Comments on: Stolen: Google employees' personal data

Names, addresses, and Social Security numbers of pre-2006 staffers were taken from offices of Colt Express Outsourcing Services.

[inachu]

We can use that new Law in Texas:
* Lawsuit says every repair technician in Texas must have private investigator's license
* Licenses are obtained with criminal justice degree or 3 year apprenticeship
* Violators can face up to a 4K fine and 1 year in jail

[ChecksAndBalances]

I've identified at least 6 clients affected by the Colt Express burglary on PogoWasRight.org: CNet, Google, Ebara Technologies, former Avant! employees, Punahou School District, and bebe stores, and there are probably more that we'll find in time.. Some of the clients, like Google, were no longer doing business with Colt but their unencrypted employee and dependent info was still on computers in the office that Colt reports were "password-protected."

[hawkeyeaz1]

No encryption? Again, people ask "WHY?" It truly isn't that hard or expensive to implement, and it saves a lot of trouble and money.

[Get_Bent]

"Google is not currently using Colt's services and had made this decision long before this incident." This begs the question: If Google hasn't been using Colt Express Outsourcing Services for a while now, then why was Colt still hanging on to Google's employee data? Shouldn't Colt have turned it over to Google and deleted their copy? They had no business retaining this data from a former client. At the very least, Colt should have exported the data, encrypted it, stored it off site (in a secure facility), and purged it from the active database.

[Imalittleteapot]

Encryption is simply not going to work. The problem is too many people have access to your information to begin with, and all it takes is one person to forget to use it. That is why it will never work. We're never going to be able to protect everyone's identity like that. We need new laws and technology to make it impossible to use someone's identity even if they have your information. Are you telling me there's only one level of security? Nobody bothers to check or validate after that? Simply knowing my information should not be enough to use it. There needs to be more layers of security after that. You shouldn't be able to use my identity or open any accounts with my financial information unless my own bank down the street, where everyone KNOWS ME, APPROVES IT by me going in with my ID saying yes I approve it. They could charge me an approval fee. They could charge small fees to approve new credit cards, loans, or accounts in my name even if the account itself is at another bank. It would even be profitable to do it this way. What is the problem? Even if someone did take a fake ID into my bank, at least it is probably a local criminal that is more likely to get caught than if they can use my name from the other side of the globe. Just have a database where you can link my SN with the ONE bank you need to get approval from to use my identity. Then they can say hey, yeah I'll give you a credit card or whatever, but you have to head down to your bank to activate it. Then we'll call them and make sure we got that approval. If they don't get that approval. Too bad. It shouldn't count against me. They take the loss. If someone does become a victim of identity theft anyway, they should be given a new legal identity and SN straight away. Even if their information has simply been stolen and not used yet. Let the companies that aren't checking credentials correctly take the fall.

[blabtech]

When a company like Google can't keep their data secure, then it's a true problem.. I agree with the last post about how too many people have access to data to start with too..

http:://blabtech.blogspot.com

[jjcompliant]

this careless storage of people id needs to stop this is not going to happen until lawsuites and big payment settlements start to happening. corporation do not practice guardin and preventing lost they go until they have to pay and pay big time then they start lost prevention this is a bigger problem now that corporation have farm out to call centers all over the world india, central america, sudiaribia, all these call centers have your private info when you call for help, information how do these corporation protect your data in a foreign country when everything has a price and is sold easily?????

yes i agree with lamlittleteapot we give out our private info to readily to companies we need to start being more active in guarding our info

[cporpheus]

Any company dealing with sensitive information must use encryption, period. I recently lost my USB flash drive with all of my passwords in an encrypted file with a 63 character password and I feel perfectly safe.

[dannythorpe]

Original post: http://dannythorpe.com/2008/07/01/google-employee-records-stolen-in-colt-break-in/

[mojojam]

Do SSN's expire after 1 year? It should be a mandatory minimum 10 year credit watch. It should also be a Federal crime to maintain sensitive information and not have it encrypted. That would spur companies to make their data more secure from theft.