News
Commentary
5/26/2006
05:15 PM
John Soat
John Soat
Commentary
Connect Directly
RSS
E-Mail
50%
50%

IT Confidential: Who's Got My Data? 'Cause It's Not Me!

When data privacy issues hit home, the effect can be eye-opening.

I'm not feeling too good these days. I graduated from Ohio University in 1978. Normally, I don't anticipate an audible gasp when I tell people this. But if you've been following the news about data theft, the name Ohio University should have a familiar ring. Earlier this month, the university said several of its servers had been compromised in a series of break-ins involving personal data on more than 300,000 individuals. The most serious break-in involved records on 137,000 alumni and dated back more than a year. I read about it in the Cleveland Plain Dealer. It didn't make me feel very good.

Then I got a letter from Ohio University informing me that I--my data--was indeed involved in the data compromises. According to the letter, "The record associated with the database ID# in the return address above DOES CONTAIN [emphasis theirs] a Social Security Number." That didn't make me feel very good.

I'm pretty familiar by now with these types of incidents, which are getting numbingly common. The most recent involves the theft of a laptop from a Department of Veterans Affairs data analyst containing personal data on 26.5 million veterans and their spouses. I knew it was possible, even likely, that the hackers involved in the Ohio University incident weren't looking for personal data, that they probably were using the servers for something else, as zombies. But the fact that, according to the letter, "the security breach dates to March 1, 2005, OR PRIOR [emphasis mine] but wasn't discovered until April 24, 2006," and that my personal data had been in play for that long, didn't make me feel very good.

The letter also pointed out that "computer intruders have targeted servers at colleges and universities across the United States," including Boston College, California State University, Iowa State University, Stanford University, the University of Connecticut, and the University of Texas at Austin. If that was supposed to make me feel better, it didn't.

I called the toll-free number. A young woman named Elisa recommended that I call one of the three credit-reporting agencies and put a "fraud alert" on my credit report. She told me to stay away from Equifax, about which they'd been fielding numerous complaints. I called Experian. The automated-response system directed Veterans Affairs' victims to a special number, which I took to mean the Ohio University incident had been pushed down the priority list. To order my credit report, I had to enter my Social Security number, date of birth, the numerical portion of my address, and my ZIP code. This sure didn't make me feel good.

Then I realized I'd made a mistake: I didn't want a copy of my credit report, I wanted to place a fraud alert. So I called TransUnion. Its automated response also had a special Veterans Affairs number. To serve me better, I first needed to enter my ZIP code. Then, to place a fraud alert on my credit report, I had to enter ... see above.

Now I'm waiting to get a copy of my credit report. And I'm waiting to hear if anyone applies for credit in my name. And I'm waiting to see if any of my credit cards have been compromised. And there's more of my data floating around in the ether than ever before. Do you have any idea how that makes me feel?

You know what would make me feel better? An industry tip. Send it to jsoat@cmp.com or call 516-562-5326.

The News Show will make you feel good--or not, it really doesn't care. Watch it at noon EDT every weekday, at TheNewsShow.tv.


To discuss this column with other readers, please visit John Soat's forum.

To find out more about John Soat, please visit his page.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.