Just about every organization that I've entrusted my PII to -- insurance companies (thanks, Anthem), banks, government agencies (thanks VA, OPM, DoD), etc., has managed to lose control of it. I don't know why I even bother trying to keep my identity secure.
I'm probably buying 3 houses in 3 different states as I write this.
Same here. I have been made eligible for free credit monitoring services three times in the past year alone.
I think maybe I'll just get really familiar with the FCRA and the FDCPA, so that when someone inevitably uses my stolen PII to commit fraud, I can hit back--and get paid for my inconvenience--when the creditors and reporting agencies fail to do the right thing.
The domain search facility there is fantastic. I have my own domain and try to use a different email address for every signup. Luckily that site allows you to do a complete search for @example.com in the 'domain search' tab.
Wow, that OPM attack sure was a doozy. If you check it your entire financial history is out there. Man, I mean, we talk about National Security concerns and some of the bloviating from the feds on Hn all the time. But wow, that OPM hack sure was a heck of a national security attack.
This article takes a rather fatalist perspective. Seems to me companies/government should have a strict need-to-know policy and some liability for failures. If you can't keep information secure, you shouldn't have it. Acting as though it is secure while it is regularly compromised is reckless wishful thinking.
I realize that perfect security is fantasy, but the practices of many of these organizations don't pass the laugh test. We'd be vastly better off if they would hire a security professional and listen to her.
Private information will get leaked one way or another. It's incredibly easy to get someone's address, SS, phone number, etc. The major problem is not with these sites' security but with the credit system's security. The credit agencies have an oligopoly on credit scores and the banks do not care about security at all. They'll approve a credit card application that has been shredded and taped back together, obviously by a fraudster. These are the systems that need to be fixed/removed. Until those systems are fixed, people will continue to have their lives ruined. Let's not put the blame wholly, or even majorly, on these tech companies when many banks still use an SS number as the login.
Until banks are held responsible for their actions which are the only actions that matter as far as identity theft and fraud goes, this will continue to be an unsolved problem. Once you start charging banks the millions it costs for each victim plus a penalty for not fixing their systems that goes up with each case, we'll see that identity fraud will disappear.
Of course, that's justice and justice, at least in the US, is merely a fantasy.
A useful learning tool and an interesting means for shaping public opinion. The NY Times computation takes into account publicly acknowledged exploits; one wonders how many undetected exploits there are. The number computer here is almost certainly a lower bound.
I worry that the clamor about personal information exposure is going to be used to motivate restrictive and ultimately ineffectual government action and, perhaps, kill the goose that has been laying the golden eggs.
I think the only reasonable assumption is to assume it's all exposed, for everybody. Even if you don't use any online services yourself, you still probably have credit cards and insurance and a driver's license and have filed tax returns. It's almost certain that at least one of those has leaked your data.
The only people who are probably really safe from identity theft are people who just aren't in the system at all. Illegal immigrants, longterm homeless, drifters, i.e. people with no established identity to begin with.
My score, not including the local gas stations and businesses that have been compromised. I have replaced my credit card four times in the past two years due to compromises.
Address 4
Birthday 3
Credit or debit card 2
Email 5
Employment history 2
Financial history 1
Fingerprints 1
Health history
Password (encrypted) 4
Phone number 2
Social Security number 1
I think that's accurate for this situation as well, though. Your information was exposed to hackers -- whether someone does something with it is another situation entirely.
Privacy is dead. Not just as we knew it, but every dystopian prediction of the future where we are ID'd, tagged, and tracked at every action has already come true.
Not for the sake of some vast government surveillance apparatus (while they are one of the factors behind this movement, the US government is too bloated and largely too incompetent to be effective at this even if they wanted to) but because there is money to be made in knowing our every detail. In our consumer society, marketers/retailers and the companies that cater to their businesses find great value in this information, and as consumers, we largely benefit from having the efficiencies of amazon product recommendations, facebook/twitter suggestions, tailored advertising, etc... at the cost of some loss in privacy. And people have largely silently accepted this, unknowingly or otherwise.
I have a facebook, linkedin, google, github, multiple handhelds, multiple email accounts, I'm a former federal employee, I've had the same phone number for the past 15 years, and countless other retail/online accounts. If you know my name and middle initial, you can find most of my personal information - age, former/current addresses, relatives - through a quick google search on Intelius. I've requested they take down my information several times, and it seems to disappear from their public listing for a while, but reappears after a couple years or after I've moved again.
I accepted long ago that any/all information I post online (and even locally on my Macbook in some cases) is being scraped, compiled, and stored in some DB somewhere. It would only take a little focus and some link analysis to build a comprehensive profile of nearly every detail of my life using some basic selectors - primarily my email and phone. I assume every link, website (yes, including every porn - pornhub has an analytics team!!!), email I write/send, emails I draft but don't send, fb picture I stalk, youtube video I watch is being tracked/stored/compiled somewhere. If it's not by default made public information or being used by the company in question for their profit motives, I assume it will be in the future when the information is hacked/sold/"leaked" for whatever reason.
