Wednesday, December 12, 2007

The archeological deposit of trillions of data rats

Here we go again! The use of Social Security numbers for every random, routine activity has left an archeological deposit of trillions of data rats nests scattered all over the landscape of the United States.

Until a few years ago professors at a major US University reported that they had to fill out a new form every semester with all their info INCLUDING SOCIAL SECURITY NUMBER to obtain an activated key so they could access the multimedia cabinet in their classrooms. Most of these forms were faxed top the office where this was done and were stuck in cabinet somewhere.

The announcement of the data breach below follows the industry standard phrase “We want to assure you that there is no evidence that the computer intruder accessed the files containing Social Security numbers.” Usually the lawyers also add “There is no evidence that any of the information has been used in any identity thefts.”

All we can say is “Yeah, right!”

Here is the latest case study for you to study.

DATE: Dec. 11, 2007

TO WHOM? Iowa State University Faculty and Staff:

WHAT? “A security breach recently was discovered on a server in the Office of
Sponsored Programs Administration. Old files found on that server contained the names and Social Security numbers of approximately 2,900 faculty and staff who submitted proposals through the OSPA GoldSheet process prior to Jan. 1, 2006.

“We want to assure you that there's no evidence that the computer intruder accessed the files containing Social Security numbers. Our technical experts believe the primary motive was to store movies and hacker-related software.”

Two servers at OSPA were breached by the intruder, but only one computer contained files with Social Security numbers. The security breach was reported to Information Technology Services staff on Monday, Nov. 26. The server had already been removed from the campus network. A thorough examination of the server over several days yielded files containing names and SSNs.

Over the past couple of years, Social Security numbers have been removed from all central systems and business processes, except where the SSN is required. This incident points to the urgency to inspect old files and remove Social Security numbers that once were a routine part of university reports. If you need assistance in finding protected information on your computer or would like to know more about securing your computer, please contact …………., ITS security.

We regret any inconvenience or distress this security breach may cause.
We do not think it is likely your information was accessed, but if you are concerned, please see the resources below.

If you have concerns or comments on this security incident, please feel
free to contact either of us.

Michael McCoy @
Dr. Steffen Schmidt @


What should I do if I am concerned about possible identity theft?

1. Place a fraud alert on your credit report. This tells creditors to contact you before opening any new accounts or making changes to current accounts. The Federal Trade Commission offers more information on how to place a fraud alert at

2. Get a copy of your credit report from the three major credit bureaus
(Equifax, Experian, and TransUnion) and make sure all accounts on that report belong to you. You're entitled to a free annual credit report from the three major credit bureaus. See:

Labels: , , , , , , ,


Post a Comment

Links to this post:

Create a Link

<< Home

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft -