Recently, Quandary consultants were helping a client cleanse data when they noticed an interesting pattern in an ID column. The ID column, up to a certain point in time, had numbers in it that followed a pattern of ###-##-####.
The column contained Social Security Numbers. Unencrypted, generally available Social Security Numbers.
When asked, everyone from in-house developers to senior management stated that they did not house SSN and that they never did. Everyone was of the opinion that it is too risky to house that data in case of a breach.
How did this happen? Was this neglect or negligence on the client's part? Poorly designed processes?
After determining that these were indeed social security numbers, the consultant worked with the client to figure out why they were there. As it turns out, the state that the client is headquartered in use to use SSN as their driver's license number. The ID column had been used to store this number, but no one thought to to protect or cleanse this column when the process changed.
The Quandary consultant was able to resolve this issue quickly by purging and cleansing the data, mitigating future risk. We went on to review other data sources as well and removed all the places where SSN was stored.
What risks do you have hiding in your data? Contact Quandary Tech Solutions today and discuss how we can help identify and mitigate these risks for you.