Tuesday, June 21, 2005

Largest Security Breach Ever Revealed: 295 million identities stolen!

Picture credit: http://www.howstuffworks.com
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThe largest case of identity theft in United States history was reported late yesterday. A conglomerate of large retailers revealed that their wide-ranging consumer databases had been compromised and that all 295,734,134 residents of the United States have had their identities stolen.

Conglomerate security coordinator Rich Batch stated, "We are still in the process of discovering the nature of the security breach and adding protective measures to prevent this sort of thing from ever occurring again. However, our investigators have discovered that the records of nearly three hundred million U.S. residents have been copied from our systems to external parties."

Batch went on to describe the fact that social-security numbers, names, addresses, dates-of-birth, credit scores, and a variety of other sensitive fields had been stolen.

Investigators found that the criminal activities had begun in 2003 and were accidentally discovered when a custodian tripped over a power cord. One of the major bastion servers became unplugged, at which point an unknown person called the data-center. Speaking in a heavy Russian accent, the caller claimed to be the CIO of the organization and demanded that the bastion server "be plugged back into wall, damn you, we are doing much business important work with computer." The custodian became suspicious of the caller and alerted the organization's security staff.

Reacting swiftly to a swath of fraudulent transactions sweeping the country, the Department of Homeland Security issued the following statement late yesterday:

Effective September 1, 2005, your old social-security number will be shifted to a randomly selected social-security number (SSN). You will be notified of your new SSN on September 1 and all government systems will be updated on that day to reflect the changes.

We foresee this becoming an annual anti-fraud effort, given the rampant insecurity of many companies that handle SSNs.

Continued on page A12

p.s., This is, quite obviously, satire. But it would be nice to have DHS coordinate a serious attempt to curtail the conventional approaches to identity theft.

Update: Bruce Schneier weighs in with his take on the CardSystems disclosure. Read the whole thing.


No comments: