[Vision2020] University of Idaho Security Breach

Sat Mar 10 13:31:45 PST 2007

In part, Debbie wrote:
"I don't see how more legislation will prevent this particular event, could
you explain? There will always be human error. I don't think any reasonable
person would argue against that =)"

I agree that the human error factor will always be in play  :-)  Which is
why I advocate empowerment and strong consumer credit protections of the
kind security freeze laws provide.

To answer your question, while I don't think security freeze legislation
would *prevent* security breaches like those that have happened at the UI
and elsewhere, it would provide individuals with the opportunity to more
effectively prevent identity theft before it happens, particularly when
there are security breaches like those at the UI.

Perhaps you've not had the time to check out the site I provided in my
previous response.  Rather than reinvent the wheel, I hope this will answer
your question far better than I could:
http://tinyurl.com/2t87km

Here's some of the information presented:
"Consumers need additional tools to help prevent identity theft before it
happens. One of the best prevention tools is the security freeze. A security
freeze law lets each consumer decide whether to restrict access to his or
her consumer reporting file and credit score. When a security freeze is in
place, a consumer's credit report and credit score cannot be shared with
potential creditors or other persons considering opening new accounts unless
the consumer decides to unlock the file by contacting a consumer reporting
agency and providing a PIN or password. 

A security freeze can help prevent identity theft. Most businesses will not
issue new credit or provide goods or services for later payment to an
individual without first reviewing his or her credit report or credit score.
If an individual consumer reporting file is frozen and an imposter applies
for credit in that individual's name, a creditor likely would deny the
imposter's application, preventing an instance of identity theft.

Under a security freeze law, people who choose to freeze access to their
consumer reporting files may temporarily lift the freeze when they want to
use their own credit files. When a consumer places the freeze, the consumer
reporting agency issues a unique PIN to the consumer that can be used to
"thaw" or lift the security freeze for a particular entity or for a
designated period of time."

When there are security breaches by third parties of my confidential
information, I want -- indeed, I deserve -- the ability to freeze *my*
credit rather than simply put a "fraud alert" on my file, which while better
than nothing, really provides very little prevention protection.  Why
shouldn't we have the ability to shut the barn door before the horse
escapes???

If any of you know someone who has been the victim of identity theft as I
unfortunately do, it's really a no brainer to understand why we need the
kind of strong identity theft prevention protection security freeze laws
provide.

Over half of the states plus the District of Columbia have seen the wisdom
of enacting security freeze legislation, and I think Idaho citizens deserve
the same protection.

HTH,
Saundra Lund
Moscow, ID

The only thing necessary for the triumph of evil is for good people to do
nothing.
- Edmund Burke

***** Original material contained herein is Copyright 2006 through life plus
70 years, Saundra Lund.  Do not copy, forward, excerpt, or reproduce outside
the Vision 2020 forum without the express written permission of the
author.*****

-----Original Message-----
From: Debbie Gray [mailto:graylex at yahoo.com] 
Sent: Saturday, March 10, 2007 12:57 PM
To: Saundra Lund; 'Tom Hansen'; 'vision2020'; 'Rose & Don Huskey'
Subject: RE: [Vision2020] University of Idaho Security Breach

I don't recall saying it was 'ok' that the security
breach happened. I am not thrilled with it but that
doesn't make me run around willy nilly calling for
heads to roll as Tom Hansen is. 

My point when I brought up Citibank/Chase was that
their kind of security breaches are more likely
because someone is intentionally trying to hack in and
get information. The latest breach at the UI seems
more like a big human oops, not that someone had
hacked in and downloaded all of our SSN, etc. There
are lots of procedures/policies in place when working
with sensitive survey data, personal data, etc.
already but, unfortunately, that can't ENSURE there
will be 100% security.

I am not a security expert so I can't address what is
being done and what still needs to be done at the UI.
I don't see how more legislation will prevent this
particular event, could you explain? There will always
be human error. I don't think any reasonable person
would argue against that =)

So YES I am concerned, YES I think this will spur more
policies and procedures at the UI, NO I don't think
that will necessarily solve anything 100%  and NO I
don't think administrative heads should roll.

debbie gray
Debbie