Magazine article Information Today

Once More Unto the Breach

Magazine article Information Today

Once More Unto the Breach

Article excerpt

Over the summer, I went in search of the website for the company that makes a rather obscure hair care product I have come to cherish. When I found it, I discovered there was a buy-one-get-the-second-for-half-price sale going on. Of course I could not pass this up, so I ordered directly from the company website rather than the third-party online retailer where I usually buy this stuff.

This past week, I received a dead-tree, snail mail letter from this company that began with "Regrettably" and went on to explain that the company "was the victim of an illegal data security attack by sophisticated criminals" who "viewed or obtained" information "including your first and last name, credit card number, credit card security code and expiration date, billing address, e-mail address, and phone number."

Here we go again.

A couple years ago, I received a similar letter from my health insurance company ... except in that instance, the explanation for the data breach was not "sophisticated criminals" but rather some brain-dead employee who left a hard drive full of customers' personal info in a rental car that was subsequently broken into and looted. Hey, sh*t happens, but I'm not real sure why there was a need for a free-floating hard drive full of customer information in the first place.

I realize I'm far from the only data breach victim and that it happens again and again to millions of people. The Privacy Rights Clearinghouse maintains a continually updated Chronology of Data Breaches ( that meticulously catalogs these incidents and makes the information available to slice and dice via a database. As of Nov. 4, 2013, according to the website, 617,055,804 personal data records had been compromised, "from 3,986 DATA BREACHES made public since 2005."

Obviously, since this happens repeatedly, there must be a lucrative market for this sort of information. Or not.

According to Brian Krebs, a journalist specializing in security issues, your personal data isn't worth all that much ( 2012/12/exploring-the-market-for-stolen-passwords). Basically, usernames and passwords to accounts from various online retailers sell for just $2 each, with logins for services such as and going for about $5, "no doubt to enable fraudulent reshipping schemes." Krebs found one bulk seller of stolen information offering 6GB of personal data for $150.

Meanwhile, according to the "2013 Cost of Data Breach Study: Global Analysis" by the Ponemon Institute ( info/whitepaper/053013_GL_NA_ WP_Ponemon-2013-Cost-of-a-Data Breach-Report_daiNA_cta72382.pdf), "the average per capita cost" of a data breach for a U.S. company is $188. This includes "engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services." The report puts the "average total organizational cost of data breach" in the U.S. at $5,403,644.

It seems to me that the big winners in any sizeable data breach situation are the "forensic experts," the companies providing "hotline support," and the purveyors of credit-monitoring services.

It's hard to come up with anything original about the whole National Security Agency (NSA)/internet spying thing, even as the Snowden revelations keep oozing out--much the way the infamous Nixon White House Tapes evolved into The Gift That Keeps on Giving. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.