Biggest ID Theft Hack of 2010

The story below is all too familiar to us. Massive quantities of highly sensitive data are breached. An institution freaks out and comes up with a good response. the response is the same as always and the solution is standard operating procedure SOP. Hundreds of thousands of people's tranquility is now shaken for many years going forward. Our defenses are still ridiculously weak against cyber attacks. Our attitude is not urgent and we move on to the next attack.

Here is the story.

Published: December 16, 2010 in the New York Times

Ohio State University is notifying about 760,000 people whose personal information was stored in the university’s computer server that a data breach could put them at risk for identity theft.

The university, located in Columbus, began sending letters on Wednesday to current and former faculty and staff members, students and applicants, telling them that hackers had broken into the server that stored their names, Social Security numbers, dates of birth and addresses.

The university said that although there was no evidence that the information had been used for identity theft, it was nonetheless offering a year of free credit protection to everyone whose data was on the server.

“We regret that this has occurred and are exercising an abundance of caution in choosing to notify those affected,” Joseph A. Alutto, the university provost, said in a news release.

While suspicious activity on the server was discovered in late October, said Jim Lynch, a university spokesman, the disclosure was delayed to give Ohio State time to investigate and set up support systems, including a call center, for those affected.

Mr. Lynch said that as soon as the university found that unauthorized people had logged into the server, it hired computer forensic consultants to investigate.

“They found no evidence that any of the data was taken out of the system,” he said. “They did find evidence that the purpose of the unauthorized access was to launch cyberattacks on online business entities. Apparently, if you’re going to flood a company with e-mails, you don’t use your home computer, but you slip into someone else’s server.”

While dozens of universities have been plagued by hackers gaining access to their servers, the Ohio State intrusion was, by far, the largest breach of security this year, according to the Privacy Rights Clearinghouse, a nonprofit consumer group.

Paul Stephens, director of policy and advocacy at the clearinghouse, said that despite the university’s assertion that no information had been taken from the server, people whose information was compromised should take heed.

“If it were me, obviously, I’d take the year of credit protection,” he said. “The fact that there are Social Security numbers involved makes it somewhat worrisome. On the other hand, one can take some comfort in the fact that there are so many records involved. Would it be physically possible for a criminal to use them all?”

Those who could be affected by the breach can get information at www.osu.edu/creditsafety.

Now the question for you, class, is - "What in this story is the typical response of companies, government entities, or organizations that have sensitive data intruded upon?"

The answer -"There is no evidence that identities were stolen or crimes committed."

Of course y'all KNOW that that is an unverifiable statement because criminals don't use hacked data right away.

Amazingly someone who should know better said there was too much data stolen for criminals to use it all. Oh Really!? Have you not heard Mister, of the vast retail ID information market on the Internet where millions of pieces of information and identities are bought and sold every day?!
.
.
.