A couple thousand people could be at high risk for identity theft as a result of a large dump of documents snatched from law enforcement agency web sites by a group calling itself AntiSec. The Aug. 6 data release, latest in a series by what appears to be a loosely linked collection of–take your pick–activists or vandals, was justified as retaliation for the arrests of a number of members of the Anonymous collective.
IdentityFinder, which makes software designed to flag personally identifiable information in email messages and a variety of document formats, scanned the data dump (AntiSec claimed it contained more than 10 gigabytes of data.) The check found over 100,000 unencrypted files containing personal data, Included were:
- 1,923 unique Social Security numbers
- 4,661 unique passwords
- 15,738 unique dates of birth
- 17,105 unique phone numbers
This information, along with an assortment of other data, could be used to cause considerable grief for individuals named in the files. “This is collateral damage,” says Identity Finder CEO Todd Feinman. “AntiSec didn’t care about the consequences, but they weren’t going after ID theft.”
The incident onces again serves as a warning–as if any further alerts were needed–that sensitive personally identifiable information should never be stored in unencrypted files accessible from the internet. And as an additional warning to anyone who might feel like poking around in the next set of data to be dumped, Feinman also said that many of the files released by AntiSec contained malware, presumably Because the source files were infected.