Saturday 22 October 2022

Security breaches

are serious things - very serious things. 

Over the course of my working life I have had to do things like sign what are often called "official secrets acts". I have had to keep my mouth firmly shut, my paws clear of any keyboard and more. To do otherwise might, on occasion, have risked the lives of other people. 

It all sounds a bit dramatic but, for me, it is usually nothing more than a simple thing like knowing X person is going to Y location at Z time. All it means is that X is taking a risk and the information is not to be broadcast.  I am well aware though that people further up the line do know a great deal more. If I said anything then I could be responsible for putting such people at further risk. You just don't say anything to anyone, anywhere or in any way.

There have been two serious security breaches here recently. One was at a company which provides phone services. The other was at a private health insurance company.

The first one was able to access information like passport numbers. If I had been with that particular company and used my passport number to "prove" my identity then I would be in the process of having to renew my passport. For most people their passport number probably has no security risks attached at all but mine would. I know there are other people who would be in the same position as myself and it would be more than "a nuisance". 

I was not involved in the private health insurance scheme either and I am thankful for that. There is nothing sinister or shameful in my medical records but I made the decision not to put my records on the national register. It would be good to have them there but there are security concerns. ( Someone else with the same surname and a similar given name has a serious medical condition but her records have been mixed with mine and the government seems incapable of sorting them out. ) Some information however does need to be held by the insurer.

Now there is talk of making such providers pay enormous fines if their systems are breached and they are found to be at fault. Yes, good at the level it will make them more vigilant. 

I wonder however just how successful this will be. I am all too well aware that even your average teenager can find their way in to places they have no business to be. Indeed, you don't even need to be a teenager. There was an incident here several years ago when two boys in a local primary school hacked their way into the school computer records - just to show it could be done. A local high school had a security breach last year. At the beginning of this year one of the local businesses spent thousands sorting out a security breach. Fortunately for them those responsible tried to make an unauthorised transaction while the owner of the business was in the bank. It was stopped instantly.

But we are now expected to do almost all our transactions "online". I went as far as to agree to having an electronic bill sent to me for one of the utility companies. ( I had to change the name on the account to mine after the Senior Cat died.) I was reluctant to do this but the price for a paper bill was also ridiculous. I still won't pay the bill online. I will go to the post office to do that as before. Once I had agreed however I suddenly found I was being made "offers" for other goods and services. I had not agreed to this. I don't want those offers. They are inappropriate. At present I am trying to get my name removed from the marketing data base...and I am wondering how far the reach extends.

There is much more to "security" than not having a system breached and information stolen. It means not passing information on without direct (not implied) permission. That need to give permission has to apply right down the line. It has apply in just the same way as I do not have permission to say anything about when X is going to Y. 

(Hackers  - don't bother - the information is on an entirely different network.)


1 comment:

Adelaide Dupont said...


the sort of *direct* and *written* permission a young lady of my acquaintance had to have when she was invited to other people's houses or when other people came to hers.

That was easily seen in a transfer from school to school file.

The early 1990s.

And four and five year olds are learning how to code - and to be White and Black Hat Hackers.