Why is it that we keep giving information to government agencies, when we know that nothing good can come of it? Several examples from the last week show just how good government is at protecting personal information you provided to them.
The U.S. Census Bureau accidentally posted personal information of 302 people on its Web site, mixed in with fake data, several times over five months. Employees testing new software accidentally mixed real data from the monthly Current Population Survey in with test data. Since 2001, the Census Bureau has lost 672 laptops, 246 of which contained personal information, most of which were used by census workers in the field.
The University of Idaho accidentally posted the names, birthdates and Social Security numbers of 2,700 employees on its Web site last month. Officials said that there was “no indication that the information was successfully read or used for any purpose other than the reason for which it was created,” according to a notice on a Web site the University set up to disseminate information about the breach.
In Massachusetts, the state Department of Revenue accidentally mailed to 45 Brookline residents a tax form with the name and Social Security number of one of their neighbors, instead of their own. “It’s outrageous when it’s TJX,” one resident said. “It’s even more outrageous when it’s the Department of Revenue.”
And attorney Paul Diambri in Highwood, Ill., e-mailed the names, Social Security numbers, and criminal records of more than two dozen “reputed gang members” to his mailing list of about 500 people. “My motivation was to publicize the fact that there was this gang activity so people would be aware of it, and secondly, hopefully, to motivate the police department,” Diambri said. It worked. The police chief is furious — at Diambri, who apparently just picked up the records at City Hall, where they were allegedly laying out in the city council chambers for months.
Texas legislators aren’t taking Social Security numbers very seriously. They voted to declare SSNs not confidential and allow officials to release them in public records. The attorney general had declared last month that SSNs must be redacted from public documents before they are released. The purpose of the bill, according to its sponsor, is to “get back to business as usual,” which apparently means putting Texans at risk of identity theft.
While not directly related to data breaches, a Web site of the National Oceanic and Atmospheric Administration was hacked last week by Russian spammers, who replaced a section of the site with ads for illegal prescription drugs. These guys are really taking computer security seriously.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Bad Behavior has blocked 2645 access attempts in the last 7 days.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Richard Braakman
Mar 11, 2007
Well, I think it’s silly that just knowing someone’s name and social security number is enough to impersonate them. How did it get that way, and what can be done about it?
Mar 12, 2007
BLOGical Thoughts » Monday, 12 March, 2007
Michelle
May 20, 2007
In regard to Paul Diambri, I would like to add that he not only published many names, adresses, phone number and social security numbers, but most of the individuals were minors. Some of them were as young as 14.
Dean
Jul 17, 2007
Kuddos to attorney Diambri. Mayo Vincent Donofrio and his Eight Dwarfs (the City Council) need some sunlight on their mishandeling of EVERYTHING!
PU Mr. Mayor!