IT Confidential: Who's Got My Data? 'Cause It's Not Me!
When data privacy issues hit home, the effect can be eye-opening.
I'm not feeling too good these days. I graduated from Ohio University in 1978. Normally, I don't anticipate an audible gasp when I tell people this. But if you've been following the news about data theft, the name Ohio University should have a familiar ring. Earlier this month, the university said several of its servers had been compromised in a series of break-ins involving personal data on more than 300,000 individuals. The most serious break-in involved records on 137,000 alumni and dated back more than a year. I read about it in the Cleveland Plain Dealer. It didn't make me feel very good.
Then I got a letter from Ohio University informing me that I--my data--was indeed involved in the data compromises. According to the letter, "The record associated with the database ID# in the return address above DOES CONTAIN [emphasis theirs] a Social Security Number." That didn't make me feel very good.
I'm pretty familiar by now with these types of incidents, which are getting numbingly common. The most recent involves the theft of a laptop from a Department of Veterans Affairs data analyst containing personal data on 26.5 million veterans and their spouses. I knew it was possible, even likely, that the hackers involved in the Ohio University incident weren't looking for personal data, that they probably were using the servers for something else, as zombies. But the fact that, according to the letter, "the security breach dates to March 1, 2005, OR PRIOR [emphasis mine] but wasn't discovered until April 24, 2006," and that my personal data had been in play for that long, didn't make me feel very good.
The letter also pointed out that "computer intruders have targeted servers at colleges and universities across the United States," including Boston College, California State University, Iowa State University, Stanford University, the University of Connecticut, and the University of Texas at Austin. If that was supposed to make me feel better, it didn't.
I called the toll-free number. A young woman named Elisa recommended that I call one of the three credit-reporting agencies and put a "fraud alert" on my credit report. She told me to stay away from Equifax, about which they'd been fielding numerous complaints. I called Experian. The automated-response system directed Veterans Affairs' victims to a special number, which I took to mean the Ohio University incident had been pushed down the priority list. To order my credit report, I had to enter my Social Security number, date of birth, the numerical portion of my address, and my ZIP code. This sure didn't make me feel good.
Then I realized I'd made a mistake: I didn't want a copy of my credit report, I wanted to place a fraud alert. So I called TransUnion. Its automated response also had a special Veterans Affairs number. To serve me better, I first needed to enter my ZIP code. Then, to place a fraud alert on my credit report, I had to enter ... see above.
Now I'm waiting to get a copy of my credit report. And I'm waiting to hear if anyone applies for credit in my name. And I'm waiting to see if any of my credit cards have been compromised. And there's more of my data floating around in the ether than ever before. Do you have any idea how that makes me feel?
You know what would make me feel better? An industry tip. Send it to firstname.lastname@example.org or call 516-562-5326.
The News Show will make you feel good--or not, it really doesn't care. Watch it at noon EDT every weekday, at TheNewsShow.tv.
To discuss this column with other readers, please visit John Soat's forum.
To find out more about John Soat, please visit his page.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.