Archives For Data Breach

In Early January I’ll be kicking off my first security executive briefing on  January 14th – taking a look at the major cybercrime trends, what business leaders should be watching and doing over the next 12 months, and what I believe is the root cause of this kind of failure to protect customer data…

© 2013, David Stelzl


This time it’s a case of shared passwords…another case for stronger authentication.  SC Magazine reported late last week on a loss of data containing all kinds of information including people’s social security numbers (Lincoln National in Radnor, PA).  This type of information requires stronger protection than a simple password, yet companies just keep going with their outdated security models.  Use this article to show your clients why they need to invest in strong authentication methods using tokens, one time passwords, dual authentication,…etc.  Especially when dealing with financial institutions or health care, you can’t depend on employees to manage their own passwords, and in this case the passwords were shared – a clear violation of any federal security regulation or best practice in security.  Did the executives of this firm know this was going on?  Probably not – this is why it is essential to involve asset owners in the security discussion.  Custodians are not liable and have not been successful in getting their management to understand the issues that create security budgets for this type of thing.  Read more on the SC Blog.

Albert goes down!

January 6, 2010 — Leave a comment

You won’t want to miss this – thanks Randy for sending this over!  While you’re learning sound bites, having the final chapter on Albert Gonzalez can’t hurt…

” Albert Gonzalez has pleaded guilty to charges of conspiracy for his role in the massive data breach that compromised millions of payment card accounts from the networks of Heartland Payment Systems, 7-Eleven, Hannaford Bros. and other retail and financial organizations.  The terms of the plea agreement call for a sentence of not less than 17 years and not more than 25 years.”  Read more here:

Wall Street writer Ben Worthen, in an article dated March 10, 09 recounts some of the growing risks of identity theft, validating many of the statistics I’ve given over the past two years.  Here’s a short excerpt:

“The number of reported data breaches of all kinds in the U.S. climbed to 656 last year from 446 in 2007, according to the Identity Theft Resource Center, a nonprofit organization based in San Diego that helps identity-theft victims. These breaches affected some 36 million records — including Social Security numbers, credit-card accounts and other personal data.

Overall, more than 250 million records containing personal information have been lost or stolen since 2005, according to the Privacy Rights Clearinghouse — and that’s driving more consumers to companies that say they can prevent theft.”

656 companies reporting ID theft

Over 250 Million identities expose

36 Million records exposed in 2008

Also noted in the article, Heartland processes over 11 Million Transactions per day, but a total number of exposed numbers has not been published.

Sound bites build credibility with asset owners and overcome technologist’s attempts to make their security sound solid.  Wall Street is a solid source to quote from given that most decision makers read it (or at least pretend to).