Data Breaches

Image depicting computer code

Time-N-Time-Again, I’ve written about the importance of safe-guarding information.

Whether it’s personal information, or information about a company or internal company information, and of course, legal information (regarding the legal firm in NY that was breached).

But here we are discussing this topic once again.

By now, the entire world knows about the data breach at National Public Data. A schlock company that supplied information about every individual in the US and many other parts of the world.

While National Public Data did not disclose the breach, it was only a matter of time before someone would be notified by an identity theft company that there information was now for sale on a forum in the TORisphere of private data for sale.

That one person just happened to be from California, where there are stricter laws regarding personal information. This is turn led to a class action lawsuit in Florida where the company National Public Data is located. It also led to many other lawsuits being filed against National Public Data and rightfully so.

The estimation of 2.7 billion individual records is what was touted by the seller for $3.5 million dollars.

While there are an estimated 330 million people living in the United States; it was later learned that as part of the trove of information, many of the records are duplicate (i.e. same person might have 50 records that are the same, but their physical address is different.) There are also a lot of records for people that have died, some, decades ago.

What makes this breach worse that many of the others is the fact that the information was stored in unencrypted text files. It’s what used to be called a “flat file” system. Not only were these text files open for the world to see, meaning there was no security in place to even remotely try to keep this information private.

And for the cherry-on-top, there was a zip file of the company operations stored on another web site, also wide open for the world to see.

The simple bottom line for this company is they need to be sued out of existence and anyone with even the slightest amount of stake in this or any of its affiliates, needs to be bared from ever possessing personal information about anyone for any reason in the future.