In this project, we are examining different types of disclosures including lost mass storage devices, inadvertent web posting, social networks, blogs, and peer-to-peer file sharing networks. In each case, the disclosures are the same: sensitive information inadvertently leaked creating embarrassment, vulnerabilities, and financial losses for the firm, its investors, and customers. We show how confidential and potentially damaging documents have made their way onto public networks.
The research also shows that criminals actively search hoping to find information that they can exploit. We show how information is exploited including fraud and identity theft. Ongoing work is examining the extent of the leakage problem in different industries including US Banking and healthcare.
- Healthcare Data Hemorrhages and Medical Identity Theft: Confidential data hemorrhaging from health-care providers pose financial risks to firms and medical risks to patients. In this project, we are examining the consequences of data hemorrhages including privacy violations, medical fraud, financial identity theft, and medical identity theft. We also exploring the types and sources of data hemorrhages. Research findings presented at IEEE Symposium on Security and Privacy 2010. PDF (69KB) Financial Cryptography and Data Security 2009. PDF (890KB)
- Inadvertent Disclosures Amoung Top US Banks: In this project, we characterize the extent of the security risk for a group of large financial institutions using a direct analysis of leaked documents. We also characterize the threat of loss by examining search patterns in peer-to-peer networks. Our analysis demonstrates both a substantial threat and vulnerability for large financial firms. We find a statistically significant link between leakage and leak sources including the firm employment base and the number of retail accounts. We also find a link between firm visibility and threat activity. Finally, we find that firms with more leaks also experience increased threat. Research findings in Journal of Management Information Systems. PDF (650KB)
- Consumer Risks of Inadvertent Disclosure: Peer-to-peer (P2P) software clients have become part of the standard suite of PC applications for many users. With millions of users worldwide sharing music, video, software, and pictures, file movement on these networks represent a significant percentage of internet traffic. Through honey-pot experiments that expose personal financial information, we graphically show the risks consumer faces. Research findings in Communications of the ACM. PDF (746KB)
Video:
Eric Johnson explains inadvertent disclosures over the internet.