Poor Access Control Policies Expose Michael Jackson File

It seems nosy employees at the Los Angeles County coroner's office, who shouldn't have had access, were able to view Michael Jackson's death certificate. Though this story reported by the Associated Press is just another in the millions of articles about the celebrity, if you take a closer look, it's really about IT security and access controls.

The story reported that the certificate is stored in a state-supervised computer system, access to which is open to anyone with a state-issued password, which includes not only employees at the coroner's office, but also those at funeral homes, hospitals and county and state registrar's offices.

What the story didn't report was whether strong passwords were enforced, among other access control policies. What other holes exist in the system that could lead to information about the dearly departed?

Though Jackson's celebrity status makes him an easy target for the curious, what about identity thieves poking around for an identity to grab? Even the dead can have their identity stolen, which can be grave (pardon the pun) consequences for their living relatives.

Sometimes it seems only identity thieves can bring the dead back to life.