Saturday, July 17, 2010

Another Major Iowa Data Breach -




For those of you who don't read the Des Moines Register (That's now almost everyone in Iowa and the world!) here was a short story that most folks did not see except the 93K and their families and fiends who were affected.

(Left - Screen shot of Buena Vista Homepage by Schmidt, 7-17-2010)

By JENS MANUEL KROGSTAD
Des Moines Register

"A database security breach may have exposed personal information of 93,000 people associated with Buena Vista University.

Buena Vista officials in Storm Lake began notifying people Thursday that the privacy of thousands of names, Social Security numbers and driver's license numbers dating back to 1987 may have been compromised last month.

University President Fred Moore said there is no evidence the information has been misused or sold. He apologized for the incident.

The university is offering free credit-monitoring protection and $25,000 fraud insurance for a year to those affected. It hired global auditing firm KPMG to investigate the breach.

Moore did not specify how much the security breach has cost the university, but said it has required a "significant amount of resources." The expenses won't affect tuition, the university's budget or any of its programs, he said.

The school has updated its security policies and procedures. Moore did not detail the changes, citing security concerns. The school's security procedures prior to the breach were evaluated by the auditing firm and were deemed to be comparable to those found at other institutions, he said.

"We're taking steps to upgrade and tighten the security of our network. Unfortunately, no network, no matter how tight, is impervious," Moore said." DSM Register and AP info

So if BVU had a security system comparable to other institutions were are all royally screwed as we used to say! It is just NOT enough to slouch along with sensitive security. There has to be an aggressive push back, a 24-7 command center for data security where every suspicious activity is monitored like NORAD monitored every blip on their radar screen.

We need a new "culture of security" not just some IT guy doing security as part of other jubs which is how most security systems in business, government, and education operate today according to a private, confidential audit we saw in June.

There is almost - No ID Theft Awareness training. No Due Diligence. No FACTA or Red Flag compliance.
And NO penalty for data losses! No punishment for lax security.

Someone really needs to sue in one of these data loss cases (TJ MAXX would have been a good one) and get a big class action settlement to shake up those who manage sensitive identity information. Nothing like a good "spanking" to get data managers on the ball.

Buena Vista University's new slogan should be - "Confidently NOT in Control!"

.
.

1 Comments:

At 3:48 AM, Anonymous Anonymous said...

Identity theft is an insidious evil of the computer age. We all tend to believe that if "it" is stored on a computer it must be the truth, and no one really realises how easily data can be changed and manipulated.

In this age data is collected in numerous ways - RFIDs on your credit card or passport show what you buy and where. A lot of stores use RFID as stock control. These RFID tags are activated by passing a reader - anywhere. So many products carry RFID now - WalMart just announced they will be including them. Automated toll systems carry RFID therefore it can be seen that your voyage in a car has happened and at what time. The same holds true for public transport passes.

All the discount cards and loyalty cards carry RFID and so it can be seen that it is comparatively easy to build a personal profile of what an individual is purchasing, where they are, what credit rating they have and so, so much more.

This leaves the field wide open for identity theft. There is more data on any one individual these days than there ever has been and personally I would find it odd if this data is not being stored somewhere. In much the same way as CCTV information is stored.

There is a good article to this at a site called Time to Awaken and includes many links to similar information sources.

 

Post a Comment

<< Home

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft