The Mother of All Data Breaches?
Wow, yet another data breach has happened, this time to Bank of America, Wachovia, Commerce Bancorp, and PNC Financial Services Group:
Seven former employees of Bank of America, Wachovia, Commerce Bancorp, and PNC Financial Services Group have been arrested in connection with a scheme in which they allegedly obtained customer data, which was then sold to law firms and debt-collection agencies. Account numbers and balances on 670,000 accounts were found on 13 computers seized from Orazio Lembo, the alleged mastermind, Hackensack, N.J., police said Monday.This comes on the heels of incidents involving loss or theft of customer data from Ameritrade, ChoicePoint, LexisNexis, DSW Shoe Warehouse, and Polo Ralph Lauren, among others, in the last several months.
The bust is the latest black eye for Bank of America, which in February disclosed the loss of a tape containing information on 1.2 million credit-card customers. Earlier this month, Time Warner reported that tapes containing Social Security and other personal information on 600,000 current and former workers were missing.I don't believe I'm overstating the case when I say that our entire financial infrastructure -- American commerce as we know it -- is well and truly at risk these days. Information security breaches are increasing in frequency, degree, scope, and danger to ordinary American consumers and citizens. And, at the end of the day, there's virtually nothing you can do, as a consumer, to protect yourself against what happens to your information while it is in your bank's or financial services provider 's possession and control.
posted by Sean @ 5/24/2005 01:04:00 PM
2 comments
2 Comments:
I wonder if this growing trend in identity-theft is going to change the way we as individuals verify our identities. If social security numbers no longer provide a secure and certain way to verify identity, maybe their importance will be lessened. I don't know what will emerge to take its place, but there has to be some kind of blowback from these scandals. (We discussed a few possibilities in my Internet Policy class, including the creation of an Internet "currency" that would enable all e-commerce transactions to be carried out anonymously--just like a cash transaction--with no need to verify identity, store records, etc.)
I think it's significant that it's not just people participating in e-commerce who are being defrauded. Even if you never make an online purchase, bank online, etc., you can't control how your financial institution manages/protects its records. I suppose as a consumer, you could choose to take your business to a credit company/bank that can promise greater security--but methinks there are few who don't do at least a portion of their business online and are therefore vulnerable. This is compounded by the fact that many of these thefts are inside jobs, involving current employees. It's not necessarily hackers breaking into secure databases.
Maybe the way to combat potential identity thieves is to make worthless any previously held personally identifiable information. If a new standard is enacted, then any existing stolen information would be rendered useless.
It's a fascinating proposition, but the problem becomes that whatever the new standard is, it itself can and will become the target of thefts, unauthorized access, black-market trafficking, and fraud. It's an endless cycle, and truth be told, not a new one. As long as there have been financial systems and throughout their histories -- cash, checks, credit cards, PayPal, etc. -- they have been victimized by criminals, crooks, con-men, and "inside jobs". It's just that the degree of aggregation is greater and the sensitivity is higher than ever before, and both are increasing.
Post a Comment
<< Home