Recent weeks have brought more reports of personal information theft and loss than I can ever remember occurring in such a brief amount of time. Businesses, schools and government institutions are in deep trouble as their poor data protection policies are proving to be more and more inadequate. Some of the highlights:
Someone at Oregon’s Department of Revenue downloaded a Trojan horse-infected file from a porno website into an agency computer, exposing the names, addresses and Social Security numbers (SSNs) of as many as 2,200 Oregon taxpayers to criminal theft. Laptop computers belonging to the Office of the State Auditor of Minnesota seem to have disappeared, along with the private data of about 2,400 public employees and citizens. Computer equipment stolen from the offices of the American International Group, with information provided by almost 700 different insurance brokers, reportedly contained the personal data of 930,000 people.
The personal data of at least 13,000 individuals was on a laptop computer stolen from an agent of ING US Financial Services. The personal data of 17,000 people enrolled in Humana Medicare was discovered on an unsecured hotel computer. An unencrypted hard drive containing the personal data of most of the 333,000 members of the American Institute of Certified Public Accountants has been missing since February. No reason was given as to why it took three months to report the loss.
Top officials at the Department of Energy (DOE) finally learned on June 7 that a computer thief had made off with a file belonging to the agency’s National Nuclear Security Administration (NNSA). The filed contained the names and SSNs of 1,500 agency workers. Although NNSA administrator Linton Brooks admitted that he had known about the theft since September of 2005, he said that he had not been able to figure out whose job it was to inform his DOE bosses.
Hotels.com was informed by their accounting firm, Ernst & Young, that a laptop computer had been stolen from an employee that contained the data of 243,000 Hotels.com customers. A security breach at Florida International University compromised the personal data of “thousands” of university students. Private data, including SSNs, of an estimated 1.3 million borrowers was “lost” by a third-party contractor working for the Texas Guaranteed Student Loan Corporation, a company that handles federally guaranteed student loans. Unsecured computers belonging to Connecticut’s Sacred Heart University compromised the personal and financial data of at least 135,000 people.
At the heart of these problems is the fact that businesses, schools and government institutions simply do not respect their client’s or their information. It seems that the only motivation that these groups understand is government regulation and citizen-led lawsuits, things that hit them in the pocketbook. Sadly, government and business executives have discovered that they are losing money over the simple disclosure of data breaches, and are rushing to lobby for laws that allow them to keep these breaches hidden. Let’s see to it that they don’t succeed.