Human error continues to be responsible for large disclosures of sensitive information

Recently I had to contact a mail order pharmacy to inform them that the envelopes they used for their statements were insufficient for preventing anyone from seeing the SSN, which was printed on the first page of the statement.  You didn't even have to hold it up to the light it was so obvious.  They told me that apparently "someone" changed the layout of the form but neglected to change the envelope to mask the new layout of the sensitive information.  An obvious lack of communication or simply negligence.  I questioned why they even printed the whole SSN on the statement in the first place.

Many examples of disclosure of sensitive information caused by human error can be found in the Privacy Rights Breach Database.  The most recent is another that was completely avoidable (see below).  People, if you don't want your company to be added to this Breach Database then please manage your technology and appropriately oversee the dissemination of EVERYTHING THAT LEAVES YOUR COMPANY.  Especially large mailings like this.  

"Universal American Action Network of St. Petersburg, FL - Thousands of Pennsylvanians could become victims of identity theft just because a piece of mail has been sent to their homes. Right on the front of the piece of mail, under the persons name, in plain view, is the recipient's Social Security number. The postcards were from the Universal American Action Network, a subsidiary of Universal American Insurance. 80,000 postcards with Social Security numbers on them were sent out to Universal clients throughout the country. More than 10,000 of them were mailed to Medicare participants in Pennsylvania."
[Source: privacyrights.org Data Breach Database]

Posted via email from Kenneth M. Smith CISSP CISA GCIH FREAK

Is this what #PCI has come down to?

Spotted this yesterday and it made me laugh. Think a plunger would help with PCI DSS?

Posted via email from Kenneth M. Smith CISSP CISA GCIH FREAK