Your Data becomes their Data becomes Extortion Attempt
| Sat Nov 08 15:47:00 -0800 2008 | manage |
Another example of databases gone lacking for security. This one involves a prescription writing service that some badguys are trying to extort money from. They threaten to disclose personal customer data unless the company pays up, which they haven't, they have taken it to the feds instead.
St. Louis-based Express Scripts said Thursday that in early October it received a letter that included the names, birth dates, Social Security numbers and, in some cases, prescription data on 75 of its customers. The authors threatened to expose millions of consumer records if the company declined to pay up, Express Scripts said in a statement. ed.z.: Here's a thought..stop giving your social security number out to every dipsquat corporation that asks for it. I say no all the time, just slap refuse. They put up a stink, I say, "give me a written and signed by some officer here indemnification guarantee, that if you lose my data or it is stolen, I am paid x-amount of serious dollars" along those lines. That's *my* data, it ain't *your* data just because you happen to own a hard drive and want something to stick on there because I am hiring you for some service or you are selling me something. Because inevitably the first thing out of their pieholes is how they are "secure" and blah blah and it is their "policy" and nonsense blah blah. Demand they prove that statement with a written indemnification policy, just turn it around on them, talk is cheap, written contracts are what matter.
Every single dad burn company out there claims they are "secure". Uh huh, that's a lot of truthiness..not. Go by a default every single one of them is already compromised, then see how you feel about handing over *your* data that somehow magically becomes *their* data to be lost, stolen, traded, used and abused.
We see these security compromises all the time, and it wouldn't amount to much at all if people stopped handing over everything they are asked for and stuck to their guns past the initial shock period of saying "no" to the clerk/receptionist and they don't know what to do then. Deer in th headlights time when yoiu say no, so you have to nudge them a little, use your best Bene Geserit action. Just be polite, say that "I'm sorry, this isn't necessary, and.." whatever, wing it. (and in a lot of cases it isn't even a legal requirement for the service or product you are trying to get, check with your bartender or barber for more exact legal advice in your jurisdiction..or at least google it) because Social Security is for employment and taxing purposes, and bank account records because they are required by uncah sam, and that's about it. If they squawk, get their manager, or ask to speak to the company lawyer, and demand to see their data security breach indemnification policy. Boy, that gets 'em. Shuts 'em right the heck up, because it don't exist, not as regards YOU anyway, it might exist for some dotgov agency, but that means absolutely nothing to YOU the potential victim. Worked for me any number of times since I started that policy of saying no. I got nailed with ID theft years ago-pre being on the internet at all- and it was a serious PITA getting it cleared up, some of it never was really. Sucks. Since then, I got a new attitude of saying "no" because they will hang you out to dry if they get compromised. And I am unaware of any medical procedure or drug that requires your age down to the exact day for that matter, the nearest year once you are an adult is sufficient.
If you don't care about your data integrity, imagine how much less some other person/corporation cares when you are just some big number in an even larger set of numbers. Oh, they may or may not even inform you if they get pwned, how quaint. Didja catch that little bit in the article about how some "financial services" are paying off the extortionists now? Security is always in layers, and it starts with you.
Posts
No comments:
Post a Comment