Identity theft hall of shame, via schneier

[unixronin]

Bruce schneier linked to this chronology of data breaches since the ChoicePoint breach in February 2005. In all, almost 89 million identities were reported compromised.

Note that, on the one hand, the list does not guarantee uniqueness; this chronology adds up to just under 89 million cases of an identity being compromised.  It's unknown at present how many names are on that list multiple times.

On the other hand, this is only the reported breaches.  The majority of states still do not legally require companies to disclose such breaches, and many companies don't disclose them unless forced to by law.  (Look as an example at Choicepoint, which disclosed its breach only to residents of California, where disclosure of breaches of personal data is mandated by state law.  Affected residents of other states were totally in the dark until it hit the national news.)

The gripping hand is, much of this happens -- or is able to happen -- because these data-brokerage companies treat personal information with complete cavalier disregard to the privacy of the rightful owners of that data.  To them, it's just another commodity like toilet tissue or dog food.  They don't care, and they're not accountable, so keeping the data secure really isn't much of a concern to them.

And therein lies the problem.

Comments

[sierra-nevada.livejournal.com]

Can you say, "class action lawsuit"?

I knew you could ...

[attutle.livejournal.com]

We shouldn't be surprised.

It isn't like these data breaches have put any companies out of business.

In fact, do we even know if anyone has lost their job over any of this.

I'm reminded of a previous job, where a coworker said "I don't like security, it makes my job harder." He was a system administrator. Still is, as far as I know.