Understating the damage
There’s a bit in yesterday’s SANS Newsbites about the indictment of a man accused of breaking into the systems of a large corporation, stealing information, and selling it to his customers. Despite also noting that this same corporation was broken into the year before, this article didn’t include the sort of caustic comments the editors sometimes include in this newsletter.
Perhaps it should have. See, I recognized the name of that company. They’re a data storage company. My previous employers were working with them. My previous employers’ business was heavily based on direct marketing.
The company run by the accused, which has supposed to have benefited from this stolen information, is “a bulk mailing concern.”
After connecting the dots, I think it’s reasonable to expect that if you ever gave an email address to my previous employers, that address is now available to any spammer willing to pay for a list.
And, since there isn’t anything exceptionally unusual about the information security practices of either my former employers or the large corporation which was the target of the theft, it’s probably reasonable to assume that any email address you’ve ever given to any company (i.e. not a private individual) is available to spammers, regardless of any “privacy” policies involved.
Now playing: Honest Joe from Wah Wah by James
![[Swinging off a dragger, Cundy's Harbor, Maine, July 4th, 2003]](/images/cundys_harbor.jpg)