Data Breach Notices Show Tip of the Iceberg 50
d2d writes "The Data Loss Database has released a new feature: The Primary Sources Archive, a collection of breach notification letters gathered from various state governments as a result of data breach notification legislation. The documents include breaches that were largely unreported in the media, many of which are significant incidents of data loss. This lends credence to the iceberg theory of data-loss reporting, where many incidents never break the surface. Now, thanks to the Open Security Foundation, we can 'dive' for them."
Some highlights (Score:5, Informative)
Some of my favorite highlights from recent incidents (I know, I shouldn't RTFM):
Names and Social Security numbers of at least 250,000 found through search engine
Date: 2008-12-02
Organizations: Florida Agency for Workforce Innovation
I guess there are many different ways you an innovate...
Social Security numbers of 341 posted on web
Date: 2008-12-04
Organizations: Economic Research Institute
If it's for research, then it's ok to post on the web...
Stolen laptop contains names and Social Security numbers of "several thousand " employees
Date: 2008-12-11
Organizations: Hewlett-Packard
If you thought only small time loser organizations like the first two on my list where subject to embarrassing data loss, that one would set you straight.
--
http://fairsoftware.net/ [fairsoftware.net] -- Software Bill Of Rights
Re:Use to force 'losers' into warning victims? (Score:4, Informative)
Many (more than half?) states in the US have laws that require companies/institutions to report the loss of this kind of data. The first obligation is to report the loss to the subjects of the data so they can take steps to protect themselves.
Re:Dive For Them? (Score:2, Informative)
Re:Use to force 'losers' into warning victims? (Score:3, Informative)