Tuesday, January 14, 2014

Maricopa Community Colleges: An "insecure" letter...

Got a letter the other day and it said this...

"On October 19th, 2013 we determined that your information including: your name, address, phone number, e-mail address, Social Security number, date of birth, certain demographical information and enrollment, academic and financial aid information may have been accessed without authorization.  The system did not contain credit card information or personal health information."

Oh, well that's a relief, at least they didn't get the credit cards...Oh wait, did I shop at Target last month?

The Maricopa Community College District (MCCD) is the largest community college district in the state of Arizona and one of the largest in the nation serving  over 200,000 students every year. 

I signed up for a class with them once.  I know I applied for employment on more than one occasion as well.   Why anyone needed an SSN or Date of Birth for either considering I was never employed or completed that class is a mystery.

There's other far less personal information that can identify a person and cause far less damage if compromised.  Ahh, but I forgot, in the post 911 era we're expected to lay ourselves bare trusting that the recipients of our most personal of information will be good stewards.  Of course, all in the name of security.

Which makes it ironic that "security" is the very thing that's failed us.

They didn't get the credit card information... Who cares!  Whomever benefitted from this "info-heist" now has enough information to create scores of false identities and cause irreparable harm to the victims of the breach.

People get a bit too cavalier about their personal information sometimes.  I live in Arizona and around the time I was getting my first driver's license, the state actually encouraged motorists to use their SSN as their driver's license number.  Of course that was back in the day when credit card numbers were stolen off discarded carbon paper not the Internet.

People are admonished to carefully control access to their private information but increasingly we're asked to give that responsibility over to private and public institutions that aren't worthy of that trust.

It needs to stop.  Along with credit checks on job applications and the requirement to give your SSN for anything but obtaining a loan or starting, not applying for,  a new job.  In those cases at least you know the chain of custody of your information.

It's your PERSONAL information and you shouldn't be ostracized for protecting it.  Especially when those demanding it obviously can't be trusted to keep it safe. 

Support measures like Senator Elizabeth Warren's "Equal Employment for All Act" that blocks the requirement for credit reports on job applications.  That measure would also prevent the haphazard collection of SSN's and other personal information as well.