Tuesday, December 12, 2006

Incident: UCLA database with 800K SSNs hacked

I stopped reporting on information breaches some time ago as they have become too routine. But this one bears commenting upon:

It appears that a database at UCLA containing over eight hundred thousand social security numbers has been hacked. Repeatedly. For over a year. What is most remarkable about this is that a large portion the affected individuals have never been students or employees of the university. Many simply applied for admission, in some cases years before.

Repeat after me: Only collect the information you need (actually, really need) and then only keep it for as long as you actually, really need it.

Personal information is like an underground oil tank. If you need one, they're good to have. Heck, if you need two, have two. But oil tanks are inherently risky. If you don't need an oil tank, for goodness' sake don't put one on your property. If you no longer need it, get rid of it. If you just leave it on your property, the risks leaks (and the ensuing cleanup cost) is too high. It doesn't matter if oil tanks and personal information appear free.

See: Boing Boing: Major identity leak: UCLA database with 800K SSNs hacked

No comments: