In Britain, a campaign is underway to suppress the activities of businesses and individuals which trade in the sale of confidential information. While InfoWatch is glad to see the police giving this issue their attention, it urges companies which possess confidential data to be proactive in protecting their own data themselves.
Richard Thomas, one of the heads of the investigation, said in an interview with The Guardian that the police were aware of a substantial number of organisations engaged in the purchase of personal data (bank account numbers, tax declarations, loan repayment information, etc.). He promised that police raids resulting in prosecutions would be forthcoming. Recently, a married couple were discovered who over the course of a year had made Р€140,000 from the sale of private financial information. The information had been acquired by deception.
Investigation of an incident is underway at the Nationwide Building Society. A laptop computer was stolen in a night-time burglary at the house of one of the building society’s employees. The serious concern felt by the organization stems from the fact that a quantity of confidential information about the building society’s members was on the computer.
Nationwide does not specify the nature of the stolen data, describing it as “limited personal data for market research purposes” – which tells us nothing. However, we do know that there were no PIN-codes, passwords or transaction information involved. Disturbingly, experts assert that even limited data ranges can potentially be merged with other existing data necessary for identity theft.
The building society has begun notifying its clients with around 60,000 having been contacted already. Nationwide has a total of around 11 million customers. Some have expressed concern that were such information to become freely available, it could pose a threat to national security.
Nationwide is maintaining silence over the details of the burglary and the investigation, citing the need not to hinder the police in the execution of their duties. But by way of reassurance, they have stated that there has been no other single attempt to breach their system, so no customer has been affected financially. In their announcement, they also state that the company has a strong data-defence system and that it will be made even more robust in the light of this event. Company policy now forbids employees from keeping client personal data on mobile computers.
The Department of Finance appreciates the Nationwide’s speed in making the theft known. They are working together to reduce to a minimum the impact of this event on private citizens.
In America, yet another federal agency has admitted the leak of confidential information via a lost laptop. Over the period 2002-2006 alone, the Internal Revenue Service either lost or had stolen 478 laptops. In addition, 112 of them contained private data about American taxpayers, including National Insurance numbers. The Department cannot say how many millions of people are at risk of identity theft, but they are formulating estimates. The number is likely to be very considerable.
The majority of the computers were stolen. Of these, only 17 were returned. However, the surprising thing is that with nearly 500 incidents – each one of which could have major consequences for millions of US citizens – only 18 of the agency’s employees have been punished.
Under the pressure of public opinion, IRS management issued a statement which concentrated, in part, on the measures planned to increase the protection of taxpayer data. All machines will have an encryption system installed which will encode all data automatically, relieving forgetful operators of the need to remember to do it. But this program is only planned to be introduced in January of next year. When it will be completed is still not known.
Still in America, the police have recovered a laptop stolen from Connors State College, Oklahoma. An investigation is currently underway. The incident occurred on 15th of October. Apparently, a 22-year-old student, Edwin Hesslen, got into the university administration building through a window and stole the laptop which contained the personal information of 22,500 students throughout the state including Social Security numbers, dates of birth and educational details.
Since the laptop was soon found (in the house of the student’s father-in-law), notification has not been sent out to those affected. The administration is awaiting expert opinion on whether the personal data was accessed, but said experts are unable – as yet – to give a definite answer.
Denis Zenkin, InfoWatch’s Marketing Director was sceptical about the measures these organizations have proposed to combat further data theft. He said, “The management of the taxation service of the United States promises to begin a program of data protection on laptops next January? That means that, at the very least, their computers will hold unprotected data for another six months. Their own track record suggests that over this period another fifty laptops will be lost. This means the potential loss of billions of dollars and millions more citizens affected. The Nationwide also has its work cut out – 11 million members is no joke. On the other hand, at least they claim to have already taken certain protection measures. I hope their clients will benefit from them.”
Sources: The Sunday Times, ZDNet UK, Washington Post News, NewsOK.com