[LINK] Fwd: Personal Data of 59,000 People Stolen

Roger Clarke Roger.Clarke at xamax.com.au
Wed Mar 23 12:54:56 EST 2005 

[The following story badly confuses three concepts:
-   masquerade involves presenting as someone you aren't.  It may or
     may not result in harm of some kind
-   identity fraud is presenting as someone you aren't in order to
     commit fraud, typically financial fraud, most commonly charging
     expenditure to a credit card belonging to someone else
-   identity theft is presenting as someone you aren't, consistently and
     for a sufficient period of time that substantial harm is done to the
     person's reputation (typically on credit industry records), such that
     the person has difficulty continuing to use that identity

[The story provides evidence of theft of personal data, an 
implication that it may have been used for masquerade, but no 
evidence whatsoever of identity fraud, far less of identity theft. 
Such lack of scepticism by reporters is very common, highly 
unprofessional, and seriously harmful.

[The ignorance has been perpetrated, and is encouraged, by US 
agencies, and increasingly Australian national security and law 
enforcement agencies.  They are using the myth of rampant identity 
theft as a justification for grossly anti-privacy measures]


>http://story.news.yahoo.com/news?tmpl=story&cid=528&ncid=528&e=1&u=/ap/2
>0050322/ap_on_hi_te/university_hackers
>
>Personal Data of 59,000 People Stolen
>
>Tue Mar 22, 9:08 AM ET   Technology - AP
>
>CHICO, Calif. - Hackers gained personal information of 59,000 people
>affiliated with a California university - the latest in a string of
>high-profile cases of identity theft.
>
>California State University, Chico spokesman Joe Wills said nearly all
>the current, former and prospective students, faculty and staff who were
>affected have been notified of the theft, which happened about three
>weeks ago. Hackers gained access to the victims' names and Social
>Security (news - web sites) numbers.
>
>"We still have no indication that the information was used for anything
>other than somebody wanting to have illegal access to this server,"
>Wills said. "Typically, on a college campus that can be to download
>files, music and games. There's still no indication they were looking to
>take personal information."
>
>The university discovered the attacks during routine monitoring of its
>networks. The investigation revealed that hackers installed software to
>store files on the system and tried to break into other computers.
>
>Identity theft is considered the nation's fastest-growing crime and last
>year more than 9.9 million Americans were victims.
>
>Earlier this year, 145,000 people were exposed by a breach at
>ChoicePoint Inc., which collects consumer data. At DSW Shoe Warehouse,
>officials acknowledged stolen credit information at 103 of its 175
>stores.
>
>The information service, Lexis-Nexis, has also admitted hackers gained
>access to personal information of 32,000 of its customers.
>
>Other university systems have been targeted as well.
>
>Last April, hackers broke into the computer system of the University of
>California, San Diego, compromising confidential information on about
>380,000 students, teachers, employees, alumni and applicants.

-- 
Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                 Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au            http://www.xamax.com.au/

Visiting Professor in the Baker Cyberspace Law & Policy Centre, UNSW
Visiting Professor in the eCommerce Program, University of Hong Kong
Visiting Fellow in Computer Science,  Australian National University

More information about the Link mailing list