Another invaluable CRS report that I came across to, including detailed samples of all the data security breaches in between 2000 and 2005(excluding the ones not reported or still undergoing of course), covering :
- The accident
- Data publicized
- Who was affected
- Number of affected
- Type of data compromised
- Source of the info
Here are some cases worth mentioning as well :
1. Indiana University - malicious software programs installed on business instructor’s computer, November, 2005
2. University of Tennessee -inadvertent posting of names and Social Security numbers to Internet listserv, October, 2005
3. Miami University (Ohio) - report containing SSNs and grades of more than 20,000 students has been accessible via the Internet since 2002, September, 2005
4. Kent State University - five desktop computers stolen from campus, 100,000 people affected, September, 2005
5. University of Connecticut -hacking - rootkit (collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network)placed on server on October 26,2003, but not detected until July 20, 2005
Quite a huge number of exposed people, and 20% of the problem represents lost or stolen laptops or tapes, the rest is direct hacking of course. It's impressive how easy is to get access to sensitive, both personal and financial information though what is already stored somewhere else in a huge and plain-text database for sure. And that simply shouldn't be allowed to happen, or at least someone has to be held accountable for not taking care of the confidentiality of the information stored.
Technorati tags :
security,information security,id theft,security breach,security statistics