Sunday, June 19, 2005

In the Here We Go Again Department

Now it’s FDIC that’s got egg on its face over poor security. It seems that the security breach of its employee HR records is much worse than first though.

For those of you who haven’t been following the recent rash of security problems in detail I’m sure you missed the FDIC story that came out recently. Briefly it had to do with the loss of employee HR records which was first reported in March of this year (2005) and was though to affect only a small group of current and former employees. At that time the FDIC contacted both the FBI and the employees in question that their personal data had been compromised (stolen).

The employee information stolen included the name, date of birth, salary, Social Security number and other such information contained in their personal HR files. That’s a total breach of personal information for those involved. I can’t imagine anything else that an identity thief would need to ruin you life except maybe a high speed internet connection.

Well now it seems that upon further investigation that not just the few employees contacted back in March were affected but ALL I repeat ALL current and past employees have had their data “compromised” (stolen).

So here we have the agency that is in charge of insuring and protecting our banking system as well as overseeing and notifying banks about how to secure sensitive information having all of their employee HR records stolen.

Worse to me is that it took further investigation to figure out that all employees were affected. You would think that it would be evident when the whole security system was compromised and all of the HR records had been stolen. That wasn’t the case though so for many of those employees who had their data stolen they also lost the help of early notification. The time it took to find out their data was taken is in some ways even more unacceptable than the loss it’s self.

Could you imagine coming home to find your house broken into and not noticing that rather than a few items being taken that the whole house was empty? Well that’s just what the FDIC failed to notice. Everything was taken not just some HR records but all of the HR employee records had been taken.

Why does this not surprise me?

Well again any system is only as good as the people who use it and most government agencies today aren’t any better at security than the private sector.

If you don’t separate digital data across different data bases, encrypt those data bases, provide physical protection to paper records generated, and destroy any old paper copies of information you dispose of then you will at some point lose data to thieves.

That doesn’t take a genius to figure out and it shouldn’t be so hard to do for such a large government organization to understand and implement. But time and time again they fail at it and so does the private sector.

So remember to be vigilant, watch your credit information, and protect your personal data so that you don’t add to the already growing problem of data theft. Just because others are sloppy and risk your data doesn’t mean that you shouldn’t be careful and do a better job.

No comments: