How did the following happen…there are many options…insider threat? Poor IT storage controls? Poor applications development controls? Perhaps using real personally identifiable information (PII) for test purposes? Hacker break-in? Through an outsourced company with access to the PII, but who also had poor controls? There are so many possibilities…
“Personal info that 16,000 Katrina evacuees gave FEMA appears online”
A brief excerpt…
“The Federal Emergency Management Agency is investigating how personal information from about 16,000 Hurricane Katrina evacuees in Texas ended up online. FEMA spokesman Terry Monrad in Washington told The Associated Press early today that the information involved evacuees from Louisiana, Mississippi and Alabama.”
Tags: awareness and training, Information Security, IT compliance, IT training, Katrina, personally identifiable information, PII, policies and procedures, privacy breach, privacy training, risk management, security training