Due Diligence: information leaks are child's play
In 2006, The Guardian newspaper in the UK reported on the most startling and simplest way for your personal data to end up in the hands of criminals demonstrating the due diligence nightmare we have all been dreading.
The article in the Guardian is long. It is detailed. It might, at some point, even be criticised for giving people ideas - we know, our consultancy arm has often been told that the bad guys might get ideas if we train bank staff in what risks to look for.
But the Guardian article deserves widespread recognition for it borders on a scholarly analysis of the breakdown of information security, and does so in a highly accessible way.
The article " Q. What could a boarding pass tell an identity fraudster about you? A. Way too much" was actually published two years ago and a concerned reader forwarded to us a link to it yesterday. The link is http://www.guardian.co.uk/business/2006/may/03/theairlineindustry.idcards
In it, the author, Steve Boggan, a long-time journalist in issues relating to crime, finds a boarding pass thrown in a dustbin. He uses that to obtain personal information from a variety of sources, including using the data on the boarding pass to purchase a ticket from the same airline, which then gave access via the frequent flyer programme to the person's personal data held in that programme.
The article is worrying on so many levels that you really must read it.
Download PDF version of this page