Go to the mobile version of this Web site.

Login | Contact Us | Site Map | Paid archives | Alerts | Electronic edition | Advertise | Subscribe to the paper | Today's Extras

Breaking News:

Subscribe

Coloradan's stolen data winds up on Google

By Deborah Gage, San Francisco Chronicle

Published July 13, 2008 at 9:05 p.m.

Text size  

More Tech & Telecom

More stories »

A Colorado woman logged on to her computer in April, voted on a CNN poll, shopped for airline tickets and calculated payments for a $25,000 car loan from Wells Fargo.

She didn't suspect that a malicious software program was recording every keystroke - frequent-flier numbers and passwords, her home address and phone number, an online conversation she was having with some friends.

But it was, and months after authorities were alerted to the breach and disabled the server in Malaysia where her data were being stored, the information was still available online - in a Google search.

The woman, who asked not to be named, was shocked to receive a call from a San Francisco Chronicle reporter asking if she recognized the personal information, which had been crawled and stored by Google, which caches all unprotected data it finds on the Web.

"Google seems so friendly," she said. "I don't understand why they don't do a better job protecting our data."

Google spokesman Michael Kirkland said that, in general, the search engine doesn't remove cached data, which disappears automatically at some point after its source is taken down. Google expects webmasters to remove problem content themselves and provides tools to help them do it.

"Google, like all search engines, is a reflection of the content and information that's available on the Internet," he said. "We actively work to keep users informed on how they can stay safe online."

In this case, however, Google removed the cached pages, but it took the company two tries to delete them.

Such incidents of data theft have become so common that some cybercrime trackers have given up on contacting Internet users to let them know their personal information has been exposed.

Finjan, the Israeli security company that discovered this particular stash, said it finds similar data stored on servers around the world nearly every other day - Social Security numbers, medical records, confidential business records.

Law enforcement is ill-equipped to secure this virtual Wild West, where sensitive information can remain in Web site caches long after a server has been disabled.

Comments

  • July 14, 2008

    1:16 a.m.

    STOPUSAGiveaway writes:

    (This comment was removed by the site staff.)

Post your comment

Registration is required. Click here to create your free user account, or login below.

Comments are the sole responsibility of the person posting them. You agree not to post comments that are off topic, defamatory, obscene, abusive, threatening or an invasion of privacy. Violators may be banned. Click here for our full user agreement.




(Forgotten your password?)




News Tip

Know about something we should be reporting? Tell us about it.

Sponsored links



Reprints