Independent.ie reports that a laptop belonging to Mike Aynsley, the CEO of Anglo Irish Bank, has been stolen during a domestic burglary. The computer was password-protected, but did not make use of drive encryption. Thankfully, sensitive data was not stolen.
Thieves Break-In During Broad Daylight
Three hooded males broke into Aynsley’s home in mid-November (the story was kept under wraps all this time due to the subsequent data forensics work), during the day. They kicked down a door, according to herald.ie. Not a very subtle bunch, these thieves.
Besides the laptop, a camera and an iPod were also stolen, so it appears that the laptop was not targeted in the theft. On the other hand, one cannot help but compare it to another Irish data breach from last week. In that case, three hooded males broke into the Irish Revenue office. (In that case, 10 laptops were stolen, but all of them were protected with encryption software).
Apparently, there is reason to believe that the job on the revenue office was planned to impede an investigation into tax evasion (I first thought conspiracy nuts had gone nuts). And, obviously there are the parallels between the two cases: three men, all hooded, laptops belonging to financial organizations being stolen, etc.
Except, of course, that the incidents are separated by two months.
Should the CEO’s Laptop Have Been Encrypted?
While it was determined that there was no sensitive data on the CEO’s laptop, there was this:
The device taken from Mr Aynsley’s home in Glenageary, Co Dublin also contained personal information.
It’s believed that information sent to the European Commission to allow Anglo receive multi-billion euro state aid payments was contained in the laptop’s files.
Maybe it’s not sensitive information, but it certainly sounds like important information. But let us assume it wasn’t important information. Can we excuse that a bank CEO’s laptop is going out there without computer encryption installed on it?
Doubtful. While a CEO’s computer may not have sensitive information stored on it today, it could very well contain sensitive info tomorrow, or two weeks from now. Or maybe, it already had it but was deleted yesterday. My point is, if you know a machine belongs to someone who will, time to time, handle important information that needs to be kept secret, it’s irresponsible not ensure proper data security is in place. After all, there is no knowing when a disaster will strike.
Related Articles and Sites: