Title: How to Steal 80,000 Identities in One Day
Post by: don on February 27, 2007, 11:08:07 AM
Very interesting read. This could be a great way to test your disaster recovery plan with or without the knowledge of your CEO... although I don't recommend the latter.
Authorís Note: How do you get the attention of the executives at your company if you feel the security systems are lacking? Fake a news article on a huge break in, and place it on the CEOís desk. We were asked to create such a story, and wanted to share it with you as a case study as to just how someone could Steal 80,000 Identities in One Day.
April 1st started like any other for Acme Medical Services. Patients were calling in to cancel appointments due to scheduling conflicts, staff members were alerting their managers that they couldn't come into work because they were sick, and the IT department was busy with their normal morning routine. From the perspective of Acme, all appeared normal.
However, by April 3rd, Acme's situation would be anything but normal. Administrative staff would be busy informing patients their personal data was stolen, managers would be calling their health care professionals to tell them to stay home because the offices were closed until further notice, and the IT department would be busy trying to figure out just how they had lost control of the personal information of over 80,000 of their clients. Life at Acme would be anything but normal.
For full story:
Title: Re: How to Steal 80,000 Identities in One Day
Post by: oleDB on February 27, 2007, 12:56:08 PM
I'm pretty confident most bureaucratic companies would spend their time trying to lynch what individual/team wrote the story instead of actually "getting it"
We attempted something similar to that at my company and the report and story were buried never to see the light of day. :(