I just got emailed an article by the IEEE that says Carnegie Mellon
Professor Latanya Sweeney will announce next week that she has written software that can collect all the identity information a thief would ever need directly from the Internet. From the article:
With her software, Sweeney can gather the key data with just a little Web surfing. She starts with a filter that searches for documents likely to be risumis and then extracts the key data values—name, social security number, address, and date of birth. Risumis are found in a two-part process: first, a program Sweeney wrote last year finds long lists of names. Then a specialized Google search filter looks for risumis associated with those names that contain Social Security numbers.
I have no doubts that this information is out there, but who puts their social security number on a resume? Or their date of birth for that matter? Granted the article says that Sweeney often has to find alternate sources and then quotes a GAO report that says the information is widely available, but still. Snarky comments aside, I guess the bigger picture is that companies aren’t the only ones who do stupid things with personal data.