Steve Hunt, a security consultant and speaker with Hunt Business Intelligence and blogger at Security Dreamer, posted a video this morning revealing the mass of personal data he recovered from a 3-minute dumpster diving effort at a prominent Chicago financial institution.
The video is posted on his blog, and what he found in the dumpster diving episode will make you wonder if bank security is sometimes little more than cameras over tellers. His episode finds Social Security numbers, personally identifying information, photos and value-estimates on a customer’s real estate portfolio, bank wire transfer details and more. What’s worse is that on many documents, he finds names, addresses, account numbers and SSNs – a verified treasure-trove for a criminal.
His main theorem in this video is that data protection is often viewed as an IT effort, chiefly focused around the encryption and management of digital data. But Hunt contends that companies who approach data protection in that manner are missing out on the fact that there is a mass exodus of private information which is leaving the back door in trash bags.
"Companies who think data protection is the business of the IT guys have another thing coming," Hunt told SIW. "The best reality check is to look inside the company dumpster, where tons of data ends up every day. The security guys can teach the IT guys a thing about protection."
