Ephemerallaw: Drawing the Wrong Lessons from a Breach

Thursday, August 7, 2008

Drawing the Wrong Lessons from a Breach

The other day, I was listening to the radio, and a commentator said that the most significant harm that could come from a major breach like the TJX breach was not identity theft, but was actually people losing faith in doing business over the internet. Frankly, I'm not sure he was right, given that identity theft is a major problem for consumers. However, while it might not be the biggest harm from a breach, losing faith in doing business over the internet would be an inappropriate response to a breach like that at TJX for the simple reason that the internet had nothing to do with that breach. Instead, the hackers found stores which had unsecure wireless connections, used them to install malicious software on the TJX corporate network, then used the software to harvest credit cards from TJX's systems. The internet didn't come into play until after the cards were stolen and the thieves needed to sell them. While avoiding doing business over the internet might avoid some types of risks (particularly phishing scams), it would have no effect whatsoever on a consumer's risk of being affected by a breach such as took place at TJX.

1 comment:

John Taylor said...: William,
Again, tbank you for pointing that out. I encounter a lot of misinformation and of course misunderstanding of what identity theft is. There are so many forms of this crime that I have to catagorize them into 5 major types in order to show the breadth of the set of crimes we call identity theft.
1. Financial
2. SSN
3. Chatacter and criminal
4. Drivers' license
5. Medical
Within each type as you know there are myriad subtypes of methods and schemes. Then there is re-aggregation of data where the stuff is sold piecemeal and resold. Most of the press goes to financial ID theft for a couple of reasons I believe. First, even though financial ID theft only accounts for about 30% of the reported cases it is the single largest category simply because of the immediate payout to the thieves. Secondly, I truly think the proliferation of "solutions" oriented products heavily advertized by private sellers and banks lead to public into a false sense of the crime and how to protect from it. I ran into a guy recently who told me flat out that since he signed up with "Liplock" they can prevent him from ever becoming a victim of ID theft. That is not an uncommon feeling.
Thanks for what you do.

John; August 8, 2008 at 8:21 AM

Post a Comment

Privacy Statement

The authors value the privacy of their blog viewers. This site does not currently collect personal identifying information ("PID"), except: (1) to the extent that your browser provides PID, like your e-mail address or the site you linked from, to this site's server; (2) to the extent that you provide PID to this site in an e-mail; and (3) to the extent that you provide PID to this site in a CGI form (for example, when you complete a search request on this site’s “Search this Site” search feature. Your PID will be used only for the specific purpose for which you submitted the PID, except that it may be used in an aggregated form to gauge the popularity of this site. "Cookies" are pieces of information that some web sites transfer to the computer that is browsing that web site, and are used for record-keeping purposes at many web sites. Use of Cookies performs certain functions such as saving your passwords, lists of potential purchases, and your personal preferences regarding your use of the particular web site. This site uses Cookies to gather anonymous traffic data. Your browser is probably set to accept Cookies. However, if you would prefer not to receive Cookies, you can alter the configuration of your browser to refuse Cookies. This site contains links to other sites. The authors and their employers do not share your personal information with those sites and are not responsible for their privacy policies. We encourage you to learn about the privacy policies of those entities. Children under 13 years old are not the target audience of this site. To protect their privacy, the authors prohibit the solicitation of personal information from these children. The authors reserve the right to change this Privacy Policy at any time by posting a new privacy policy at this location. You can e-mail any further questions to wmorriss@fbtlaw.com.

Disclaimer

This site is provided for informational purposes only. The views expressed herein are solely those of the authors and should not be attributed to their employer or their clients. These materials do not constitute legal advice and do not create an attorney-client relationship between you and us. Please note that you are not considered a client until you have signed a retainer agreement and your case has been accepted by us. This site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Got it? THIS SITE IS "AS IS." WE MAKE NO REPRESENTATIONS AS TO THE ACCURACY, TIMELINESS OR COMPLETENESS OF THE STUFF HERE AND YOU SHOULD NOT RELY UPON IT. USE AT YOUR OWN RISK. WE EXPRESSLY DISCLAIM ALL WARRANTIES. This may be an advertisement. Your mileage may vary. Past performance does not guarantee future returns. Do not run with scissors. NOTE: This disclaimer is largely taken from the established and extremely well written blog Patent Baristas.

Ephemerallaw

Thursday, August 7, 2008

Drawing the Wrong Lessons from a Breach

1 comment:

Useful Resources

Blog Archive

Contributors

Other Sites

Privacy Statement

Disclaimer