Missing Records UCLA- Fidelity

Missing Records?

Summary:
It is better to assume that nothing is "secret" with the mass processing of personal information combined with the sloppy manner in which it is being handled. The chances are pretty good your personal information can go missing or be brought and sold- relatively cheaply.

Purpose:
To provide some examples on how you can help protect your personal identifiable in a connected world. Between government's obsession to pry into everyone's lives and the corporate desperate, insatiable appetite for finding new ways of selling you something- chances of retaining much privacy are limited at best.

Protect yourself.

Internet Security software for help prevent ID theft
Computer security software

Problem:
Large database of personal information are prime targets for thieves, as illustrated by the breach at the University of California in November 2006. In this case, we question the need to have 800,000 past and present records readily accessible in the first place. We suppose the purpose of this database was to manage and handle inquiries for transcripts, provide past employment information and for updating current information- marks, status and payments. Even when breaches are discovered even governments just seem to just fall all over themselves with disregard for the safety of Public information. - B.C. story below.
We feel there is no practical reason why historical Alumni information needs to be instantly on-line. Tough procedures for accessing these records need to be in place though not as convenient- it helps to prevent these massive thefts. People can wait a day or two in for their archived information in the interest of everyone's safety- as a whole.
Unfortunately, these stories occur on almost a daily basis. Computers have made it much easier and cheaper for companies and government to improve service. It is mind-bogling that they do not spend a fraction of these savings on proper security. We imagine it will take some severe legislation to reverse this trend. In the interim, it is up to all of us to protect our own interests. Should you become an unwilling victim, there are credit repair services that can help.
Here is what business' in the USA are supposed to do when they uncover a breach. We expect many more breaches in 2010 as organizations cut back on computer personnel & security spending. Add more organized crime, insurance companies, credit card companies, credit reporting agencies and banks that compile, harvest and sell your data, the problem of id theft will continue to rise. We expect governments to back off any meaningful legislation targeted at protecting your privacy with severe fines and enforcement for the time being due to economic strain. As such, it is more important than ever to protect your own security and identity by only sharing the absolute minimum information with others. If you do not feel the request is in your best interest- just say "No!"

Examples:

January 30, 2010- VANCOUVER- CANADA
Review finds B.C. government officials botched handling of privacy breach
BY ROB SHAW AND LINDSAY KINES, VICTORIA TIMES COLONIST
Mistakes, missed opportunities and bureaucratic bungling led more than two dozen officials to botch the B.C. government’s response to a major privacy breach, according to a scathing internal review released Friday. The investigation found supervisors in four provincial ministries used poor judgment and failed to alert the right people to handle the breach. But nobody will be fired, because the failure was so widespread across so many officials that it cannot be pinned on one person, concluded the review. “The judgment exercised in the many decisions made as events unfolded fell short of the due diligence that is expected of the public service,” said Allan Seckel, B.C.’s deputy minister to the premier and head of the public service. The numerous mistakes added up to an “inadequate response,” said Seckel. “No one person can be faulted or pointed to as the sole cause of any failure to respond or take action.” The government report follows a series ofTimes Colonist stories last year that revealed the personal data of 1,400 income-assistance clients was found in the Victoria home of Richard Ernest Wainwright, a supervisor in the youth and special-needs office of the Ministry of Children and Family Development. Wainwright had a criminal record for credit-card fraud and counterfeiting offences, and the RCMP was investigating whether he used false identity documents in the name of Richard Ernest Perran to get his government job. The RCMP found no evidence that clients’ personal information was compromised and Wainwright has not been charged with any offence. The case, however, raised questions about how Wainwright avoided pre-employment checks, why he remained on the job for nearly seven months after the breach was discovered, and why it took so long to notify the government’s clients. Wainwright was arrested inside a government office in Victoria on April 7, 2009. A subsequent search of his home turned up 408 pages of government documents, as well as equipment that could be used to fabricate identification. The report paints an unsettling picture of 26 officials in four ministries who failed to follow up leads or share information, and who assumed someone else was taking action on the file. Many of the problems can be traced to communication breakdowns within the Ministry of Children and Family Development, the report said. Consequently, within 20 days of his arrest, Wainwright’s government computer access was restored and he went back to work. He stayed on the job until October, seven months after his arrest; the government suspended him and took away his computer access. Citizens’ Services Minister Ben Stewart, who oversees privacy, found out about the suspension five days later. Wainwright was fired two days after that. He is grieving his dismissal. © Copyright (c) The Province

