The persuasive disregard by organizations to protect our personal information is heartbreaking. What have consumers and organizations learned about privacy, information security and identity theft over the last several years? Seemingly nothing as consumers continue indiscriminate sharing of their most sensitive information and hundreds of organizations continue to report massive data breaches annually while thousands if not millions of data breaches go undetected or unreported each year.
In the last week alone, the following organizations announced data breaches:
- Organization (people affected)
- University of Wisconsin, Milwaukee (79,000)
- California State Polytechnic University, Pomona (38)
- Department of Social and Health Services, Seattle, WA (3,950)
- McDonald’s Norfolk, VA (Unknown)
- Department of Veterans Affairs, Fayetteville, NC (Unknown)
Two of the breaches were accidental disclosures, two were by insiders that stole the information, and the largest was done at the hand of computer hackers. In two of the reported incidents the data owners were unable to say how many people were affected even though the information was stolen by thieves who were apprehended, who admitted to identity theft and related crimes, and who were charged.
Since 2005 there have been over a half billion records breached in fewer than 3,000 breaches that have been” made public.” That is more people records breached than people that live in the U.S.! Note the keyword phrase “made public.” We have speculated from experience that there are thousands of breaches that go unreported or undetected every month.
For the University of Wisconsin, this is not the first time the university has been hacked. We reported how the University of Wisconsin system bungled another data breach last December when hackers got into a database containing Social Security numbers of 60,000 alumni and staff.
We covered the breach reported by the UW-System last December and commented on a number of points regarding the breach and how the breach was handled. So what did they learn?
Apparently little. The university continues to use unencrypted databases containing student, staff and alumni information remain accessible to hackers.
Scrambling electronic data, technically called encryption, is the easiest and inexpensive way to protect electronic information. Yet, a great research university, with all the technical horsepower necessary to create a bulletproof system continues to expose employee and patron information.
We see it as cultural disregard for privacy and identity theft. Unfortunately, the privacy and information security laws and common sense have not prevailed in protecting our information. Until consumers begin to express ire over what is happening to their information the detrimental trend continues until social norms change and the age of privacy is over as spoken by Facebook’s Zuckerberg.