The Oregon National Guard is sending out an alert: guard members should be on the lookout for ID theft attempts. A laptop computer with members’ personal information was stolen, and although the device was password-protected, it did not make use of more advanced forms of data security like laptop encryption software from AlertBoot.
How Many Breaches Could be Prevented By Banning Cars?
It’s a stupid question, but it’s evoked because of the so many breaches I’ve read where a laptop or other data device was temporarily stored in a car. Like in this particular case.
A National Guard member, who was using the laptop to work from home, had left the laptop in his car. It got stolen on Monday, triggering an investigation and breach notifications. So far, there is no information on how many members were affected or what type of personal information was lost in the process. (SSNs? Addresses? Military ID numbers?)
Now, the presence of password-protection provides some comfort; however, I’ve already noted before that bypassing the so-called password-protection is anything but hard (and you’ve got a number of different, yet equally easy, approaches, too).
Military Encryption for Laptops
I’m surprised that encryption software was not present in the laptop that was stolen. After a number of embarrassing breaches, the US military effectively created a policy where any portable devices (and sometimes the less-portable ones, such as desktop computers) that carried sensitive data required the use of encryption.
It could be that such protection was not deemed as necessary in this case because the information, while “sensitive,” was not as sensitive as, say, classified information. Or, it could be an oversight: the device was meant to be encrypted, but because the software the National Guard was using didn’t have the correct encryption tracking reports, the device fell through the cracks.
No doubt we’ll hear more about this incident.
People are More Aware About Data Security
I’ve read some of the public commentary that accompany the stories, and I’ve seen that most people wondering if encryption was in place; how password protection is not enough; why the laptop was left in the car; etc.
This is a far cry from a couple of years ago, when people were going ballistic over the fact that there was sensitive information stored on a laptop. This certainly is a welcome development, since it means that people are more aware on the realities of protecting information.
(For example, I’ll choose to have my information on an encrypted laptop than an unencrypted server locked in a secured closet any day. Servers are where they are because someone lifted them and put them there. This means someone can also steal them and their data.)
One can only hope that, as people in general become more aware, the need for protecting data the right way will trickle up to the actual decision-makers, and the correct investments will be made.