Safekeeping Personal Information

If you’re at all concerned about the privacy of your personal data and want to really freak yourself out, there’s nothing more thrilling than going to the Privacy Rights Clearinghouse and reading through their chronology of data breaches from the last five years. The database is a collection of reported data breaches that resulted in the loss of personal information, usually account numbers or Social Security numbers that could be used for identity theft. It covers a stunning array of data losses, from the very recently hacked network at Heartland Payment Systems (purportedly by a “global cyberfraud operation”), which handles 100 million credit card transactions a month, all the way down to an employee at the Library of Congress who stole info on ten employees from the library’s database, and used it to rack up $38,000 in fraudulent charges.

As of this writing, the total number of data records that have been stolen, lost, or misplaced in the last five years is 252,474,509 – and that number grows pretty much every day. In fact, try Googling “computer network data breach” on Google News to find out what networks were compromised this week.

One of the most interesting aspects of the database is that it points out the variety of ways that personal information gets loose in the world. While there is certainly a fair share of info that gets hacked by globally savvy cyber-criminals (think Dr. Evil, only balder and bad skin), many of the breaches are much more mundane than that: a disgruntled employee steals data from his workplace; a laptop with the wrong database on it gets lost or stolen; someone in IT accidentally posts the wrong database; an old storage disc or printout gets thrown in a dumpster.

What can the average consumer do? If you’re ever notified that your personal data has been lost or stolen, you’ll want to place a fraud alert with at least one of the national credit reporting bureaus. You’ll also want to keep a close eye on your various accounts and credit reports, to make sure that there is no unusual activity. Beyond that, take ordinary precautions to safeguard your ATM PIN, choose strong passwords, and don’t keep your social security card in your wallet.

However, the real place where data needs the most stringent and conscientious protection is in the hands of merchants, government agencies, banks and credit processors. And, thanks to a number of laws increasing their liability, many of these keepers of large databases are working harder and harder to keep your personal data safe.

While these institutional holders of your personal data should obviously have stringent protections for all their computer networks, there are also a number of less obvious precautions that the Privacy Rights Clearinghouse data breach database highlights. These companies need to be doubly aware of operational and procedural issues that can allow your personal data to be stolen in less high-tech ways. Just because it’s less interesting when Joe in accounting decides to earn some extra money by selling personal data than it is when the database is hacked by a foreign crime syndicate doesn’t make it any less damaging.

Hopefully, the high rate of data breaches we are seeing now will soon be a thing of the past, as more and more companies realize this is a problem that they have to address before they end up another statistic on Google News.

By: Nathan Drier

Article Directory: http://www.articledashboard.com

Redspin's penetration testing services make use of the latest technology, which is required for a successful security audit. www.redspin.com