August 15, 201
There is NO secure database.
Again and again, in the face of concerns over the security of the ever increasing personal information collected on each and every one of us, we are told not to worry, that the system is secure and highest regard is given to our legal and personal concerns.
Not only is it not possible for any database to be entirely secure, again and again we find that these agencies have not taken even standard and reasonable precautions to protect these data.
Such is the case with 74 police agencies that were recently hacked by a group of anti-authoritarian activists using unsophisticated means of intrusion that could have easily been guarded against.
Government and corporations are investing a lot of time, money and energy gathering, storing and sharing volumes of personal data on us. They are investing much less in protecting our information. And yet we are constantly asked, forced or coerced into giving up more and more.
As reported by Government Computer News;
An analysis of 10G of data reportedly stolen from scores of local U.S. law enforcement agencies found that hackers obtained and exposed names, addresses, Social Security numbers and more for thousands of individuals.
“It’s quite bad,” said Todd Feinman, chief executive officer of the security company Identity Finder, which analyzed the data posted by the AntiSec campaign.
The posting exposes nearly 2,000 individuals to the risk of identity theft and other unwelcome revelations, and is compounded by the fact that the impact could have been easily mitigated.
Nothing that the hackers did was sophisticated,” Feinman said. “There were insufficient security controls by any reasonable standard,” and the personally identifiable information should not have been kept or should have been redacted or otherwise protected.
. . .The files contained some sensitive information on police investigations and persons who were involved in the investigations. Identity Finder analyzed the files to locate personally identifiable information in them. The scan found:
- 1,923 unique Social Security numbers.
- Eight credit card account numbers.
- 4,661 unique passwords.
- 57 bank account numbers.
- 53 driver’s license numbers.
- 2,058 unique dates of birth.
- 17,105 unique phone numbers.
- 7,165 unique postal addresses.
- 1.5 million non-unique e-mail addresses.
Feinman said that all of the Social Security numbers were associated with names, addresses and dates of birth, which would make them valuable for use in identity theft.