Joe the Plumber's data compromised by government insider

2008 is shaping up to be the year of the politically-motivated data leakage events. First it was Sarah Palin, then Bill "Papa Bear" O'Reilly, and now apparently Joe the Plumber has been struck.

2008 is shaping up to be the year of the politically-motivated data leakage events. First it was Sarah Palin, then Bill "Papa Bear" O'Reilly, and now apparently Joe the Plumber has been struck.

As pointed out by Chris Wysopal on the Veracode Blog, the Columbus Dispatch published an article stating that someone used accounts assigned to several government offices, including the AG and the Toledo Police Department, to access personal information on Joe Wurzelbacher, aka Joe the Plumber. It appears that test accounts were used to perform the access on motor vehicle information, making it difficult to immediately tie the breach to a specific government office.

While the two parties are taking a political spin on the event, it is far more likely that the accounts were viewed by an innocuous employee with an overactive sense of curiosity. Earlier this year, the passport files of Barack Obama were accessed by State Department contractors. The files belonging to Hillary Clinton and John McCain were accessed in a similar incident around the same time.

A proper security audit would have identified and removed the test accounts from production systems; sadly, it is too much to expect due diligence to be applied to every system in the Internet. Until databases with a heavy dollop of cryptography become standard everywhere, we should expect security events like these to pop up every time someone gets their 15 minutes of fame.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All