Blog

Posts Tagged ‘exposed’

Free Credit Monitoring Is the Least You Can Do…Literally

Saturday, June 25th, 2011

Free credit monitoring is the de facto response in the case of a data breach incident. The organization that was entrusted with sensitive, personal information that can be used to steal the customers’ money or identity (or both) generally picks up the tab for a year of free credit monitoring to keep an eye on things and make sure no suspicious activity occurs. With the rate and scope of data breaches these days, probably just about every American with a bank account or credit card already has free credit monitoring from at least one data breach–but not Citigroup.

Following a data breach that exposed information from as many as 360,000 credit card accounts, Citigroup sent letters to the affected customers with some helpful tips to follow, but it stopped short of offering any actual assistance. That translates roughly to “hey, sorry we didn’t take better care of your data–sucks being you.”

It’s the least you can do Citigroup. No, really–it is literally the least you can do. It is the bare minimum you can offer loyal customers as some feeble apology for violating the trust of your customers and allowing sensitive data to be compromised or exposed. Honestly, the credit monitoring even seems like a paltry apology–but it is better than nothing, and it seems like the most logical course of action for the organization because there is no way of knowing up front which accounts will actually be impacted. Free credit monitoring at least lets customers know you care enough about having exposed their data to offer to keep a proactive eye on things rather than placing the burden on the customers to monitor for suspicious activity themselves.

Citigroup should be examining how the data breach occurred and putting tools and controls in place to ensure it doesn’t happen again. In the meantime, though, Citigroup should step up and offer free credit monitoring.

Tags: , , , , ,
Posted in Security Breaches & Data Loss Incidents | No Comments »

Personal Info of 93,000 Exposed in University Data Breach

Saturday, July 31st, 2010

Buena Vista University announced that a database was compromised containing data such as names, Social Security numbers, and driver’s license numbers of 93,000 students, parents, current and former faculty and staff, alumni and donors dating back to 1987.

Had the information stored in the database been encrypted, the breach of the database would not have exposed the sensitive data.

Tags: , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

Zeus Compromises Student Data at University of Oklahoma

Monday, July 12th, 2010

The University of Oklahoma has revealed that a laptop compromised by a variant of the Zeus botnet may have exposed or compromised sensitive information on OU students–including Social Security numbers. There are no further details yet available regarding the scope of the potential compromise. According to this blurb from KOCO.com, though, “OU officials said they are not aware of any instances of identity theft or similar problems as a result of the breach, but they said they can’t be certain that student information was not compromised.

One way that OU would be able to be certain that student information was not compromised is if the data stored on the laptop, or on servers the laptop has access to was encrypted. I am not sure why these incidents seem to occur almost exclusively at medical establishments and educational institutions, but simply investing in the proper security controls up front can save time, money, and embarrassment for the organization, as well as protecting the personal and sensitive information the organization has been entrusted with.

Tags: , , , , , ,
Posted in Security Breaches & Data Loss Incidents | No Comments »