Data leaks keep right on happening at what must be some sort of record setting pace. Those we tend to trust to protect us fail to protect themselves, which leads to the obvious conclusion that no one is safe when those we trust are incompetent at best.
According Mercury News, the Kaiser Permanente suffered a data breach exposing the private information about over 29,000 employees. The database breach occurred sometime prior to December 23, 2008.
The leak become known when police arrested a California resident and confiscated a computer. After inspecting data in the computer police found a file containing private details of Kaiser employees, including social security numbers. Kaiser is reportedly still trying to figure out how the data was obtained.
In other data leak news, major security solution provider Kaspersky is now suffering embarrassment and facing what might become a huge customer backlash. According to The Register, an anonymous hacker posted lengthy details of a SQL injection exploit used to gain unfettered access to customer details including "users, activation codes, lists of bugs, admins, shop, etc."
Kaspersky isn't alone though. The same hacker also cracked security at one of BitDefender's partner sites in Portugal. The hacker was able to gain access to user accounts and customer information. Several screenshots point out the ramifications.
Not to be outdone by lack of common sense by security vendors, even a US congressman got into the act. You've probably heard of Twitter - that social networking site where people air out far too much information about themselves by posting short snippets (called 'tweets') throughout a given a day. That info (much of which turns out to be entirely egocentric) often includes what a person is doing at any particular moment in time.
According to CNET, House Minority Leader John Boehner was leading a delegation destined to visit Iraq. That trip was supposed to be 'secret'. However, upon landing in Iraq, Michigan state Representative Peter Hoekstra - a delegation member - immediately hopped on the local wireless network and posted a tweet stating that, "Just landed in Baghdad. I believe it may be first time I've had bb service in Iraq. 11 th trip here."
And while we're reviewing severe lapses of common sense (no shortage of that, eh?), government contractor SRA International - who claims to provide "technology and services to support homeland security, defense, and global health" - suffered virus infiltration into their own networks. According to IDG News, the virus might have allowed intruders to gain access to "employee names, addresses, Social Security numbers, dates of birth and health care provider information" of federal employees. IDG said that according to Securities and Exchange Commission (SEC) filings, SRA lists intelligence agencies, the US Department of Defense, US Department of Homeland Security and the US National Guard among its clients.
In case you missed it there were several oxymorons in that last paragraph.
Feel safe yet?