LOS ANGELES- Sept. 15, 2006- An unknown hacker has infiltrated a massive University of California, Los Angeles database with personal information on 800,000 people, the school said on Tuesday, in one of the worst computer breaches ever at a U.S. university.

The highly sophisticated attack exploited a software flaw to crack the computer system in a bid to obtain Social Security numbers, UCLA said in notices sent to all 800,000 potential victims, most of them current or former students and faculty members.

The University had no suspects despite an emergency investigation that began shortly after the hack was discovered on November 21, said Jim Davis, UCLA associate vice chancellor of information technology. The FBI has also begun a probe.

"We definitely do not know who it is yet," Davis said. "All indications so far are that this is a malicious, targeted attack and well orchestrated. And the other thing that was unnerving to us was that it was orchestrated in such a way so that it covered its tracks."

Davis said the hacker apparently began trying to worm into the system more than a year ago but drew suspicion only after technicians investigating performance issues on the computer system noticed odd "data traffic patterns."

The database contained names, social security numbers, dates of birth, home addresses and contact information that could be used by identity thieves. It is normally restricted to UCLA staff whose jobs require them to have access.

The university said it was not aware of any instance in which the personal information had been "misused" but was notifying all 800,000 people as a precaution. Davis said the school was also reviewing its practices for storing personal information.

In addition to 38,000 current UCLA students and 25,000 faculty members, the database apparently stored personal information for many former students going back at least a decade. University spokesman Phil Hampton said the database was not used for fund-raising and that in some cases federal law required the school to maintain the information.

Computer security experts told the Los Angeles Times the sheer number of people exposed to the hacker made it one of the largest ever perpetrated against an American university.

In 2005, a database at UCLA's cross-town rival USC containing 270,000 names was infiltrated. Early last year a U.S. Veterans Affairs laptop containing data on 26 million veterans and service members was stolen from a staffers' home.

Jan. 26, 2006- Federal Trace Commission- USA
The Internet is becoming an ever-growing scam trap for Americans, with nearly half of the fraud-related complaints filed with the FTC last year having to do with online activities and accounting for $335 million in losses to consumers. Major traps include auctions, shop-at-home offers, sweepstakes and lotteries, and the foreign money offers that plague nearly every e-mail in-box.

July 4, 2007- NEW YORK—Fidelity National Information Services Inc., an electronic payment processor, said on Tuesday a database administrator stole and sold customer data, exposing as many as 2.3 million bank and credit card records, and that the worker has been fired. The employee, who worked at the company's Certegy Check Services Inc. unit, sold the information to a data broker, which in turn sold some of it to a "limited number" of direct marketers.
These activities led to customers receiving marketing solicitations, though there is no evidence of fraud, Fidelity said. The stolen data include names, addresses, phone numbers, birth dates, and bank account and card information, it said. "We're very, very confident that this has been very much contained," said Renz Nichols, Certegy's president, on a conference call.
June 30, 2008- Washingtonpost.com- by Brian Krebs
Data Breach Reports Up 69 Percent in 2008 Businesses, governments and universities reported a record number of data breaches in the first half of this year, a 69 percent increase over the same period in 2007 driven by a spike in data thefts attributed to employees and contractors, according to an analysis by identity theft experts An example is a notice sent out to Saks' card holders, where their Client's take on the brunt of the problem with no compensation or help.