Vtech data breach
the journal of Michael Werneburg
twenty-seven years and one million words
I sent a friend a note about the latest data breach that's in the news: Vtech. This time, it was data on kids that's in the mix. He and I are both dads, I figured he'd want to know. His response was this:
> Maybe they should not even have been keeping that data in the first place?
That's at the root of every breach. Why do we share our SIN/SSN with anyone other than our employer? A bank or insurance company can do a credit check without it – they just want it for that one purpose, then it (illegally) becomes your client identifier within the institution. Then it multiplies across systems ranging from billing to market research that is shared with "partner firms" unless you specifically opt-out. Which you have to do, for instance, with a credit card EACH AND EVERY TIME they send you a new card.
All of this unnecessary data just sits around, growing in street value until someone comes looking.