Do you need to protect your information if it is available elsewhere?
Jan 27th, 2008 by Jesper Kråkhede
During the last weeks there have been reports of several sites beeing hacked and having lost their account database and all personal information. Today there was an article in a swedish newspaper of a site adminstering a discount card for about 1 000 000 students.
Lets take a look at the information that was lost. Username and password is always a problem as they most probably are used on other sites. Personal information (swedish social security number, name, adress) are publicly available information through a register in sweden named SPAR. One could argue that the dataloss it not sensitive because of this but what is neglected is that we have personal information in conjuction with logins. This means that it is possible for the hackers to start creating accounts on sites where it is possible to commit fraud using the personal information.
To sum it up: When you look at the parts of information you have it may not be sensible but when you se it in a context and in conjuction with some other information it creates a whole new picture. This is why you have to be sure to handle security with your information architecture.