Personal data is gold, at least to the bad guys


Really. This is ridiculous.

A company that handles federal student loans announced last week that the personal data — names, addresses, Social Security numbers, dates of birth — for 3.3 million people were stolen from its headquarters in Minnesota.

Hello. That’s 1 percent of the U.S. population — completely outed!  This happens so frequently anymore that it isn’t even front-page news.

Now, 3.3 million innocent Americans will be looking over their shoulders for the next few years wondering when the identity thieves will strike. Will it be the Russian mob? Chinese hoodlums? Or homegrown opportunists looking to make a quick buck?

The information was on a portable device and was simply waltzed out of the company HQ in Minneapolis.

A Sun Journal investigation of state records in January found that 24,000 Mainers had their computerized data compromised by merchants, employers, insurance companies and financial institutions over a 21-month period.

It was remarkable how often the security breaches involved portable devices, just like the recent theft in Minneapolis.

For instance, when a laptop was stolen in Seattle, 205 Starbucks employees in Maine learned that a thief was now perusing their Social Security numbers.

In fact, that was the single most common way personal information was breached — data left on a laptop that was later stolen or lost.

You would think companies would have iron-clad policies on this, like “do not, under any circumstances, download personal customer or employee information on any portable device.”

This should be a firing offense. It’s one thing — albeit a bad thing — to be hacked by some really sophisticated thieves.

But misplacing a laptop containing such highly sensitive information should just not happen.

Perhaps only stiff penalties will end these lax practices, either in law or in the courts.

How about a $100 fine for each name leaked? That would be $330 million for the Minneapolis student loan firm, which would probably get its attention.

This won’t end until companies start treating this information like gold — which it is, at least in the hands of thieves.