Data insecurity

May 25, 2006

The first widely reported misuse of a Social Security number - likely out of ignorance, not criminality - involved a Woolworth employee's number. In 1938, her boss reportedly inserted a replica Social Security card with her number in wallets sold by the chain to show how it fit. The card was marked as "specimen," but almost 6,000 people ended up using that same number.

Even then, it's likely that no one foresaw the extent to which Social Security numbers could be misused. But who doesn't know now that getting hold of someone's name and number has become a much easier path to a potentially lucrative theft than, say, trying to break into that person's house?

Ultimately, that's what is so unfathomable about the theft of a laptop - bearing the Social Security numbers of 26.5 million veterans - from the Maryland home of a federal Department of Veterans Affairs data analyst: not the petty break-in itself, or the unforgivable breach of security in taking such data home, but that the military and Medicare still use Social Security numbers as identifiers.

At a time when many states (Maryland included), private companies and even some other federal agencies limit their use of Social Security numbers because of very real concerns about security, that's just irresponsible. Add three other jaw-droppers:

The VA's inspector general reportedly has been warning the agency since 2001 about its inadequate data protections.

It turns out that the VA didn't tell the Justice Department about the theft until more than two weeks after it took place.

On Monday, the same day the VA disclosed the theft of the laptop, Attorney General Alberto R. Gonzales led a meeting of President Bush's new Identity Theft Task Force.

All this goes to show that while task forces and policies are necessary - the VA has data protection rules - enforcement is what counts. About 9 million people a year are victims of identity theft, costing each an average of about $6,400. It's amazing the number of victims isn't higher: Just since February 2005, there have been dozens of public and private data breaches across the country involving about 82 million accounts of one kind or another.

And while identity theft had been most commonly associated with criminals rummaging through trash - or more glamorously with high-tech computer hackers - it seems that more and more cases involve stolen laptops. Basically, there is no way that laptops with private data should ever leave secure areas; simple but thorough dedication to such controls would solve this major source of data thefts.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.