Today was a very interesting day for me personally. While at work, I read an article on the WSPA website about the one of the State Government's Agency being hacked. After reading further in amazement I realize that this attack had a real affect on myself and my wife's lives and I began to get angry.
Almost every day I hear and read about a website, company, or agency that has become a victim of some cyber attack or internal security breach that has left hundreds, thousands or more people vulnerable and essentially hanging in the wind. This attack that happened today was fairly "normal" in the fact that the hacker was able to gain access and get the records of about 3.6 million tax payers. This information included SSN's. The state is offering the obligatory one (1) year credit and identity theft protection at zero cost. This is NOT enough! Sure financial damage may be attempted within that first year; however, all the thief need do is wait until the year of free coverage is over and then begin using the stolen information to commit identity theft and credit damage. Working as a Server Administrator I can understand how that breaches do happen more than any of us in the IT field would like to admit. However, when I watched the new conference and find out that the only a portion of the information was actually encrypted, and the SSN's were not encrypted at all, I begin to see "red" and can only ask myself why in the world would the one number that's so important to the citizens of this country/state be completely unencrypted ANYWHERE? I just see this a catastrophic failure in the system that we as taxpayers not only trust but fund.
Let me put it to you like this. I own a fire arms. Now, if I use the above mentioned situation as a guide, I would simply put my fire arms anywhere within the locked "secured" walls of my house. Much like the server the information was stored on. However, if someone was to...I don't know kick the door down of sneak in one day when I am out checking the mail or walking the dog I would be in some serious trouble. In order to minimize this threat, I keep them in safes which isn't completely 100% fool proof but it does add another layer of protection which is what total and complete encryption of this data would have been.
I just expect more of our government. I honestly feel like there is no amount of money that should be spent on protection of private information. No days, protection of electronic data from cyber attacks is almost as important as protection from physical threats. I expect better of our government!