|
DIGITAL INFORMATION SECURITY
Our society has spent hundreds of billions of dollars in the last
few decades to convert data and images into digital form. And we
have continued to pour money into this in the last 10 years as the
popularity of the Internet and other computer technologies increase.
By now, everything and anything with the least bit of important is
available in digital form — or will be if it isn’t already.
Gone are the days of cancelled checks since most banks now scan and
store them as digital images. Gone, too, are most paper bank
statements, which have increasingly become converted into electronic
statements that are just as good as paper ones.
On June 30, 2000, former President Bill Clinton signed the
e-signature bill into law. The bill recognizes online “electronic”
signatures as legitimate to complete legal agreements and commercial
transactions. Many similar developments have occurred since the
signing of this bill.
Today’s digital information has become the backbone of hundreds of
billions of dollars worldwide spent annually on the digital economy.
In fact, the command and control centers for the United States armed
forces would fall apart if mission-critical digital information
wasn’t available or compromised. Corporations and organizations
worldwide, large and small would cease to function if we took away
their digital information.
But how secure is our digital information? Is our digital
information protected from natural disasters, computer hackers and
human errors?
The answer is a resounding “no.” Almost everyone knows someone who
lost data on a Personal Computer (PC) because of a virus, hacker,
hardware issues, Internet-related faults or identity theft.
So what about those organizations whom we trust to store our most
intimate information digitally? You would think they at least would
have the resources to protect our information. Well, think again!
Below are just a few hacks that occurred between February 15
and September 19 of this year, according to
Privacy Rights Clearinghouse in San Diego, California.
|
Date
|
Organization |
Type of
Breach |
Number of
Records |
|
15-Feb-05 |
ChoicePoint |
ID thieves
accessed |
145,000 |
|
25-Feb-05 |
Bank of America |
Lost backup tape |
1,200,000 |
|
25-Feb-05 |
PayMaxx |
Exposed online |
25,000 |
|
8-Mar-05 |
DSW/Retail
Ventures |
Hacking |
100,000 |
|
10-Mar-05 |
LexisNexis |
Passwords
compromised |
32,000 |
|
11-Mar-05 |
Univ. of CA, Berkeley |
Stolen laptop |
98,400 |
|
11-Mar-05 |
Boston College |
Hacking |
120,000 |
|
12-Mar-05 |
NV Dept. of Motor
Vehicle |
Stolen computer |
8,900 |
|
20-Mar-05 |
Northwestern
Univ. |
Hacking |
21,000 |
|
20-Mar-05 |
Univ. of NV., Las Vegas |
Hacking |
5,000 |
|
22-Mar-05 |
Calif. State
Univ., Chico |
Hacking |
59,000 |
|
23-Mar-05 |
Univ. of CA, San Francisco |
Hacking |
7,000 |
|
28-Mar-05 |
Univ. of Chicago
Hospital |
Dishonest insider |
unknown |
|
?-Apr-05 |
Georgia DMV |
Dishonest insider |
100s of 1000s |
|
5-Apr-05 |
MCI |
Stolen laptop |
16,500 |
|
8-Apr-05 |
Eastern National |
Hacker |
15,000 |
|
8-Apr-05 |
San Jose Med.
Group |
Stolen computer |
185,000 |
|
11-Apr-05 |
Tufts University |
Hacking |
106,000 |
|
12-Apr-05 |
LexisNexis |
Passwords
compromised |
280,000 |
|
14-Apr-05 |
Polo Ralph
Lauren/HSBC |
Hacking |
180,000 |
|
14-Apr-05 |
Calif. Fastrack |
Dishonest Insider |
4,500 |
|
15-Apr-05 |
CA Dept. of
Health Services |
Stolen laptop |
21,600 |
|
18-Apr-05 |
DSW/ Retail
Ventures |
Hacking |
1,300,000 |
|
20-Apr-05 |
Ameritrade |
Lost backup tape |
200,000 |
|
21-Apr-05 |
Carnegie Mellon
Univ. |
Hacking |
19,000 |
|
26-Apr-05 |
Mich. State Univ's Wharton Center |
Hacking |
40,000 |
|
26-Apr-05 |
Christus St.
Joseph's Hospital |
Stolen computer |
19,000 |
|
28-Apr-05 |
Georgia Southern
Univ. |
Hacking |
10s of 1000s |
|
28-Apr-05 |
Wachovia, Bank of
America, |
Dishonest
insiders |
676,000 |
|
PNC Financial
Services Group and Commerce Bancorp |
|
29-Apr-05 |
Oklahoma State
Univ. |
Missing laptop |
37,000 |
|
2-May-05 |
Time Warner |
Lost backup tapes |
600,000 |
|
4-May-05 |
CO. Health
Dept. |
Stolen laptop |
1,600 (families) |
|
5-May-05 |
Purdue Univ. |
Hacking |
11,360 |
|
7-May-05 |
Dept. of Justice |
Stolen laptop |
80,000 |
|
11-May-05 |
Stanford Univ. |
Hacking |
9,900 |
|
12-May-05 |
Hinsdale Central
High School |
Hacking |
2,400 |
|
16-May-05 |
Westborough Bank |
Dishonest insider |
750 |
|
18-May-05 |
Jackson Comm.
