The Affordable Care Act exchanges presumably will result in the creation of one of the largest collections of personal data in US history.
So did the federal government just ring the dinner bell for every hacker and identity thief on the planet?
First, it's important to dispel the hype. The exchanges don't actually store information - they simply link to it.
That doesn't mean they're less valuable as targets, from a hacker's perspective, but it does reduce the threat a little, as an attacker can't get the data directly from the site, but must instead breach at least two sites - the exchange and the government data portal it's linking to.
Secondly, despite statements to the contrary, the exchanges have undergone security auditing - it just hasn't been as thorough and rigorous as many would have liked to see. This is an enormous undertaking and some elements of it appear to have been rushed in order to meet deadlines.
As any developer knows, rushing a project, particularly one as massive and unprecedented as the ACA rollout, is likely to result in some errors. Another concern is that the exchange system isn't completely run by the federal government - at least 14 states so far have their own exchanges.
Typically, state governments do not have the same level of resources as the federal government when it comes to cybersecurity. In fact, a recent study by Deloitte-NASCIO found that only 24 percent of state chief information security officers are confident they can thwart ha...