Another day, another case where full disk encryption such as AlertBoot would have helped to prevent a data breach. Several sources are reporting that over 1 million customer details have been sold on eBay. Not that eBay would have allowed this to happen. They constantly monitor auctions for stuff that shouldn’t be there, such as human organs. One presumes that selling customer details in the open would be flagged as well.In fact, stating that the data was “sold” on eBay is a misstatement at best. What really happened was that it was found on a server that was sold for about $65, American. Those affected by this latest breach include customers for American Express, the Royal Bank of
The computer in question was actually being used by a firm called Graphic Data, who was contracted to archive data for RBS. According to RBS, Graphic Data has admitted that “one of their machines appears to have been inappropriately sold on via a third party.” This can be interpreted in so many ways.
For example, I took it to mean that the computer was sold when it shouldn’t have, which would be pretty messed up: I mean, the computer was not stolen; someone in the company decided to sell it out of the blue? That’s pretty random. But then I realized that the statement could be construed in other ways, such as “the server was sold before all the appropriate data security steps were followed, such as deleting the data and performing a three?pass disk overwrite.”
Then I read this statement from a spokeswoman at Graphic Data: “The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed.” That’s pretty messed up. (I guess there’s something to the saying that first impressions are generally right…)
I’ve often point out that full disk encryption solutions like laptop encryption are no panacea. And I stand by that statement—doing otherwise would be hubris of the highest level. However, let me point out that penicillin is no panacea either. In fact, there is no one drug out there to solve all of the world’s ailments. But penicillin has come close to the status of a miracle drug. Likewise, disk encryption cannot solve all of a company’s data security needs. But when it comes to protecting data, it can put a dent on information breaches for all those unexpected instances where a computer or external disk goes missing.