The Arkansas National Guard has announced that a backup hard drive has gone missing. The drive, which contained sensitive information on current and former soldiers, was not protected with full disk encryption like AlertBoot endpoint security software.
Discovered Missing on February 15; Had Information For Past 6 Years
A search for the missing drive has turned up nothing. It is currently unknown whether the hard drive is stolen, just missing, or misplaced.
Names, Social Security numbers, and other personal information were present on the disk, and primarily involve soldiers that served with the “Arkansas Guard’s 1st Battalion, 153rd Infantry Regiment of the 39th Infantry Brigade Combat Team, from January 2004 to March 2009.”
The drive may also include information for soldiers from the “39th Brigade Special Troops Battalion from April 2009 to the present.”
One thing to note is that the Arkansas National Guard is warning soldiers to monitor their bank statements from November 2009 onwards. Apparently, that’s when the last backup was made (“when the device was last used”). In other words, someone noticed that the drive was missing on February 15; they have no idea, however, when the hard dive actually went missing.
One of the things that worries me about the situation, aside from ID theft and the like, is that the Arkansas National Guard apparently makes backups only every four months. That’s kind of a long time between backups, no?
Whole Disk Encryption For Securing Information
The National Guard ought to have used encryption software to protect the contents of this hard drive; that goes without saying. And, when you think about it, it would have been very easy. Consider AlertBoot.
One of the settings in AlertBoot is to automatically encrypt any external data devices when connected to an encrypted computer. (The idea is that, since copying information off of an encrypted computer means the data won’t be protected in the transferred medium, we’ll encrypt the new one as well.)
This external hard drive, used as a backup, would have been protected with the same level of encryption found on the original computer.
Furthermore, the encryption policies would allow the drive to work with a group of computers to which the original computer belongs. In other words, the same external drive can be used for backing up data on a different computer at the military base, but plug it into your home computer and the data cannot be accessed.
With whole disk encryption, there would have been a virtual guarantee that there wouldn’t be a data breach. As it stands, the affected servicemen can only hope that there won’t be one.
Related Articles and Sites: