Sooner or later, it was bound to happen.
I just finished registering for a free year's subscription to Equifax credit monitoring services. This would be kind of cool were it not for the fact that I'm getting the freebie because computers holding my personal information, including Social Security number, were stolen last month.
The break-in at Colt Express Outsourcing Services in California was widely reported last week. And I, apparently, am one of the 6, 500 or so former and current CNET employees who might be affected -- and certainly have been put at risk -- by burglars walking off with a little hardware from the Walnut Creek offices of the business.
This is disquieting -- more disquieting than I might have expected. I often remind people that we commonly just hand our credit cards to strangers (we call them "waiters") who take them out of our sight, but I never give waiters my Social Security card. Perhaps even more disquieting is the fact that I haven't worked for CNET in six year or so -- computer records are forever, after all.
But far and away the most disquieting aspect of this whole situation is that I have yet to find out for certain whether or not the data on the stolen machine was encrypted. The latest reports I could find from CNET say no misuse of data to be found on the machines has been reported, and my initial Equifax report is as clean as a whistle. That makes me a little less nervous, but the idea that my Social Security number may lie exposed in the hands of thieves is worrisome.
What makes me angry is that I even have to ask whether that data is encrypted. I have a call into CNET to see if I can get any more info, but for right now I'm stuck with this report from Privacy News that a CNET representative confirmed that the data was not encrypted.
Throw in this tidbit from PCWorld.com, which notes that the Colt Express CEO wrote to Maryland's attorney general to notify him of the breach, and that:
State laws typically require such notification when an unencrypted computer is lost or stolen.
and I am no happy camper.
How is it that a human resources outsourcer doesn't encrypt human resources data? And how is it that there's no law compelling human resources outsourcers -- or anybody who has my Social Security number -- to encrypt that information? Having somebody swipe your credit card number is a major pain -- one that I've had to deal with, and yep, it was a waiter -- but at least you can cancel a credit card. Trying to get a new Social Security number is next to impossible.
So, this is another thing to worry about, and not just for the next 12 months, either. And the real irritant is that it's completely unnecessary -- encryption technology is too readily available to not be mandatory for anybody who holds my personal data.