Who's Got Your Data?
Last week, TJX Cos. of Framingham, Massachusetts revealed the news that "a hacker" had broken into its computer systems and stolen confidential customer info relating to credit and debit cards. TJX operates T.J. Maxx and Marshalls in the States, as well as Winners and HomeSense in Canada. It's being referred to as "one of the most high-profile privacy thefts in recent memory".
The Massachusetts Bankers' Association yesterday said that some of the data stolen has been used to make fraudulent purchases in Florida, Georgia and Louisiana, as well as Hong Kong and Sweden. Here in Canada, thousands have already been victimized by fraud, with a possible total of two million vulnerable. All the numbers are expected to rise to between 20 to 40 million worldwide.
Just to add to your sense of security, if you have any left, the day after TJX broke its big news, the CIBC revealed that it had "lost a computer hard-drive" containing personal info on nearly half a million of its Talvest customers. Before you say, "that one doesn't concern me", be aware of this. "Lost" devices are the greatest source of data breaches.
According to a short article by Patrick Di Justo, writing in the February 2007 issue of "Wired", those lost devices account for a whopping 35% of all losses of personal data. Now there's comforting news for you. Di Justo claims that, unlike the widespread image of "numbers being swiped by some brilliant unwashed hacker in a dank basement in Gdansk" the culprit is usually a trusted company employee "dumb-assedly" leaving his laptop on public transit. Hackers, he says, only account for 7% of the data breaches that put us all into such tenuous positions regarding identity theft.
What's really interesting to me in this latest breach is, that after reading Di Justo's article, I came across one at globeandmail.com telling its readers that the U.S. parent company had learned about the breach back in December. Although they realized the intruder had accessed records back to 2003, it took them quite some time before they got the news out to us, didn't it? Apparently, only 31 states have a law requiring companies to notify customers of such security breaches. The closest Canada gets to such a law is the latest call for one issued on January 10, 2007 by the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa. They note that "neither the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) nor corresponding provincial statutes includes an explicit security breach notification requirement". The Globe and Mail lets you know that spokespeople for Visa, offered at four of Canada's five largest banks, and for MasterCard were all "unavailable for comment".
What we're being told here is that the banks allow employees to take home laptops, computers loaded with enough data to have every one of our personal identities stolen, without any provision made for safeguarding that data. Either the employee should bloody well have the laptop welded to their forehead, or they should not be taking them home. If they can't finish their work within regular working hours they're either looking at overtime, or just leaving it for another day. What do we need to make them stop carrying people's identities around and carelessly leaving them behind?
Di Justo lists 19% as the number of customers who switch to another service after one they use announces a security breach. Once you know a few of the above details, you realize there's little point in switching. It would seem that all the big corporations regard each one of us individually as less than worthy of their concern.
Looking anxiously about for hackers is not the necessity so many thought. As Di Justo declares, "We have met the enemy - and he just got off the bus empty-handed."
The Massachusetts Bankers' Association yesterday said that some of the data stolen has been used to make fraudulent purchases in Florida, Georgia and Louisiana, as well as Hong Kong and Sweden. Here in Canada, thousands have already been victimized by fraud, with a possible total of two million vulnerable. All the numbers are expected to rise to between 20 to 40 million worldwide.
Just to add to your sense of security, if you have any left, the day after TJX broke its big news, the CIBC revealed that it had "lost a computer hard-drive" containing personal info on nearly half a million of its Talvest customers. Before you say, "that one doesn't concern me", be aware of this. "Lost" devices are the greatest source of data breaches.
According to a short article by Patrick Di Justo, writing in the February 2007 issue of "Wired", those lost devices account for a whopping 35% of all losses of personal data. Now there's comforting news for you. Di Justo claims that, unlike the widespread image of "numbers being swiped by some brilliant unwashed hacker in a dank basement in Gdansk" the culprit is usually a trusted company employee "dumb-assedly" leaving his laptop on public transit. Hackers, he says, only account for 7% of the data breaches that put us all into such tenuous positions regarding identity theft.
What's really interesting to me in this latest breach is, that after reading Di Justo's article, I came across one at globeandmail.com telling its readers that the U.S. parent company had learned about the breach back in December. Although they realized the intruder had accessed records back to 2003, it took them quite some time before they got the news out to us, didn't it? Apparently, only 31 states have a law requiring companies to notify customers of such security breaches. The closest Canada gets to such a law is the latest call for one issued on January 10, 2007 by the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa. They note that "neither the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) nor corresponding provincial statutes includes an explicit security breach notification requirement". The Globe and Mail lets you know that spokespeople for Visa, offered at four of Canada's five largest banks, and for MasterCard were all "unavailable for comment".
What we're being told here is that the banks allow employees to take home laptops, computers loaded with enough data to have every one of our personal identities stolen, without any provision made for safeguarding that data. Either the employee should bloody well have the laptop welded to their forehead, or they should not be taking them home. If they can't finish their work within regular working hours they're either looking at overtime, or just leaving it for another day. What do we need to make them stop carrying people's identities around and carelessly leaving them behind?
Di Justo lists 19% as the number of customers who switch to another service after one they use announces a security breach. Once you know a few of the above details, you realize there's little point in switching. It would seem that all the big corporations regard each one of us individually as less than worthy of their concern.
Looking anxiously about for hackers is not the necessity so many thought. As Di Justo declares, "We have met the enemy - and he just got off the bus empty-handed."
1 Comments:
Hackers are targeting businesses more and more these days. I was just reading today of targeting specific types of roles within corporations ... even down to individuals ... who may have access to confidential information. You'd be amazed however, at how many people within the business world that are totally against tighter security, as they see it as an inconvenience to them getting their work done.
Post a Comment
<< Home