As I sit here on my school's public WiFi, I know my IP/MAC address/cookies are exposed to those with the know-how, but I've since given up trying to avoid that. Encryption protocols have been broken too many times to count, and while we continually fight for better security methods, those with enough motivation will find ways around - e.g. NSA firmware hacking. I've decided the only information that is truly private are the thoughts in my head, but it seems that even that is subject to debate (look up memory transplants).
It's alright though, because as we head towards the singularity, my consciousness will be assimilated somehow into some Borg-like meta-consciousness anyway. I just hope they have micro-brews available.
[+] [-] jcadam|10 years ago|reply
I'm probably buying 3 houses in 3 different states as I write this.
[+] [-] logfromblammo|10 years ago|reply
I think maybe I'll just get really familiar with the FCRA and the FDCPA, so that when someone inevitably uses my stolen PII to commit fraud, I can hit back--and get paid for my inconvenience--when the creditors and reporting agencies fail to do the right thing.
[+] [-] justwannasing|10 years ago|reply
[+] [-] glenscott1|10 years ago|reply
https://haveibeenpwned.com
[+] [-] bitwize|10 years ago|reply
[+] [-] TallGuyShort|10 years ago|reply
[+] [-] joosters|10 years ago|reply
[+] [-] jarcane|10 years ago|reply
That might explain a breach I had a while back.
[+] [-] tswartz|10 years ago|reply
[+] [-] marak830|10 years ago|reply
Useful though. I doubt thats all in reality unfourtanetly.
[+] [-] cardeo|10 years ago|reply
[+] [-] Balgair|10 years ago|reply
[+] [-] jedbrown|10 years ago|reply
I realize that perfect security is fantasy, but the practices of many of these organizations don't pass the laugh test. We'd be vastly better off if they would hire a security professional and listen to her.
[+] [-] joesmo|10 years ago|reply
Until banks are held responsible for their actions which are the only actions that matter as far as identity theft and fraud goes, this will continue to be an unsolved problem. Once you start charging banks the millions it costs for each victim plus a penalty for not fixing their systems that goes up with each case, we'll see that identity fraud will disappear.
Of course, that's justice and justice, at least in the US, is merely a fantasy.
[+] [-] drallison|10 years ago|reply
I worry that the clamor about personal information exposure is going to be used to motivate restrictive and ultimately ineffectual government action and, perhaps, kill the goose that has been laying the golden eggs.
[+] [-] ams6110|10 years ago|reply
The only people who are probably really safe from identity theft are people who just aren't in the system at all. Illegal immigrants, longterm homeless, drifters, i.e. people with no established identity to begin with.
[+] [-] denzil_correa|10 years ago|reply
[+] [-] sarciszewski|10 years ago|reply
[+] [-] Washuu|10 years ago|reply
[+] [-] VLM|10 years ago|reply
[+] [-] intopieces|10 years ago|reply
[+] [-] simeondd|10 years ago|reply
[+] [-] recondite|10 years ago|reply
Not for the sake of some vast government surveillance apparatus (while they are one of the factors behind this movement, the US government is too bloated and largely too incompetent to be effective at this even if they wanted to) but because there is money to be made in knowing our every detail. In our consumer society, marketers/retailers and the companies that cater to their businesses find great value in this information, and as consumers, we largely benefit from having the efficiencies of amazon product recommendations, facebook/twitter suggestions, tailored advertising, etc... at the cost of some loss in privacy. And people have largely silently accepted this, unknowingly or otherwise.
I have a facebook, linkedin, google, github, multiple handhelds, multiple email accounts, I'm a former federal employee, I've had the same phone number for the past 15 years, and countless other retail/online accounts. If you know my name and middle initial, you can find most of my personal information - age, former/current addresses, relatives - through a quick google search on Intelius. I've requested they take down my information several times, and it seems to disappear from their public listing for a while, but reappears after a couple years or after I've moved again.
I accepted long ago that any/all information I post online (and even locally on my Macbook in some cases) is being scraped, compiled, and stored in some DB somewhere. It would only take a little focus and some link analysis to build a comprehensive profile of nearly every detail of my life using some basic selectors - primarily my email and phone. I assume every link, website (yes, including every porn - pornhub has an analytics team!!!), email I write/send, emails I draft but don't send, fb picture I stalk, youtube video I watch is being tracked/stored/compiled somewhere. If it's not by default made public information or being used by the company in question for their profit motives, I assume it will be in the future when the information is hacked/sold/"leaked" for whatever reason.
As I sit here on my school's public WiFi, I know my IP/MAC address/cookies are exposed to those with the know-how, but I've since given up trying to avoid that. Encryption protocols have been broken too many times to count, and while we continually fight for better security methods, those with enough motivation will find ways around - e.g. NSA firmware hacking. I've decided the only information that is truly private are the thoughts in my head, but it seems that even that is subject to debate (look up memory transplants).
It's alright though, because as we head towards the singularity, my consciousness will be assimilated somehow into some Borg-like meta-consciousness anyway. I just hope they have micro-brews available.