More Private Data Is Burgled From Government Than Hacked

America’s universities admit that, in the first half of 2006, they let a million Social Security numbers slip through their fingers.

Accountants, banks and brokerages have proven themselves to be half as competent at protecting your critical data, conceding to more than 1.9 million lost SSNs. And the health care industry fares even worse: 2.4 million.

But the King of Data Giveaways, with over 40 million Social Security numbers stolen in just six months, is your government… local, state and federal. The raw data from Privacy Rights Clearinghouse’s latest report bears me out.

Ignore, for a moment, the infamous theft of 28.5 million records from a Veterans’ Administration employee’s laptop. You’re still left with over 11 million stolen identities.

Government incompetence enabled nearly five times as many thefts of SSNs as all the health care providers, including health insurance companies.

Why focus on SSNs? Because, unlike a credit card that can be quickly frozen, a Social Security number is the key to your identity. Armed with a name and SSN, a clever thief can easily acquire your birth date.

With SSN and birth date in hand, the remaining keys to assuming your identity, from birth certificate to bank accounts, are a piece of cake. From that point, reclaiming your life is nearly impossible.

Ninety-one percent of the data was lifted via physical theft, where crooks stole tapes, printed records, or computer gear… especially laptops. In fact, over 30.5 million records skipped out via laptop. That’s 73% of the records lost through physical means.

Another 1.8 million records were exposed through what can best be described as Official Stupidity. Lists of personal records were inadvertently broadcast via email, SSNs were posted online, dummies left downloaded databases on hotel computers, and viruses picked up from porn sites harvested in-house databases.

In the end, only 2.5 million identities were purloined using the method most romanticized on the Web: hacking… just 5%. And the vast majority of those were inside jobs.

Keep that in mind as you put together next year’s Security Budget… and don’t forget to demand that your legislators: a) outlaw the current crop of SSNs for any use, and b) push for a new, more reliable means of assuring your security… social, that is.

Email Battles Backgrounder:

• A Chronology of Data Breaches
  Reported Since the ChoicePoint Incident; Privacy Rights Clearinghouse; 19 June 2006.
• Accountants fumble even more Social Security numbers; NewsByte; Email Battles; 08 June 2006.
• Gartner: Securing data’s cheaper than cleaning up after theft; NewsByte; Email Battles; 07 June 2006.
• Crusade To Dump Social Security Numbers Picks Up Steam; Email Battles; 07 June 2006.
• Why Steal Social Security Numbers, When You Can Get Them For Free?; Email Battles; 25 May 2006.
• VA: The perps can’t possibly know that they have 26.5 million Social Security Numbers!; Email Battles; 23 May 2006.
• Ohio University enables alumni identity thefts without NSA help; NewsByte; Email Battles; 15 May 2006.
• Fight ID Theft with the Under Secretary for Domestic Finance; NewsByte; Email Battles; 26 January 2006.
• Justice Dept publishes Social Security Numbers; NewsByte; Email Battles; 23 December 2005.
• Crashing ID Theft Bills Save Data Handlers; NewsByte; Email Battles; 29 November 2005.