The Effects of Compromised Personally Identifiable Information

November 12, 2019 at 2:42 pm by Paul Falcone

Today more than ever, data security is a hot-button topic, with serious data theft and data breaches seemingly occurring on a daily basis. Since storing sensitive personally identifiable information (PII) is now the norm for virtually all businesses, it is incumbent on those businesses to consistently ensure the integrity of that information.

Around the world, consumers are justifiably growing more concerned about data privacy. The European Union and countries such as Canada and the United States work to protect their individual and corporate citizens by enacting and enforcing regulations that restrict the use and flow of PII, as well as mandate how PII is stored, disseminated, and destroyed.


Although organizations subject to PII regulations incur steep fines for noncompliance, the consequences can be significantly more severe for the individuals whose PII is breached. For example, compromised data can be exposed to manipulation and illegal transactions that ultimately lead to wholesale identity theft. In 2017 alone, identity thieves pilfered $16.8 billion from 6.64% of U.S. consumers, or approximately one of every fifteen people.

Within an organization, it is critical that your data storage and data end-of-life destruction processes are invariably sound and thorough and executed error-free. As the following real-life examples demonstrate, any instances of irresponsibility or lapses in oversight—such as discarding paper without proper shredding or disposing of still-readable hard drives—can have dire consequences, particularly to individuals’ livelihoods and reputations.

2017: Medical Records in Public Trash Bins in Hawaii

An anonymous resident of Palolo, Honolulu, found a stack of approximately 50 residents’ personal and medical information while using a public-access trash bin. Evidently, a local therapy center discarded the paperwork without taking the necessary security measures. The documents contained a “fraudster’s treasure trove,” including complete social security numbers, pictures of driver’s licenses and extensive medical information. Thankfully, the documents fell into the right hands; otherwise, lives could well have been ruined.

2019: Used Electronic Storage Devices Contained PII

Companies relying on a data removal plan rather than a data end-of-life destruction plan should reconsider their strategy. A recent study conducted by Blannco analyzed 159 used storage drives purchased from eBay. The data removal company discovered that an astounding 42% of the drives (66) still contained data. More disturbingly, more than fifteen percent of the drives (25) still contained PII. Furthermore, one of those drives came from a software developer that had been granted government security clearance.

In another recent study, a Rapid7 researcher procured 85 discarded hardware components from businesses, including old computers, flash drives, phones, and hard drives. Of the 85 devices, only two had been properly wiped and only three were encrypted. In total, the researcher collected 611 email addresses, 50 birth dates, 41 social security numbers, 19 credit card numbers, six driver’s license numbers, and two passport numbers.


2010: Australians Have Identities Stolen by Hit Squad

Imagine being six-months pregnant, living in Israel, and yet somehow being wanted for murder in Australia. In fact, it’s a real-life nightmare for a former Melbourne resident. In 2010, she was one of three Australian citizens living in Israel who had their identities stolen and used by members of the Mossad hit squad while carrying out an assassination. In each case, the three individuals’ PII was swiped and used to forge passports in their names with the perpetrators’ photos. It has never been definitively determined how their PII was compromised.

2016: Albuquerque Man Arrested for Fraud—When He Himself Was the Victim

In 2016, a dispatcher for the Kirtland Air Force Base Fire Department and military veteran with a security clearance and no prior arrests was pulled over, detained, and booked in Las Vegas, New Mexico, on an outstanding fraud and forgery warrant. Subsequently, it was determined that a younger man had obtained the individual’s personal information in the fall of 2015. This younger man used the stolen ID to cash a check and was seen on camera. Despite marked differences in the two men’s physical appearances, the Albuquerque Police still issued a warrant for the dispatcher, resulting in a highly traumatic experience (which, by the way, led him to file a suit against local law enforcement).

2019: Woman Arrested After Identity Thief Steals Car Using Her Name

A 25-year-old Indiana woman was recently arrested and booked on charges of auto theft when an impersonator used her driver’s license to test drive and steal multiple vehicles. The woman did not know she was being investigated until she was detained two weeks after an incident. While she believes the identity theft was likely the result of a stolen purse, the exact circumstances are unknown since no arrests have been made.


Although it’s often impossible to know whether compromised data is the result of inadequate end-of-life procedures, faulty storage protocols, illicit cyber activity, or everyday petty theft, an overriding theme emerges from the above examples: given the extreme sensitivity of PII—and the dire consequences for individuals when PII is compromised—it is the legal and ethical responsibility of all businesses possessing PII to protect it. The onus is on them to ensure all reasonable measures and precautions are taken to ensure its absolute security and integrity, and, ultimately, its utter, irreversible destruction at end-of-life.

Companies like SEM provide state-of-the-art data end-of-life solutions that ensure PII is destroyed to the point of non-recovery, thereby mitigating the attendant risks of data theft and compromises for both individual and corporate citizens alike.

Here is Why You NEVER Want to Trust Your Data Security to an Outside Company

May 28, 2015 at 1:26 pm by SEM

Don’t be the next “identity theft” victim! Unfortunately, these types of crimes are far too common and seem to be accelerating at an alarming rate all over the country. Instituting an in-house, complete control document control program to shred sensitive documents, optical, magnetic, or solid state media is the most effective way to ensure your company and customers’ information is secure and can’t be exploited like the victims in the story below.

Document Shredding Company Employee Eyed in ID Theft Ring

Posted: NBCDFW Special Report by Scott Gordon / Friday, Mar 28, 2014

Updated: Wednesday, February 18, 2015

A former Fort Worth employee of a document shredding company who was accused of sharing bank records with thieves has pleaded guilty to fraud charges.

Patrick Doucet, 44, drove a truck for Cintas Document Management, an Ohio company that shreds documents for businesses, including banks and insurance companies.

On Tuesday, he pleaded guilty to fraudulent possession of identification, a second-degree felony.

He faces up to a $10,000 fine and 20 years in prison. His sentencing is set for May 8. Police searched his home in North Fort Worth last year. According to the search warrant, the investigation started in Georgia when a woman was arrested and accused of writing fake checks in the name of a Bedford woman.

Investigators said the suspect implicated Doucet. It was unclear how the two knew each other.

Police said Doucet did not shred documents that were supposed to be destroyed and shared them with the Georgia woman and others.

Click link to see the NBC DFW Chanel 5 story.

Control your own information security

With over 50 years in the information protection business, and recognized as the world leader in document and sensitive waste destruction solutions, Security Engineered Machinery (SEM) has the solution you need to protect your company and customers’ information. From paper to hard drives to optical media to data tapes to solid state devices to cell phones and tablets, SEM offers an in-house solution to meet your end-of-life media destruction need, and most are available as green recycling solutions.


In the end, an in-house solution not only provides a controlled environment, it will probably save you a ton of money. As the old saying goes, an ounce of prevention is worth a pound of cure or, better yet, to quote the Midas Muffler Man, ”You can pay me now or pay me a whole lot more later.” Don’t put your company’s security in the hands of a third party — let SEM design a solution to meet your information security needs.

Whether you’re involved in national security or corporate security, you’ll find everything you need to prevent data from getting into the wrong hands right here on this website. And if you don’t, feel free to pick up the phone and call us. We are always happy to help!