Monday Morning News Kick Off: Largest Data Breach of Student Loans Ever and U.S. Eyeing Cybersecurity Ambassador Role

Welcome to the Monday Morning News Kick Off post on the ITAC blog. As always, we have compiled all of the latest and greatest news regarding identity theft, data breaches and cyber security. We know we sound like a broken record when we say that there is never a shortage of news to highlight. Cyber security has become such a major issue that the U.S. is considering creating an ambassador-level position for negotiating cyber security matters at the United Nations. Cyber security is going global. It’s about time. To read about this and many other key stories, scroll down and happy Monday.

U.S. Eyeing Cybersecurity Ambassador Role
The U.S. is weighing the creation of an ambassador-level position for negotiating cybersecurity matters at the United Nations and for ensuring the country has a consistent international policy on the issue, according to the Wall Street Journal. Both the U.S. State Department and Congress are considering the creation of such a role following the recent attacks on Google and numerous other high-tech companies, the Journal said, citing several unnamed sources. The proposals include a plan to develop policies tying foreign aid to a country’s willingness and ability to fight cybercrime originating from within its borders. Read the full Computerworld story here.

Data Theft Hits 3.3 Million Borrowers
Company and federal officials said they believed last week’s theft of identity data on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan borrowers. Names, addresses, Social Security numbers and other personal data on borrowers were stolen from the St. Paul, Minn., headquarters of Educational Credit Management Corp., a nonprofit guarantor of federal student loans, during the weekend of March 20-21, according to the company. ECMC said the stolen information was on a portable media device. “It was simple, old-fashioned theft,” said ECMC spokesman Paul Kelash. “It was not a hacker incident.” Read the full Wall Street Journal article here.

Cyber Attacks Reported By 100% Of Executives
Seventy-seven percent of C-level executives in a 115-person survey conducted in the U.K. say their organization has experienced a data breach at some point and all of them report attacks targeting corporate data in the past 12 months. These findings come from a study released on Wednesday by IBM, a company that sells data protection services, and The Ponemon Institute, a privacy and information management research organization. Larry Ponemon, founder of the group that bears his name, said that survey shows a shift in the way C-level executives think about security software. Investing in data protection, he said, is now seen as less expensive than recovering from a data breach. Read the full InformationWeek article here.

Identity Theft Ring Hits Northwestern Doctors’ Group’s Patients
They boasted of their purchases in Facebook photos that showed them flashing shiny jewelry while eating at Ruth’s Chris Steakhouse in their brand-name outfits — the tags still attached, authorities said. In what Cook County Sheriff Tom Dart described as a “sophisticated identity-theft ring,” a janitor stole data from as many as 250 patient files at a Northwestern University physicians’ group and, with the help of her two sisters and friends, used the personal information to charge more than $300,000 in jewelry, furniture, appliances and electronics. They sold the goods to friends and relatives, pocketing the profits, the charges alleged. Read the full Chicago Tribune article here.

Cybersecurity Bill Passes First Hurdle
A closely watched bill that promises to introduce some major changes on the federal cybersecurity front was approved by the Senate Commerce Committee today just days after it was introduced by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine). The proposed legislation is called the Cybersecurity Act (S.773) and is a revised version of a bill that was originally introduced by the two Senators last year. It seeks to improve national cybersecurity preparedness by fostering a closer collaboration between the government and private sector companies, which own a vast portion of the country’s critical infrastructure. Read the full Computerworld article here.