Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Privacy Security

Data Breach Notices Show Tip of the Iceberg 50

Posted by kdawson from the data-diving dept.
d2d writes "The Data Loss Database has released a new feature: The Primary Sources Archive, a collection of breach notification letters gathered from various state governments as a result of data breach notification legislation. The documents include breaches that were largely unreported in the media, many of which are significant incidents of data loss. This lends credence to the iceberg theory of data-loss reporting, where many incidents never break the surface. Now, thanks to the Open Security Foundation, we can 'dive' for them."
This discussion has been archived. No new comments can be posted.

Data Breach Notices Show Tip of the Iceberg More

Data Breach Notices Show Tip of the Iceberg

Comments Filter:

  • Some highlights (Score:5, Informative)

    by alain94040 ( 785132 ) * on Tuesday December 16, 2008 @08:39PM (#26140089) Homepage

    Some of my favorite highlights from recent incidents (I know, I shouldn't RTFM):

    Names and Social Security numbers of at least 250,000 found through search engine
    Date: 2008-12-02
    Organizations: Florida Agency for Workforce Innovation

    I guess there are many different ways you an innovate...

    Social Security numbers of 341 posted on web
    Date: 2008-12-04
    Organizations: Economic Research Institute

    If it's for research, then it's ok to post on the web...

    Stolen laptop contains names and Social Security numbers of "several thousand " employees
    Date: 2008-12-11
    Organizations: Hewlett-Packard

    If you thought only small time loser organizations like the first two on my list where subject to embarrassing data loss, that one would set you straight.

    --
    http://fairsoftware.net/ [fairsoftware.net] -- Software Bill Of Rights

  • Re:Use to force 'losers' into warning victims? (Score:4, Informative)

    by Daffy Duck ( 17350 ) on Tuesday December 16, 2008 @08:59PM (#26140275) Homepage

    Many (more than half?) states in the US have laws that require companies/institutions to report the loss of this kind of data. The first obligation is to report the loss to the subjects of the data so they can take steps to protect themselves.

  • Re:Dive For Them? (Score:2, Informative)

    by ipX ( 197591 ) on Tuesday December 16, 2008 @09:54PM (#26140719)
    Just follow the RSS feed [datalossdb.org] -- you'll find 2 new breaches every day or more! How is that not fun?!
  • Depends on the state. Some states have strict notification laws - California & Indiana for example - many don't. You can look up your state here. [ncsl.org] For companies that cover the whole country, they typically comply with the strictest law to which they are subject, so you often get the benefit of the strictest law. Some states often require more than just notice, they may require you get several free credit reports, a free credit freeze, or some other remedial measure. Some states require immediate notification when a breach is discovered, but most permit or require a delay for law enforcement - theoretically so that law enforcement can catch the baddies before the baddies know they're being pursued. According to InformationWeek, [informationweek.com] "hard numbers about data breaches are hard to come by . . . [a]ccording to survey of about 300 attendees at this year's RSA Conference, more than 89% of security incidents went unreported in 2007." So who knows how much of it we're actually hearing about. I suppose this website will partially help with under notification.

Slashdot Top Deals

In less than a century, computers will be making substantial progress on ... the overriding problem of war and peace. -- James Slagle

Close