Saturday, June 10, 2006

330,000 AICPA Members SSN Missing Since February

330,000-AICPA-Members-SSN-Missing-Since-February-audio post - click to play

The list of Americans whose most sensitive personal
information has either been lost, stolen, or exposed
to identity theft continues to grow. In the latest
example of poor information security, the
American
Institute of Certified Public
Accountants (AICPA)
reported nearly all
of it's 330,000 member's
confidential
data has been "lost" since February.


Let's quickly do the math. February, March, April,
May, & now June. Hmmm. That's 5 months. Ok, being
generous and counting the partial month of February,
that still totals over 4 months that those 330,000
individuals' data has been exposed to potential
identity theft.

120+ days for the following information to be unprotected:

  • Names
  • Addresses
  • Social Security Numbers (ssn)

With that level of personally identifying
information
in the hands of even the most
novice identity thief,
it's more than ample
enough time to completely wreck
a lifetime
of good credit
while leaving you with the
the months of frustration in fighting off debt
collectors and countless phone calls with uncaring
bureaucrats.

All of this simply because a careless AICPA employee
sent out a damaged computer hard drive to
an external
data recovery service, in violation
of company policy.


The computer disk was reported "missing" when it was
scheduled to be returned by Fedex but never arrived
back at the AICPA offices in the New York area.

In what has now become an all too familiar pattern
of "too late" damage control the company responsible
for the data breach, the AICPA has now begun
deleting all Social Security numbers from
its member
database.

You would have hoped that certified public accountants
were more careful in their confidential data handling
practices in the first place. After all, CPA's are
the professionals who audit businesses for
the safety
and soundness of their financial
condition.


So, our tip for today illustrates the need for you
to take back control over your own data. Refuse to
provide your social security number to any entity
unless it's absolutely necessary. Most times when
challenged, requestors can and do resort to using
an alternate number for managing your account.

Finally, if you are or you know of someone who is
a member of the AICPA, have them contact the member
support department for the "free" credit monitoring
offer to those whose personal information has been
needlessly exposed to identity theft fraud.

That phone number is 888-777-7077.

1 Comments:

At 2:37 AM, Anonymous Anonymous said...

Why did they wait soooooooooo long to say anything?

This kind of cover your *** makes me so angry.

I thought there were laws which force them to disclose these kind of screw ups to the public alot sooner than 3 months?

 

Post a Comment

<< Home