Two large leaks of personal data came to light over the past week – in Israel and in South Korea. In both cases, access to the information was made available via the Internet. In the Israeli case, the Population Registry found its way online. And in South Korean case, governmental and other sites were found to allow free access to citizens’ personal information. InfoWatch experts think that that both cases indicate the complete absence of a working policy of confidentiality protection.
In America, recently hardly a week has gone by without news of patients at some hospital or other coming under threat of identity theft. Added to that, there are occasional leaks from the Department of Veterans’ Affairs. Last week, there were two cases, one concerning a medical organization and the other veterans. InfoWatch experts think that the IT-security situation in US medical organizations is bordering on critical.
Last week turned up only two cases of confidential information loss from mobile computers, namely, the theft of a laptop from a professor at Rutgers University, and a laptop which went missing from a building company in Berkley. Both cases involved sensitive personal information. At the same time, it is pleasant to report that both cases occurred last year. Could it be that users of confidential information have started to protect their data better this year? InfoWatch experts suspect that this is merely a temporary lull.
A leak from the Hawaii health department puts 11,500 families on the island under threat of identity theft. At the same time, the personal data and income information of more than 5,000 students at Vanguard University has been stolen. In both cases, the victims are recipients of welfare support. InfoWatch experts consider that an insider is no respecter of persons – and people with any sort of income can equally easily fall victim to an attack. In these cases, the stolen information was badly protected.
A leak of various financial information – including transaction details and credit card numbers – has tarnished the reputation of TJX Companies. Thousands of customers from the US, Canada, Britain and Ireland were affected. Representatives of the company are hard put to assess the economic damage, but InfoWatch experts are talking in terms of millions of dollars.
There have been several large leaks of private citizens’ data over the last few months in Russia. The Valuehost hosting company had its client database put on the open market, as did 10 large Russian commercial banks. And now, we have the case of Korbina Telekom. In each case, experts have not been able to say with certainty whether the newly “opened” database was genuine or not. However, the saddest thing – according to InfoWatch experts – is that it is impossible to call to account the thieves who stole and disseminated this information.
Information continues to come in from news agencies regarding leaks from last year. Either the leak was not noticed immediately, or it was thought that the stolen data would be restored very quickly. North Carolina’s finance department did not immediately report a leak since it believed that the thieves had no idea of the value of the information in their hands. Other leak victims were cadets at a British air cadet corps and patients from a hospital in Lymington. InfoWatch experts point out that take-up of proper protection measures against leaks is too slow.
The InfoWatch analytical center calculates that the most common information leak channel in 2006 was mobile devices. As though confirming this view, at the beginning of January news agencies continued reporting multiple internal security incidents arising from laptop use affecting tens of thousands of victims among Tower Perrin clients, more than 100,000 clients of ERS, and also 70,000 students in Moscow and North Charleston. According to InfoWatch experts, this tendency will continue into the first third of this year at least.
According to Moscow’s media, a database made up of “prostitutes’, pimps’ and brothel owners’ address books” is now for sale on the open market. The database contains explicit personal details on the private patrons of the aforementioned places of ill repute. Access to the database costs only 1,500 rubles (58 USD / 43 euro) and – or so the sellers claim – allows one to find out about the foibles of members of the Duma, bankers, high-ranking officials and military personnel. At first sight, it would seem to be a leak originating with the Ministry of Internal Affairs.