Portland Community College has announced a data breach involving 2,900 people who were participating in the Oregon Food Stamp Employment Transition Program (OFSET). A spokesperson for PCC has admitted that a stolen data storage device did not use data encryption, and that “it would easy” to access the information.
This is the second breach story I’ve found that takes place in Portland, OR. It must be just “one of those days” in the city…
An employee for PCC, who works at multiple PCC locations, was “transferring the data from one site to another.” In the course of his duties, he left in his car a bag which was stolen–and the USB device with it. The flash drive device contained the names and SSNs of 2,900 Multnomah County residents
PCC has a protocol prohibiting “travel around with unprotected information.”
Not Hard to Use Information
In what I have to describe as a candid admission, PCC Spokesman Dana Hanes said this to obp.org:
PCC spokesman Dana Haynes says it wouldn’t be hard to use that information to steal from the people affected.
Dana Haynes: “It was not password-protected, it was not encrypted, it would be easy, but, we’ve had telephone conversations with several people who were on the list, who’ve called us, and so far, we have no evidence that the thief or thieves are aware of what was on the disk.”
Of course, there is no guarantee that there won’t be a subsequent breach. After all, the theft only took place last week.
However, I must note that the above candor is quite refreshing. More often than not, most organizations would claim that it would be hard to use the information–this despite being in the same situation of not using encryption software.
When a device goes missing, nothing short of encryption will truly safeguard your data. This is the reason why many states and federal agencies extend a reprieve from sending breach notifications if encryption programs like AlertBoot is used.
Related Articles and Sites: