Robert L. Scheier (courtesy of InfoWorld) wrote an article about this that is getting a lot of play in the press:
Today's electronic world is a risky place for your personal data -- and it's not getting any safer. More than 158 million data records of U.S. residents have been exposed as a result of security breaches since January 2005, according to The Privacy Rights Clearing House, a nonprofit consumer rights organization.
As fast as banks, merchants and consumers add new layers of security to their storage systems and network, say security analysts, new technologies -- or simply careless users -- create new security holes that aggressive and sophisticated identity thieves eagerly exploit. The result, says Avivah Litan, a vice president and distinguished analyst at Gartner Inc., is that "things will get worse before they get better."
Whether information is being stolen by phishing, pharming, hacking, insider theft, or common dumpster diving - the problem seems to be growing by leaps and bounds.
An interesting aspect, which I've covered in previous posts is that criminals seem to be using technology as a marketing tool - just like their counterparts in more legitimate businesses:
Criminals are also getting smarter. Larry Ponemon, chairman and founder of Ponemon Institute, which conducts research on privacy and security issues, calls it "inverted customer relationship management," in which criminals target the wealthiest individuals for their attacks.I found this particularly interesting because a reasonable person would have to question, who is selling them these lists?
Some are even buying marketing lists to piece together profiles of "who's got the Platinum [American Express card] and who's got the account with Merrill Lynch and who doesn't," says Litan.
In the most recent high profile data breach to hit the news at Certegy, a dishonest insider sold the information to a broker. Interestingly enough, as far as I know, this information broker has yet to be identified. The next question might be - who did the information broker sell the information to?
Recently, another data broker (InfoUSA) was pegged for selling marketing lists to sweepstakes scammers.
Perhaps PogoWasRight, who states "We have met the enemy and he is us" hits the reason for the problem right on the nose.
A lot of people are making billions, if not trillions of dollars making it easy to use information. So much information has been plastered in so many places, we seem to have lost track of it all.
This gives the criminals behind this phenomenon a lot of places to steal, or even buy everything they need to commit identity theft.
Another sad statistic is that these criminals seem to rarely get caught. Pretty sure the last statistic I saw was less than 1 percent. This makes it a pretty lucrative criminal enterprise to be involved in.
Despite this, we still don't have a law that addresses data breaches?
With the elections coming up, perhaps we should be asking our elected leaders, why this is the case?
The only way to turn this trend around is to make everyone involved in it, more accountable.
Interesting article by Robert L. Scheier, here.
The article mentions statistics gathered by the Privacy Rights Clearinghouse, which I quote frequently. Other places that gather information on this are PogoWasRight and Attrition.org.
And all of them will be the first to tell you - these are only the breaches we know about. The mysterious criminals stealing the information would rather not disclose, who they are stealing IT from. Of course, the people getting the information stolen from them would probably rather not make it public, either.