Or at least, that’s the message I’m taking from an entry at pogowasright.org. Ebara Technologies had recently filed a letter with the New Hampshire AG’s office, alerting them that one of their vendors had suffered a security breach. A further follow up with by Pogo had a spokesperson confirm that the vendor was Colt Express, recently mentioned in this blog due to the CNet incident. At the time, I ruminated that hard drive encryption like AlertBoot may not have been used to secure the data found in the stolen computer. My guess was that there wasn’t (and it is still what I think); but now we know that password?protection was in place.
What’s interesting, though, is that Ebara stated in the letter to the NH AG that the personal information “may have” been in the lost computer. This is weird, since the letters filed with CNet showed that Colt had a pretty good handle on what was in the stolen computers. According to Pogo, the Ebara spokesperson clarified the situation by saying that “because the owner of Colt Express Outsourcing Services, Inc. informed them by phone that the computer was ‘password-protected,’ they described the incident as ‘may have contained.’” Despite the fact that sensitive information was on the stolen computer.
I have to laugh. I didn’t know that the presence of data security measures allowed one to change a statement, meaning one thing, to another statement implying something else. (Well, that’s assuming you’re willing to believe password?protection is data security…which it’s not).
You have implemented data security solutions to protect your data. That’s great. How does that change the fact that sensitive information was in the lost computers? It doesn’t; it makes it harder (or, in the case of full disk encryption, nearly impossible) to get to the data, if the thief attempts to retrieve the data. But it won’t allow you to imply that the data is not there when you know it is there. I mean explore this statement, will ya? Armored Brinks vehicles may not contain anything of value since they’ve got thick walls, armed guards, and bulletproof glass—despite the bags stuffed with money in the back. Yeah, it doesn’t make sense.
I’d say that Ebara may have come this close to lying if Colt Express had been as detailed in updating Ebara about the situation as they had been with CNet (and let me tell you, it looked to me as if CNet had received quite a bit of unequivocal information on how the breach may affect CNet).