Three laptop computers were stolen from the offices of the Ontario Teachers Insurance Plan, resulting in the data breach of sensitive, personal information for 8,600 teachers. Data encryption software such as AlertBoot was not used to protect the contents, although password protection was used (which is quite problematic).
Smash And Grab
The stolen laptops contained names, addresses, birth dates and social insurance numbers, and mostly affects teachers who “work at elementary schools for the Toronto District School Board.”
The laptops were stolen during a break-in on December 3. Aside from the three laptops, cash from a cafeteria register was stolen. The thieves tried to break into the supplies closet as well. Signs point towards a “regular” robbery, where the laptops were taken because they’ve got resale value, not because they may contain valuable data.
No Guarantee It Won’t Lead To Data Theft
The fact that this looks like your average break-in, and that it may have started as just a break-in, does not preclude the fact that this may become a full blown data breach of personal information.
As I have argued many times before, theft of laptops can easily become a data breach, especially now that the world knows how valuable personal, sensitive information happens to be (otherwise, you wouldn’t have guys in Nigeria targeting Americans and Canadians). It’s not a stretch to imagine the thieves trying to get a look at what’s in the computer before loading it off on craigslist or eBay.
And, password-protection doesn’t quite cut it. A simple search in Google on getting around password-protection will show quite a list of ways to do so, including oh-always-helpful YouTube videos. I mean, you could be illiterate and still learn how to do bypass passwords.
Disk Encryption Preferable
This is why encryption software is necessary on any computers that may store sensitive information. Unlike password-protection, encryption ensures data security because it’s designed for serious data security.
As an example, contrast it to googling password-protection. If you search for “bypassing encryption” in Google, you’ll find either technical documents and theories, or backdoors (or supposed backdoors) that require the aid the actual owner of the computer. No YouTube videos are to be found.
This is just an indication–aside from government and academic studies; the use of logic; the opinion of experts; etc.–on how hard it is to override encryption once it’s in place.
I wouldn’t be surprised if, after examining their security policies, the insurance plan would opt to encrypt any computers that hold sensitive information.
Related Articles and Sites: