Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Your Data is Leaking

Created: 21 May 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:49:23 GMT
Yazan Gable's picture
0 0 Votes
Login to vote

Skimming is quite the threat to your credit card security. But everyday some of your personal information is leaked out to potentiallymalicious people without the help of skimmers. This personalinformation may be used to aid in identity theft attacks. Where doesthis information come from, and how is it leaking? Every bit ofpersonal information that we give out is stored in a databasesomewhere.

Have you ever been asked for your zip or postal code when shoppingat your favorite retail store? Have you ever registered as a regularshopper at your favorite Webstore? I know I have, and it’s little bitsof information like that, often asked for on a whim, stored in a widerange of databases, which could add up to identity theft. Not onlythat, but many of these organizations store bank and credit cardinformation, names, birth dates, and even drivers license numbers aswell.

All of the information collected about us is stored in databases.Hundreds of potentially insecure databases containing our informationmake prime targets for attackers. If an attacker can get into one ofthese databases, they could get enough data to steal our credit cardinformation or our entire identity. It happens often.

Recently, an online vendor asked ”Why us?“ when their databasecontaining credit cards and identity-related information wascompromised and the information was used to commit fraud. The answer issimple. If there is an insecure database with information that may aidin fraud, it will get compromised sooner or later. The real question iswhy would these retail outlets and Web stores store our information atall? They don’t need to because every time we shop there we bringourselves and our credit cards with us, don’t we?

But attackers breaking into insecure databases, which accounted foronly 13% of all reported breaches in the last half of 2006, isn’t eventhe worst of it. During the same period, 28% of all breaches toidentity-theft-related data were due to insecure policies. That is,organizations simply posted people’s personal information on publicwebsites or something similar.

So, you have to ask yourself who should you be keeping a closer eyeon, the skimmers or the big legitimate organizations that storeinformation about us? There are some things you can do to protectyourself, though. If you are ever asked to give information aboutyourself, don’t blindly give it out, but first ask why they need it. Ifthey don’t have a very compelling reason to be asking you for yourdata, then refuse to give it to them. Also, if you’re shopping online,refuse to set up an account at your favorite Web store. Often Webstores will ask you to set up an account or give you the option toproceed with an order without creating one. By refusing to create anaccount, it is less likely that your personal information will bestored in their potentially insecure databases. Also, watch your creditcard bills and bank account activity closely and report anything out ofthe ordinary immediately. Finally, take a look at your credit rating ona regular basis to catch any potential loans that slipped through thecracks.