About

My Photo

Contact Jaime

« 86% of the credit/debit cards advertised for sale on hacker (underground) community were issued by U.S. Banks | Main | AP: 16,000 Social Security Numbers and Payroll Data At Risk On Stolen Government Laptop »

Thursday, 22 March 2007

State of Indiana: 71,000 healthcare workers had social security numbers accessed by computer hacker

The Associated Press is reporting that on January 3 a computer hacker who broke into a State of Indiana web site.  The computer thief managed to access 5,600 credit card numbers belonging to individuals and businesses and in the process obtained the personal information including Social Security numbers for 71,000 health care workers.

The State of Indiana sent letters to those affected by this data breach in March after an audit was completed following the January 3 data security breach.  I find the delay unacceptable between January and March for notification to those affected .   Although data security investigations take time to complete, the state government should have been more open in disclosing this data theft much earlier to the general public. 

Note government agencies and business entities:   Please, please, please establish, continually test, and audit your on-line web applications for security vulnerabilities.  Research has been indicating for a several years that on-line attack are targeting the applications.  The technology and data security technologies for protecting personal and financial information are available today.  There is no excuse for poor information security governance and practices.

Note for consumers: When an organization tells you they have completed periodic security testing of their web sites which hold your personal information, ask for details on what type of security testing was conducted.  If a business or government agency touts they perform "periodic network security scans" that is not a true application security audit conducted by skilled application security specialists.  Most success data theft attacks happen because of poor application security.

As consumers and citizens, we need to start holding companies and government agencies more accountable for how they protect and manage the security of our personal and financial information. 

FortWayne.com
http://www.fortwayne.com/mld/fortwayne/news/local/16945009.htm

Federal Trade Commission
http://www.ftc.gov/idtheft

The Open Web Application Security Project
http://www.owasp.org

Posted by Jaime Chanaga on Thursday, 22 March 2007 in Current Affairs |

Digg This | Save to del.icio.us

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.