Jan 19 2008
Dan Goodin was at the Fortify documentary earlier this week and draws some of the same conclusions I do about the loss of JC Penney’s customer data. And more importantly, he actually knows the names of the players, something I’m terrible at remembering.
NotEnough commented on my earlier post that GE Money is offering a year’s credit monitoring for those affected, which he says is not long enough. He’s specifically talking about SSN’s, which don’t have a expiration date, can be set aside for a year or two and used to commit identity fraud when no one’s actively looking for that data set anymore. This is part of why statistical correlation between a specific breach and identity theft is so hard. I’d like to see if anyone has done an academic survey of the difference in level of identity theft in populations that have been victims of a breach and the general population, specifically over the long term.
It’s becoming more obvious to me that despite many companies best efforts, my data is going to be at risk at some point in my lifetime. That feels cynical, but as a security professional, I know it’s just realistic. There are too many places that my data is being stored, too many connections being made, too many possible points of failure in the systems. I’ve never been a big fan of paying a monthly fee to make sure my credit is safe, but given that my information may already be a commodity somewhere in cyberspace (or Russia), a small inconvenience and a few dollars a month might not be a bad price to pay for peace of mind. Corporate America obviously can’t keep my data and credit safe, so it’s up to me to take steps of my own.
Rich Mogull recently switched to Debix and I’ll get him to talk about why and what they offer on the next podcast. At this point, I’m not even sure what the proper questions are to ask when choosing a credit protection service, but I’m sure Rich’ll help me understand. I already know I’m not going to choose LifeLock, but I am interested in knowing what other solutions are out there. I want something I can live with long term, especially since the problem isn’t going to go away any time soon.