Though identity
theft and fraud are prevalent crimes in our society, many institutions that
handle sensitive personal information are still only operating with the bare
minimum of security measures. The Federal Trade Commission’s (FTC) Red Flags Rule, to be implemented on November 1, 2009, hopes to bring
a new level of security standardization to industries across America. But in
the meantime, identities are still at risk.
An article from the Charlotte Observer provides an excellent example. The Carolina Mammography Registry,
a 14-year-long compilation and analysis project conducted by the University of
North Carolina at Chapel Hill (UNC) and sponsored by a multi-million dollar
grant from the National Institute of Health (NIH) has recently discovered a
hack penetrating one of its two primary data housing servers. The hack is
thought to have exposed more than 163,000 Social Security numbers. What’s worse, the hack is suspected to have happened more
than two years ago!
After two months of investigation by UNC officials, it’s
still unclear what happened. No evidence has been found detailing the hacker,
where the data went, or even if it was downloaded. But, they did uncover
viruses dating back to 2007, suggesting to investigators that the information
contained on the server has been compromised for at least two years.
Matthew Mauro, UNC Department of Radiology Chairman, explains,
“The compromised server had all required security measures.” However, no
information was given in the article about how regularly these required
security measures were updated, or if they were updated at all from the time at
which they initially met requirements. Hopefully, the Red Flags Rule will see
systems like this updated to current levels of security compliance to help
prevent the fraud that results from this type of identity theft.