Tag Archives: data breach

Latest Data Breach Exposes 2.7 Billion Records.  Your Social Security Number Could Be Included.

Posted on by

The number of massive data breaches is accelerating, and your personal information is increasingly at risk of being exposed.  In June it was reported that identity verification company AU10TIX had exposed login credentials online, allowing access to sensitive user data including names, birth dates and drivers licenses.  In July the news broke that hackers had stolen phone numbers, call records and text records of up to 109 million AT&T customers.

But the latest exposure of personal information is one of the largest ever, and one of the most serious.  Back in April hackers claimed that they’d accessed the records of 2.7 billion people kept by a company called National Public Data that serves businesses doing background checks.  This month the hackers offered the complete database on-line, which apparently includes names, dates of birth, Social Security numbers and e-mail addresses.  Having access to this kind of personal information would make it much easier for hackers to access your accounts, steal money from you or assume your identity.

Massive Data Breach that Includes Social Security Numbers May Be Even Worse than Suspected

This is a huge problem, and it’s only going to get worse.  There are some things you can do to protect yourself.  At the end of the LA Times article above, they offer some good suggestions, to which I would add: Don’t give away any of your personal info unless you really need to.  Retailers and on-line services have become more and more aggressive about asking for your info, and most of they time it’s because they plan to share it with someone else.  Don’t give them your data unless you really need to.  Don’t sign up for services you don’t really need. 

Unfortunately, in our surveillance society, there are also companies collecting your data without your knowledge.  Google, Facebook and others have already been busted for this.  Digital outdoor advertising, including billboards and bus stop displays, is also collecting your device data using wireless technology. 

How much money is being lost due to cybercrime?  According to the FBI, in 2023 over $12 billion was taken.  That number is up $2 billion over 2022 and more than triple the amount reported in 2019.  These numbers are expected to grow.  And as data breaches become more frequent and more significant, hackers will have increasing access to personal info, making their job easier than ever.   

This is why we need to start contacting our elected representatives to ask what they’re going to do to protect us.  What’s really needed is legislation at the national level to set standards for companies that handle personal data, followed up with meaningful enforcement when those companies fail to comply.  Many states are passing laws to address this problem, but in most cases the laws are too limited to offer the kind of protection we need. 

We have to start taking this seriously.  If you think you won’t be a victim, think again.  Millions of people have already been hit by hackers.  Real money is being stolen.  Data brokers are collecting your info every day, and many of them don’t do nearly enough to secure the data.  We have to take action.  This has already gotten way out of hand.

LAUSD Student Data Breach: Lots of Hype, Little Oversight

Posted on by
LAUSD Superintendent Alberto Carvalho.

These days government agencies are trying hard to modernize the way they operate by revamping their data management systems.  This is understandable.  Entities that interact with thousands or millions of citizens are trying to offer 21st century efficiency to the people they serve.

The problem is, very few government agencies actually understand the 21st century digital landscape.  Often unelected bureaucrats are making decisions about tech contracts without having any idea whether the vendors can actually deliver what they’re promising.  It’s even worse when politicians get involved, because as we know, politicians sometimes try to steer contracts toward people that have supported them.

So it’s really not surprising to learn that the Los Angeles Unified School District (LAUSD) has had some serious problems handling student data.  In June it was reported that data belonging to LAUSD students had been obtained by a hacker and was being offered for sale on the dark web.  This was related to the massive Snowflake breach, in which customers of AT&T, Live Nation and dozens of other companies had their info exposed.  Then, at the beginning of July, it was reported that a whistleblower had alleged that AllHere, a vendor working with LAUSD, had violated the District’s privacy policies in the course of setting up an on-line information system to serve students and parents.  The icing on the cake is that AllHere seems to have collapsed, and it’s unlikely it will be able to fulfill its contract.

If the whistleblower’s account is accurate, it appears that AllHere promised way more than it could deliver, and LAUSD didn’t vet the company thoroughly enough.  This is actually a fairly common story.  You may remember a few years back when the City of LA was trying to force neighborhood councils to switch to on-line voting.  The City had signed a contract with a company called Everyone Counts, which claimed they were offering a tech breakthrough that would boost citizen engagement.  They also claimed that the personal data submitted by citizens to verify their identity was absolutely secure.  Not surprisingly, Everyone Counts was bought by another company, Votem, which collapsed soon after.  All the hype about on-line voting turned out to be just hype, and no one was ever able to explain what happened to the personal data that citizens had submitted for verification. 

LAUSD Superintendent Alberto Carvalho deserves a good deal of the blame for what’s gone down.  Carvalho spent a lot of time hyping LAUSD’s tech ambitions.  AllHere was supposed to be creating a comprehensive data management system that would allow LAUSD students and parents to find all sorts of information quickly and easily.  The face of the system was an AI chatbot named “Ed”, which appeared as a bright, smiling sun.  Carvalho went on the road telling everybody how great it was going to be.  Check out this video from the ASU+GSV Airshow, where the Superintendent lays out his vision for what “Ed” could do for students and parents.

At the time, it seems that Carvalho thought LAUSD was on the cutting edge of a major breakthrough.  Now it’s clear that he had no idea what he was talking about.  Carvalho is just one of the legions of people who have been hyping so-called Artificial Intelligence without really understanding what it is or what its impacts will be.  At this point nobody really knows how AI will affect the landscape, but there are still lots of people out there making ridiculous statements that have no basis in fact.  As an example, check out this quote from the web page for the ASU+GSV Airshow.

Artificial Intelligence…

Ubiquitous. Invisible. Required for life.

Unfortunately, this kind of idiotic blather is saturating the media.  Why?  Because tech companies want you to buy in to an untested technology that they don’t even understand yet.  It’s not about taking society to the next level.  It’s about conning you into spending your money on something you don’t need.

To be fair, Carvalho is doing a tough job at a time when LAUSD (and school districts across the US) are facing serious challenges.  He probably saw this tech initiative as a rare piece of good news that he could boast about.  And the members of the LAUSD Board also deserve a good deal of blame.  Just last March, the District issued a press release where board members lined up in support of the project. 

This is a serious problem.  Thousands of LAUSD students had their personal data posted for sale on the dark web.  If the whistleblower’s allegations are correct, the problem could be much larger.  Politicians and bureaucrats making decisions about technology need to realize the dangers.  They need to stop believing the hype, and start getting serious about due diligence, or we’ll be seeing a lot more disasters like this one.