What’s interesting about data breaches reported in August 2008 is the extent of breaches in foreign countries. The largest and most disturbing breach may affect many Americans as well. According to the Sunday Herald of the UK an investigation has discovered that
“a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia.”
The personal and private information of over 8,000,000 people who had stayed at the Best Western since 2007 was stolen. Security expert Jacques Erasmus, an ex-hacker who now works for the computer security firm Prevx, had this to say
“They’ve pulled off a masterstroke here, there are plenty of hacked company databases for sale online but the sheer volume and quality of the information that’s been stolen in the Best Western raid makes this particularly rare. The Russian gangs who specialise in this kind of work will have been exploiting the information from the moment it became available late on Thursday night. In the wrong hands, there’s enough data there to spark a major European crime wave.”
Identity Theft Labs has reported often that the major criminal syndicates are becoming increasing involved in identity theft and though the Russian Mafia was one of the first you can expect that others groups will join in, if they haven’t already.
The Best Western wasn’t the only foreign breach. The Ireland Department of Social and Family Affairs compromised the private and financial information of 380,000 people when a laptop was stolen. The Royal Bank of Scotland was one party involved in the data breach that saw a hard drive, containing personal information and account details of approximately one million people, sold on Ebay. The Korean Ministry of Education, Science and Technology compromised the private information of thousands of South Korean officials via the internet. The Ministry of Justice (MoJ) and the Department for Work and Pensions (DWP) in the UK. through a number of data breaches, exposed the confidential information of up to 62,000 people.
Though we tend to focus on American data breaches it is important to realize that this is not an American problem but a worldwide problem. Most countries, like some of our States, don’t even require reporting of these incidents. It is only when you consider that what we are seeing is merely the tip of the iceberg that you start to realize the extent of the problem the world is facing. Identity theft is not going to go away so, if you haven’t already, it would be wise to implement an identity protection plan today.
Here is a list of American breaches reported in August by Attrition.org. Please visit their site for direct links to the initial articles.
Reynoldsburg Ohio City School District
Stolen laptop contains names, addresses, and Social Security numbers of 4,259
Ohio Police & Fire Pension Fund
Records of 13,000 retired police compromised in database
Prince William Co. Public Schools
Confidential information for more than 2,600 exposed through file sharing program
Pennsylvania Public Welfare Department
2,845 welfare renewal packets sent to wrong mailing addresses
National Technical Institute for the Deaf
Social Security numbers, names, and dates of birth for at least 12,700 on stolen laptop
Louisiana Real Estate Commission
13,000 Social Security numbers and other personal information posted on the internet
PA Consulting / The Home Office
Contractor loses data on tens of thousands criminals
The Princeton Review
Information about 34,000 students and 74,000 students containing names and birth dates
Kingston Tax Service
Stolen laptop contains personal information for an unknown number of clients
Dominion Enterprises / InterActive Financial Marketing Group IFMG
Names, Social Security numbers, and dates of birth of 92,095 on hacked server
Wuesthoff Medical Center
Names, social security numbers and medical information of over 500 posted to web
Charter Communications
Social Security numbers and dates of birth of 9,000 on stolen laptops
Harris County Hospital District
Financial and medical of 1,200 downloaded to flash drive later reported missing
Arapahoe Community College
15,000 notified about lost flash drive containing names, addresses, credit card numbers and Social Security numbers
Countrywide Financial Corp.
Insider possibly compromises 2,000,000 records, including Social Security numbers, of mortgage applicants
Delphi Automotive / Ohio Department of Job and Family Services
Missing flash drive contains Social Security numbers of about 2,600
Barclays Bank PLC
Account details sent to thousands in mailing error
Graphic Data, Royal Bank of Scotland, NatWest, American Express
Drive purchased on eBay contains personal and account details of around one million
One thing is for certain, these data breaches are not going to end anytime soon. In fact, they may never end. This is why it is important to start protecting yourself from identity theft. Identity theft protection can be done on your own or by utilizing a complete service like LifeLock or TrustedID. The important thing to realize is that our personal information, credit and finances, and indeed our identities are no longer safe. Anything you can do to protect your identity is a step in the right direction. Far too many Americans fail to take any action at all and many still remain oblivious to the reality of this horrible crime. Educate yourself, share your knowledge with others and encourage each other to take action. Lets keep our money out of the hands of criminals and mafia groups, wherever they reside, and in the hands of honest hard working Americans.