RSS
Identity Theft Search Engine Not Such A Wise Idea
from the look,-there's-me dept
With all of the data breaches that have been in the news lately, it's understandable that many people would like to know if their personal information was part of the lost data (hint: it probably was). To meet this need, a new site is offering a way for users to search a database of social security numbers and credit cards that have been exposed. This seems problematic for several reasons. As some are pointing out, it seems dangerous to get internet users into the habit of submitting their personal data on the internet to anyone but the most trusted sites. Even if this particular site is completely legitimate, its mere existence will probably spawn shadier imitators. Furthermore, because the site also offers anti-identity theft solutions, that require the user to enter in more personal information, its own database is likely to be a juicy target for attackers. And then there's the problem of what the user is to do once they see their social security number in the database. Obviously the site would like people to sign up for its own service, but barring that, there's no obvious next step after someone discovers that at some point their personal data may have been disclosed. While monitoring may be an important tool in combating identity theft, throwing a service out there as a come on for a specific identity theft solution, does not seem like a particularly good idea.
13 Comments | Leave a Comment..
- DailyDirt: Autonomous Vehicles
- How Publishers Repeated The Same Mistake As Record Labels: DRM Obsession Gave Amazon Dominant Position
- Park Ranger Tases Guy Walking Dogs Without A Leash
- Brazilian Government Ordering Web Hosting Firms To Kill Domain Names They Don't Like
- Syrian President's Email Hacked... His Password Was 12345
Reader Comments (rss)
(Flattened / Threaded)
The heart is in the right place...
[ reply to this | link to this | view in thread ]
wow...
[ reply to this | link to this | view in thread ]
What if...
Granted, it's confirmation of one that's been leaked and could be under watch, but criminals don't always think that far ahead. Additionally, since most companies are just getting a slap on the wrist, it's not like there's any serious monitoring going on .... and I should know. My company has been dragged through the mud often enough to point this out to me.
In the end, I like the idea that consumers would have one place to go to see if their information has been exposed. However, I think perhaps something in your credit report with the big 3 might be more appropriate.
Since US citizens are now entitled to free annual reports, perhaps adding a mandatory section of "Your information was leaked by:" with a listing of company AND leak date might be better with required reporting of leaks to the credit bureaus.
Heck - step up punishment of the leakers. Require them to pay for quarterly reports to be sent to every POTENTIAL victim, not just the actual victims for a reasonable length of time, but no less than 2 years.
I (obviously) haven't taken the time to think that out, but maybe it's a starting point. Who knows. All I do know is that many systems are broken here and "something needs to be done for the children...." :-) (sorry - couldn't resist the last line)
[ reply to this | link to this | view in thread ]
Personal Identifying Information
[ reply to this | link to this | view in thread ]
Personal Identifying Information again
I definitely agree with punishing the leakers. A good start would be to require them to pay a penalty, say $100,000, to each person whose personal info was leaked, each time!! Nothing is going to fix this problem until the laws regulating this kind of activity have some teeth. As it stands right now, a company faces no penalties for carelessness. It is cheaper for them to do nothing and let your info be harvested.
"Something needs to be done for the children...."
[ reply to this | link to this | view in thread ]
Re: Personal Identifying Information again
and the poor widow woman;
and the abused spouse;
and the out-of-work laboror;
and the handicap;
and the minority;
and on and on and on.
[ reply to this | link to this | view in thread ]
Re: Re: Personal Identifying Information again
[ reply to this | link to this | view in thread ]
Giving Out Your SSN......
[ reply to this | link to this | view in thread ]
hmmm......
[ reply to this | link to this | view in thread ]
ouch
[ reply to this | link to this | view in thread ]
SSN not ID
[ reply to this | link to this | view in thread ]
Brain Dead implementation?
A proper implementation would store a hash in the data base, not the raw data. To query, the hash would be computed locally and the clear text would never leave the user's computer. More importantly, the clear text would not be stored on the central computer.
To receive VC money, someone has to have thought of this ... I hope. Even if the user is entering into a web form, local JavaScript can map the SSN entered into a hash for DB query.
[ reply to this | link to this | view in thread ]
Identity search engine
[ reply to this | link to this | view in thread ]
Add Your Comment