A report this morning on CNet describes the possible theft of data on 310,000 US citizens from LexisNexis.  The database was breached 59 times using stolen passwords leading to the possible theft of addresses and social security numbers. 

Too frequently today we are hearing about one theft of personally identifiable information after another.  I have lost confidence (if I actually ever had it) in the ability of companies to keep pii secure. 

Online information brokers are the banks of yesterday -- recall Willie Horton when asked why he robbed banks -- "Because that is where the money is".  When are we going to see improvements in data security?  Why could this happen with stolen passwords -- where was the two factor authentication?  Where was the data encryption?  Why was the initial reporting on this saying that the breach only affected 30,000 -- did they really not know the extent of the loss of data? 

In the information age -- our identity is our currency.  It needs to be protected.  But unlike cash, it is not easily replaceable or insurable against loss.  If you take a million dollars from me, it is just a million dollars and it looks just like any other million.  If you take my identity, you have taken a part of me - and it is not easily replaceable.  Identities are not a "fungible good."

What is especially troubling is that consumers are not the customers of these companies -- other companies are -- so we have little leverage outside of legislation, regulation and legal penalties.  I'd really like to see the industry address this problem before we have to pile on a ton of regulations and policing.   

This really is sad...