT

As one who keeps up with the cutting edge of search engines and advanced 
search querying, it is with much reservation and disbelief that I bring 
you the results of my latest online investigative research. As of 
4/10/2011, I have discovered in excess of 50 tax documents containing any 
given combination of Social Security numbers, credit card information, 
names, addresses, tax IDs, and phone numbers being made available online. 
However, unlike recent leaks of email addresses and password hashes being 
made available due to hackers compromising systems, these documents are 
being unknowingly made freely available to prying eyes by the very owners 
of said information.

Sounds unbelievable, right? It gets worse.

To clarify, these are tax documents as they have been/will be submitted to 
State and Federal government: Names, addresses, income, phone numbers, 
credit card numbers (stored from e-filing), and worse of all, Social 
Security numbers. The latter is the most detrimental of all not just 
because of the individual filing their taxes having their identity 
potentially stolen, but because of individuals who have children that they 
use for tax credits.

As any parent knows, you must include certain information about your 
children when using them for tax breaks; namely, their names and Social 
Security numbers. That takes identity theft into a completely different 
atmosphere since a child having their identity stolen most likely will not 
find out until years down the road long after the damage has been done and 
the perpetrator has vanished. The potential consequences of such ignorance 
are far-reaching.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: