Posts Tagged ‘Identity theft’

This tears me up, it absolutely rips me.   Ernst & Young lost extremely sensitive data while auditing Regions Bank (15th largsst). I consider this a significant data breach.

Unless you subscribe to the Birmingham News, you probably missed this.   Russell Hubbard reports on January 31, 2012, that, “Regions Says Employee 401k Data Lost When Auditor Ernst & Young Mailed Flash Drive and Code Key Together.”  Info Security Magazine provides additional information.

Ernst & Young mailed the data from one of its offices to another.  The envelope contained an encypted flash drive with employee personal identity and 401K data, and a sheet of paper containing the decryption key.  During transit the envelope was ripped open.  At the destination, the flash drive was gone, but the decryption key remained.

There are three documents that ProfAlbrecht is trying to obtain:  (1) letter from Ernst & Young to Regions Bank explaining the incident, (2) letter from Regions Bank to its to its employees explaining the incident, (3) letter from Ernst & Young to employees.

Hubbard reports that Ernst & Young regrets any inconvenience and concern that Regions employees might experience.   Both Hubbard and Info Security Magazine quote one of the Ernst & Young letters as saying, “… we deeply regret that this incident occurred,”

EY regrets that the incident’s consequences but not having caused the incident.  I strongly dislike such non-apologetic apologies.

Regions has a reputation for lock-down tight data security.  Unfortunately, Ernst & Young doesn’t.

I wonder if Ernst & Young will get fired over this incident.

I’ll report more on this in the future.

Debit and credit – – David

David Albrecht

Want more from The Summa? Sign up to receive email notification of posts.  And please follow me on Twitter (@profalbrecht).

Read Full Post »

Inject a bit of information technology into everyday life, and you can increase productivity.  Inject it indiscriminately and there is a control problem.

A year ago, I wrote about the security problem associated with high tech photocopiers in, “A Control Problem.”  Today I’m writing about the RFID chip embedded in new credit cards and bank cards.

RFID is the acronym for radio frequency identification.  When radio waves of a specified frequency bounce off whatever contains an RFID chip, it returns information embedded on the chip (At least, I think that’s how it works).  It’s very useful for paying tax on tollroads, or for tracking items during shipment.

As reported by Bob Segal, credit card companies are now embedding RFID chips into traditional plastic credit cards.  When such a card is within range of a specialized RFID reader, it reads key data off the credit card, such as card holder name, card number, expiration date, and security code.  Such information can easily be used to create a duplicate credit card which in turn can be used practically anywhere by anybody.  Protection is available, if you take it.

David Fordham of JMU reminds there is protection in the form of special lined wallets and plastic credit card sleeves with embedded metal flaking.  New credit cards sent through the mail should contain such sleeves, but I don’t remember seeing one.

I never cease to be amazed at how well the media can exploit the Fear, Uncertainty and Doubt Factor (FUD) with the uninformed general public rather than straightforward information delivery. And how beautifully some fast-buck artists exploit the public’s fear.

This issue was widely publicized several years ago when the state department began issuing the RFID passports. The big question I have is: “Why is there anyone still around who doesn’t have the wallet with the foil built into it?” My neighbor across the street, who is a perennial Luddite, was all up in the air about this a few months ago, so I went over to Dollar General and got him one of the new wallets with the foil lining. For $2.98 plus tax. Sheesh.

My credit union has a stack of the RF-protection sleeves free for the taking sitting in a box by the door.

Still, the metal lining isn’t a perfect defense. Credit cards are at risk of having information being intercepted when removed from the protective wallet. A poacher could camp out near any check out kiosk and steal the information.

There’s a similar problem with the potential for pregnancies from sex. Some sort of barrier, like condoms, works effectively in preventing sperm from reaching the egg. However, failure to use a condom (happens all the time) can result in unwanted pregnancy. I think the same danger exists here. The metal sleeves can prevent identity theft, if only they are used.

Thanks to Bob Jensen of AECM for the alerting me to the danger, and to David Fordham for attempting to allay my fear.

Debit and credit – – David Albrecht

Want more from The Summa? Sign up to receive email notification of posts.  And please follow me on Twitter (@profalbrecht).

Read Full Post »

%d bloggers like this: