When It Comes to Data Breaches, Own Up to It

ITACadmin — Wed, 07 Apr 2010 14:46:11 +0000

We all know that no company or organization wants to be portrayed in the media as “slipping on a bar of soap” when it comes to experiencing a data breach. The TJX breach story received more than 10,000 articles and countless amounts of coverage in the blogosphere. Of course, this is not a feel-good, evergreen story about what an amazing company TJX is — its about the victim of one of the largest data breaches of all time. Of course, the desire to avoid getting bad publicity does not trump the need for an organization to let the victims know that their personal data could be in the hands of criminals. Seems like a something we would learn in a 101-level business course, right? Treat the customer/employee/member with respect and do them no harm.

Well, the U.S. Navy did not get the memo. It took them 17 months to inform employees at the Naval Facilities Engineering Service Center in Port Hueneme, Calif., that their Social Security numbers had been inadvertently released. 17 months is a mighty long time. Check out full coverage of this Washington Post story here.

Retailer JC Penney took it to the next level and actually fought to keep its name secret during court proceedings related to the largest breach of credit card data on record. JC Penney was among the retailers targeted by Albert Gonzalez’s ring of hackers.

Both of these examples should remind all professionals about the consequences of not immediately addressing a data breach. You put your reputation, your business and your customers at risk. Is it really worth digging your head in the sand and hoping the problem will go away??

Supreme Court Hears Challenge to Identity-Theft Law in Immigration Cases

ITACadmin — Thu, 26 Feb 2009 19:19:58 +0000

It is not often that the topic of identity theft makes it to the Supreme Court level. Of course, when it is tied into the larger immigration issue, then things seem to get sticky. And, they sure are getting sticky. The U.S. Supreme Court yesterday heard the oral arguments in a case (Flores-Figueroa v. U.S., 08-108) regarding whether or not undocumented immigrants who use phony Social Security numbers to get work should not be considered identity thieves. The big issue is regarding knowing (or not knowing) that the social security numbers that the immigrants are using — some are basically pulled from thin air — belong to actual people.

According to the defense, many undocumented workers commonly buy ID cards from forgers without any intention of invading someone else’s privacy. In addition, the defense argued that there are roughly a billion possible Social Security numbers, only about 400 million of which have been used.

This is certainly a challenging issue. Thus it made it to the Supreme Court level. The bottom line is that by using someone else’s social security number you are commiting a crime. The real issue here is immigration law. If there were different standards for undocumented workers to be more “legit,” then there would be no need to use other people identities. But, again, that is a different issue all together. What do you all think about this?

ITAC Blog » Social Security Numbers

When It Comes to Data Breaches, Own Up to It

Supreme Court Hears Challenge to Identity-Theft Law in Immigration Cases