Friday, March 17, 2006

Identity Theft: Ooops We Lost The Data Again

Identity-Theft-audio post - click to play

Isn't it ironic when the tax auditor who's charged
with safeguarding the financial integrity of a
client's accounting results, itself can not
protect the sensitive information entrusted
with them.

In a story which unfortunately reveals an all
too similar pattern to previous identity theft
breaches involving large American firms, a
laptop was stolen from Ernst & Young containing
the social security numbers (ssn) and other
confidential information effecting thousands of
IBM staff.


The laptop stolen in January by identity thieves
contained the following personal information of
IBM employees who had been stationed outside of
the United States:
  • Names
  • Date of Birth
  • Gender
  • Family Size
  • Social Security Number (SSN)
  • Tax Identifiers
  • Email Address
  • Country Stationed
Basically, everything an identity thief needs to
commit credit fraud against these unsuspecting
victims and their families.

Tying back to today's article title, what makes
this story even more tragic, is Ernst & Young
had last month been revealed to also have
lost
social security number (ssn) & personal
information
of the CEO of Sun Computers,
one of the largest worldwide computer server
vendors to the internet community.

But wait, it gets even worse, as there's even an
indication that Cisco (the internet router industry
leader) employee personal data may have also been
on the same laptop containing other clients as
well.

Then, as if these two incidents weren't severe
enough for a bad run of identity theft, Ernst &
Young filed a police report in Miami, noting
that it had lost four more laptops.

"Its employees left the systems in a conference
room when they went out for lunch. A security
camera at the conference center showed that it
took all of about five minutes for two people
to steal the laptops."

Apparently with the swiftness of the laptop theft,
the E&Y auditors were not merely the object of a
random act, but rather targeted by identity theft
"collectors".

At the time of this article no public
statement from Ernst & Young is available.

However, to E&Y's credit they have attempted to
ease the potential damage of the identity theft
by advising their effected clients to seek out
monthly credit monitoring.

This story continues to illustrate there is
evidently not enough of a punitive incentive
for U.S. firms to institute stringent practices
to safeguard their clients consumer data.

Recent identity theft legislative efforts in
Congress are indicating a more lax, business
friendly direction for a binding national
laws over the current state level support
of consumer data protection.

"The House Energy and Commerce Committee
approved a stripped-down data-security
bill
this month on a party-line vote.
The measure
would require companies
to establish security
safeguards and
notify consumers of breaches
only
when they pose a significant risk of
identity theft -- a standard
Democrats say
is too lax. The bill
would also pre-empt
tougher state laws
."

So, our tip for today is to seize control over
your own data to protect it as best as you
possible can - with the many options available.

Freeze your credit report if you live within
one of the (12) states which allow it.
Opt-out of your data being shared amongst
affiliated companies - especially those you
can not confirm in writing how they protect
your data from identity theft.

Finally, install your very own financial
"burglar alarm" to alert you when there's
been data of yours exposed to the abuses
of identity theft.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home