Yet another database break-in
Results 1 to 9 of 9

Thread: Yet another database break-in

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Yet another database break-in

    It's interesting to note that its government databases housed by 3rd party contractors. I know that the US gov't wants more transparency for the sake of national security but at what cost is this coming? Are you willing to allow for identity theft to occur regularly? Perhaps some more stringent regulations on how data is to be stored, protected, etc.?

    (I know.. easy to be an armchair quarterback)

    Source: News.com

    Hackers break into U.S. citizen database

    Hackers have gained access to personal information of about 32,000 U.S. citizens on databases owned by publisher Reed Elsevier, the second company to reveal a major breach in the past month.

    The FBI and the Secret Service arm of the U.S. Treasury Department are investigating, a company representative said Wednesday.

    Anglo-Dutch publisher Reed Elsevier said the breach at the Seisint unit was found after a customer's billing complaint in the last week led to the discovery that an identity and password had been misappropriated.

    The information accessed included names, addresses, Social Security and driver's license numbers, but not credit history, medical records or financial information.

    Seisint, based in Boca Raton, Fla., collects data from government agencies, building large databases and ways to extract information from them.

    Reed Elsevier said it is contacting the 32,000 people affected and offering them credit monitoring and other support to detect any identity theft.

    "Law enforcement officials have asked us to keep all this information close because they're hoping to catch up with some of these people," the representative said.

    The problem of identity theft, where criminals run up charges using stolen personal information, has cost companies and individuals billions of dollars, prompting new government legislation and widespread resolve to protect consumers.

    Many of Seisint's customers are law enforcement agencies and financial institutions.

    "There are advantages to attacking those kinds of companies because the information is quite valuable," said Paul Beechey, an IT security specialist who simulates hacker techniques for UK defense group QinetiQ.

    "As the value of what you're trying to steal increases, so does the effort that the bad guys will put into it," he said.

    Seisint rival ChoicePoint, which also sells personal data, said last month it experienced a theft of about 145,000 consumer profiles.

    ChoicePoint is under investigation by U.S. authorities for the breach, as well as for compliance with federal consumer information security laws. Identity thieves set up roughly 50 fraudulent business accounts to gain access to ChoicePoint's data. Law enforcement officials said earlier this month they had found attempts were made to "compromise" the identities of about 750 consumers.

    Reed Elsevier bought Seisint in July 2004 for $745 million and housed it inside its LexisNexis unit. Though Seisint represents only about 1.5 percent of Reed Elsevier's revenue, analysts said the situation could have other detrimental affects.

    "This will harm management's credibility and acquisition track record," analyst Gert Potvlieghe at brokerage Petercam wrote in a morning note to clients.

    Reed Elsevier has weathered some controversy in recent years.

    In December, Seisint founder Hank Asher sued ChoicePoint executives for $1.8 billion, accusing them of undermining him when he was trying to sell the business. ChoicePoint had previously sued Seisint.

    Asher resigned from the board before the company was sold after a state investigation disclosed it had found he piloted planes containing cocaine from Colombia to the United States in the early 1980s.

    Following the Sept. 11, 2001, terrorist attacks, Seisint's Matrix technology, which stands for Multistate Anti-Terrorism Information Exchange, drew sharp criticism from privacy groups when it provided government officials the names of 120,000 people whose personal information supposedly fit the profile of a terrorist.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    Yeah, ain't it fun?

    I'd be more afraid of lawmakers defining what constitutes how data should be stored and protected. I think the HIPPA, SOX and other legislation is adequate. Companies just need to follow the regs in place and perform real risk and vulnerability assessments.

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    HIPPA and SOX are really both covered by a much more important Law....

    It's called "Best Practice"

    'Nuff said?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Nothing is ever 100% secure, even if you're the best and most security conscious person alive, even if you unplug your system...there are ways to retrieve information from other sources about you and your activities...
    in Canada, if you can access a persons S.I.N. from any number of sources and the P.H.C.N. from an equal number of sources...you have access to virtually the entire recorded history of that person...
    from the S.I.N. obtain the A.T.M. info from a number of sources and voila...
    and you didn't even need to inflitrate his computer.
    I know I'm being very simplistic and I know it wouldn't be that easy...I'm just saying that it's like a house...it doesn't matter how secure it is...how many locks or alarms or dogs or partrolmen you have...if someone really wants to get in that bad and is willing to go through the trouble to get in there's not much you can do to stop them.
    The best you can do is protect yourself from the 99.8% that aren't that motivated and hope the other 1.2% ignore you for the bigger fish down the road.

    Speaking of which...MsMittens...how secure is our personal S.I.N. and P.H.C.N. info? We keep reading about American lapses in security...I'm curious as to how secure we are up here?

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    You can follow every regulation on the planet and still get hacked, I think they are doing a good job of notification and restitution by offering credit monitoring. I am more worried about how my data is handled by the visa system at the bar (pub). No one watches them....
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Speaking of which...MsMittens...how secure is our personal S.I.N. and P.H.C.N. info? We keep reading about American lapses in security...I'm curious as to how secure we are up here?
    I'm not sure but IME we seem to have stricter privacy laws and particularly how government handles resident information. Nothing is perfect and if someone is determined they can get the information. Just haven't seen stuff like this. I suppose the last closest one was the theft of some Human Resources Canada drives.

    To me, it's just the amount of ways that someone can get info on someone else, particularly in the US. It seems far more open than in other locales.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Our problem is our government is just too damn big. How do you secure something and enforce compliance with something so damn big. Although the Canadian government is huge as well. I blame Clinton.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    Senior Member
    Join Date
    Nov 2002
    Posts
    339
    I am not going to pretend I know how tight the US government security practices are or what procedure/protocol they use since I am not privy to that information.....though anyone could find this out they still should not wish to be privy to this information since it is not within their legal limits to know. Nor will I assume how they impliment them. Further more I will not assume that they know as much as they like to think they do. I will say this how ever; MS is the most targeted OS in the world not becuase some kid in his basement said to himself 'Hey their are a **** ton of vulnerbilities in this piece of poo'. It is the most targeted because it is the most popular OS. America is, unfortuatly, the most popular continent. Our government screams out for attention in more ways than one. If canada was run by a bunch of egotisticle ****s like our country is then they would be the number one target. In summeration, sure there may be things that our government can do to be more secuirty consiounce (sp?) but as was said....when you have a big bulls eye on your fore head in the middle of times square...who do you think the sniper is going to go after first? Just a thought.
    Don\'t be a bitch! Use Slackware.

  9. #9
    Junior Member
    Join Date
    Apr 2004
    Posts
    1
    I think thumbprint or rf tag implant is coming very soon to open up a line of credit. Now if people treat this as if the company that they do business with ( technically if they have your information there is some kind of business involved in there somewhere) lost or misplaced a document and someone went out and bought a whole lot of stuff pretending to be you I think the company that handles that information should be liable. I see too many excuses for poor security claiming the government is behind the times on securing personal data. For that matter how is it that the government gives these companies this data without checking to see if they are secure? National Insecurity seems like an immenent headline.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •