Full Disk Encryption: Sandiegofit.com Break-In Results In Data Breach.

Databreaches.net noted that sandiegofit.com has alerted the NH Attorney General’s Office about a data breach that took place on August 30, 2010.  A computer was stolen from a protected area, and it is sensitive information was breached as a result.  The letter to the AG noted that disk encryption had not been used.


Computer Stolen from Secure Area



The sensitive information included names, addresses, phone numbers, and credit cards (in some instances).  The information was stored in a computer file, and password-protection on the computer was enabled.  But, as I’ve already noted, encryption software had not been used.


The letter to the AG further goes to note that the computer was kept in a “locked, alarm-protected” office.  Sandiegofit.com probably thought that was enough.  After all, they had alarms–which, I’m betting, was being monitored by a security company (something a la ADT), and would have alerted the cops.


If those services are anything like what home security firms offer you, though, they might not be as effective at deterring thieves as one thinks.  It’s the reason why smartmoney.com create a top-ten list of things home security firms won’t tell you.  Sometimes, a particular security service is there to give you peace of mind.


Which, in some ways, is what password-protection is all about.


Encryption and Password-Protection: What’s Different



Password-protection doesn’t quite live up to its name.  There are a number of ways of bypassing it, such as using a LiveCD (freely available from the internet), or connecting the computer’s hard drive to another computer you have control over (a 10-minute task, max).


This is why most states and professional organizations don’t establish safe harbor exceptions to sending notifications when password-protection is used.  It’s different with encryption, though.


With encryption, data is protected.  In fact, the sole purpose of encryption is the protection of data (encryption has a long history: Julius Caesar used a rudimentary version of it to communicate with his field generals).  I suspect that password-protection is a by-product from yonder years when computers didn’t really need security because you literally needed a Ph.D. to operate one.  We’ve come a long way from those days.



Related Articles and Sites:
http://www.databreaches.net/?p=13919
http://doj.nh.gov/consumer/pdf/sandiegofit.pdf



Comments (0)


Let us know what you think