TAG | identity theft
Irish Data Protection Commissioner Billy Hawkes has stepped in to have a database of civil registration records removed from the website IrishGenealogy.ie. The problem is that the database contains information on living persons which is often used for identity verification.
That would include things like mother’s maiden name and birth date. While these are public records, previously they had required payment of a fee, and it was not easily searchable on-line.
Of course, in the era of social media, these kinds of authenticators should have been disposed of long ago. Too many of them can be easily discovered by looking through Facebook accounts and the like.
This case also highlights the troubling nature of public records. In the past records were public in the sense that anyone could go to a government building and access the paper records. They could not be easily be searched as a whole, and the entirety of the records pulled into a private database. This is a kind of security by obscurity, but a useful one. With Internet records, many people are not comfortable with just how public much of this information is. The old inconvenience placed a low but real barrier to data access, effectively insuring that it was only done for specific people and for specific purposes. It is not at all clear how to get that without loosing all the advantages of Internet accessibility.
Brian Krebs has written an excellent discussion and analysis of credit monitoring / credit protection services, and some steps you need to take to protect yourself. You should read it.
Welcome to episode 13 of our podcast for September, 2013.
In this episode I will talk about:
A major security breach at Adobe
How airplane mode can make your iPhone vulnerable to theft
Russian plans to spy on visitors and athletes at the winter Olympics
Whether you should move your cloud storage to the EU to avoid surveillance
Identity thieves buying your personal information from information brokers and credit bureaus
How to stop google using your picture in its ads
Why carelessness lead to the capture of the operator of the Silk Road
And how Browser Fingerprinting allows websites to track you without cookies.
Please let me know what you think, and leave suggestions for future content, in the comments.
Krebs on Security discovered that a major identity theft service populated its databases by raiding the vaults of three of the biggest personal information brokers, including LexisNexis, Dun & Bradstreet, and Kroll Background which does employment background, drug, and health screening.
This is very bad news. The stolen data includes SSN, birthdays, and the answers to almost any security question your bank or other sensitive website might ask.
This is further evidence of my thesis that: if the data exists, it will eventually get out.
Brian Krebs has an interesting blog post on how all of the credit card information was stolen by a hacker from a website that sells stolen credit cards.
This is in the “don’t know whether to laugh or cry” department.