Adam Shostack adds up the latest threat government has provided for us:
8.9% of Americans are at increased risk for ID theft due to that fellow at the veterans administration. Wow. Sure, the 13% at risk for account take-over from Cardsystems was bad, but that was just credit cards. This is about the databases that control our lives. This is horrendous. Maybe we’ll get some better laws about credit freezes out of it.
8.9%, Adam Shostack, Emergent Chaos, 26 May 2006.
This is a pretty good illustration of why depending on social security numbers for authentication is a bad idea. It’s also a pretty good example of why government can be the biggest security threat: it has greater scale and resources than most other entities. And a pretty good example of how the most rudimentary security would have provided sufficient resilience to prevent such a theft. Simple prevention measures are often the best risk management.
-jsq
It’s also a good example of why we should continue to monitor for insider threats. Management is generally squeamish about monitoring their own people, and I agree; I’d rather prevent so that I don’t have to monitor. (But I will monitor if there’s no alternative; my job is to address all threats.) Here’s an excellent discussion:
http://security.typepad.com/internet_security_be_care/2006/05/should_we_only_.html