Wednesday, May 09, 2007

Identity theft: Cases on stolen laptops, hacking and lost CD

Several cases of stolen laptops and systems hacking which contain personal particulars of some organisations' employees may expose them to the risk of identity theft.

Case 1: (August 2006, Florida)
Scenario: A laptop was stolen from the car of a workeer at the Florida's Department of Transportation.
Data: Personal data of 133,000 Florida residents. (Details of 86,670 driving licence holders, 42,800 airline licence holders and 9,500 commercial vehicle licence holders)
Remark: Protection of the encrypted data were removed during a major network upgrade.
Potential risks: The data could be used to apply loans or credit cards under false names.

Case 2: (September 2006, Ohio)
Scenario: Hackers broke into the systems of an Ohio hospital.
Data: Personal data of 230,000 patients and their family members plus the financial information of 12,000 donors.
Remark: It happened when the hospital was upgrading its systems.
Potential risks: Potential abuse of the data.

Case 3: (March 2007, Notthinghamshire)

Scenario: A laptop was stolen from a hospital office.
Data: Names, addresses and date of birth of 11,000 children aged between eight months and eight years old.
Remark: The laptop was poassword-protected.
Potential risks: The data in the hard disk may not be encrypted.

Case 4: (April 2007, University of California, San Francisco)
Scenario: A university's server was hacked into.
Data: Confidential information such as names, social security numbers and bank account details of 46,000 students, faculty and staff.
Remark: FBI was called in to help in the investigation.
Potential risks: Potential identify abuse.

Case 5: (April 2007, Georgia)
Scenario: A company lost a CD. The company was hired to handle information by the Georgia Department of Community Health.
Data: 2.9 million Georgia residents. Names, social security numbers, addresses and members identification for recipients of Medicaid and other medical programme.
Remark: Data was not encrypted.
Potential risks: Potential identify abuse.

Case 6: (April 2007, Chicago)
Scenario: 2 laptops were stolen from the office of the headquarters of Chicago Public School.
Data: Names and social security numbers of 40,000 teachers.
Remark: The laptops belonged to an accounting firm who was auditing pension contribution made by the teachers.
Potential risks: Potential identify abuse.

Case 7: (May 2007, UK)
Scenario: A laptop owned by Mark & Spencer was stolen from a printing firm.
Data: Salary details, addresses, date of birth, national insurance and phone numbers of its 26,000 employees.
Remark: The laptop was stolen on April 18 in a burglary on a printing firm that had been given the computer so it could process letters to M&S employees about pension changes.
Potential risks: Not sure whether the thief is more interested on the hardware or the data.

Personal Thoughts:
How safe exactly is our data?

Occasionally, I did received calls from some telemarketing companies that promote their products or services. I am very curious how they actually obtained my contact numbers. so, everytime they called , I will pose the same question on how they actually obtain my number.

They replied that it may be due to my friends who had passed to them my business card. The truth is I did not put down my handphone number on my business card. I believe these data were bought from somewhere. But where? The scariest thing was when they actually had most of your personal particulars including your address, credit card numbers and age.

Where is our protection of privacy, specifically on information privacy?
Information privacy is the right of the individual to control the information to be collected from them and the use of whatever information that is collected from them.


Anonymous said...

Last few days, a stranger called me and I asked the same question, "where did you get my handphone numbers?" He said it is from the computer. I'm wondering it is true or not. I want to know the truth also actually.

N.C.H.T said...

I have an interesting experience to share with you on