How genealogy data can lead to identity theft

in ,

HiRes

Irish Data Protection Commissioner Billy Hawkes has stepped in to have a database of civil registration records removed from the website IrishGenealogy.ie. The problem is that the database contains information on living persons which is often used for identity verification.

That would include things like mother’s maiden name and birth date. While these are public records, previously they had required payment of a fee, and it was not easily searchable on-line.

Of course, in the era of social media, these kinds of authenticators should have been disposed of long ago. Too many of them can be easily discovered by looking through Facebook accounts and the like.

This case also highlights the troubling nature of public records. In the past records were public in the sense that anyone could go to a government building and access the paper records. They could not be easily be searched as a whole, and the entirety of the records pulled into a private database. This is a kind of security by obscurity, but a useful one. With Internet records, many people are not comfortable with just how public much of this information is. The old inconvenience placed a low but real barrier to data access, effectively insuring that it was only done for specific people and for specific purposes. It is not at all clear how to get that without loosing all the advantages of Internet accessibility.

Personal details removed from site over ‘identity theft’ concerns

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

What you need to know about credit protection services.

in

Shreds and Social Security Are Credit Monitoring Services Worth It? — Krebs on Security

Brian Krebs has written an excellent discussion and analysis of credit monitoring / credit protection services, and some steps you need to take to protect yourself. You should read it.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

The Privacy Blog Podcast - Ep. 13: Adobe, Russia, the EU, Experian, Google, Silk Road, and Browser Fingerprinting

in , , , , , ,

Welcome to episode 13 of our podcast for September, 2013.In this episode I will talk about: A major security breach at Adobe How airplane mode can make your iPhone vulnerable to theft Russian plans to spy on visitors and athletes at the winter Olympics Whether you should move your cloud storage to the EU to avoid surveillance Identity thieves buying your personal information from information brokers and credit bureaus How to stop google using your picture in its ads Why carelessness lead to the capture of the operator of the Silk Road And how Browser Fingerprinting allows websites to track you without cookies.

Please let me know what you think, and leave suggestions for future content, in the comments.

ID Theft service had access to 3 giant data brokers

in

Krebs on Security discovered that a major identity theft service populated its databases by raiding the vaults of three of the biggest personal information brokers, including LexisNexis, Dun & Bradstreet, and Kroll Background which does employment background, drug, and health screening.

This is very bad news. The stolen data includes SSN, birthdays, and the answers to almost any security question your bank or other sensitive website might ask.

This is further evidence of my thesis that: if the data exists, it will eventually get out.

Stolen Credit Card website hacked

in , , , , ,

Vendor of Stolen Bank Cards Hacked — Krebs on Security Brian Krebs has an interesting blog post on how all of the credit card information was stolen by a hacker from a website that sells stolen credit cards.

This is in the "don't know whether to laugh or cry" department.