Coloradan's stolen data winds up on Google

By Deborah Gage, San Francisco Chronicle

Published July 13, 2008 at 9:05 p.m.

Text size  

• 0 Comments
• Email
• Print

A Colorado woman logged on to her computer in April, voted on a CNN poll, shopped for airline tickets and calculated payments for a $25,000 car loan from Wells Fargo.

She didn't suspect that a malicious software program was recording every keystroke - frequent-flier numbers and passwords, her home address and phone number, an online conversation she was having with some friends.

But it was, and months after authorities were alerted to the breach and disabled the server in Malaysia where her data were being stored, the information was still available online - in a Google search.

The woman, who asked not to be named, was shocked to receive a call from a San Francisco Chronicle reporter asking if she recognized the personal information, which had been crawled and stored by Google, which caches all unprotected data it finds on the Web.

"Google seems so friendly," she said. "I don't understand why they don't do a better job protecting our data."

Google spokesman Michael Kirkland said that, in general, the search engine doesn't remove cached data, which disappears automatically at some point after its source is taken down. Google expects webmasters to remove problem content themselves and provides tools to help them do it.

"Google, like all search engines, is a reflection of the content and information that's available on the Internet," he said. "We actively work to keep users informed on how they can stay safe online."

In this case, however, Google removed the cached pages, but it took the company two tries to delete them.

Such incidents of data theft have become so common that some cybercrime trackers have given up on contacting Internet users to let them know their personal information has been exposed.

Finjan, the Israeli security company that discovered this particular stash, said it finds similar data stored on servers around the world nearly every other day - Social Security numbers, medical records, confidential business records.

Law enforcement is ill-equipped to secure this virtual Wild West, where sensitive information can remain in Web site caches long after a server has been disabled.

• July 14, 2008

  1:16 a.m.

  STOPUSAGiveaway writes:

  (This comment was removed by the site staff.)

Featured

• DNC in Denver

  

  Complete coverage of the 2008 Democratic National Convention.

• The Crevasse

  

  A five-part series that examines one tragic day on Mount Rainier.

• Deadly denial

  

  Sick nuclear workers applied for government compensation but most haven't seen a dime.

• Final Salute

  

  The Rocky followed Maj. Steve Beck as he took on the most difficult duty of his career.

• 'Colorado's burning'

  

  Coverage of the state's worst wildfires.

• Columbine shootings

  

  Coverage of the April 20, 1999, shootings at Littleton's Columbine High School.

• The Crossing

  

  Colorado's deadliest traffic accident killed 20 children on Dec. 14, 1961.

• Osveli's journey

  

  Osveli Sales left Guatemala for a better life. Two months later, he came home in a box.

• Wake for an Indian warrior

  

  Oglala Sioux bestow a tribute to the first tribal fatality in Iraq.