Grab And Smash Hard Drive Disk Theft Creates Information Security Breach.


Seems like California’s education system is somehow getting involved in a rash of thefts that may eventually lead to identity thefts and other personal information?related crimes.  In addition to the Modesto thefts where over 3000 and 8000 people were affected, and the 4000 people recently affected in Clovis, there are now reports that Torrance school district employees will be affected by a stolen hard drive.  I guess it makes sense, since they’re all tied to the one incident at Systematic Automation, Inc.


 


The Orange Country company engaged in administering employee health benefits has lost information on 2200 Torrance Unified School District employees.  The hard disk was lost in a smash?and?grab incident on February 11.  Personal information potentially exposed via the theft include names, addresses, dates of birth, and SSNs.

 

Employees were alerted of the situation by Systematic Automation—employees have yet to hear it from the Torrance Unified School District—so quite a number of employees are upset at their employer, the school district.  Not that they’re being blamed for the incident.  And they shouldn’t be.  I mean, I don’t know if the Torrance school district had sent their employee information on encrypted disks like the Modesto schools did; however, it’s apparent from previous examples that it wouldn’t have helped.  The printer saved all the encrypted data in an unencrypted format.

 

As commented before, this was probably because the printer needed to have the information in an unencrypted format—if you can’t read it, you can’t use it.  However, I should point out that whole disk encryption (full disk encryption, if you prefer) is pretty much tailor?made for preventing data breaches for the above scenario.  If you protect the entire hard disk using encryption services like AlertBoot, it doesn’t matter that individual files were left unencrypted when the entire disk—or even the laptop or desktop—gets stolen.  Short of finding out what the username and password combo is for decrypting the information, there’s no way to access it.

 

Mind you, this is different from the username and password combo you face when firing up Windows.  In those cases, you can easily bypass the passwords to get to the data.  This is why many states, including California, don’t require a public announcement when encrypted information is stolen—since there is no sensitive information breached in such an instance.  However, if the only thing protecting the data is the Windows username and password, you’ve got to let those affected know.  Just like Systematic Automation.



Comments (0)


Let us know what you think