College, Michigan |
Hacking |
8,000 |
|
18-May-05 |
Univ. of Iowa |
Hacking |
30,000 |
|
19-May-05 |
Valdosta State Univ., GA |
Hacking |
40,000 |
|
20-May-05 |
Purdue Univ. |
Hacking |
11,000 |
|
26-May-05 |
Duke Univ. |
Hacking |
5,500 |
|
27-May-05 |
Cleveland State
Univ. |
Stolen laptop |
44,420 |
|
28-May-05 |
Merlin Data
Services |
Bogus acct. set
up |
9,000 |
|
30-May-05 |
Motorola |
Computers stolen |
unknown |
|
6-Jun-05 |
CitiFinancial |
Lost backup tapes |
3,900,000 |
|
10-Jun-05 |
Fed. Deposit
Insurance Corp. (FDIC) |
Not disclosed |
6,000 |
|
16-Jun-05 |
CardSystems |
Hacking |
40,000,000 |
|
17-Jun-05 |
Kent State Univ. |
Stolen laptop |
1,400 |
|
18-Jun-05 |
Univ. of Hawaii |
Dishonest Insider |
150,000 |
|
22-Jun-05 |
Eastman Kodak |
Stolen laptop |
5,800 |
|
22-Jun-05 |
East Carolina
Univ. |
Hacking |
250 |
|
25-Jun-05 |
Univ. of CT (UCONN) |
Hacking |
72,000 |
|
28-Jun-05 |
Lucas Cty.
Children Services (OH) |
Exposed by email |
900 |
|
29-Jun-05 |
Bank of America |
Stolen laptop |
18,000 |
|
30-Jun-05 |
Ohio State Univ.
Med. Ctr. |
Stolen laptop |
15,000 |
|
1-Jul-05 |
Univ. of CA, San Diego |
Hacking |
3,300 |
|
6-Jul-05 |
City National
Bank |
Lost backup tapes |
unknown |
|
7-Jul-05 |
Mich. State Univ. |
Hacking |
27,000 |
|
19-Jul-05 |
Univ. of Southern
Calif. (USC) |
Hacking |
270,000 possibly
accessed; “dozens" exposed |
|
21-Jul-05 |
Univ. of
Colorado-Boulder |
Hacking |
42,000 |
|
30-Jul-05 |
San Diego Co.
Employees Retirement Assoc. |
Hacking |
33,000 |
|
30-Jul-05 |
Calif. State
Univ., Dominguez Hills |
Hacking |
9,613 |
|
31-Jul-05 |
Cal Poly-Pomona |
Hacking |
31,077 |
|
2-Aug-05 |
Univ. of Colorado |
Hacking |
36,000 |
|
9-Aug-05 |
Sonoma State
Univ. |
Hacking |
61,709 |
|
10-Aug-05 |
Univ. of North
Texas |
Hacking |
39,000 |
|
17-Aug-05 |
Calif. State
University, Stanislaus |
Hacking |
900 |
|
19-Aug-05 |
Univ. of Colorado |
Hacking |
49,000 |
|
22-Aug-05 |
Air Force |
Hacking |
33,300 |
|
27-Aug-05 |
Univ. of Florida,
Health Sciences Center/ChartOne |
Stolen Laptop |
3,851 |
|
30-Aug-05 |
J.P. Morgan,
Dallas |
Stolen Laptop |
Unknown |
|
30-Aug-05 |
Calif. State
University, Chancellor's Office |
Hacking |
154 |
|
10-Sep-05 |
Kent State Univ. |
Stolen Computers |
100,000 |
|
15-Sep-05 |
Miami Univ. |
Exposed Online |
21,762 |
|
16-Sep-05 |
ChoicePoint |
ID thieves
accessed; misuse of IDs & passwords. |
9,903 |
|
(2nd notice, see 2/15/05 for 145,000) |
|
19-Sep-05 |
Children's Health
Council, San Jose CA |
Stolen backup
tape |
5,000 - 6,000 |
|
TOTAL |
|
|
50,721,749 |
Just to complicate matters even more, many organizations are now
required by laws to keep all of their digital information, including
all electronic e-mails, for five or more years. The obvious burden
is the immediate Information Technology (IT) operations required to
keep all of this digital information secured and backed up while
keeping the vulnerabilities down in an increasingly dangerous
environment.
Meanwhile, numerous laws worldwide have been enacted during the
last several years aimed at holding corporations and organizations
more responsible for protecting the integrity of digital
information. But as we’ve seen from the above, these laws have had
little effect.
Below are the key laws in the United States regarding the
protection of digital information:
|
Region
|
Law |
Digital Information
Implications |
Who's Impacted |
|
US |
The
Sarbanes-Oxley Act (SOX) |
SOX
mandates that organizations ensure the accuracy of financial
information and the reliability of systems that generate it.
Section 404 of SOX requires management to perform an
assessment of internal controls over financial reporting and
obtain attestation from external auditors on an annual
basis. IT systems are inextricably linked with financial
reporting, and information security is essential in ensuring
the reliability of these systems. |
All
companies publicly traded in the United States and regulated
by the Securities and Exchange Commission (SEC), including
US-based companies as well as al | |
