The database at University of Southern California (USC) containing 2,70,000 records of past applicants was hacked. The database records included names and SSN’s of past applicants. USC learned about this breach on June 20 when it was tipped off by a journalist. USC has shut down the website and says it will restore it once new security measures are in place. As per the California law, the University has notified people whose names and social security numbers were in the database of the security breach.

In 1996, Walt Disney World in Orlando, Florida started using finger geometry scans to identify annual and season pass holders. Over the past six months, they have quietly extended this requirement to all ticket holders, meaning that anyone coming into the park must have their fingers scanned and verified. Disney officials say that records are not kept after the tickets expire, but it’s not clear if they are immediately purged from the system.

The scan does not make a record of a person’s fingerprints. Guests place their index and middle fingers on the scanner and the system recognizes certain characteristics such as finger thickness and length. A number is assigned based on these measurements, and this number is stored in the system for future comparisons. Injuries to the index and/or middle fingers can cause the system to falsely reject a guest’s profile, as can more mundane changes such as the presence of a ring that was not worn during the initial scan. AllEarsNet, an unofficial Walt Disney World guide, has an online FAQ about the scan. At present, the system is only being used in Walt Disney World, and not in Disneyland in California or any of Disney’s international theme parks. Universal Studios Orlando and SeaWorld are said to be planning to introduce similar verification systems in the future.

Larry Spalding of the American Civil Liberties Union was quoted as saying that while the Disney system, known as Ticket Tag, had been brought to the ACLU’s attention, no one had yet filed a complaint. Spalding expressed concern about the system, saying “Slowly but surely we’re just giving away our right of privacy, and the question is what are we getting in return?” Even if the records aren’t kept and can’t be matched to other biometric identifiers such as fingerprints, it still seems a bit disconcerting. As Civil Liberties Union spokesman George Crossley said, “I think it is a step toward collection of personal information on people regardless of what Disney says.”

Slashdot discussion here.

Threats to personal information continue to mount; the latest reported risk to our personal privacy comes from companies selling cell phone records of consumers. For a significant fee, one simply needs to provide a person’s name, address, and cell phone number and can receive a record of that person’s outgoing calls for the past month. Details on several specific (online) companies and their offerings are discussed further in this Washington Post article.

While this sort of service appears to be generally illegal, companies are skirting the cell phone companies’ efforts to stymy the trade of such information. One expert interviewed by the Washington Post says that “information security by carriers to protect customer records is practically nonexistent and is routinely defeated” – a claim that carriers deny, despite the prevalence of companies advertising these services on the internet.

In Russia, a country looking to join the World Trade Organization, there is still rampant piracy of music, movies, and software. A visit to the street markets in major cities quickly reveals an incredible selection of CDs and DVDs, being sold cheaply almost regardless of their specific content. For example, when I visited Russia in 1999, all CDs cost the equivalent of US $3, whether they contained the latest band’s music or a copy of a Windows OS.

These days, however, there is a scarier deal on the market. It appears as though the information being acquired by fraud artists, hackers, and phishers is reaching the street markets, as personal information is being sold in bulk. The examples given in this Globe and Mail article include Russia’s 2003 tax return records and a mobile phone company’s subscriber list.

It appears that in our day and age, the privacy of our PII is constantly under attack by the flow of information, whether such flow was intended or not. As long as those with criminal intent are able to so easily acquire PII, the aggregation and exploitation of that information will only continue to grow.

Even being head of the Federal Trade Commission is no guarantee against identity theft. FTC chair Deborah Platt Majoras was recently notified by shoe retailer DSW that she was among 1.4 million people whose credit card numbers were in a database breached by thieves. The DSW breach, discovered in March, affected customers of 108 DSW retail stores nationwide. While the compromised data did not include social security numbers, it did include credit card numbers, checking account numbers, and drivers license numbers. A suit has been filed by Ohio Attorney General Jim Petro seeking the notification of every individual affected by the breach.

Majoras could potentially join other high-profile victims of identity theft such as Bill Gates, Tiger Woods, and Ross Perot (among others).