Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/29/2005
02:05 AM
Commentary
Commentary
Commentary
50%
50%

The Perfect Going-Away Gift From 2005: More Consumer Data Breaches

Any doubt that 2005 would be known as the unofficial Year of Lost Consumer Data was swept away in the past week by news of two data compromises that cast a pall over the holidays. First, acting on a tip from a reader, InformationWeek's Larry Greenemeier verified that the Department of Justice, the very agency charged with combating identity theft, had inadvertently exposed on its Web site social security numbers

Any doubt that 2005 would be known as the unofficial Year of Lost Consumer Data was swept away in the past week by news of two data compromises that cast a pall over the holidays. First, acting on a tip from a reader, InformationWeek's Larry Greenemeier verified that the Department of Justice, the very agency charged with combating identity theft, had inadvertently exposed on its Web site social security numbers of people involved in DOJ-related cases. Then, a week later, Marriott Corp.'s vacation timeshare unit, Marriott Vacation Club International, revealed that it had lost backup tapes containing personal data on 206,000 employees, timeshare owners and timeshare rental customers. The reinforced message to consumers is this: You are absolutely helpless.Throughout 2005, consumers have learned time and time again that they can't trust anyone to adequately safeguard their privacy. Not the retailers they do business with. Not the clearing houses charged with storing their credit histories. Not the universities where they earn degrees. Not the banks they entrust with their life savings. Not even a federal law-enforcement agency.

I've said this before, and I'll say it again: These breaches will keep happening, no matter how many great minds are put to the task of preventing them. Why? Because there are just as many great minds--albeit twisted great minds--that are hell-bent on getting to the data. Just as sure as Americans will get drunk in large numbers on New Year's Eve, some household name will find itself in the news in January for losing or just not adequately protecting sensitive customer data. That you can bet on.

But there are things consumers can do to prevent their exposure to such incidents from growing. For starters, they can stop signing up for every loyalty program under the sun, a move that would not only reduce their chances of falling victim to identity theft, but would also free up some space in their over-crowded wallets. They can stop buying stuff online. They can stop using credit cards for every purchase and live within their means by relying solely on cash. And they can stop allowing themselves to be duped by the growing legions of phishers who are out to trick them into willingly handing over the keys to their financial resources with the aid of nothing more than a deceptive E-mail.

Granted, given how far we've traveled down the road to the Internet Age, this is all about as likely as Shakespeare nudging Britney Spears off those lists of the year's most popular search terms. Most of us have become habituated to using the Web to buy stuff and pay bills. We've grown accustomed to providing personal information in exchange for a loyalty card that will get us half off our next case of soda. And we've gotten really comfortable with the idea that we don't have to carry cash if we've got our Visa check card with us. But such convenience comes with a price. The question I keep coming back to is, when will we all wake up and decide that price is too high?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9405
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVE-2020-9406
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVE-2020-9407
PUBLISHED: 2020-02-26
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVE-2020-9398
PUBLISHED: 2020-02-25
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
CVE-2015-5201
PUBLISHED: 2020-02-25
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows r...