Sunday, November 25, 2007

BBC article on UK data breach suggests why we are never sure if the information is used by criminals

Now that we KNOW the loss of computer discs containing the vital statistics of 25 million children in the UK wasn't caused by one person, everyone is probably going to start arguing (whether or not?) criminals are using the information.

Even worse, it's now been revealed that unencrypted discs with a lot of personal information were being sent snail mail as a routine method of transport.

Mark Ward at the BBC wrote an interesting article that suggests why we often aren't sure if the information is being used. In the article, he writes:

"In the fraud underworld the quality of data directly impacts the flexibility with which they can use it," said Andrew Moloney, financial services market director for RSA Security.

The more data you have around a subject the more different ways you can use that to commit fraud."

There was no evidence yet that the data was being talked about or sold on the fraud boards and net markets that his company monitors, he said.

However, most vendors of stolen data rarely mention where they got it from. Instead, they typically only mention its quality.

The bottom line is it can be almost impossible to track any one case of identity theft back to it's source. Furthermore, the criminals selling and buying aren't likely to advertise where they got it from.

Transparency is bad for criminals, also. It tends to get them arrested.

At this point in time, there have been so many data breaches we probably have no idea where the information came from when an identity is stolen.

The BBC article also covers a lot of common sense factors relative to protecting information. Time and time again, we discover that a lot of data breaches could have been prevented by using a little common sense.

The full BBC article (excellent read) can be seen, here.

The Privacy Rights Clearinghouse, Attrition.org and PogoWasRight are my favorite places to TRY to keep up on all the data breaches. As of this writing only PogoWasRight has information on this particular data breach.

Of course, these are only the occurrences that have been reported. My guess is there are probably many more that no one knows about.

Another safe bet is that the next big data breach not reported yet is probably happening right now!

No comments: