Another day, another breach announcement. No news there, but this one is tied to reports of misuse. A woman was arrested in Irving, Texas in January for “fraudulent use or possession of identifying information and two charges of credit card abuse.” The information she used for the frauds seems to have come from good old-fashioned dumpster diving.
It’s a lesson in the need to shred sensitive information, and a reminder that identity fraud comes from lots of sources, many of which have nothing to do with hacking. It’s also notable because of the time frame: the information came from a benefits report run in 2000, and the 64 people affected all worked with the district in the 2000-2001 school year. So either someone got the report years ago and has slowly been using the data, or (more likely) the report was thrown away relatively recently. Either way, it illustrates how difficult it can be to analyze how data loss leads to fraud: if the suspect hadn’t said where she got the reports, who knows how long it would have taken to find out what these 64 people had in common?
