Online records make us more vulnerable to identity theft
April 17, 2011
The Internet is a useful tool for social interaction, business, education and any number of purposes. However, this increasing use of the Internet for every aspect of our lives puts a lot of our personal information into online storage, which in turn leaves us vulnerable to identity theft.
The recent breach of Epsilon Corporation’s servers may be one of the most significant instances of data theft. NIU’s Information Technology Services sent out emails over the past week warning of the breach, noting it did not directly impact NIU, but that “some people may have used their NIU email account to register with corporations who have been impacted” and could be targets of “phishing” attempts.
What happened to Epsilon may seem distant or trivial, especially when lists of email addresses and names were the only bits of information obtained. But if you think that NIU is free of similar concerns, think again. Your MyNIU account is a veritable goldmine for identity thieves in its current state.
The personal information menu has your full name, address, phone number, email, emergency contact (probably a parent) and- most disturbingly- your full social security number.
Information like this is helpful for many ordinary needs at the university, particularly for the various offices and administrative purposes.
Still, I can’t help but question the wisdom of having this data all in one place and not protected by further security measures.
Some concerns could be alleviated simply by displaying only the last four digits of the social security number, much like online retail websites only display the last few digits of a credit card number.
For the malicious, gaining access to such sensitive information is as simple as figuring out that, due to laziness or lack of creativity, you made your password the word “password.” (In case it isn’t already obvious, you should never make a password that simple.)
From that intrusion, a malefactor then might be able to access your email or any number of other websites you use and use that information for their own purposes.
It’s also not clear whether this information is totally safe, even with the best practices. As recently as 2009, there was a bug in the MyNIU system that may have exposed student names and social security numbers. It was addressed quickly, and seemingly without incident, but should serve as a reminder that innocent human error is just as likely to put your information at risk as someone intentionally trying to find it.
For this reason, it’s important to consider the role of the Internet and the potential drawbacks of its use.
Its utility in the workplace, academics and social networking tends to disguise how much information is stored by companies like Epsilon and how that might be exploited by others.