For a cybercriminal, gaining access to a
large database containing confidential information is like winning the
lottery. A database provides not just one individual’s personal data but
that of hundreds, possibly thousands of unsuspecting victims. With an
entire database at his fingertips, there is no telling what a hacker would
do. Are you aware that your own personal information is sitting in at
least one database out there? Your checking and savings account numbers
are in your bank’s database. Your MasterCard, Visa, or Discover card
account number is in another. This makes it very convenient for you to
call your credit card company and find out your current balance or report
a stolen card. Your medical records might reside in your doctor’s
database and can be looked up with a few clicks on the office computer.
The ease of access provided by databases can be considered a double-edged
sword. Follow the links provided below for details on how database
break-ins have made personal data accessible to identity thieves and
affected individuals’ credit ratings.
Break-ins You can read about CNET’s coverage of the widely
publicized Choicepoint database break-in, which affected over a hundred
thousand Americans, at www.pcworld.com/article/id,119790-page,1/article.html. Even
university databases are at risk, as proven by the University of Texas
incident, described at www.internetnews.com/dev-news/article.php/2110441.
In this article, a student was convicted for hacking into the university
database and stealing the social security numbers of over 55,000 students.
One of the most recent database break-ins was at the Atlantis Resort in
the Bahamas, affecting about 55,000 guests, with the details in this news
Resources on Database Security How can the businesses and institutions
that maintain your personal and financial data in their databases protect
your privacy? GovernmentSecurity.org, which, in spite of its name, is not
run by the government, provides several articles on tips for implementing
database security at www.governmentsecurity.org.
want to compare the security features and vulnerabilities of the most
popular database management systems, such as DB2, SQL Server, and Oracle,
look up www.databasesecurity.com.
This site also provides titles of books and articles that can help you
further your knowledge of each DBMS. More articles and resources,
specifically about what a system or database administrator can do to
secure database servers, are at this link (www.databases.about.com/od/security/Database_Security_Issues.htm).
Several white papers on database encryption are provided at www.database.ittoolbox.com/topics/t.asp?t=371&p=371&h1=371#.
Regulations To gain a more in-depth
understanding of the some of the government regulations that help protect
you from database security breaches, you can look up the following: