RSS
Inside Job Blamed For Leak Of 2.3 Million People's Personal Info
from the it-wasn't-our-fault dept
The latest massive data leak comes from Certegy Check Services, a Florida company that provides check-processing services. Personal information, including credit card and bank data, on 2.3 million people was stolen, with the company blaming a "rogue employee." They say a former database administrator stole the data, and sold it to a data broker, which then sold it to direct-marketing agencies, which used the info to solicit the people by phone and mail. They hasten to add that they don't believe any of the info has been used for identity theft, and they've asked a court to tell the companies to turn the data back over to them and not use it any longer. Of course, there's no guarantee of any of that. For a long time, this sort of inside job has been been a huge security problem for many companies, and little has been done about it. Just as we've wondered why some people think it's a good idea to carry 25 million people's personal info around on a laptop, it's also not clear why so many companies retain personal info, nor allow so many employees unfettered access to it. But as long as the corrective measures to data leaks remain to be weak reactive fines, don't expect anything to change.
14 Comments | Leave a Comment..
- DailyDirt: Live Performances Get Attention, Sometimes For Being Kinda Bad...
- Redbox Follows Netflix's Lead, Delays Fox and Universal DVD Releases by 28 Days
- Post TSA's New Security Rules And Get A Visit And Subpoena From Homeland Security
- Getting People To Pay For Investigative Reporting Directly
- Not All Newspaper Chains Are Facing Doom And Gloom Scenarios
Reader Comments (rss)
(Flattened / Threaded)
"unfettered"?
I doubt that a "database administrator" has "unfettered" access to a database. I'm sure s/he has an account with password protection via PC with a USB drive just like 99% of the rest of the commercial world.
In fact, due to Sarbanes / Oxley, companies have to prove (attest w/ external auditor) that only the required people have access to data like that. So if it is a publicly traded company with a market cap in excess of $1MM, it is hardly "unfettered".
The other points are good, however.
[ reply to this | link to this | view in thread ]
Er, it's rather hard to imagine the database administrator not having access to the contents of the database, and still being able to do his job. :)
[ reply to this | link to this | view in thread ]
Re: "unfettered"?
[ reply to this | link to this | view in thread ]
Re: "unfettered"?
[ reply to this | link to this | view in thread ]
Re: "unfettered"?
That was my point.
But, hey, you guys just keep on making this an unfriendly place to comment on and guess what - people will stop commenting. Good job. Assholes.
[ reply to this | link to this | view in thread ]
Re: Re: "unfettered"?
[ reply to this | link to this | view in thread ]
DBA
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Separation of roles
[ reply to this | link to this | view in thread ]
Way to go
[ reply to this | link to this | view in thread ]
This is the symptom of the problem
Companies need to stop obsessing about the almighty $$, start concerning themselves with their employees (the life blood of their operation) and their customers (where the money comes from in the first place), the $$ will follow. With the continuing downfall of corporate workplaces, I feel we will see more and more of this in the future.
[ reply to this | link to this | view in thread ]
Re: This is the symptom of the problem
Undoubtedly, there had to have been at least 2 people in on this job - obviously the IT or Security types weren't in on it...
[ reply to this | link to this | view in thread ]
Re. Unfettered v. IT Security
Until there are good legislative kick-ass penalties, companies won't give a f$ck about our personal data. If they got hit with a fine of 10 bucks per person for the leak...
[ reply to this | link to this | view in thread ]
Instead, I'd pop in late one night looking like the dedicated if underappreciated loyal employee, do some fiddling with computers, and leave, as often is the case. Only the next morning the guys in the three-piece suits with the seven-figure annual salaries are greeted with garbage data and an email saying "I have the decryption key. Give me three billion dollars in small, nonsequential, unmarked bills and get me to Rio on the company jet and you can have it. Send the cops or anything like that, and I rip up the paper I wrote it on and set it on fire. Oh and I won't be able to remember it afterward, it's a 256 bit key. Have a nice day."
[ reply to this | link to this | view in thread ]
Add Your Comment