I just got an e-mail from UCLA notifying me that I might be one of the 800,000 or so people whose personal data was compromised in a major data security breach.
Oddly, I'm not a UCLA alumnus nor have I ever worked for them. I took a night class there in 1997. Yeah, one night class, 9 years ago, and now my personal information could be in the hands of some Russian mafioso.
Funny thing is that the class was on TV screenwriting and wouldn't this make an interesting TV movie? The heroic network security guy at UCLA who uncovers this, the intrepid FBI agent who tracks down the hackers, the evil Russian mafia guys who are trying to steal the identities of hundreds of thousands of Americans.
Now here's where it gets odd. During my time with IMDb, I spent a lot of time corresponding with director David Winning in my capacity running the photo submission service. We ended up keeping in touch after I left.
When all this came down, I decided to look up the professor from the TV screenwriting class, Nick Harding. Turns out he wrote four episodes of "Dinotopia". Of those four, David directed three of them.
Small world, eh?
But back to my point... One night class, NINE years ago, and UCLA still has information about me that could aid someone in identity theft. Start thinking back to things you did 9 or 10 years ago. Do you have to worry about the network and data security of every company and institution you've patronized in a decade or more?
While the Social Security Number was NOT supposed to be used as an identification number outside the Social Security Administration, many companies and government institutions have been using it as such in recent decades. Schools use it, the military uses it, and credit bureaus use it.
The reason my personal information was on UCLA's computers more than 9 years later was because UCLA has to keep the record of my taking that class in case I ever request a transcript. And, like many other institutions, UCLA uses Social Security numbers and birthdates to help provide unique identification of students.
That means, rather than just keeping my Social Security number and birthdate on file for nine years, UCLA might keep them on file for 39 years. And during that whole time, I'll have to be wondering if they're keeping ahead of hackers.
But who should I be more angry at: the companies and institutions that let criminals get personal information about me, or the companies and institutions that make it so easy for the criminals to put it to nefarious use?
Honestly, I'd go with the second group.
Entries (RSS)