|How do you perform on a test that checks if you can leak sensitive information such as US Social Security numbers? |
How are we testing?:
This test checks if a set of numbers that match the format of valid United States Social Security numbers can be sent out from your network. Your network security infrastructure should easily identify these numbers as Social Security numbers.
Why is this test important?:
Personal information is often the target of criminals, who use it to commit theft and fraud. When a breach of personal information occurs, it can expose your organization to negative press attention, federal enforcement actions, lawsuits from customers whose information was compromised, and other legal actions. You may also be assessed sizable penalties if you fail to comply with the numerous, and sometimes contradictory, requirements of various regional laws governing data breaches. Costs incurred include the provision of fraud monitoring for 1 year or more and remediation services to consumers affected.
How Much Does a Data Leakage Cost You?
15% of documented data leakage incidents involve US Social Security numbers with the average cost of a data breach estimated at $188 per customer record in 2013. In 2014, the State of South Carolina revealed a massive breach of social security and credit card numbers. Source
|In the News:|
21 Mar 2017
The breach is the apparent result of those clinics mailing the pregnancy home risk screening forms of Medicaid-ineligible patients to local health departments. Those forms list the social security numbers, home addresses and demographic information of ...
20 Mar 2017
Personally identifiable information exposed in data breaches usually refers to names, emails, credit card numbers or maybe Social Security numbers. By that bar, collecting information about the frequency of vibrator use would be extremely personal.
13 Mar 2017
The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. ... Nevertheless, this would be the second breach of military data in recent months.