Consumers Data Stolen from LexisNexis 298
LE UI Guy writes "Reuters is currently running a story regarding LexisNexis being tapped into by identity thieves who accessed up to 32,000 customer profiles. Information hit included names, addresses, Social Security and driver's license numbers. This comes on the heels of rival ChoicePoint being breached for 145,000 profiles last month in a similar case. Better check yourself." Update: 03/10 02:40 GMT by J : ChoicePoint's name corrected (and, it may be more than 145,000, they don't know).
Easy solution to this problem (Score:5, Insightful)
Information Wants to Be Free :P (Score:5, Insightful)
These corporations are destroying the value of our essential property: our identities. They demand we give our personal info, without enforcing our copyrights to prevent its being disseminated, then let it get stolen by people who will use it to damage us. When someone rips me off with some personal info they stole from some negligent data warehouse, the warehouse should be liable for my damages, including the work to recover my losses, and the defamation that will inevitably ripple through the endlessly interlinked online infosystems forever. And when compromised, they should pay my identity theft insurance premiums. This free value we deliver to them has a cost when it's abused, and such insecurity abuse is now obviously standard practice.
How can we really know who is affected? (Score:5, Insightful)
I know only the name of my phone company, for example, but I have no clue who they contract with for data processing or billing or marketing. How can we ever really find out if a security problem at one company affects us? These back-end companies are generally companies that serve niche markets and practically no one has heard of them.
Re:Why is it, that Windows based companies... (Score:3, Insightful)
Microsoft isn't just a software company, they are a culture. The people that are attracted to Microsoft value the appearance of convenience to real utility, and they value the appearance of convenience over real security. In the end they don't get utility, security, or convenience.
Basic Database Security? (Score:1, Insightful)
OK, I don't get it. Why are these companies not practicing basic database security? I'm just a lowly programmer but even I realize that sensitive information should be encrypted in the database. Most databases support one way hashes so things like social security numbers can be used to verify identities but stored in non-reversable encryption in the database.
I realize this isn't a complete if your webserver is hacked but at least only thos users who validate their identity then are affected.
For example: Using One-Way Functions to Protect Sensitive Information in SQL Server Databases [sql-server...rmance.com]
*Not* Customer Profiles (Score:5, Insightful)
Re:Tale of woe (Score:2, Insightful)
Sysadmins? Screw that, most of this shit happens with social engineering.
This is getting to be like the Enron/WorldCom type of scandal. Company X coughs up a few thousand files, Company Y coughs up a couple hundred thousand files, Company Z has the fucking barn door wide open and the theives have a battered pickup truck parked on the lawn and they're so damn surprised that it takes place.
So... where's the law that can be leveraged, saying these companies are responsible for keeping this information under lock and key, to hit them with the civil suits they so richly deserve for their laxis maxis business controls?
Comment removed (Score:2, Insightful)
Re:Information Wants to Be Free :P (Score:3, Insightful)
Re:LexisNexis must die anyhow. (Score:3, Insightful)
It's the digitizing of the information that costs money. LexisNexis (and many others) pay somebody $8-$10 and hour looking up public casefiles, writing the information down (or typing it into a laptop) and sending it back to headquarters.
People are willing to pay (handsomely) to have this information at their fingertips when they need it, especially when it comes from a courthouse in another state.
I suspect that as time goes on, there will be more shakeout in this industry as the people with the records try to compete with the big players by digitizing the info themselves and selling it around.
Unfortunately issues such as privacy and security are going to be so much roadkill (as is other online rights are) as we no longer have a government that works on the behalf of the people.
People are going to argue with me about this, but we are ruled by whores. And I consider myself an optimist.
Re:How long it will take .. (Score:2, Insightful)
In Westlaw it's called "People Search." Type in a name and some other information, such as what state the person lives in and Westlaw will give you the persons current address, past addresses, social security number, phone numbers, what elections they voted in, pretty much everything. I had a chance to play around with it about a month ago and was able to find all of the above information about myself. I was pretty blown away. You could even find the above info on Congressman and other high ranking government officals.
The problem is that a lot of information that you think is private it not and its already inside a computer somewhere. For instance if you have a listed phone number, your name, phone number, and address is inside a computer, thus it just takes a simple SQL query to retieve all of your past addresses and phone numbers. And of course since you chose to have a listed phone number all of that information is public. It just was a matter of time until Lexis and Westlaw linked all the databases. They are very good at that type of thing. The only way I see to truly protect your identity is to have a really common name.Re:How long it will take .. (Score:2, Insightful)
Re:Easy solution to this problem (Score:2, Insightful)
the law is... (Score:4, Insightful)
Most people don't think that way, but people who start corporations DO think that way, they recognize valuable property when they see it, and make billions off of millions of people voluntarily giving away their property to them.
If it wasn't stolen from you directly, it's sure not your property anymore. If you donate your old TV to the thriftstore and they get broken into and that TV is stolen, well, "your" TV didn't get stolen, their TV got stolen. If you want to own and keep possession of your TV, well, don't give it away in the first place then. Simple concept, just apply it to your data. It's similar enough for conversational purposes anyway. "IP" ownership is bigtime in business, there's zero reason everyone's personal data "IP" shouldn't be theirs in total.
So people can't really say "their" stuff got stolen, some big companies stuff got stolen, they gave up their rights to full and complete ownership a long time ago. they already got "social engineered" out of ownership, just they don't realise it, or just don't care enough to think it through. Now that same data property down the pike got social engineered again, oh well, guess the original owner didn't care enough to hang on to it.
but, but..we can't live in society without giving our property away! Yep, that's the point, much less than
Re:Information Wants to Be Free :P (Score:3, Insightful)
Re:Heres how they got hacked: (Score:3, Insightful)
Re:You have a point... (Score:3, Insightful)
However, I don't think the comparison with giving away a TV is accurate. One's name, address, phone number, social security number, drivers license number, etc., are attributes that are retained by the one who owns them. This information is simply provided under various circumstances. The fallacy here is that businesses and other entities have taken it upon themselves to decide that the mere act of provision extols upon them a right of ownership. While there are not yet any laws that clarify this, I maintain that it does not, Be that as it may, people must be proactive about how this information is used. Insist that it not be used for anything but the transaction at hand.